Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Infected, Very Slow and lots of problems. [Closed]


  • This topic is locked This topic is locked

#1
Betrayed

Betrayed

    Member

  • Member
  • PipPip
  • 98 posts

My PC has got very slow and freezes alot and  when I launch my PC my keyboard doesn't work, programs are unpinned and just slow at times.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Betrayed (administrator) on BETRAYED (07-02-2016 15:05:45)
Running from E:\Users\Betrayed\Desktop
Loaded Profiles: Betrayed (Available Profiles: Betrayed)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) E:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) E:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(NVIDIA Corporation) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Bogdan Sharkov) E:\Program Files (x86)\Clownfish\Clownfish.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Pidgin developer community) E:\Program Files (x86)\Pidgin\pidgin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) E:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(TeamSpeak Systems GmbH) E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(ArmA Network) C:\Users\Betrayed\AppData\Local\Apps\2.0\BG60TL89.KOC\7GY1C07L.KZ3\arma..tion_5607ed5528cf4412_0000.0003_ad9361cc8e5ed46b\Arma Network Staff Tool.exe
() E:\Program Files\Sublime Text 3\sublime_text.exe
() E:\Program Files\Sublime Text 3\plugin_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) E:\Users\Betrayed\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [Bdagent] => E:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1643232 2016-02-04] (Bitdefender)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1014736 2014-07-22] (MSI)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe [113264 2015-04-28] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [13740864 2015-12-25] (Corsair Components, Inc.)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Spotify Web Helper] => C:\Users\Betrayed\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [EADM] => E:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-10] (Electronic Arts)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Spotify] => C:\Users\Betrayed\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [uTorrent] => C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Clownfish] => E:\Program Files (x86)\Clownfish\Clownfish.exe [1341192 2015-05-20] (Bogdan Sharkov)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3097912 2015-07-16] (Nota Inc.)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [SandboxieControl] => E:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [Bitdefender Wallet Agent] => E:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1447328 2016-02-04] (Bitdefender)
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [GoogleChromeAutoLaunch_C1BDF7A752CABCCEC37F2A5D7AA45B34] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2015-04-10]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> E:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (No File)
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk [2015-04-21]
ShortcutTarget: Pidgin.lnk -> E:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-04-10]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{9478278C-078A-470A-8F6E-61393289D336}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{A0C7C18C-EAF9-4DB6-B1A5-46CFE9CB6313}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> E:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-02-04] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> E:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-02-04] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - E:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-02-04] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - E:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-02-04] (Bitdefender)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9951
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> e:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File]
FF Plugin HKU\S-1-5-21-2539508601-3164617073-3378887811-1001: @hola.org/FlashPlayer -> C:\Users\Betrayed\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll [2015-12-27] ()
FF Plugin HKU\S-1-5-21-2539508601-3164617073-3378887811-1001: @hola.org/vlc -> C:\Users\Betrayed\AppData\Local\Hola\firefox\app\vlc\npvlc.dll [2015-12-27] (Hola)
FF user.js: detected! => C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js [2015-12-04]
FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\[email protected] [2015-12-04] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - E:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - E:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - E:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com" 
CHR Profile: C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Heartbeat) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [2016-02-06]
CHR Extension: (Google Drive) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (uBlock Origin) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-12]
CHR Extension: (Steam inventory helper) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-02-01]
CHR Extension: (Tampermonkey) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-16]
CHR Extension: (Bitdefender Wallet) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-04]
CHR Extension: (LoungeDestroyer) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-01-31]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Betrayed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR Extension: (2048 AI - bitcoin) - C:\Users\Betrayed\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-06-16]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1317920 2016-02-05] ()
R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-03] (EasyAntiCheat Ltd)
R2 GfExperienceService; E:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iPod Service; E:\Program Files\iPod\bin\iPodService.exe [643880 2015-04-06] (Apple Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 MbaeSvc; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 OpenVPNService; E:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-10] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-04-20] ()
R2 ProductAgentService; E:\Program Files\Bitdefender Agent\ProductAgentService.exe [857288 2015-11-09] (Bitdefender)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SbieSvc; E:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 UPDATESRV; E:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-02-04] (Bitdefender)
R2 VSSERV; E:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1695720 2016-02-04] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-02-04] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-02-04] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-12-03] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-07-06] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-07-06] (Corsair)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [459544 2013-08-22] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-11] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [271808 2015-10-22] (Bitdefender)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-11-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SbieDrv; E:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-05-29] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [304128 2014-05-29] (VIA Technologies, Inc.)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 14:53 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\bdch
2016-02-07 14:50 - 2016-02-07 14:50 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-02-07 14:50 - 2015-12-18 06:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-02-07 14:50 - 2015-12-18 06:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-02-06 12:02 - 2016-02-06 12:02 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Matthew Cammack
2016-02-06 11:02 - 2016-02-06 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-02-05 23:01 - 2016-02-07 14:57 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Deployment
2016-02-05 23:01 - 2016-02-05 23:01 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Apps\2.0
2016-01-28 16:49 - 2016-01-28 16:49 - 00000000 ____D C:\Users\Betrayed\AppData\Local\arma3launcher
2016-01-23 18:41 - 2016-01-23 18:41 - 00417656 _____ C:\Windows\Minidump\012316-6125-01.dmp
2016-01-22 16:24 - 2016-01-22 16:24 - 00407696 _____ C:\Windows\Minidump\012216-8281-01.dmp
2016-01-15 17:55 - 2016-01-15 17:55 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\AnyDesk
2016-01-14 19:20 - 2016-01-14 19:20 - 00417704 _____ C:\Windows\Minidump\011416-7234-01.dmp
2016-01-12 18:33 - 2015-12-11 04:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 18:33 - 2015-12-11 04:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 18:33 - 2015-12-11 03:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 18:33 - 2015-12-11 03:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 18:33 - 2015-12-11 03:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 18:33 - 2015-12-11 03:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 18:33 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 18:33 - 2015-12-11 03:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-12 18:33 - 2015-12-11 03:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 18:33 - 2015-12-11 03:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 18:33 - 2015-12-11 02:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 18:33 - 2015-12-11 02:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 18:33 - 2015-12-11 02:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-12 18:33 - 2015-12-11 02:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 18:33 - 2015-12-11 02:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 18:33 - 2015-12-11 02:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 18:33 - 2015-12-11 02:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 18:33 - 2015-12-11 02:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 18:33 - 2015-12-11 02:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 18:33 - 2015-12-11 02:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 18:33 - 2015-12-11 02:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 18:32 - 2015-12-30 19:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 18:32 - 2015-12-30 19:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 18:32 - 2015-12-30 19:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 18:32 - 2015-12-10 00:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 18:32 - 2015-12-08 19:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 18:32 - 2015-12-07 10:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 18:32 - 2015-12-05 05:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 18:32 - 2015-12-05 05:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 18:32 - 2015-12-04 15:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 18:32 - 2015-12-03 19:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-12 18:32 - 2015-12-03 19:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-12 18:32 - 2015-12-03 19:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 18:32 - 2015-12-03 19:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-12 18:32 - 2015-12-03 19:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 18:32 - 2015-12-03 18:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-12 18:32 - 2015-12-03 18:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 18:32 - 2015-12-03 18:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-12 18:32 - 2015-12-03 18:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 18:32 - 2015-12-03 18:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 18:32 - 2015-12-03 18:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 18:32 - 2015-12-03 18:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 18:32 - 2015-12-03 18:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 18:32 - 2015-12-03 18:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 18:32 - 2015-12-03 18:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 18:32 - 2015-12-03 17:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 18:32 - 2015-12-03 17:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-12 18:32 - 2015-12-03 17:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 18:32 - 2015-12-03 17:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 18:32 - 2015-12-03 17:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 18:32 - 2015-12-03 17:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 18:32 - 2015-12-03 17:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 18:32 - 2015-12-03 17:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 18:32 - 2015-12-03 17:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 18:32 - 2015-12-03 17:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-12 18:32 - 2015-12-03 17:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 18:32 - 2015-12-03 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 18:32 - 2015-12-03 17:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 18:32 - 2015-12-03 17:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 18:32 - 2015-12-03 16:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 18:32 - 2015-12-03 16:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 18:32 - 2015-12-03 16:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 18:32 - 2015-12-02 15:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 18:32 - 2015-12-02 15:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 18:32 - 2015-11-17 21:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 18:31 - 2015-12-08 19:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-10 19:45 - 2016-01-23 21:57 - 00000000 _____ C:\Windows\system32\symsrv.yes
2016-01-10 19:45 - 2010-02-01 12:26 - 00149264 _____ (Microsoft Corporation) C:\Windows\system32\symsrv.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 15:05 - 2015-07-02 15:44 - 00000000 ____D C:\FRST
2016-02-07 15:04 - 2015-04-21 16:12 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\.purple
2016-02-07 15:04 - 2015-04-10 22:15 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Skype
2016-02-07 15:00 - 2015-06-16 21:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-07 15:00 - 2015-04-12 15:52 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\TS3Client
2016-02-07 15:00 - 2014-03-18 15:26 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-07 15:00 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\Inf
2016-02-07 14:59 - 2015-04-10 03:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2539508601-3164617073-3378887811-1001
2016-02-07 14:55 - 2015-04-10 10:56 - 00000000 ____D E:\Program Files (x86)\Steam
2016-02-07 14:54 - 2016-01-04 13:30 - 00000000 ____D E:\Program Files\Bitdefender Agent
2016-02-07 14:54 - 2015-04-25 11:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-07 14:54 - 2015-04-10 03:47 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 14:54 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-07 14:53 - 2016-01-04 13:54 - 00005416 _____ C:\bdlog.txt
2016-02-07 14:53 - 2015-04-10 20:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-07 14:53 - 2013-08-22 14:44 - 05108320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-07 14:52 - 2015-12-07 19:18 - 00000000 ____D E:\Program Files (x86)\ArmA3Sync
2016-02-07 14:50 - 2015-05-03 10:25 - 00001240 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-02-07 14:50 - 2015-04-10 20:56 - 00000000 ____D C:\Users\Betrayed\AppData\Local\NVIDIA
2016-02-07 14:49 - 2015-06-22 09:57 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Arma 3
2016-02-07 02:00 - 2015-04-10 12:44 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Adobe
2016-02-06 00:05 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-02-04 18:00 - 2016-01-04 13:47 - 01622512 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-02-04 18:00 - 2016-01-04 13:47 - 00806344 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-02-03 21:30 - 2015-04-10 03:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-03 16:21 - 2015-04-10 03:47 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 16:21 - 2015-04-10 03:47 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-03 16:21 - 2015-04-10 03:47 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 17:50 - 2015-04-25 12:46 - 00000000 ____D E:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-02-02 17:50 - 2015-04-25 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-02-02 16:08 - 2015-04-21 16:10 - 00000000 ____D E:\Program Files (x86)\TeamViewer
2016-01-31 18:00 - 2015-04-16 16:05 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\vlc
2016-01-31 00:38 - 2015-08-03 19:55 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Kodi
2016-01-30 16:48 - 2015-04-12 15:14 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\uTorrent
2016-01-30 01:09 - 2015-04-10 13:29 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Spotify
2016-01-30 00:01 - 2015-04-10 13:26 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\Spotify
2016-01-25 22:08 - 2015-04-10 03:40 - 00000000 ____D C:\Users\Betrayed
2016-01-23 18:41 - 2016-01-06 18:06 - 985855717 _____ C:\Windows\MEMORY.DMP
2016-01-23 18:41 - 2016-01-06 18:06 - 00000000 ____D C:\Windows\Minidump
2016-01-22 15:06 - 2015-04-10 11:13 - 00000000 ____D C:\Users\Betrayed\AppData\Roaming\MultiBit
2016-01-22 07:34 - 2015-04-10 20:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-20 18:00 - 2015-06-16 21:56 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-18 16:11 - 2015-06-16 17:17 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1434475024
2016-01-17 14:44 - 2015-07-12 16:24 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Popcorn-Time
2016-01-16 22:40 - 2013-08-22 13:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-16 14:43 - 2015-06-16 22:47 - 00001456 _____ C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-01-16 12:07 - 2015-04-10 22:36 - 00000000 ____D C:\Users\Betrayed\AppData\Local\Steam
2016-01-16 10:46 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache
2016-01-14 17:06 - 2015-04-10 16:20 - 00000000 ____D C:\Users\Betrayed\AppData\Local\CrashDumps
2016-01-13 16:38 - 2015-04-10 22:54 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 16:38 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 16:35 - 2015-04-10 22:54 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 16:08 - 2015-04-10 23:40 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 16:08 - 2015-04-10 23:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-12 20:52 - 2015-07-11 20:20 - 00000000 ____D E:\Program Files\Microsoft Silverlight
2016-01-12 20:52 - 2015-07-11 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 04:41 - 2015-04-10 20:56 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-12 04:41 - 2015-04-10 20:56 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-12 04:40 - 2015-12-12 16:10 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-12 04:40 - 2015-04-10 20:56 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-12 04:40 - 2015-04-10 20:56 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-10 10:49 - 2015-06-22 11:44 - 00001428 _____ C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Options.ini
2016-01-10 10:48 - 2015-06-22 11:42 - 00000299 _____ C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Login.ini
2016-01-09 22:31 - 2015-06-24 23:15 - 00000000 ____D E:\Program Files (x86)\A3Launcher
 
==================== Files in the root of some directories =======
 
2015-03-11 11:18 - 2015-03-11 11:18 - 5519128 _____ (Piriform Ltd) E:\Program Files\Speccy.exe
2015-03-11 11:18 - 2015-03-11 11:18 - 7088408 _____ (Piriform Ltd) E:\Program Files\Speccy64.exe
2015-03-11 11:20 - 2015-03-11 11:20 - 0132336 _____ (Piriform Ltd) E:\Program Files\uninst.exe
2015-08-01 18:15 - 2015-08-03 10:52 - 1305195 _____ () C:\Users\Betrayed\AppData\Roaming\betrayed_64
2015-06-22 11:42 - 2016-01-10 10:48 - 0000299 _____ () C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Login.ini
2015-06-22 11:44 - 2016-01-10 10:49 - 0001428 _____ () C:\Users\Betrayed\AppData\Roaming\BreakingPoint_Options.ini
2015-06-16 22:47 - 2016-01-16 14:43 - 0001456 _____ () C:\Users\Betrayed\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-04-10 22:24 - 2015-04-10 22:24 - 0000003 _____ () C:\Users\Betrayed\AppData\Local\updater.log
2015-04-10 22:24 - 2015-04-23 13:22 - 0000424 _____ () C:\Users\Betrayed\AppData\Local\UserProducts.xml
2016-01-04 13:50 - 2016-01-04 13:50 - 0446965 _____ () C:\ProgramData\1451915042.bdinstall.bin
2016-01-04 13:50 - 2016-01-04 13:50 - 0025195 _____ () C:\ProgramData\1451915433.bdinstall.bin
2015-04-10 03:46 - 2015-04-10 03:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Betrayed\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-111245998542956962.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1253456626797902404.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1412846696644880414.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1440520569775886046.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1471686288845139108.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1683495992689326833.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-1874918385351059390.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2100686014482540447.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2455322466488000003.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2705117525571670724.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2736496382671180839.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2848884564161006102.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2919936678550175579.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-2961358643493967652.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-323658939420952436.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3268179402579937538.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-335683939568978591.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3497883224101723001.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3612746990006020070.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3671104878067891346.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3776525318055745051.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-3961652157948308460.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4029853535959917301.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4107888132589466972.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4191168684766981478.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4235095613558760119.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4349427952035502245.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-43863652100297702.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-439374123962318816.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4436024373071105513.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4643628029364087025.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4720577687767026659.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4842291478356099424.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-4952845521180315214.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5233545391045259365.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5304747888775046049.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5318653379476660814.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5370557034191717068.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5375369447946821270.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-553155765373614502.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5633581791584342253.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5723117086159797296.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5753741446567133124.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5780800118502889498.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-5853367393452793077.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-587736537592633211.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6127282055530668689.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6165627990486352800.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6384744627394453180.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6428821434767350881.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6505315900421450335.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6537435473818368567.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-666861999459753198.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6726239095431869857.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-6806107569156539777.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-723761713537886480.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7420921371556387581.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7497610747493954646.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-771110601147902386.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7954572179843792757.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-7967742817074473271.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8211813947032956812.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8248720257651137789.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8309649802491550016.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8350975344954888887.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8430256544267640912.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-873994053633238838.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8856434969892993820.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-887026986167416624.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-8894832034718400289.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-9216618400899385411.dll
C:\Users\Betrayed\AppData\Local\Temp\jshortcut-931187581747927075.dll
C:\Users\Betrayed\AppData\Local\Temp\ntddk.dll
C:\Users\Betrayed\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-07 13:43
 

 

==================== End of FRST.txt ============================
 
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Betrayed (2016-02-07 15:06:05)
Running from E:\Users\Betrayed\Desktop
Windows 8.1 (X64) (2015-04-10 10:49:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2539508601-3164617073-3378887811-500 - Administrator - Disabled)
Guest (S-1-5-21-2539508601-3164617073-3378887811-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2539508601-3164617073-3378887811-1003 - Limited - Enabled)
Betrayed (S-1-5-21-2539508601-3164617073-3378887811-1001 - Administrator - Enabled) => C:\Users\Betrayed
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.60 - FinalWire Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA Network Staff Tool (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\919eb8f7efa297be) (Version: 0.3.0.2 - Matthew Cammack)
ArmA3Sync 1.5.72 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.72 - The [S.o.E] team)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version:  - Ubisoft)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.0.0.2 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
Breaking Point (x32 Version: 5.0.2.9 - The Zombie Infection) Hidden
CAM (HKLM-x32\...\{8E86129E-48D3-4814-8D2D-66221881F370}) (Version: 2.0.16 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Chains (HKLM-x32\...\Steam App 11360) (Version:  - 2DEngine.com)
Chronicles of a Dark Lord: Episode II War of The Abyss (HKLM-x32\...\Steam App 341780) (Version:  - Kisareth Studios)
Corsair Utility Engine (HKLM-x32\...\{D826C227-7E74-415A-8B12-CAA2E26E2A31}) (Version: 1.14.43 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Dropbox (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
FileSeek 4.3 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 4.3.0.0 - Binary Fortress Software)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (x32 Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 3.1.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
H1Z1 Test Server (HKLM-x32\...\Steam App 362300) (Version:  - )
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Kodi) (Version:  - XBMC-Foundation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Memories of a Vagabond (HKLM-x32\...\Steam App 307070) (Version:  - DarkElite)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-GB)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
MultiBit Classic 0.5.19 (HKLM-x32\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MultiBit HD 0.1.3 (HKLM\...\6925-4794-5772-4956) (Version: 0.1.3 - Bitcoin Solutions Ltd)
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.87 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenVPN 2.3.6-I603  (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Opera Stable 34.0.2036.25 (HKLM-x32\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Popcorn Time) (Version:  - Popcorn Official)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2402 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.2.19 - Red Giant, LLC)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skyperious 3.5 (HKLM-x32\...\Skyperious) (Version: 3.5 - Erki Suurjaak)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Killer Hornet: Resurrection (HKLM-x32\...\Steam App 271860) (Version:  - Flump Studios)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version:  - SkyGoblin)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{2F50AD39-44F4-48CB-94E4-5C5AEFB0DAC6}) (Version: 12.1.4 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.4 - Red Giant) Hidden
Trapcode Suite v12.1.7 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.7 - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WS Launcher (HKLM-x32\...\WS Launcher 30.0.4.3) (Version: 30.0.4.3 - WS.ARMA.SU)
WS Launcher (x32 Version: 30.0.4.3 - WS.ARMA.SU) Hidden
XSplit Broadcaster (HKLM-x32\...\{4202CAFA-F8F9-4311-8A13-19DB48AAF5F7}) (Version: 2.2.1502.1633 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00ADCC5F-EF6B-46E0-BEF7-8F8555FAD857} - System32\Tasks\{9160FE5B-F82C-4BFC-9992-9169DEA38B81} => pcalua.exe -a C:\Users\Betrayed\Downloads\multibit-0.5.18-windows-setup.exe -d C:\Users\Betrayed\Downloads
Task: {18EB8C59-74CF-418C-BABA-B2174449CC1A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {1DDD6182-A270-407B-A314-2353FAB5C130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {292B3B60-5A4A-4DBB-8046-6C1350DD5EA3} - System32\Tasks\Opera scheduled Autoupdate 1434475024 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
Task: {2E95C61A-764B-4264-A96D-FD984FAEF385} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {32A6098A-5ABB-480F-84BC-CEA6A40053E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
Task: {3CB3DD9D-BF09-4518-B1FB-353C279E3F4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {3D387587-856C-4071-BD8D-655D666AAFAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49494390-E068-4843-8D57-F2F61906D7F3} - System32\Tasks\AdobeAAMUpdater-1.0-Betrayed-Betrayed => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {93827CB0-3478-4578-AFB2-A4F271F49610} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {A37A0E27-879D-4C63-922C-1C637F19B785} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C63368DB-141C-4A27-8B15-A2DC758DA40A} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe [2015-04-28] ()
Task: {D7A48855-C268-4A01-B6A1-9947A3A408B5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
Task: {D9BF4303-F390-4856-AF2A-75411CD17DA8} - System32\Tasks\Red Giant Link => E:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {DFDF0456-94F5-4F79-9AD5-0A31AF173669} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => E:\Program Files\Bitdefender Agent\WatchDog.exe [2015-11-09] (Bitdefender)
Task: {E1635A22-3455-4217-9870-3361FFEE44B8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2539508601-3164617073-3378887811-1001 => C:\Users\Betrayed\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-14] (Microsoft Corporation)
Task: {EEF6461A-AB78-4D91-9D44-EB2A7374F248} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8D1AD39-2D82-4FBE-9816-10268D8A5D9A} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
Task: {F97457CA-7D59-4262-851E-E1FAE84A3582} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {FFD5F675-58E7-48C6-9127-7A163E413E9A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-04 13:47 - 2013-09-03 13:29 - 00101328 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-01-25 21:02 - 2016-01-25 21:02 - 01119064 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttpbr.mdl
2016-01-25 21:02 - 2016-01-25 21:02 - 00794832 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttpdsp.mdl
2016-01-25 21:02 - 2016-01-25 21:02 - 03038112 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttpph.mdl
2016-01-25 21:02 - 2016-01-25 21:02 - 01648408 _____ () E:\Program Files\Bitdefender\Bitdefender 2016\otengines_01851_004\ashttprbl.mdl
2015-04-10 13:43 - 2015-11-02 13:22 - 00116528 _____ () E:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-11 14:13 - 2015-02-11 14:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-07 14:50 - 2016-01-12 04:43 - 00291264 _____ () E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-04-20 03:27 - 2015-04-20 03:27 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-05 00:11 - 2015-11-05 00:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-04-06 12:25 - 2015-04-06 12:25 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-04-06 12:25 - 2015-04-06 12:25 - 00777920 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-02-11 14:12 - 2015-02-11 14:12 - 05739680 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-02-28 09:14 - 2015-10-22 16:21 - 00175080 _____ () E:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-08-04 13:43 - 2015-10-22 16:21 - 00103400 _____ () E:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 13:43 - 2015-10-22 16:21 - 00108008 _____ () E:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2015-12-07 19:32 - 2015-06-16 22:09 - 00210944 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\ClownfishForTeamspeak_win64.dll
2015-12-07 19:32 - 2015-10-22 16:21 - 00312296 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2015-12-07 19:32 - 2015-12-05 20:04 - 00025600 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\last_channel_win64.dll
2016-01-04 14:54 - 2016-01-04 14:54 - 00486912 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\soundboard.dll
2015-12-07 19:32 - 2015-06-10 11:28 - 04018176 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\task_force_radio_win64.dll
2015-12-07 19:32 - 2015-10-22 16:21 - 00483816 _____ () E:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-06-05 13:48 - 2015-09-24 17:21 - 00317440 _____ () E:\Program Files\TeamSpeak 3 Client\ssleay32.dll
2014-06-05 13:48 - 2015-09-24 17:21 - 01709056 _____ () E:\Program Files\TeamSpeak 3 Client\LIBEAY32.dll
2015-04-11 09:55 - 2015-03-26 17:23 - 05678848 _____ () E:\Program Files\Sublime Text 3\sublime_text.exe
2015-04-11 09:55 - 2015-03-26 15:17 - 00645632 _____ () E:\Program Files\Sublime Text 3\plugin_host.exe
2015-04-11 09:55 - 2015-03-18 12:49 - 01065472 _____ () E:\Program Files\Sublime Text 3\_hashlib.pyd
2015-04-11 09:08 - 2016-01-12 04:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-10 22:49 - 2014-10-29 03:59 - 01029952 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-04-10 22:49 - 2014-10-29 00:46 - 00531456 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2014-11-23 17:34 - 2014-11-23 17:34 - 00036878 _____ () E:\Program Files (x86)\Pidgin\libssp-0.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00671031 _____ () E:\Program Files (x86)\Pidgin\exchndl.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00904525 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00100352 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00279059 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00553382 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00216992 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 01274655 _____ () E:\Program Files (x86)\Pidgin\libxml2-2.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00177586 _____ () E:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00475580 _____ () E:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00021075 _____ () E:\Program Files (x86)\Pidgin\plugins\.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00020997 _____ () E:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00013253 _____ () E:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00024924 _____ () E:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00015702 _____ () E:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00014147 _____ () E:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00018882 _____ () E:\Program Files (x86)\Pidgin\plugins\history.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00012865 _____ () E:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00019043 _____ () E:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00018555 _____ () E:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00015074 _____ () E:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00311021 _____ () E:\Program Files (x86)\Pidgin\liboscar.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00092398 _____ () E:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00328186 _____ () E:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00016005 _____ () E:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00107365 _____ () E:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 00190464 _____ () E:\Program Files (x86)\Pidgin\libsasl.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00374169 _____ () E:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00150598 _____ () E:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00106671 _____ () E:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00123540 _____ () E:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00116071 _____ () E:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00152852 _____ () E:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00171123 _____ () E:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 02097721 _____ () E:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00818985 _____ () E:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00055880 _____ () E:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00021337 _____ () E:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00417758 _____ () E:\Program Files (x86)\Pidgin\libjabber.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00022832 _____ () E:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00236666 _____ () E:\Program Files (x86)\Pidgin\libymsg.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00019793 _____ () E:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00047934 _____ () E:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00021795 _____ () E:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00013456 _____ () E:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00029225 _____ () E:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00017023 _____ () E:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2014-10-21 09:07 - 2014-10-21 09:07 - 00750080 _____ () E:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00029256 _____ () E:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00015380 _____ () E:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00015429 _____ () E:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00015045 _____ () E:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00069625 _____ () E:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00031993 _____ () E:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00012004 _____ () E:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00015978 _____ () E:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00030353 _____ () E:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00032020 _____ () E:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00018399 _____ () E:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00023851 _____ () E:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00029791 _____ () E:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00030771 _____ () E:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00037191 _____ () E:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00044494 _____ () E:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 00102400 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 00115712 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 00140288 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 00102912 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-11-23 17:33 - 2014-11-23 17:33 - 00102912 _____ () E:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-11-23 17:34 - 2014-11-23 17:34 - 00486400 _____ () E:\Program Files (x86)\Pidgin\sqlite3.dll
2015-04-21 16:11 - 2015-04-21 16:11 - 00090496 _____ () E:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2015-04-15 17:38 - 2015-04-13 21:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 17:38 - 2015-04-13 21:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-10-01 06:28 - 2015-10-01 06:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-02-15 13:58 - 2015-02-15 13:58 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-12-25 15:22 - 2015-12-25 15:22 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2015-12-25 15:20 - 2015-12-25 15:20 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2015-12-25 15:19 - 2015-12-25 15:19 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2015-02-15 13:58 - 2015-02-15 13:58 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-02-15 13:58 - 2015-02-15 13:58 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2016-02-03 16:29 - 2015-12-15 05:54 - 00782336 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2016-02-03 16:29 - 2015-07-03 16:12 - 04962816 _____ () E:\Program Files (x86)\Steam\v8.dll
2016-02-05 23:45 - 2016-02-04 21:02 - 02546768 _____ () E:\Program Files (x86)\Steam\video.dll
2016-02-03 16:29 - 2015-07-03 16:12 - 01556992 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2016-02-03 16:29 - 2015-07-03 16:12 - 01187840 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2016-02-03 16:29 - 2015-09-24 00:33 - 02549248 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-03 16:29 - 2015-09-24 00:33 - 00491008 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-03 16:29 - 2015-09-24 00:33 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-03 16:29 - 2015-09-24 00:33 - 00442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-03 16:29 - 2015-09-24 00:33 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-05 23:45 - 2016-02-04 21:01 - 00802896 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-02-03 16:29 - 2015-12-30 01:51 - 00208896 _____ () E:\Program Files (x86)\Steam\bin\openvr_api.dll
2016-02-03 16:29 - 2016-01-06 01:52 - 48387872 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
2016-02-03 16:29 - 2015-09-24 23:56 - 00119208 _____ () E:\Program Files (x86)\Steam\winh264.dll
2014-09-03 10:03 - 2014-09-03 10:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\sony.com -> sony.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2016-02-07 14:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Betrayed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CAM"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\StartupApproved\Run: => "SandboxieControl"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8E2E117-012A-42B0-B3CD-90287E834962}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{90E5C2DB-8DCF-459D-84A1-C51CDCA91ECC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{C494CD36-DE80-4970-A5E1-6DAA9F0BB69B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C06926B8-6248-40C2-9BDF-4B994E084663}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BC0E8B0C-54CD-4AF3-802D-B524A9234BAF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63ACB157-203E-475B-8EDC-ACEAF3724063}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{216A1EA1-E7ED-4750-95F2-FA4FE52686FD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{48F232BF-D935-4859-B712-95EC5689D9D0}] => (Allow) LPort=9143
FirewallRules: [{7D973E54-F2C5-47E1-8BB3-C82E06996E64}] => (Allow) LPort=2333
FirewallRules: [{6A311AA3-1784-4C4B-A095-82FD2C61E836}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CFE6AF09-3421-4AB0-A6A9-C6275F1C409A}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{9ED3E9AF-6145-480E-BDB4-C97766836860}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F60C3A6D-AC9D-4CD2-ABC7-08D56DB73683}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EE040732-93AF-4F5C-A9D7-660A4D5E9994}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B64E2052-A8AA-4B4D-8A47-F1E1CD5119B4}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{87326815-01AF-4728-956D-CEACB38B2437}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{FB24A730-07BD-45EA-84C7-762F6483AED0}] => (Allow) E:\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{72C45C05-15DD-4A10-8C97-D94FACA9A178}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{39E9A74D-236F-4D09-B28F-8F0B9953F7F7}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A8CB3AC4-B596-4098-8BDB-5FD93BF6D5A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{74739A6C-AC79-469C-97FD-34040FE31808}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{15EAA3CE-C3E8-4A90-B081-78C6B513FBBF}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{EF5042D6-89E6-4CFA-B0C3-A0119B79B8A8}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{42919134-769E-48DB-BACD-DFAA15148D20}E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{1A2B136D-01A7-4096-8F0E-6078DDCE655D}E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{8B3E43CC-D9F7-47FA-AAE4-E044C817614D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{32518FF4-C6AA-440B-B354-818B4B1698E1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B1055E01-D234-4795-8711-D8D0296810CD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKHR.exe
FirewallRules: [{029F3F9D-44CA-4975-81D7-C8FB7DE0E09B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKHR.exe
FirewallRules: [{60397ED4-2612-4839-B833-0A105AB2447C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKH\Hornet.exe
FirewallRules: [{ADE8AF1E-7397-456A-8CB5-307CDBDB11E6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SuperKillerHornet\SKH\Hornet.exe
FirewallRules: [{4BEFA1C0-AE20-498A-8ABF-31EE07C1FE5E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{7D3F3AF0-51B5-4BA5-A0DF-64FE9C2D1E14}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{1EFEAD88-785A-40DF-BFB2-C5B3316751B3}] => (Allow) C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89BE488C-3534-4E2D-ADCF-F3F8B3293FA1}] => (Allow) C:\Users\Betrayed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A599A173-7DE9-4AAB-B1CA-229AC4AC605D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9628B48C-00D1-4F91-A8F0-39E613058563}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{C9243AF8-347B-4FF7-8D5F-5291E9A5129F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{7701BB00-74C0-47E9-AA8D-906FB994EE12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{E2997306-E4DE-42EB-8669-8874CAA52104}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{1038621A-22E6-4014-9CC2-686DD83D4093}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{B210C0FF-594F-4CB1-A528-5A18311F24A4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{D2AE4A9F-D898-43BC-9B0B-C4479A54AA6A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{84E41612-EF44-4752-9E6D-DCB8E356DA71}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{D47515D6-BD38-46C4-82FE-7ACBAC58A62D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{B32C2FBE-32C7-4F74-A153-049F08B1AB32}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E6311432-2759-44FE-9D7C-ED8098D6AD69}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{D546BA07-6474-49F8-A53C-E2E5A6D01905}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FF56884A-AA1F-45C2-A741-1C051C00AD03}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [TCP Query User{350776E7-60FA-4667-88FC-CABF7A0FEA04}E:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{AF5ABCA7-FA83-4976-B975-BF0DEC9B1E01}E:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) E:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{5B73CB3F-00AC-4709-AD9A-F8B85C08284F}C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{4BA3805E-C2D1-425C-9518-1D5674B43B1A}C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\Betrayed\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{490B896A-F97E-4C99-8B80-559602824ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3B75800F-3659-4DF8-818F-CACCBD6E45F8}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E6D90B3E-74A1-46FE-BFC6-6EC50339E1F8}C:\users\Betrayed\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\Betrayed\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8C882019-120F-469B-A5B8-7F4E11E78A49}] => (Block) E:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
FirewallRules: [{E69EC084-2680-4CEA-BC1A-EEB4D43E9A89}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2292FCFB-19D7-480E-A1EE-E484296C9E39}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6F13BD1-F10F-4880-BAFB-F76BDFC93A3B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0113E25D-77DF-4933-911C-5C71767BA8FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E645933F-5010-47F5-AE4E-F061B809E131}] => (Allow) E:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E76A02FE-5151-46AD-A92D-18A4EBB2CF91}E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{EB638B5E-1CAE-4804-A0D8-353DD81B1C47}E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [{183CC695-4E22-4653-82CC-C86502AA340D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C4363A8E-AEBC-41B4-A86B-64A832E2EF5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{41E363D5-4782-4DCA-B534-A285F3309F55}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{02365D05-0638-4E43-AFA7-10E29A92E1AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{525590DB-153E-4E70-B00D-1B9F1063ACC6}] => (Allow) C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8FA5D15F-43AE-4D5F-825E-4A6F9A4B8452}] => (Allow) C:\Users\Betrayed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2A138DB1-7430-4100-9ECB-220837C83D0F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{F835258A-5B2A-4358-A9D6-15F960AC4DF3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{BC60B902-6923-49BA-9755-ED665D634766}] => (Allow) E:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [{FF668B07-461E-4351-B96B-578423CBB206}] => (Allow) E:\Program Files (x86)\Origin Games\BFH\bfh.exe
FirewallRules: [TCP Query User{F7C1A733-E3DE-4E47-8B88-F5D5564CFF70}E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{42F50269-658D-42A5-8B5D-12D11A1382B7}E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\users\Betrayed\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{213C4C2A-D817-410F-A19C-D7382F3CAE8B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EE6B2B7B-04C5-435C-BF69-F1E925890765}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D9C0BB87-6631-451E-A49D-A1153ACE2E4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{6269ABB2-D946-4C13-B1CA-9D73232AE368}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Launcher\Launcher.exe
FirewallRules: [{CB024652-B050-4B8C-984C-2975E9E8A14B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chains\Chains.exe
FirewallRules: [{81C7B5D4-820A-4D25-8EA0-2185E9FD5E8D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chains\Chains.exe
FirewallRules: [{81F90EFC-7603-49F0-9337-2CF6E7D92B2D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{7D3E28FA-EFB0-4038-B5AC-8BB3C7E91BAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BED1FADD-8497-4C3C-9D59-4F73AB791823}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{92C430FE-DF5A-407A-989C-A41F29AD72F3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [TCP Query User{47C025E6-F3B7-441D-BD93-EFCBD3F6AE2C}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [UDP Query User{69C1A81F-DE95-4FE3-A015-BB63F818C866}E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Allow) E:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [{1ACC1901-8CC1-4DED-BA8E-045E6FF9C9A8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{FED9749B-1042-4CBC-B872-B140A1A5E3CB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7542DFE5-693F-4C8A-AE86-65BDA22F83F6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Journey Down\JourneyDown1.exe
FirewallRules: [{DA85D291-F488-40A8-87FA-A5A485A0C7FC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\The Journey Down\JourneyDown1.exe
FirewallRules: [{3302FAEB-8BCE-4574-BC3F-91A6A4BF797C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Memories of a Vagabond\GAME.exe
FirewallRules: [{1CE4B90D-6F47-4B13-B408-1F17FB7C5AFF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Memories of a Vagabond\GAME.exe
FirewallRules: [{1B5E7032-767C-4372-8C78-79DD9E13C53E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chronicles of a Dark Lord Episode II War of The Abyss\Game.exe
FirewallRules: [{CD2A081D-74A1-485B-9C8F-BD7E0C4D37A0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Chronicles of a Dark Lord Episode II War of The Abyss\Game.exe
FirewallRules: [{C19D7B2E-78C4-494A-9545-7F00BF7257D9}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{45547BDD-25F9-4A84-9F53-12B2F22557A1}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{723BB638-6C0B-4A27-9D96-78556081DFFF}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{976B044B-066A-406E-8710-48BA51A19C36}] => (Allow) F:\S3KLoader.exe
FirewallRules: [{5BDE6AD9-CA9B-402C-81BA-9CACA6BA0907}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{6B82759C-375F-4D79-B954-93BF6341647D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{D2E03C58-5D7A-43FF-A2BB-1B746B519755}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{CE84E952-9F07-46E5-BF15-59F61DCD93BD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{29BB4F5F-548D-4519-BB51-A8CE58A72161}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{0ECFF12C-BF1D-4513-AC2A-4E2EE52E1851}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [TCP Query User{DCD92225-9E3D-4658-92E5-F8D1B062C8BA}E:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) E:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [UDP Query User{F993DA4A-7726-4557-8942-F517E757734D}E:\program files (x86)\dayzlauncher\dayzlauncher.exe] => (Allow) E:\program files (x86)\dayzlauncher\dayzlauncher.exe
FirewallRules: [{48A9C57C-0D47-41EF-AA7E-F9C5E8D9C9D9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{F78A5E94-CB41-4F6E-8D92-575391541530}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{A8FF5192-8964-4BF5-8DC7-71AE9D777B7C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{62A36456-1D38-4D59-B7A7-E3FD102BEC3A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{24E2C22E-93DB-49C7-8F6A-DD3F1231C9E2}E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{91011715-B20D-402A-9075-F2B667E91710}E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{17F9878B-01A6-4E55-B381-FCCF83680E77}E:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) E:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [UDP Query User{214B746B-249A-481C-AE9C-41723DD1D328}E:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) E:\program files (x86)\a3launcher\a3launcher.exe
FirewallRules: [{251542A1-516B-4471-8DE2-2078B2A5EDD8}] => (Allow) E:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{F3D80361-135A-4F9A-B37D-E90FB5452AD4}] => (Allow) E:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{19E1188B-5B7C-4348-A6B7-734941D01C3C}] => (Allow) C:\Users\Betrayed\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [{50EB8B45-0829-49CC-B84A-950AA5D618C8}] => (Allow) C:\Users\Betrayed\AppData\Local\Hola\firefox\app\hola_plugin.exe
FirewallRules: [TCP Query User{FD0C32DF-C4E7-471B-B18F-342DDF7452FD}E:\users\Betrayed\appdata\local\popcorn time\nw.exe] => (Allow) E:\users\Betrayed\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{6A233C4A-6000-4ECF-9FF0-A94F23E9CFF2}E:\users\Betrayed\appdata\local\popcorn time\nw.exe] => (Allow) E:\users\Betrayed\appdata\local\popcorn time\nw.exe
FirewallRules: [{B00441B6-0855-4E01-B556-5FCD2F06928C}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EE0A3081-EA1C-45C1-9B77-EA6EDB2F6356}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C119053F-EDAF-4809-A3AA-A5FC79CD63FF}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1BD8AA89-0815-4358-8EE3-99354657D5C5}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C30F52C1-5866-41E3-A4D5-41307465AC90}] => (Allow) E:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7856FE51-8EB2-4A3A-8B17-85B201994C18}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{0796D3C5-1348-4624-8E03-FC36FE2705A7}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe
FirewallRules: [{A613385E-B8C1-4FC5-9E2F-E8825E8DAAC5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{71DA221B-1F2D-4FF7-8FB4-56D503441A26}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{2C6740B2-6073-4977-ACF2-E46E23F8C3AD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{64308333-5821-4CB6-B6E0-A161DC8CB05D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{CE46178F-18AD-4406-B51F-EB0EE5000586}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E46CE599-CF6D-4E48-95B6-2612A1D8E476}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{05FE6087-5B19-45DD-9291-922673FCE88B}] => (Allow) C:\Users\Betrayed\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{256C02C3-4873-46A6-9E27-BDF3915E5887}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FCA9C43B-727D-41DB-A819-5BF329CA2A07}] => (Allow) LPort=2869
FirewallRules: [{672A0318-DBA6-41C6-82C8-9BE9C2EDA8BE}] => (Allow) LPort=1900
FirewallRules: [{62EB95A0-3BEE-4EA9-8025-4C5E5BFBAC93}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D5E06514-BBD1-4941-9E18-27348E68BD1E}] => (Allow) LPort=27016
FirewallRules: [{AF85B44C-4663-4523-8FD8-2D31E11D3061}] => (Allow) LPort=27016
FirewallRules: [{4CF0C985-06CC-4583-8812-23E6EDD44FAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4FF5646C-CC6F-4BD5-BB44-3DAFCCA6C04A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4D7FB2C0-40A3-4C35-A727-6A4E5C914F13}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0E3FAA91-25A0-4D45-BD09-023284E7CE46}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{3806ADDA-DB3C-469E-8296-3606E4C12D18}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{C7105973-6A01-4A36-91EB-84FCF2C6C1A7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{16D42176-D35C-4DCB-A97D-CA8108F38746}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{8BCE8E35-40A5-4EB9-A0EC-1C4C85CF74E5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{36FF49E3-CB53-4132-B133-05F5B0702395}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{632995C4-CA89-48EA-87C6-AF3A13AAFC3D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{929FFDE2-54C6-4C85-BA75-48363B66F81E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{1A9053C3-3814-4D22-9AA3-B256DBBEC34B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{607F6133-56BA-4F40-BBD7-B2E4E5F34D3C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{068C319C-79E1-4429-BD9A-6289093A99FE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{574A5FBB-2831-4695-94B1-39E93ECEF0D4}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60B5F74D-28E0-4003-BC87-132C1F79DF3A}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7546EB80-B4EF-44FF-959E-09E51C484CD1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{2CB3E631-2238-43AD-8E09-71EB93BEA73D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9C0BDA21-57E0-45BD-B407-0C9CA9473CF8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F725EAE0-8C96-475B-8C20-230527EB55E3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2D68345F-B912-4F97-83EE-A2B54C4739C7}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4FA4ACE0-E4E3-4135-9B3B-4976A4E534DD}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A44DD786-7858-45D8-A0E2-84BAB504CBD7}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7E62355D-4A49-4995-8B66-024214A17333}] => (Allow) E:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{46D19AD9-A79B-4FB8-AAD2-094DC27A8BE9}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B614996-5824-407C-A3CC-99B17AF5606B}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Restore Points =========================
 
21-01-2016 17:03:20 Scheduled Checkpoint
29-01-2016 23:50:45 Scheduled Checkpoint
06-02-2016 10:59:42 Removed Corsair Utility Engine
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2016 02:52:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ts3client_win64.exe version 3.0.18.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2b90
 
Start Time: 01d161b396217078
 
Termination Time: 3
 
Application Path: E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
 
Report Id: 6fc8b3f9-cdaa-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 02:46:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d04
 
Start Time: 01d161b329417dc0
 
Termination Time: 425
 
Application Path: UNKNOWN
 
Report Id: 845e963b-cda9-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 02:26:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ts3client_win64.exe version 3.0.18.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3fb8
 
Start Time: 01d16196addf93a9
 
Termination Time: 6
 
Application Path: E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
 
Report Id: d1d39408-cda6-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 02:23:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ab8
 
Start Time: 01d161b28ad57a14
 
Termination Time: 175
 
Application Path: UNKNOWN
 
Report Id: 5818576e-cda6-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 01:47:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (02/06/2016 03:11:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (02/06/2016 03:11:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/06/2016 10:59:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable).
 
Error: (02/06/2016 10:59:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable).
 
Error: (02/04/2016 09:10:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program arma3launcher.exe version 1.3.133.746 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c68
 
Start Time: 01d15f9047dd06a4
 
Termination Time: 4294967295
 
Application Path: E:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
 
Report Id: b77a7a77-cb83-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/07/2016 01:44:39 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/07/2016 01:44:09 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/07/2016 02:04:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/06/2016 05:14:52 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/06/2016 03:11:43 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/06/2016 02:02:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/05/2016 11:45:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (02/05/2016 11:45:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (02/04/2016 10:33:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/04/2016 04:31:49 PM) (Source: DCOM) (EventID: 10010) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 16279.26 MB
Available physical RAM: 12584.09 MB
Total Virtual: 32663.26 MB
Available Virtual: 28370.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.37 GB) (Free:112.45 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.39 GB) (Free:320.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This may be a hardware problem in part with the keyboard not working

Is F drive a USB that you use ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File]
FF user.js: detected! => C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js [2015-12-04]
FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\[email protected] [2015-12-04] [not signed]
S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
2016-02-07 14:53 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\bdch
Task: {32A6098A-5ABB-480F-84BC-CEA6A40053E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
F:\wTnEgyJXCow.sys
F:\nvZqRK643hnvZq.sys
F:\MvriXS68f.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

MalwarebytesAntiRootkit.png Scan with Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save the file to your desktop.
Note that the tool is still in its BETA stage, therefore not all functionalities may be added.
  • Right-click on MalwarebytesAntiRootkit.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool
  • It will ask you for an extraction place - make sure you will unpack it to your desktop
  • After the extraction, the tool should start itself (no action required)
  • On the Introduction screen click Next
  • On the Update screen click Update
  • When prompted about the succesful update, click Next
  • On the Scan System screen, make sure that all three options
    • Drivers
    • Sectors
    • System
    are checked for scanning and press Scan.
Wait patiently and don't do anything on your machine while MBAR goes through your system!
  • If no infection is found, just close the tool.
  • If an infection is found, make sure that Create Restore Point is checked, then select Cleanup button to remove threats. The process will start and your machine will prompt you to reboot upon completion.
When finished (either with or without cleanup), please navigate to the MBAR directory.
Search there for these two files:
> mbar-log-date(time).txt
> system-log.txt
Please include the content of both files in your reply.
  • 0

#3
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Betrayed (2016-02-07 18:44:23) Run:1
Running from E:\Users\Betrayed\Desktop
Loaded Profiles: Betrayed (Available Profiles: Betrayed)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File]
FF user.js: detected! => C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js [2015-12-04]
FF Extension: Hola Better Internet - C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\[email protected] [2015-12-04] [not signed]
S3 3ouuJHBhq; \??\F:\3ouuJHBhq.sys [X]
S3 MvriXS68f; \??\F:\MvriXS68f.sys [X]
S3 nvZqRK643hnvZq; \??\F:\nvZqRK643hnvZq.sys [X]
S3 wTnEgyJXCow; \??\F:\wTnEgyJXCow.sys [X]
2016-02-07 14:53 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\bdch
Task: {32A6098A-5ABB-480F-84BC-CEA6A40053E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
F:\wTnEgyJXCow.sys
F:\nvZqRK643hnvZq.sys
F:\MvriXS68f.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc,version=1.8.747" => key removed successfully
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.747 -> C:\Users\Betrayed\AppData\Local\Hola\firefox_hola\app\vlc [No File] => not found.
C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\user.js => not found.
C:\Users\Betrayed\AppData\Roaming\Mozilla\Firefox\Profiles\p9bbor3d.default\Extensions\[email protected] => not found.
3ouuJHBhq => service removed successfully
MvriXS68f => service removed successfully
nvZqRK643hnvZq => service removed successfully
wTnEgyJXCow => service removed successfully
C:\ProgramData\bdch => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{32A6098A-5ABB-480F-84BC-CEA6A40053E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A6098A-5ABB-480F-84BC-CEA6A40053E0}" => key removed successfully
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
"F:\wTnEgyJXCow.sys" => not found.
"F:\nvZqRK643hnvZq.sys" => not found.
"F:\MvriXS68f.sys" => not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2539508601-3164617073-3378887811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {12D28C8C-6A44-4C94-AD63-F2E1E797B17E}.
{206D3A9A-3BE5-4104-86AB-277368DFBB75} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 12 GB temporary data Removed.
 
 
The system needed a reboot.
 

 

==== End of Fixlog 18:44:51 ====
 
Mbar log #1:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.02.07.04
  rootkit: v2016.01.20.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18161
Betrayed :: BETRAYED [administrator]
 
07/02/2016 18:49:17
mbar-log-2016-02-07 (18-49-17).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 372666
Time elapsed: 13 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\ProgramData\Nimoru\LicenseSE (Backdoor.Bot) -> Delete on reboot. [8060114cd5c456e00e5953d68c76db25]
E:\Users\Jamie\Desktop\RAT\NanoCore\client.bin (Backdoor.NanoCore) -> Delete on reboot. [31af2b32b9e0c86ec86ceaca8081629e]
E:\Users\Jamie\Desktop\RAT\NanoCore\ClientPlugin.dll (Trojan.Agent.MSIL) -> Delete on reboot. [7d6364f93960a6904adcd01705fb16ea]
E:\Users\Jamie\Desktop\RAT\NanoCore\NanoCore.exe (Backdoor.NanoCore) -> Delete on reboot. [4799d18c1b7e9d998f05338ed92811ef]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
Mbar log #2:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.3.9200 Windows 8.1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18161
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 17070043136, free: 13562175488
 
Downloaded database version: v2016.02.07.04
Downloaded database version: v2016.01.20.01
Downloaded database version: v2016.02.05.02
=======================================
Initializing...
------------ Kernel report ------------
     02/07/2016 18:49:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\DRIVERS\ignis.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\bdvedisk.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1d64x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\xhcdrv.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\CorsairVBusDriver.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\xspltspk.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\ViaHub3.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\system32\drivers\SiUSBXp.sys
\SystemRoot\system32\drivers\SiLib.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\drivers\nvvadarm.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\rzendpt.sys
\SystemRoot\System32\drivers\rzudd.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\E:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\rzpmgrk.sys
\??\C:\Windows\system32\drivers\rzpnk.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\iqvw64e.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\E:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\System32\drivers\CorsairVHidDriver.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.02.07.04
  rootkit: v2016.01.20.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0015c003470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0015c1c2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0015c003470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0015bdf7060, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4260247079
    GPT Header CurrentLba = 1 BackupLba 488397167
    GPT Header FirstUsableLba 34  LastUsableLba 488397134
    GPT Header Guid ec13ece9-ceba-4a53-8f69-f414f8eafca2
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4260247079
    Backup GPT header CurrentLba = 488397167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 488397134
    Backup GPT header Guid ec13ece9-ceba-4a53-8f69-f414f8eafca2
    Backup GPT header Contains 128 partition entries starting at LBA 488397135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3fad585b-9665-4141-80f4-c6d4b5b1ed84
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID e163f737-29e0-4e84-8422-2aca866c19
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b21d8ddc-7537-46f1-86f5-54e0709850d6
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 57fbfa4-ea0f-42cb-a956-b2b22dbabbd2
    FirstLBA 1081344  Last LBA 488396799
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe0015c1c2770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0015c1c1040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0015c1c2770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0015bdf64b0, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1086525638
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid af1226bd-d72f-453c-a0cd-271cefd7444
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1086525638
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid af1226bd-d72f-453c-a0cd-271cefd7444
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7eef73b4-c9a1-450d-95d0-468e867cf0d5
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID dddfec41-fd32-4a67-bb7d-74132ded367f
    FirstLBA 264192  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
Infected: C:\ProgramData\Nimoru\LicenseSE --> [Backdoor.Bot]
<<<2>>>
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
Infected: E:\Users\Betrayed\Desktop\RAT\NanoCore\client.bin --> [Backdoor.NanoCore]
Infected: E:\Users\Betrayed\Desktop\RAT\NanoCore\ClientPlugin.dll --> [Trojan.Agent.MSIL]
Infected: E:\Users\Betrayed\Desktop\RAT\NanoCore\NanoCore.exe --> [Backdoor.NanoCore]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ? What problems are still evident
  • 0

#5
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

My computer seems to be a bit a better. My keyboard still doesn't register key strokes when I first boot PC so I need to unplug the USB and plug it back in.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have another USB slot that you could use as a test ?
  • 0

#7
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Do you have another USB slot that you could use as a test ?

Still the same also sometimes chrome unpins itself from the task bar on boot up.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please download MiniToolBox, save it to your desktop and run it.
minitoolbox.JPG
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#9
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Betrayed (administrator) on 09-02-2016 at 17:04:11
Running from "E:\Users\Betrayed\Desktop"
Microsoft Windows 8.1  (X64)
Model: MS-7885 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.socks", "127.0.0.1"
"network.proxy.socks_port", 9951
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Intel® Ethernet Connection (2) I218-V = Ethernet (Connected)
TAP-Windows Adapter V9 = Ethernet 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Betrayed
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-94-78-27-8C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I218-V
   Physical Address. . . . . . . . . : D8-CB-8A-31-8C-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::651e:6462:f1b2:b206%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 07 February 2016 19:04:31
   Lease Expires . . . . . . . . . . : 10 February 2016 13:32:26
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 64539530
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-B8-FF-94-D8-CB-8A-31-8C-74
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2a00:1450:400b:c02::66
 213.233.153.244
 213.233.153.251
 213.233.153.245
 213.233.153.223
 213.233.153.224
 213.233.153.210
 213.233.153.231
 213.233.153.237
 213.233.153.230
 213.233.153.216
 213.233.153.217
 213.233.153.238
 
 
Pinging google.com [213.233.153.244] with 32 bytes of data:
Reply from 213.233.153.244: bytes=32 time=28ms TTL=61
Reply from 213.233.153.244: bytes=32 time=29ms TTL=61
 
Ping statistics for 213.233.153.244:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 29ms, Average = 28ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=176ms TTL=48
Reply from 98.138.253.109: bytes=32 time=175ms TTL=48
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 175ms, Maximum = 176ms, Average = 175ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...00 ff 94 78 27 8c ......TAP-Windows Adapter V9
  3...d8 cb 8a 31 8c 74 ......Intel® Ethernet Connection (2) I218-V
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    276
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  3    276 fe80::/64                On-link
  3    276 fe80::651e:6462:f1b2:b206/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 E:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/08/2016 10:07:14 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (02/07/2016 07:03:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable).
 
Error: (02/07/2016 06:57:22 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (02/07/2016 06:57:21 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/07/2016 06:44:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable).
 
Error: (02/07/2016 06:44:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87ebb232-a27e-4d1b-aba9-431ec8d6af04}
 
Error: (02/07/2016 02:52:43 PM) (Source: Application Hang) (User: )
Description: The program ts3client_win64.exe version 3.0.18.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2b90
 
Start Time: 01d161b396217078
 
Termination Time: 3
 
Application Path: E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
 
Report Id: 6fc8b3f9-cdaa-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 02:46:10 PM) (Source: Application Hang) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d04
 
Start Time: 01d161b329417dc0
 
Termination Time: 425
 
Application Path: UNKNOWN
 
Report Id: 845e963b-cda9-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 02:26:49 PM) (Source: Application Hang) (User: )
Description: The program ts3client_win64.exe version 3.0.18.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3fb8
 
Start Time: 01d16196addf93a9
 
Termination Time: 6
 
Application Path: E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
 
Report Id: d1d39408-cda6-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/07/2016 02:23:37 PM) (Source: Application Hang) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ab8
 
Start Time: 01d161b28ad57a14
 
Termination Time: 175
 
Application Path: UNKNOWN
 
Report Id: 5818576e-cda6-11e5-82b2-d8cb8a318c74
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/09/2016 03:04:27 PM) (Source: DCOM) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/08/2016 04:20:42 PM) (Source: DCOM) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/07/2016 06:45:09 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (02/07/2016 01:44:39 PM) (Source: DCOM) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/07/2016 01:44:09 PM) (Source: DCOM) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/07/2016 02:04:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/06/2016 05:14:52 PM) (Source: DCOM) (User: Betrayed)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (02/06/2016 03:11:43 PM) (Source: DCOM) (User: Betrayed)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (02/06/2016 02:02:33 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/05/2016 11:45:58 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (02/08/2016 10:07:14 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (02/07/2016 07:03:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable)
 
Error: (02/07/2016 06:57:22 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
 
Error: (02/07/2016 06:57:21 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/07/2016 06:44:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
 
System Error:
0xC0000039 (unresolvable)
 
Error: (02/07/2016 06:44:24 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87ebb232-a27e-4d1b-aba9-431ec8d6af04}
 
Error: (02/07/2016 02:52:43 PM) (Source: Application Hang)(User: )
Description: ts3client_win64.exe3.0.18.22b9001d161b3962170783E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe6fc8b3f9-cdaa-11e5-82b2-d8cb8a318c74
 
Error: (02/07/2016 02:46:10 PM) (Source: Application Hang)(User: )
Description: UNKNOWN0.0.0.01d0401d161b329417dc0425UNKNOWN845e963b-cda9-11e5-82b2-d8cb8a318c74
 
Error: (02/07/2016 02:26:49 PM) (Source: Application Hang)(User: )
Description: ts3client_win64.exe3.0.18.23fb801d16196addf93a96E:\Program Files\TeamSpeak 3 Client\ts3client_win64.exed1d39408-cda6-11e5-82b2-d8cb8a318c74
 
Error: (02/07/2016 02:23:37 PM) (Source: Application Hang)(User: )
Description: UNKNOWN0.0.0.0ab801d161b28ad57a14175UNKNOWN5818576e-cda6-11e5-82b2-d8cb8a318c74
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.60 - FinalWire Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA Network Staff Tool (HKCU\...\919eb8f7efa297be) (Version: 0.3.0.2 - Matthew Cammack)
ArmA3Sync 1.5.72 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.72 - The [S.o.E] team)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version:  - Ubisoft)
Battlefield™ Hardline (HKLM-x32\...\{CB4AC3DA-8CC1-4516-86DA-4078B57DB229}) (Version: 1.0.0.2 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
CAM (HKLM-x32\...\{8E86129E-48D3-4814-8D2D-66221881F370}) (Version: 2.0.16 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Chains (HKLM-x32\...\Steam App 11360) (Version:  - 2DEngine.com)
Chronicles of a Dark Lord: Episode II War of The Abyss (HKLM-x32\...\Steam App 341780) (Version:  - Kisareth Studios)
Corsair Utility Engine (HKLM-x32\...\{D826C227-7E74-415A-8B12-CAA2E26E2A31}) (Version: 1.14.43 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
FileSeek 4.3 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 4.3.0.0 - Binary Fortress Software)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.69.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 3.1.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
H1Z1 Test Server (HKLM-x32\...\Steam App 362300) (Version:  - )
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodi (HKCU\...\Kodi) (Version:  - XBMC-Foundation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Memories of a Vagabond (HKLM-x32\...\Steam App 307070) (Version:  - DarkElite)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-GB)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI)
MultiBit Classic 0.5.19 (HKLM-x32\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MultiBit HD 0.1.3 (HKLM\...\6925-4794-5772-4956) (Version: 0.1.3 - Bitcoin Solutions Ltd)
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 358.87 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenVPN 2.3.6-I603  (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Opera Stable 34.0.2036.25 (HKLM-x32\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKCU\...\Popcorn Time) (Version:  - Popcorn Official)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2402 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.2.19 - Red Giant, LLC)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skyperious 3.5 (HKLM-x32\...\Skyperious) (Version: 3.5 - Erki Suurjaak)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Killer Hornet: Resurrection (HKLM-x32\...\Steam App 271860) (Version:  - Flump Studios)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version:  - SkyGoblin)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Trapcode Suite 64-bit (HKLM\...\{2F50AD39-44F4-48CB-94E4-5C5AEFB0DAC6}) (Version: 12.1.4 - Red Giant) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{2F50AD39-44F4-48CB-94E4-5C5AEFB0DAC6}) (Version: 12.1.4 - Red Giant)
Trapcode Suite v12.1.7 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.7 - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WS Launcher (HKLM-x32\...\{B6496B72-C011-47EA-B68C-F9CD3A0025DA}) (Version: 30.0.4.3 - WS.ARMA.SU) Hidden
WS Launcher (HKLM-x32\...\WS Launcher 30.0.4.3) (Version: 30.0.4.3 - WS.ARMA.SU)
XSplit Broadcaster (HKLM-x32\...\{4202CAFA-F8F9-4311-8A13-19DB48AAF5F7}) (Version: 2.2.1502.1633 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 25%
Total physical RAM: 16279.26 MB
Available physical RAM: 12046.87 MB
Total Virtual: 32663.26 MB
Available Virtual: 27031.64 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:232.37 GB) (Free:122.84 GB) NTFS
3 Drive e: (Data) (Fixed) (Total:931.39 GB) (Free:320.53 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\BETRAYED
 
Administrator            Guest                    Betrayed                    
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\010616-6765-01.dmp
C:\Windows\Minidump\011416-7234-01.dmp
C:\Windows\Minidump\012216-8281-01.dmp
C:\Windows\Minidump\012316-6125-01.dmp
 
**** End of log ****

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you zip these four files and attach to your next post please

C:\Windows\Minidump\010616-6765-01.dmp
C:\Windows\Minidump\011416-7234-01.dmp
C:\Windows\Minidump\012216-8281-01.dmp
C:\Windows\Minidump\012316-6125-01.dmp
  • 0

Advertisements


#11
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

It won't let me for some reason.


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you copy them to the desktop and zip them there ?
  • 0

#13
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Here you go.

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download the MBAM removal tool to your desktop from here https://downloads.ma...file/mbam_clean

Then uninstall MBAM
After the reboot run the MBAMClean tool
Reboot and then let me know how the computer is behaving
  • 0

#15
Betrayed

Betrayed

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts

Same problem with keyboard but apart from that it is fine. Should I re install MBAM?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP