Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Infection [Solved]

infection possible

  • This topic is locked This topic is locked

#1
anthonybugg

anthonybugg

    Member

  • Member
  • PipPip
  • 31 posts

[attachment=74357:Addition.txt][attachment=74358:FRST.txt][attachment=74346:OTL.Txt][attachment=74347:Extras.Txt]

 

I think I may have been possibly infected. I basically ran a file and I think it's very suspicious because of what it does and how it does it. For one, the second I run the file my CPU usage goes up from around 10 - 30% to 70 - 90 % in matter of seconds, then once I close the file my CPU usage goes way down. Not only that but the file name is consisted of many different symbols and letters in the process name, as seen here: http://i.imgur.com/yVJYelt.png.

 

A few other things I am worried about is once I scanned the file with Virus Total, it gave me things like "backdoor", "Trojan", as seen here: https://www.virustot...sis/1418948917/. It also won't run in a VM for some reason, but it does work while running it via the program "sandboxie". 

Machine Specs: Windows 7 Ultimate 64-Bit, Intel Core q6000, GTX 660, 8 GB RAM

OTL Logs:

OTL.TXT
-------
OTL logfile created on: 12/18/2014 7:17:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anthony Bugg\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 55.09% Memory free
16.00 Gb Paging File | 11.73 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 268.10 Gb Free Space | 57.57% Space Free | Partition Type: NTFS
 
Computer Name: ABUGG | User Name: HomePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/12/18 19:17:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony Bugg\Downloads\OTL.exe
PRC - [2014/12/18 07:01:33 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\bin\rubyw.exe
PRC - [2014/12/18 07:01:21 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\bin\rubyw.exe
PRC - [2014/12/17 16:27:48 | 050,337,912 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
PRC - [2014/12/14 11:54:24 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
PRC - [2014/12/14 11:54:23 | 008,817,658 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/06 12:08:04 | 002,464,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/11/06 12:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/11/03 02:31:56 | 000,064,616 | ---- | M] (CyberGhost S.R.L) -- C:\Program Files\CyberGhost 5\Service.exe
PRC - [2014/10/31 18:27:38 | 000,183,488 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2014/10/26 09:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2014/10/08 18:13:06 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/10/08 18:10:58 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2014/09/13 15:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/07/30 08:52:41 | 000,076,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2014/06/12 17:22:36 | 000,190,680 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe
PRC - [2014/06/12 17:22:30 | 002,115,800 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
PRC - [2014/06/12 17:22:30 | 000,112,856 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2014/06/12 16:44:08 | 014,407,384 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2014/06/12 16:20:56 | 000,019,160 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vprintproxy.exe
PRC - [2013/12/19 16:17:14 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/12/18 07:01:34 | 000,026,624 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2014/12/18 07:01:33 | 000,275,968 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
MOD - [2014/12/18 07:01:33 | 000,127,316 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\bin\libffi-6.dll
MOD - [2014/12/18 07:01:33 | 000,126,976 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2014/12/18 07:01:33 | 000,118,784 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
MOD - [2014/12/18 07:01:33 | 000,095,744 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
MOD - [2014/12/18 07:01:33 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2014/12/18 07:01:33 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2014/12/18 07:01:33 | 000,087,552 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2014/12/18 07:01:33 | 000,083,968 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\bin\zlib1.dll
MOD - [2014/12/18 07:01:33 | 000,069,120 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
MOD - [2014/12/18 07:01:33 | 000,036,352 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
MOD - [2014/12/18 07:01:33 | 000,026,624 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
MOD - [2014/12/18 07:01:33 | 000,023,552 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
MOD - [2014/12/18 07:01:33 | 000,016,384 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2014/12/18 07:01:33 | 000,015,360 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
MOD - [2014/12/18 07:01:33 | 000,014,848 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2014/12/18 07:01:33 | 000,013,312 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
MOD - [2014/12/18 07:01:33 | 000,012,800 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2014/12/18 07:01:33 | 000,009,728 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2014/12/18 07:01:33 | 000,009,216 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
MOD - [2014/12/18 07:01:33 | 000,008,192 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
MOD - [2014/12/18 07:01:32 | 000,026,624 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2014/12/18 07:01:31 | 000,126,976 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2014/12/18 07:01:31 | 000,087,552 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2014/12/18 07:01:31 | 000,016,384 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2014/12/18 07:01:31 | 000,009,216 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2014/12/18 07:01:27 | 000,095,744 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
MOD - [2014/12/18 07:01:27 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2014/12/18 07:01:27 | 000,013,312 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
MOD - [2014/12/18 07:01:26 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2014/12/18 07:01:25 | 000,014,848 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2014/12/18 07:01:25 | 000,012,800 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2014/12/18 07:01:25 | 000,009,728 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2014/12/18 07:01:23 | 000,127,316 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\bin\libffi-6.dll
MOD - [2014/12/18 07:01:21 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2014/12/17 16:27:49 | 009,312,888 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
MOD - [2014/12/17 16:27:48 | 001,358,456 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\libGLESv2.dll
MOD - [2014/12/17 16:27:47 | 000,991,352 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
MOD - [2014/12/17 16:27:47 | 000,219,256 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\libEGL.dll
MOD - [2014/12/14 11:54:29 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
MOD - [2014/12/14 11:54:25 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
MOD - [2014/12/14 11:54:25 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
MOD - [2014/12/14 11:54:25 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
MOD - [2014/12/14 11:54:25 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
MOD - [2014/12/14 11:54:25 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
MOD - [2014/12/14 11:54:25 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
MOD - [2014/12/14 11:54:24 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
MOD - [2014/12/14 11:54:24 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
MOD - [2014/12/14 11:54:24 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
MOD - [2014/12/14 11:54:24 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
MOD - [2014/12/14 11:54:23 | 008,817,658 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
MOD - [2014/12/14 11:54:23 | 000,368,640 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
MOD - [2014/12/14 11:54:23 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
MOD - [2014/12/14 11:54:23 | 000,180,224 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
MOD - [2014/06/12 17:23:08 | 000,319,704 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\libldap_r.dll
MOD - [2014/06/12 17:22:58 | 000,146,648 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\liblber.dll
MOD - [2014/06/12 17:22:54 | 000,070,360 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
MOD - [2014/06/12 17:22:44 | 000,330,456 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\libcurl.dll
MOD - [2014/06/12 17:22:18 | 001,261,272 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - File not found ["Start" not found. | Unknown] -- C:\Program Files\LustGaming\LustGaming Loader\BlackBoneDrv7.sys -- (BlackBone)
SRV:[b]64bit:[/b] - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/11/06 12:07:54 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:[b]64bit:[/b] - [2014/11/06 12:07:49 | 019,819,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:[/b] - [2014/11/03 02:31:56 | 000,064,616 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV:[b]64bit:[/b] - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2014/05/29 13:33:02 | 000,174,088 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:[b]64bit:[/b] - [2013/10/04 22:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/02/02 18:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:[b]64bit:[/b] - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/12/09 20:28:04 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/12/05 20:42:05 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 19:52:11 | 000,448,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/16 16:47:24 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/11/06 12:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/10/31 18:27:38 | 000,183,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2014/10/08 18:13:06 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/10/08 18:10:58 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/10/08 18:10:30 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/09/13 15:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/07/30 08:52:41 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2014/06/12 16:44:08 | 014,407,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/27 17:40:46 | 000,906,432 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2013/12/19 16:17:14 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2013/08/22 03:21:36 | 000,119,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013/08/22 02:55:00 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2011/12/15 12:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys -- (SANDRA)
DRV:[b]64bit:[/b] - [2014/11/17 16:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:[b]64bit:[/b] - [2014/11/06 12:07:49 | 000,019,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:[b]64bit:[/b] - [2014/10/31 18:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:[b]64bit:[/b] - [2014/10/03 14:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2014/09/18 12:38:22 | 000,063,160 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2014/09/04 22:28:00 | 000,033,448 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:[b]64bit:[/b] - [2014/09/04 22:27:58 | 000,031,912 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:[b]64bit:[/b] - [2014/09/04 22:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:[b]64bit:[/b] - [2014/09/04 22:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:[b]64bit:[/b] - [2014/08/18 10:28:34 | 000,222,280 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2014/08/18 10:28:32 | 000,243,440 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:[b]64bit:[/b] - [2014/08/18 10:28:32 | 000,169,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2014/08/18 10:28:32 | 000,044,632 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:[b]64bit:[/b] - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 23:13:34 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2014/07/24 12:45:41 | 000,098,464 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:[b]64bit:[/b] - [2014/06/12 17:23:04 | 000,064,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:[b]64bit:[/b] - [2014/06/12 17:22:50 | 000,031,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:[b]64bit:[/b] - [2014/06/12 17:22:02 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:[b]64bit:[/b] - [2014/06/12 17:22:02 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:[b]64bit:[/b] - [2014/06/12 17:21:58 | 000,033,496 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:[b]64bit:[/b] - [2014/05/29 13:33:16 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:[b]64bit:[/b] - [2014/05/16 19:42:38 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:[b]64bit:[/b] - [2014/04/24 13:44:44 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ptun0901.sys -- (ptun0901)
DRV:[b]64bit:[/b] - [2014/02/27 17:40:32 | 000,054,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:[b]64bit:[/b] - [2014/02/07 12:17:24 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:[b]64bit:[/b] - [2013/11/13 21:42:00 | 000,039,576 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV:[b]64bit:[/b] - [2013/10/15 11:02:08 | 000,386,560 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CMUSBDAC.sys -- (CMUSBDAC)
DRV:[b]64bit:[/b] - [2013/10/14 14:35:12 | 000,094,208 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys -- (vzandnetndis)
DRV:[b]64bit:[/b] - [2013/10/08 17:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:[b]64bit:[/b] - [2013/10/08 17:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2013/05/31 09:53:12 | 000,222,200 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:[b]64bit:[/b] - [2013/05/08 09:05:46 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV:[b]64bit:[/b] - [2013/05/06 13:48:54 | 000,036,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys -- (vzandnetmodem)
DRV:[b]64bit:[/b] - [2013/05/06 13:48:20 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys -- (vzandnetdiag)
DRV:[b]64bit:[/b] - [2013/04/12 10:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/12/15 12:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/07/01 12:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/08 18:10:48 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C1 A8 05 AD 9F CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..network.proxy.type: 
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0: C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.20.2: C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2: C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0: C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.20.2: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2014/07/29 15:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Bugg\AppData\Roaming\mozilla\Extensions
[2014/07/29 15:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Bugg\AppData\Roaming\mozilla\Firefox\Profiles\org1oc1n.default\extensions
[2014/10/03 20:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/29 15:04:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/09/26 16:55:08 | 000,000,047 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 lgloader
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot)
O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418904101 File not found
O4 - Startup: C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cookies [2014/12/13 12:25:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\logs [2014/12/06 20:21:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353214FA-413A-4188-B7EB-41D35A35FFB7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7447BA64-5EF7-4F44-B022-F624C28E0539}: DhcpNameServer = 172.20.10.1
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/12/18 19:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2014/12/18 19:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2014/12/17 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Process Hacker 2
[2014/12/16 17:58:41 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\X-Chat 2
[2014/12/16 17:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
[2014/12/16 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xchat
[2014/12/14 11:55:41 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Titanium
[2014/12/14 11:54:36 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
[2014/12/14 11:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\pia_manager
[2014/12/06 14:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2014/12/06 14:22:11 | 000,222,200 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2014/12/06 14:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2014/12/05 23:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6.8
[2014/12/05 23:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2014/12/05 21:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/12/05 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/12/05 21:42:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/12/02 18:20:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/11/29 14:30:37 | 000,129,600 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpnk.sys
[2014/11/29 14:30:22 | 000,037,184 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpmgrk.sys
[2014/11/29 14:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2014/11/29 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\RzStats
[2014/11/29 00:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LustGaming
[2014/11/22 21:38:13 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\enchant
[2014/11/22 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
[2014/11/22 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr
[2014/11/21 21:56:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\.technic
[2014/11/20 17:14:07 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\pangu
[2014/11/20 17:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/20 17:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/20 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/20 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/11/20 17:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/11/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReiBoot
[2014/11/20 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReiBoot
[2014/11/20 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Apple Computer
[2014/11/20 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\Apple Computer
[2014/11/20 16:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/11/20 16:30:57 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\Apple
[2014/11/20 16:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/11/20 16:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/11/20 16:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/11/20 16:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/11/20 16:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/11/20 16:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/11/20 03:23:06 | 000,009,728 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\RzStats.IPC.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/12/18 19:14:12 | 000,002,538 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/12/18 19:05:08 | 000,001,841 | ---- | M] () -- C:\Users\Anthony Bugg\Desktop\Process Hacker 2.lnk
[2014/12/18 18:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/18 16:59:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2193515018-1396474700-500218789-1001.job
[2014/12/18 16:17:24 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014/12/18 16:17:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/18 06:52:33 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/17 22:09:44 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/17 22:09:44 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/17 20:35:32 | 000,003,584 | ---- | M] () -- C:\Users\Anthony Bugg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/02 18:20:24 | 000,788,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/02 18:20:24 | 000,666,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/02 18:20:24 | 000,124,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/29 14:44:22 | 000,268,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/24 22:00:04 | 000,001,292 | ---- | M] () -- C:\Users\Anthony Bugg\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2014/11/20 16:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/11/20 03:23:06 | 000,009,728 | ---- | M] (Razer Inc.) -- C:\Windows\SysWow64\RzStats.IPC.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/12/18 19:05:08 | 000,001,841 | ---- | C] () -- C:\Users\Anthony Bugg\Desktop\Process Hacker 2.lnk
[2014/12/17 20:35:32 | 000,003,584 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/11/24 22:00:04 | 000,001,292 | ---- | C] () -- C:\Users\Anthony Bugg\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2014/11/22 21:35:40 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2014/11/20 16:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/11/20 16:30:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/10/13 13:38:44 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ABUGG-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2014/10/03 20:34:15 | 000,001,877 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Roaming\VPNMasterFreeVPN.pbk
[2014/09/28 16:49:29 | 000,002,538 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2014/09/07 15:48:19 | 174,606,558 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
[2014/09/07 15:48:19 | 000,002,111 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
[2014/08/17 17:13:09 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2014/07/30 01:40:45 | 000,348,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/07/30 01:40:44 | 000,076,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/07/22 10:04:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/07/22 10:04:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/07/22 10:04:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/07/22 10:04:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/07/22 10:04:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/07/14 21:27:13 | 000,000,059 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\UserProducts.xml
[2014/07/14 17:46:27 | 000,780,628 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/11/30 20:14:01 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\.minecraft
[2014/12/14 12:01:03 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\.purple
[2014/11/21 22:03:56 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\.technic
[2014/10/28 20:54:21 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\DMCache
[2014/07/14 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\ESET
[2014/11/27 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\FileZilla
[2014/10/19 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\GameTracker
[2014/10/28 20:56:37 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Garena
[2014/10/01 16:40:14 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Greenshot
[2014/09/24 16:26:14 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Gyazo
[2014/08/15 20:14:37 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\java
[2014/07/29 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\JPEXS
[2014/11/29 00:27:54 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\LustGaming
[2014/09/25 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Mael
[2014/07/29 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Notepad++
[2014/08/11 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\NuGet
[2014/07/14 16:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Opera Software
[2014/09/22 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Oracle
[2014/11/16 16:49:00 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Origin
[2014/12/18 19:15:32 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Process Hacker 2
[2014/09/30 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\QFX Software
[2014/10/18 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Screaming Bee
[2014/10/28 18:48:24 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Softplicity
[2014/08/08 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\TamoSoft
[2014/07/23 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\TeamViewer
[2014/12/14 11:55:41 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Titanium
[2014/12/16 21:38:56 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\TS3Client
[2014/12/06 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\uTorrent
[2014/12/17 21:32:00 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\X-Chat 2
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 12 bytes -> C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Users\Anthony Bugg\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}

< End of report >

Extras.txt
----------
OTL Extras logfile created on: 12/18/2014 7:17:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anthony Bugg\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 55.09% Memory free
16.00 Gb Paging File | 11.73 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 268.10 Gb Free Space | 57.57% Space Free | Partition Type: NTFS
 
Computer Name: ABUGG | User Name: HomePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
"NoControlPanel" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08649C33-32AD-40B4-A1A0-3BF460B50666}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0BB47A2B-B2F9-473E-AD3D-0A422DFAA863}" = lport=32535 | protocol=6 | dir=in | name=skype anti resolver tcp | 
"{21BF0083-381E-490C-BD2F-670FED76C22F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{256F4BAA-16DD-4E67-9DC6-7D92B312E59F}" = lport=1601 | protocol=6 | dir=in | name=dc | 
"{29E9A321-8C6F-4C38-A15F-16D41503E609}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2DE458AD-00B2-47A0-B0CD-4C377157705E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{3512D144-33DA-4400-A090-DB2BE4114DF7}" = rport=1601 | protocol=6 | dir=out | name=dc | 
"{3C9E86F2-262F-45CA-8221-B2F59795F0F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4307B82F-F7A3-447C-A428-1268D8529205}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{48001CAE-8AEE-4F4B-A937-243F5EA0B6F8}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{4A828923-232C-4B7D-BB21-52C16E9793B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4BE5714F-A023-426E-8837-AC3ACF5E0A67}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C4777D2-3EF5-42E3-8020-CEB09294B6E1}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{53514A4A-CDF6-404D-A754-96AA3A444F75}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5A2F985B-A500-4209-98BD-7BAEB0EB7514}" = lport=32535 | protocol=17 | dir=out | name=skype anti resolver udp | 
"{5E3BD7E9-E62F-4F4C-93BF-C35AD12CFE3B}" = lport=32535 | protocol=17 | dir=in | name=skype anti resolver udp | 
"{5E543418-C10D-44F2-A89F-2E2927D2BCAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6427FEBD-31B2-484C-8D3C-8DEA7E69D921}" = lport=138 | protocol=17 | dir=in | app=system | 
"{689C2714-EBB6-43A9-9549-91B5DBAE4FBE}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{6902F496-9A00-4AFD-9B60-42417D718AF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E537A05-E59C-4DB1-95FF-726CF3175A55}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6FE0E4B4-0ED1-4B07-9D96-730DC4D713E3}" = lport=40031 | protocol=17 | dir=out | name=skype anti resolver udp | 
"{789F4705-07B4-4DB8-87D7-74CFDD50E5C0}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{7A089CF7-BD82-4936-8AC1-0C20D6ADB60B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7AF64DE5-8381-48C5-9C37-4B71B23AA1C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{804ED42C-AC73-4B43-8F2C-FB1B1DDF98B4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8176DEEA-FE31-4277-B65D-A101D72E2F72}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{88EB015A-D8DC-44E9-BB37-7DB3DBFE7087}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DBBB811-E442-4CE9-A957-ABE189F056D1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2014.sp3e\wnt600x64\rpcsandrasrv.exe | 
"{9267554C-1634-4D3B-BAE1-B17D8BC22BAB}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{9E45A155-7959-4829-8E8C-48695D5EEE52}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{B07C3ADF-899A-4D5E-A3AB-D0DF70784D0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA14E8EB-51AB-43D1-8AB2-1C7659967E68}" = lport=32535 | protocol=6 | dir=out | name=skype anti resolver tcp | 
"{C013236E-70C0-4E03-8527-743982A68267}" = lport=40031 | protocol=6 | dir=in | name=skype anti resolver tcp | 
"{D35F42AE-38F6-4F08-83C8-FC8D1E0A9412}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{D61BED83-FBB1-4D0F-B872-1F8B24F222F1}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{D822CF36-F512-4D6E-8894-7170F7D95E48}" = lport=40031 | protocol=17 | dir=in | name=skype anti resolver udp | 
"{D8AF4BB7-52A3-41E7-94C2-3445ADE7706F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA0D56B2-AC6F-41E1-A22F-6BEB283E999E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF66EB4C-4264-4128-B0F2-A26E79A9422D}" = lport=40031 | protocol=6 | dir=out | name=skype anti resolver tcp | 
"{E2731627-86E9-45C6-9CEA-7980334B701D}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{E387BAA7-5217-459F-8895-78B502101C99}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E6FB27BE-6518-45C2-8748-1BCFBD0F63BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E84CDBE3-770F-43D7-90CB-158F4C8DDB2D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F0A324ED-2258-4B82-983F-21A76C00DBB7}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{F11F1B40-3C35-4F7C-B594-2BD6CDB2E433}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{F284EA2A-4FAC-473A-B94C-D68D335F4908}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00510D8C-A4F3-426C-A178-1D5AB0EFAC4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06247F0B-8692-466E-B68D-41CC90BE5EE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0DE52684-924D-4B74-9059-B09E654C01B9}" = protocol=6 | dir=in | app=c:\users\anthony bugg\appdata\roaming\utorrent\utorrent.exe | 
"{0E284A04-8700-4CE1-9C04-0D1A66E582E8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{157A9100-D2F9-4547-91D0-ACC0B02BFA2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{179BEF8D-1E49-4F2F-9C3B-E9F004178D83}" = dir=in | name=twitch/youtube | 
"{189FC842-BE30-44D9-8AD0-ACB4D930DB7A}" = protocol=17 | dir=in | app=c:\users\anthony bugg\appdata\roaming\utorrent\utorrent.exe | 
"{1B1B3046-8F57-4A2B-A0B9-4C429F14A649}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2466C65A-8692-4FC8-9342-B46A18D44E87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | 
"{24820A03-50DD-47C0-8D43-81C4A84C55D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{24E88933-4A0B-4A14-A9C0-6990238B4D1D}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{25B8C216-7EEB-451D-BE28-8B168C72BD2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | 
"{263B5825-2354-461F-B839-02831D33D2E9}" = dir=in | name=mitchribarytube | 
"{2921D07E-993B-4972-BBFB-B229AFA0C127}" = dir=in | app=c:\users\anthon~1\appdata\local\temp\nsmed52.tmp\cnetinstaller-76037571.exe | 
"{2CFC6713-9C4B-48C1-88F8-3ED8C4302AF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | 
"{2E69F6AC-A428-4221-9FE8-BAAD683530E1}" = dir=in | name=sdwd | 
"{2FC0FA7C-CDE3-4309-A8B5-FE341DEB31D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2FEBE8B8-0046-478F-8391-566E0FFCEBD1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2FFCEBF3-9614-49A5-A400-D1801645170A}" = protocol=6 | dir=in | app=c:\program files\blackshot\blackshot\system\blackshot.exe | 
"{34E8C665-855C-4103-81B8-1319E20A9B33}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3DE6DFB0-13DC-456B-8EDD-B0C276F11BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz_be.exe | 
"{3DE9A248-0270-42E9-AD43-4F055D416482}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | 
"{3ED162C3-5D78-4AC5-A66F-A3368A30CC9C}" = dir=in | name=swag | 
"{40D2EA8E-1302-4AE9-B269-96F4EC159302}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{418C042F-FF5D-40AF-B131-BFE2C7CF75E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44342452-AE66-46B2-AB57-A848258D1982}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44ABDFFF-1BFA-4BCC-B0A5-01F9E113B073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{44C954FD-CECC-4427-ACB6-9A861DC8B0BA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{48547775-99C3-4D05-8494-09E6F5F843E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{4E148AB4-3CCD-4E5C-ABC4-330E5E3DEC20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EC4BBB6-16A4-41C0-A6AA-FF381EFF823D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5349E1A0-FF56-4680-B59A-8E8D7CDC9337}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{5371EC6B-E3EB-49AE-8F2F-988950A27944}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5C65F73B-DFC9-4AA2-BE4A-50589D75AB7E}" = dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{5F5709F6-BEF4-4E7E-8ED2-204A80276E25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | 
"{63F1E97E-2EAA-4949-A444-8B2081853356}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{6665D980-1E60-48EB-BB23-E4BFF595D660}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | 
"{67FFEBD1-E6EE-47EE-B3EE-9BA8C0E35AEE}" = protocol=6 | dir=out | app=system | 
"{6D3E2247-7DBB-489F-BFCF-22A64FBC3610}" = protocol=1 | dir=out | [email protected],-28544 | 
"{779B0588-A0A7-4505-A52F-52423A5427DF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | 
"{79906D6E-3B8F-4E8E-A500-D46F57ABC012}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{7D19AC5C-B95E-417F-83BB-8ED98A5496A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{81E6F96C-C5F9-4ED7-9C1C-D8ACF4C9B6A5}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"{828B6385-19E6-4E81-81FF-0B844293B644}" = protocol=1 | dir=in | [email protected],-28543 | 
"{84B54153-D3CC-4753-B5D8-F439DABC2577}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{88CF1339-3E9B-4399-9256-16CE9FB3787E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{8D753FC5-A154-4E8F-916E-36DA39D419B4}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | 
"{900D6E3D-A587-4275-8621-A75F4A11EE7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{949B16C3-FFA2-4D7B-A698-85C99EC00BD1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9584A850-8F22-44AF-A0C5-EB8BF931E086}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{967CC699-A4FB-4C79-9423-B2D6EAFAD600}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{9B32484F-1756-48CB-96C8-2882074E60AA}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"{9D154F12-EE9B-432E-AA83-5D012E89A475}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9D70CE82-8D30-43CA-A860-12ED6146BCE9}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\xrat 2.0 release3\xrat 2.exe | 
"{9DC323D7-E120-4C97-A720-FF6D446D42EA}" = dir=out | app=c:\users\anthon~1\appdata\local\temp\nsmed52.tmp\cnetinstaller-76037571.exe | 
"{A577362D-4F5E-421A-BF9B-6FDABFAC014D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A5774E71-4E20-44C9-B62E-11C10FFE87F3}" = dir=in | app=c:\program files (x86)\garena plus\ggdllhost.exe | 
"{A84C1D17-DA80-4B91-9978-5902557772DF}" = protocol=58 | dir=out | [email protected]rewallapi.dll,-28546 | 
"{A8F9D45B-0DBA-4E9E-8BF2-0810ACE27B15}" = protocol=17 | dir=in | app=c:\program files\blackshot\blackshot\system\blackshot.exe | 
"{A9ACC16E-DF99-4C44-9BED-8DF1EF2C0344}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\xrat 2.0 release3\xrat 2.exe | 
"{AABD623A-8E8B-43DB-B360-838CDF018108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD7A9D75-CECC-4246-A3C8-D5F09E8463A7}" = dir=in | name=mitchribarytube | 
"{B479A5F2-14EA-44A7-BE20-9595D368E16F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{B9B9461F-18D4-4496-ADD2-40CAA23C539E}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | 
"{BB6DE89B-5093-45CD-B2E9-2E969A968C8E}" = dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{C08DF588-0DA4-4328-98F8-8AACEA0CA7A0}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | 
"{C16B83AB-E6FF-4643-9864-A10E827F8938}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C1B19FBF-C1CF-4FA4-BCC4-A3B6B05CAF66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz_be.exe | 
"{C79D7935-1CF3-43F8-B561-8E90E884B4E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8722C67-661C-4242-91EC-8C63A2324831}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CAF52842-5264-479A-8748-301114B380F1}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | 
"{CE094998-F2E8-4316-9EC0-ED5479120979}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{D27AC4A1-ABC8-4381-B202-926999B55EBC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D3073E2B-6633-4820-AD45-E0AB2B261123}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | 
"{DEC34735-B2E3-4342-AB08-F22A5044EAEC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{DF920CC8-06C6-4113-A57F-62F64D601DBA}" = dir=in | name=mitchribarytube | 
"{E359F38F-1B63-455D-BB8E-26907F22F4BB}" = protocol=6 | dir=in | app=c:\users\anthony bugg\downloads\blackshot_garenaplus_installer.exe | 
"{E8A19430-E735-46F7-B9B3-95222274DC49}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{EBC945A9-A3DD-4922-B597-E0D375D04B52}" = protocol=17 | dir=in | app=c:\users\anthony bugg\downloads\blackshot_garenaplus_installer.exe | 
"{F151ACCB-88BB-4F48-832A-CD1CFED87EDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F91C2425-0626-49ED-93CD-64C60F9271D9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{FACBEF88-EEAB-43A6-9C93-3C81D94020A1}" = dir=out | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{FC8ABBBC-8942-45AB-B621-94201216501A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FE29B4B4-17D5-4A66-9182-121B4E434244}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"TCP Query User{34F8A414-9984-4905-94EA-FBBCC1C5E3CB}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"TCP Query User{4BA3EF93-543E-43D1-AD86-9572DF0B15F8}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"TCP Query User{5C7A603D-90BD-4D9B-BB3B-F154D801FF71}C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | 
"TCP Query User{92D11E34-73CE-4317-9699-717F8B5A205E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D868B1DB-EE75-41A2-8210-89A96DEE4342}C:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | 
"UDP Query User{1258541D-DBC2-457B-9FD8-AB12FA5E2E1E}C:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | 
"UDP Query User{3BEB8DD9-0A4F-4CBF-B294-CB510CE45544}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | 
"UDP Query User{5CD48BE8-BCE7-4AEC-9152-10807E62EB17}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{BF01DC6C-E049-4EE3-83FE-B533197C78C2}C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | 
"UDP Query User{CFC2F42F-6983-4A43-AF32-D6ACD6627DEA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05198C22-FFCE-374A-B190-9F18CC99DAEA}" = Build Tools Language Resources - amd64
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B6BDD27-3097-4FE1-BDE6-1D5EC7399563}" = Visual Studio 2013 Prerequisites
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{127B5371-1802-4EDD-A25A-A43BF761D383}" = PBO Manager v.1.4 beta
"{16222DF7-8513-491E-91F0-F489AB2D3CB0}" = Visual Studio 2013 Prerequisites - ENU Language Pack
"{199C6892-5DED-409B-88B2-3BE6421552B2}" = Workflow Manager Client 1.0
"{1D2CEC61-C3F0-C27E-7280-F9D6B10378BE}" = Windows App Certification Kit Native Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E4064EE-26B4-341E-9208-72859FCDE1DA}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64)
"{1F4004F7-3BC0-3ABC-86F6-7A125D11F98B}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64)
"{2044FC4C-4EA3-4113-BC1E-962DF568D201}" = JavaScript Tooling
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{26A24AE4-039D-4CA4-87B4-2F06417065FF}" = Java 7 Update 65 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418020F0}" = Java 8 Update 20 (64-bit)
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3674F088-9B90-473A-AAC3-20A00D8D810C}" = Microsoft Web Deploy 3.5
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{49055838-1EF5-40BB-89B6-8E3456B3E817}" = Microsoft Visual Studio 2013 Performance Collection Tools - ENU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities 
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0180110}" = Java SE Development Kit 8 Update 11 (64-bit)
"{65C91666-C3E8-3A42-BDA8-87932DD34F89}" = Microsoft Team Foundation Server 2013 Object Model (x64)
"{6C026A91-640F-4A23-8B68-05D589CC6F18}" = Microsoft SQL Server 2012 Express LocalDB 
"{6D7131D1-87E5-4677-BD6A-08DCF2529076}" = Microsoft Visual Studio 2013 Performance Collection Tools
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95150001-1163-0409-1000-0000000FF1CE}" = SharePoint Client Components
"{95176218-0F93-3376-912E-B82DACCEA01B}" = Microsoft Visual C++ 2013  x64 Designtime - 12.0.21005
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A36AC685-4435-4C16-861F-221231DE165D}" = Hex Workshop v6.8
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.26
"{B50B367A-AFE1-489D-87E7-6CCCD96049A3}" = Microsoft Visual Studio 2013 IntelliTrace Core amd64
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{C082CDB9-D173-4740-AE0E-C685E6F44850}" = ESET Smart Security
"{C41498FE-0BF8-3B22-9785-231CE53C728E}" = Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU
"{C458ABBB-B610-3195-80A2-A69E28332732}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{C95DA72B-814E-3A55-BA6C-DF0202CAB9F0}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client 
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D50F2AF3-91EA-4D41-A277-6620EAF90BD0}" = SmartFTP Client
"{E1F79421-EC32-437F-8525-ABE902C85AC5}" = Workflow Manager Tools 1.0 for Visual Studio
"{F17662A3-4569-4A61-ABD4-E51B632D3C4D}" = Microsoft Visual Studio 2013 VsGraphics Helper Dependencies
"{F74753A3-C93C-34F5-A199-993CAF602B7D}" = Build Tools - amd64
"{F99F24BF-0B90-463E-9658-3FD2EFC3C992}" = Microsoft Identity Extensions
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"CyberGhost 5_is1" = CyberGhost 5
"Greenshot_is1" = Greenshot 1.1.9.13
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"OpenVPN" = OpenVPN 2.3.4-I002 
"Process_Hacker2_is1" = Process Hacker 2.33 (r5590)
"Sandboxie" = Sandboxie 4.12 (64-bit)
"TAP-Windows" = TAP-Windows 9.9.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"Virtual Audio Cable 4.13" = Virtual Audio Cable 4.13
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0099B899-7894-3B1D-9FF3-5992F84E631F}" = Microsoft LightSwitch for Visual Studio 2013 Core
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}" = Windows Runtime Intellisense Content - en-us
"{06EEE072-B561-38E5-85D9-485ABCBE8342}" = Visual F# 3.1 SDK
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013
"{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}" = Behaviors SDK (XAML) for Visual Studio
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++  x64 Libraries
"{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1" = Sothink SWF Editor
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{16A901BB-CD8E-3B48-9932-5927FB13508D}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23127FE2-983D-305A-904D-89ED86D36269}" = Microsoft Visual Studio Ultimate 2013
"{2386192E-D6DB-4AD2-9564-65586A0AE53E}" = Dotfuscator and Analytics Community Edition
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83218020F0}" = Java 8 Update 20
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2DF5765E-5386-4540-9383-DBC9A0A596F9}" = System Requirements Lab CYRI
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects 
"{30F2491C-9410-4DB1-BE66-77B360B1F484}" = Microsoft Visual C++  x64-arm Cross Compilers
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT 
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E456233-1EA5-42ED-8556-0481BA728B41}" = Microsoft NuGet - Visual Studio 2013
"{3EA16E23-14D2-466A-8268-D7CD40DC46B6}" = Open XML SDK 2.5 for Microsoft Office
"{3FBFCF2C-392A-4632-9442-14C305B44D5E}" = AzureTools.Notifications
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4345E9A5-1300-4710-919D-077BA7E6B3DA}" = Windows Azure Mobile Services SDK
"{46910786-E4AC-41E4-A4A0-C086EA85242D}" = WCF Data Services 5.6.0 Runtime
"{492498A3-F88C-FE2F-755C-9B1B91724CA5}" = LocalESPC Dev12
"{49273419-5179-4866-9F71-5CF346F302CF}_is1" = Sothink SWF Catcher
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{5481F163-B9E5-30A8-8441-4DBBB87D6AA2}" = Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5793BB91-4E91-3C3C-B93F-C2B1EEA35A5F}" = Microsoft Visual Studio Ultimate 2013 - ENU
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6321F2D4-366B-3AE4-877A-8E539EC3331A}" = Visual F# 3.1 VS
"{64297226-2B81-4588-89BD-76440BC0BCFC}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6AB13C21-C3EC-46E1-8009-6FD5EBEE515B}" = Microsoft Advertising SDK for Windows 8.1 - ENU
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{6EE9E2DF-2CD7-4952-A649-95DEA8697BD8}" = Microsoft Exchange Web Services Managed API 2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72076159-B94A-42AE-A64C-CA3855E9CB28}" = Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1
"{721C380F-E296-4118-9ACE-589E8EF86208}" = Microsoft Visual Studio 2013 Profiling Tools
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794D38B6-C8B2-4DFC-BF1B-122233A336F3}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
"{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}" = Private Internet Access Support Files
"{82DAD82D-0139-3F7A-A22F-67A694F9CAA4}" = Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{8DCCC556-265B-478A-8B32-C12DA988BA74}" = BlueStacks Notification Center
"{9027FE9C-5488-30C3-AA42-7330D25BF92D}" = Microsoft Portable Library Multi-Targeting Pack
"{9347889B-C22A-3905-901F-C05D8F73C929}" = Build Tools Language Resources - x86
"{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}" = PreEmptive Analytics Visual Studio Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{96563105-F726-4865-8C32-416753ECA5F1}" = Microsoft Visual C++  x64-x86 Cross Compilers - ENU Resources
"{97592A5E-6A50-38E0-885C-7334BA7A43D8}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package
"{976C3D92-0DEC-37A6-A870-FF4FC18CD029}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
"{979C7495-FB42-484E-92EA-7F2A59DD7718}" = Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{99665AC0-9DBA-11E1-6784-014E6F7A18BE}" = SmartWhois
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C593464-7F2F-37B3-89F8-7E894E3B09EA}" = Microsoft Visual Studio Professional 2013
"{9E673C3F-423B-458E-8EA4-9AE87C49AFC8}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools
"{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}" = Blend for Visual Studio 2013 ENU resources
"{A17B9856-40CF-4BEA-BB65-ADB8154A83DC}" = LG Verizon United Driver
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A1D06677-1103-32DE-AA74-6EE44DCF7F81}" = Microsoft Visual C++ 2013 Extended Libraries
"{A223B446-EC3D-3031-828D-5188800AB782}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
"{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++  x86 Libraries
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A8229A09-E570-412B-8D18-E78985673E34}" = Microsoft Visual C++  ARM Libraries
"{AA0964AF-0F95-4A72-BD29-F833A382EDC2}" = Microsoft Visual Studio 2013 IntelliTrace Core x86
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B0A82E02-E959-3C46-AB11-D38527BC573E}" = Microsoft Visual Studio Premium 2013
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B1C38F27-D377-8C98-D98D-29B67C0B978D}" = LocalESPCui for en-us Dev12
"{B3C98C29-A2BE-455F-9285-13B745282271}" = Microsoft Visual C++  x64-arm Cross Compilers - ENU Resources
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B536762B-1047-4B51-8ECF-46D5686E5416}" = Microsoft ASP.NET Web Pages 2 Runtime
"{B6A0A174-33E0-3D42-92EA-547D318CB149}" = Microsoft Visual Studio 2013 Devenv
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B86C786E-11A2-4CAB-BB2E-D7CD5D65D552}" = Microsoft LightSwitch v4.0 SDK
"{BB0D9EE5-F7B1-4986-AF62-DB3BED9A83BC}" = Microsoft Visual C++  x64 Native Compilers - ENU Resources
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD63060C-F4C7-4E86-9C2A-4A102E7EE12C}" = Microsoft Web Developer Tools 2013 - Visual Studio 2013
"{BD72C04F-892F-48EE-A236-CC10891610D6}" = Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BF3E2194-F89B-44FB-A801-464BF787599F}" = WCF Data Services Tools for Microsoft Visual Studio 2013
"{C00453B2-27AD-4858-A20D-F44E39481C7D}" = Microsoft Report Viewer Add-On for Visual Studio 2013
"{C1D0E508-ECAF-45AA-A549-1E26B9ECE0FB}" = Microsoft Visual C++  x64-x86 Cross Compilers
"{C26C1495-8EBE-3F71-BDA1-7DE2010840D8}" = Microsoft Visual Studio 2013 Devenv Resources
"{C5A17590-8CBE-3581-965D-EF183BE07920}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cd09eea6-d0b3-4246-bb80-e047ceadf61f}" = Microsoft Visual Studio Ultimate 2013
"{CDECCD37-EBCE-4AF8-8D1C-5DF13194FEA1}" = Microsoft Advertising Service Extension for Visual Studio
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{D42681AA-BC16-3C84-949E-45F05D2AA997}" = Microsoft Visual C++ 2013 Core Libraries
"{D4E77BFD-ECA9-40BB-89DC-1367B4139227}" = Microsoft Visual Studio 2013 Preparation
"{D574CE3E-0376-4BED-B609-5C2C2AD655ED}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU
"{D69874BF-D864-4EB2-91C3-2EDD05A64F70}" = Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
"{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014
"{DB5600F1-DE83-46DE-B162-5FC4400EAF5B}" = Microsoft Visual C++ 2013 Compilers
"{DE0E8FAF-9758-4BFD-A16E-009DB4B8C912}" = Microsoft Visual C++  x64 Native Compilers
"{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}" = MorphVOX Pro
"{DF15CD8F-9295-3AD9-B814-7A60184AA1CD}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack
"{E10D1D9A-AD92-4DE1-BECB-7F7F41A2C51A}" = Microsoft Visual Studio 2013 IntelliTrace Front End x86
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E319EB83-57EA-4435-B340-B26156D43014}" = LustGaming Loader
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E6F3851E-CEEB-4ECB-A6FA-337C8F662E3D}" = Microsoft Visual C++ 2013 Compilers - ENU Resources
"{E9674444-9491-3961-873C-017D8912185E}" = Microsoft Visual Studio Professional 2013 - ENU
"{EB37C117-9C83-4696-A493-8AFBAC8F9FFC}" = JavaScript Tooling
"{EB514FFD-5FBA-3C53-94F8-3A2B96C5E7A8}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
"{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}" = Blend for Visual Studio 2013
"{ED6C8E61-363B-355C-80C7-E676BC781478}" = Microsoft Visual Studio Premium 2013 - ENU
"{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}" = Python Tools Redirection Template
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F20914BB-FD5F-3A3A-8CDF-DF5ADEFD9451}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F395FD4F-40E5-7B56-2BCB-B3CF52B3B52C}" = Windows App Certification Kit x64
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86
"{FF39514D-E2EB-40BA-A23F-C83B8E0ED110}" = Visual Studio Extensions for Windows Library for JavaScript
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"{ffec63c3-090d-45ea-afd7-eab07edb5822}_is1" = Acunetix Web Vulnerability Scanner 9.5
"Adobe Flash Player PPAPI" = Adobe Flash Player 16 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AutoHotkey" = AutoHotkey 1.0.48.05
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"BlackShot" = BlackShot Á¦°Å
"BlueStacks App Player" = BlueStacks App Player
"BSRScreenRecorder6" = BSR Screen Recorder 6
"Cheat Engine 6.4_is1" = Cheat Engine 6.4
"Fallout New Vegas_is1" = Fallout New Vegas  1.4
"FastStone Capture" = FastStone Capture 7.8
"FileZilla Client" = FileZilla Client 3.9.0.6
"fragMOTION 1.2.6_is1" = fragMOTION 1.2.6
"FreeDNS Update" = FreeDNS Update 1.8.4
"GameTracker Lite" = GameTracker Lite
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"KeyScrambler" = KeyScrambler
"LustGaming Loader 6.1.0" = LustGaming Loader
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"Nmap" = Nmap 6.47
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenVPN" = OpenVPN 2.2.2
"Opera 26.0.1656.60" = Opera Stable 26.0.1656.60
"Origin" = Origin
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.1
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"ReiBoot" = ReiBoot 
"Simple Shutdown Timer1.1.2" = Simple Shutdown Timer
"Steam" = Steam
"Steam App 209170" = Call of Duty: Ghosts - Multiplayer
"Steam App 221100" = DayZ
"Steam App 4000" = Garry's Mod
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 9" = TeamViewer 9
"TMACv6.0" = Technitium MAC Address Changer v6.0.5
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.3
"xchat" = XChat 2 (remove only)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 12/18/2014 8:20:16 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8050
 
Error - 12/18/2014 8:20:17 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/18/2014 8:20:17 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9048
 
Error - 12/18/2014 8:20:17 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9048
 
Error - 12/18/2014 8:20:18 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/18/2014 8:20:18 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10046
 
Error - 12/18/2014 8:20:18 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10046
 
Error - 12/18/2014 6:05:54 PM | Computer Name = ABugg | Source = .NET Runtime | ID = 1026
Description = Application: Sony Vegas Pro.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: Microsoft.DirectX.Direct3D.DeviceLostException
Stack:

   at Microsoft.DirectX.Direct3D.Device.PresentInternal(Microsoft.DirectX.PrivateImplementationDetails.tagRECT*,
 Microsoft.DirectX.PrivateImplementationDetails.tagRECT*, IntPtr)    at Microsoft.DirectX.Direct3D.Device.Present()

   at ????????????????????????????????????????.????????????????????????????????????????()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object, Boolean)    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object, Boolean)    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object)    at System.Threading.ThreadHelper.ThreadStart()

 
Error - 12/18/2014 6:05:56 PM | Computer Name = ABugg | Source = Application Error | ID = 1000
Description = Faulting application name: Sony Vegas Pro.exe, version: 1.0.0.0, time
 stamp: 0x547f6af7  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
 time stamp: 0x53159a86  Exception code: 0xe0434352  Fault offset: 0x0000c42d  Faulting
 process id: 0x2fc  Faulting application start time: 0x01d01b0e6fb61380  Faulting application
 path: C:\Users\Anthony Bugg\Desktop\Icons\EBOOT Builder 1.03\Sony Vegas Pro.exe
Faulting
 module path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: 09df9710-8702-11e4-9b18-005056c00008
 
Error - 12/18/2014 6:55:29 PM | Computer Name = ABugg | Source = .NET Runtime | ID = 1026
Description = Application: Sony Vegas Pro.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: Microsoft.DirectX.Direct3D.GraphicsException
Stack:

   at Microsoft.DirectX.Direct3D.Device.PresentInternal(Microsoft.DirectX.PrivateImplementationDetails.tagRECT*,
 Microsoft.DirectX.PrivateImplementationDetails.tagRECT*, IntPtr)    at Microsoft.DirectX.Direct3D.Device.Present()

   at ????????????????????????????????????????.????????????????????????????????????????()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object, Boolean)    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object, Boolean)    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
 System.Threading.ContextCallback, System.Object)    at System.Threading.ThreadHelper.ThreadStart()

 
[ System Events ]
Error - 12/16/2014 5:14:37 PM | Computer Name = ABugg | Source = DCOM | ID = 10001
Description = 
 
Error - 12/16/2014 5:39:58 PM | Computer Name = ABugg | Source = WMPNetworkSvc | ID = 866333
Description = Proximity detection failed due to unknown error '0x80004004'.  The
 best proximity time detected was -1 milliseconds.
 
Error - 12/16/2014 10:49:30 PM | Computer Name = ABugg | Source = DCOM | ID = 10001
Description = 
 
Error - 12/17/2014 5:17:40 PM | Computer Name = ABugg | Source = DCOM | ID = 10001
Description = 
 
Error - 12/17/2014 9:37:16 PM | Computer Name = ABugg | Source = WMPNetworkSvc | ID = 866333
Description = Proximity detection failed due to unknown error '0x80004004'.  The
 best proximity time detected was -1 milliseconds.
 
Error - 12/18/2014 7:54:04 AM | Computer Name = ABugg | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
 error:   %%1064
 
Error - 12/18/2014 7:54:04 AM | Computer Name = ABugg | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 12/18/2014 8:20:23 AM | Computer Name = ABugg | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.
 
Error - 12/18/2014 5:27:13 PM | Computer Name = ABugg | Source = DCOM | ID = 10001
Description = 
 
Error - 12/18/2014 6:30:29 PM | Computer Name = ABugg | Source = WMPNetworkSvc | ID = 866333
Description = Proximity detection failed due to unknown error '0x80004004'.  The
 best proximity time detected was -1 milliseconds.
 
 
< End of report >


Edited by anthonybugg, 19 December 2014 - 03:41 PM.

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Hi anthonybugg, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Is the file in question was obtained from a cracked software? If so, please, remove the pirated software. Did you run Combofix prior to ask for assistance here?


 
  • Step #1 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      O1 - Hosts: 127.0.0.1 lgloader
      O4 - HKLM..\Run: [] File not found
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\*.tmp files -> C:\*.tmp -> ]
      @Alternate Data Stream - 12 bytes -> C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
      @Alternate Data Stream - 12 bytes -> C:\Users\Anthony Bugg\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #2 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • OldTimer Tool Log(s)--
      • OTL Fix Log
    • Farbar Tool Log(s)--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum
  • 0

#3
anthonybugg

anthonybugg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I will post the farbar log when I get home :) Here is the other log, also no I did not run combofix prior.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http not found.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\*.tmp not found.
Unable to delete ADS C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD} .
Unable to delete ADS C:\Users\Anthony Bugg\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anthony Bugg
->Temp folder emptied: 363849131 bytes
->Temporary Internet Files folder emptied: 226589648 bytes
->Java cache emptied: 2416461 bytes
->FireFox cache emptied: 56340756 bytes
->Flash cache emptied: 13528 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: temp
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 405334585 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55237293 bytes
RecycleBin emptied: 229268 bytes
 
Total Files Cleaned = 1,059.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12192014_071444

Files\Folders moved on Reboot...
File move failed. C:\Users\Anthony Bugg\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\ff25a4f67ecc2f28d6a304bc5c26dbf_fce8395c8fd8a849_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Anthony Bugg\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\ff25a4f67ecc2f28d6a304bc5c26dbf_fce8395c8fd8a849_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Anthony Bugg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anthony Bugg\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-2996.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Acknowledged and please peruse the guidelines I gave you in my introductory speech specially the following--

Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.


  • 0

#5
anthonybugg

anthonybugg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Logs wouldn't post, I had to add it as a attachment.


  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Logs are not reporting any issue.
  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      Closeprocesses:
      HKU\S-1-5-21-2193515018-1396474700-500218789-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
      2014-12-19 07:09 - 2014-12-19 07:09 - 01767759 _____ () C:\Users\Anthony Bugg\Downloads\DarkCometRemover2.zip
      2014-12-19 07:09 - 2013-04-08 14:31 - 01702400 _____ (PhrozenSoft) C:\Users\Anthony Bugg\Desktop\DarkComet Remover 2 Portable.exe
      Emptytemp:
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #5 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Go here from Internet Explorer and click on Run ESET Online Scanner.
      • Note: If you use any browser other than Internet Explorer, you will have to download and install esetsmartinstaller_enu.exe when prompt to run the scan.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Click on list of threats found.
        • Click on Export to text file and save it to the Desktop as ESET SCAN.txt.
        • Copy and Paste the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware
    • ESET Log
Regards,
Valinorum
  • 0

#7
anthonybugg

anthonybugg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Fixlog.txt

------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by HomePC at 2014-12-20 00:53:50 Run:1
Running from C:\Users\Anthony Bugg\Desktop
Loaded Profile: HomePC (Available profiles: HomePC)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Closeprocesses:
HKU\S-1-5-21-2193515018-1396474700-500218789-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-12-19 07:09 - 2014-12-19 07:09 - 01767759 _____ () C:\Users\Anthony Bugg\Downloads\DarkCometRemover2.zip
2014-12-19 07:09 - 2013-04-08 14:31 - 01702400 _____ (PhrozenSoft) C:\Users\Anthony Bugg\Desktop\DarkComet Remover 2 Portable.exe
Emptytemp:
End
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-2193515018-1396474700-500218789-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\Anthony Bugg\Downloads\DarkCometRemover2.zip => Moved successfully.
"C:\Users\Anthony Bugg\Desktop\DarkComet Remover 2 Portable.exe" => File/Directory not found.
EmptyTemp: => Removed 40.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
MBAM.txt
-------------
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/20/2014
Scan Time: 1:01:31 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.20.01
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: FAT32
User: HomePC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417265
Time Elapsed: 21 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET.txt
-----------
C:\Users\Anthony Bugg\AppData\Roaming\Opera Software\Opera Stable\File System\005\t\00\00000000 a variant of Win32/Adware.MultiPlug.DZ application cleaned by deleting - quarantined
C:\Users\Anthony Bugg\AppData\Roaming\Skype\My Skype Received Files\XeadJFPew9.zip a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\PokeSteamStealer Auto-Accept Bot.exe a variant of MSIL/Packed.Confuser.K potentially unwanted application deleted - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Stub CSGO.exe a variant of MSIL/Stimilik.AQ trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\WinMM.Net.dll MSIL/Bladabindi.U trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Plugin\cam.dll MSIL/Bladabindi.U trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Plugin\ch.dll a variant of MSIL/Bladabindi.U trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Plugin\mic.dll MSIL/Bladabindi.U trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Plugin\plg.dll a variant of MSIL/Bladabindi.U trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Plugin\pw.dll a variant of MSIL/Spy.Agent.QN trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\steam rat\Plugin\sc2.dll a variant of MSIL/Bladabindi.U trojan cleaned by deleting - quarantined
C:\Users\Anthony Bugg\Desktop\Icons\Stuff\Crypter.rar a variant of MSIL/TrojanDropper.Agent.BEA trojan deleted - quarantined
C:\Users\Anthony Bugg\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
 

  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
How is your PC performing?
  • 0

#9
anthonybugg

anthonybugg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

How is your PC performing?

Pretty good :), it did run a bit faster at the start of everything loading on my PC, and also a CMD thingy that always comes up hasn't appeared yet any more :) I really appreciate your help! I would like to learn the things you provided me, like how to learn logs,etc. Although, I did read the guide of where to apply to learn about malware or go through that course thingy but when I clicked the link it said invalid link.


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
You can decrease the load by uinstalling programs you do not use now. If you wish to learn malware removal, please, peruse this.


 

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 


♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#11
anthonybugg

anthonybugg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
# DelFix v10.8 - Logfile created 21/12/2014 at 11:31:14
# Updated 29/07/2014 by Xplode
# Username : HomePC - ABUGG
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\Users\Anthony Bugg\Downloads\Addition.txt
Deleted : C:\Users\Anthony Bugg\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Anthony Bugg\Downloads\Extras (1).Txt
Deleted : C:\Users\Anthony Bugg\Downloads\Extras.Txt
Deleted : C:\Users\Anthony Bugg\Downloads\FRST.txt
Deleted : C:\Users\Anthony Bugg\Downloads\FRST64.exe
Deleted : C:\Users\Anthony Bugg\Downloads\OTL (1).Txt
Deleted : C:\Users\Anthony Bugg\Downloads\OTL.Txt
Deleted : C:\Users\Anthony Bugg\Downloads\OTL.exe
Deleted : C:\Users\Anthony Bugg\Downloads\Shortcut.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #168 [Windows Update | 12/18/2014 03:08:41]
Deleted : RP #169 [OTL Restore Point - 12/19/2014 7:12:16 AM | 12/19/2014 12:12:17]
Deleted : RP #170 [OTL Restore Point - 12/19/2014 7:14:55 AM | 12/19/2014 12:14:55]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
I really appreciate your help :) Happy holidays!

  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Happy holidays! Surf safely. :)
  • 0

#13
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: infection, possible

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP