[attachment=74357:Addition.txt][attachment=74358:FRST.txt][attachment=74346:OTL.Txt][attachment=74347:Extras.Txt]
I think I may have been possibly infected. I basically ran a file and I think it's very suspicious because of what it does and how it does it. For one, the second I run the file my CPU usage goes up from around 10 - 30% to 70 - 90 % in matter of seconds, then once I close the file my CPU usage goes way down. Not only that but the file name is consisted of many different symbols and letters in the process name, as seen here: http://i.imgur.com/yVJYelt.png.
A few other things I am worried about is once I scanned the file with Virus Total, it gave me things like "backdoor", "Trojan", as seen here: https://www.virustot...sis/1418948917/. It also won't run in a VM for some reason, but it does work while running it via the program "sandboxie".
Machine Specs: Windows 7 Ultimate 64-Bit, Intel Core q6000, GTX 660, 8 GB RAM
OTL Logs:
OTL.TXT ------- OTL logfile created on: 12/18/2014 7:17:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anthony Bugg\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 55.09% Memory free 16.00 Gb Paging File | 11.73 Gb Available in Paging File | 73.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 268.10 Gb Free Space | 57.57% Space Free | Partition Type: NTFS Computer Name: ABUGG | User Name: HomePC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/12/18 19:17:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony Bugg\Downloads\OTL.exe PRC - [2014/12/18 07:01:33 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\bin\rubyw.exe PRC - [2014/12/18 07:01:21 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\bin\rubyw.exe PRC - [2014/12/17 16:27:48 | 050,337,912 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe PRC - [2014/12/14 11:54:24 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe PRC - [2014/12/14 11:54:23 | 008,817,658 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014/11/06 12:08:04 | 002,464,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014/11/06 12:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2014/11/03 02:31:56 | 000,064,616 | ---- | M] (CyberGhost S.R.L) -- C:\Program Files\CyberGhost 5\Service.exe PRC - [2014/10/31 18:27:38 | 000,183,488 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe PRC - [2014/10/26 09:52:28 | 000,508,744 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe PRC - [2014/10/08 18:13:06 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe PRC - [2014/10/08 18:10:58 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2014/09/13 15:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe PRC - [2014/07/30 08:52:41 | 000,076,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2014/06/12 17:22:36 | 000,190,680 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe PRC - [2014/06/12 17:22:30 | 002,115,800 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe PRC - [2014/06/12 17:22:30 | 000,112,856 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2014/06/12 16:44:08 | 014,407,384 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe PRC - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2014/06/12 16:20:56 | 000,019,160 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vprintproxy.exe PRC - [2013/12/19 16:17:14 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files (x86)\GameTracker\GSInGameService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/12/18 07:01:34 | 000,026,624 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so MOD - [2014/12/18 07:01:33 | 000,275,968 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so MOD - [2014/12/18 07:01:33 | 000,127,316 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\bin\libffi-6.dll MOD - [2014/12/18 07:01:33 | 000,126,976 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so MOD - [2014/12/18 07:01:33 | 000,118,784 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so MOD - [2014/12/18 07:01:33 | 000,095,744 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so MOD - [2014/12/18 07:01:33 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\src\rgloader\rgloader193.mswin.so MOD - [2014/12/18 07:01:33 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so MOD - [2014/12/18 07:01:33 | 000,087,552 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so MOD - [2014/12/18 07:01:33 | 000,083,968 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\bin\zlib1.dll MOD - [2014/12/18 07:01:33 | 000,069,120 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so MOD - [2014/12/18 07:01:33 | 000,036,352 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so MOD - [2014/12/18 07:01:33 | 000,026,624 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so MOD - [2014/12/18 07:01:33 | 000,023,552 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so MOD - [2014/12/18 07:01:33 | 000,016,384 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so MOD - [2014/12/18 07:01:33 | 000,015,360 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so MOD - [2014/12/18 07:01:33 | 000,014,848 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so MOD - [2014/12/18 07:01:33 | 000,013,312 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so MOD - [2014/12/18 07:01:33 | 000,012,800 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so MOD - [2014/12/18 07:01:33 | 000,009,728 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so MOD - [2014/12/18 07:01:33 | 000,009,216 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so MOD - [2014/12/18 07:01:33 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so MOD - [2014/12/18 07:01:33 | 000,008,192 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocrC5CE.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so MOD - [2014/12/18 07:01:32 | 000,026,624 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so MOD - [2014/12/18 07:01:31 | 000,126,976 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so MOD - [2014/12/18 07:01:31 | 000,087,552 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so MOD - [2014/12/18 07:01:31 | 000,016,384 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so MOD - [2014/12/18 07:01:31 | 000,009,216 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so MOD - [2014/12/18 07:01:27 | 000,095,744 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so MOD - [2014/12/18 07:01:27 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so MOD - [2014/12/18 07:01:27 | 000,013,312 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so MOD - [2014/12/18 07:01:26 | 000,008,704 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so MOD - [2014/12/18 07:01:25 | 000,014,848 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so MOD - [2014/12/18 07:01:25 | 000,012,800 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so MOD - [2014/12/18 07:01:25 | 000,009,728 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so MOD - [2014/12/18 07:01:23 | 000,127,316 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\bin\libffi-6.dll MOD - [2014/12/18 07:01:21 | 000,094,208 | ---- | M] () -- C:\Users\ANTHON~1\AppData\Local\Temp\ocr9607.tmp\src\rgloader\rgloader193.mswin.so MOD - [2014/12/17 16:27:49 | 009,312,888 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll MOD - [2014/12/17 16:27:48 | 001,358,456 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\libGLESv2.dll MOD - [2014/12/17 16:27:47 | 000,991,352 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll MOD - [2014/12/17 16:27:47 | 000,219,256 | ---- | M] () -- C:\Program Files (x86)\Opera\26.0.1656.60\libEGL.dll MOD - [2014/12/14 11:54:29 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll MOD - [2014/12/14 11:54:25 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll MOD - [2014/12/14 11:54:25 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll MOD - [2014/12/14 11:54:25 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll MOD - [2014/12/14 11:54:25 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll MOD - [2014/12/14 11:54:25 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll MOD - [2014/12/14 11:54:25 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll MOD - [2014/12/14 11:54:24 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll MOD - [2014/12/14 11:54:24 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll MOD - [2014/12/14 11:54:24 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll MOD - [2014/12/14 11:54:24 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe MOD - [2014/12/14 11:54:23 | 008,817,658 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe MOD - [2014/12/14 11:54:23 | 000,368,640 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll MOD - [2014/12/14 11:54:23 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll MOD - [2014/12/14 11:54:23 | 000,180,224 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll MOD - [2014/06/12 17:23:08 | 000,319,704 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\libldap_r.dll MOD - [2014/06/12 17:22:58 | 000,146,648 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\liblber.dll MOD - [2014/06/12 17:22:54 | 000,070,360 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll MOD - [2014/06/12 17:22:44 | 000,330,456 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\libcurl.dll MOD - [2014/06/12 17:22:18 | 001,261,272 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - File not found ["Start" not found. | Unknown] -- C:\Program Files\LustGaming\LustGaming Loader\BlackBoneDrv7.sys -- (BlackBone) SRV:[b]64bit:[/b] - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014/11/06 12:07:54 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV:[b]64bit:[/b] - [2014/11/06 12:07:49 | 019,819,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2014/11/03 02:31:56 | 000,064,616 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService) SRV:[b]64bit:[/b] - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2014/05/29 13:33:02 | 000,174,088 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:[b]64bit:[/b] - [2013/10/04 22:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120) SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2010/02/02 18:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts) SRV:[b]64bit:[/b] - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014/12/09 20:28:04 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014/12/05 20:42:05 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/12/03 19:52:11 | 000,448,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/11/16 16:47:24 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2014/11/06 12:07:54 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2014/10/31 18:27:38 | 000,183,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service) SRV - [2014/10/08 18:13:06 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc) SRV - [2014/10/08 18:10:58 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2014/10/08 18:10:30 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2014/09/13 15:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9) SRV - [2014/07/30 08:52:41 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014/06/12 17:23:08 | 000,359,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2014/06/12 17:22:40 | 000,437,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2014/06/12 16:44:08 | 014,407,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2014/06/12 16:22:10 | 000,086,744 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014/02/27 17:40:46 | 000,906,432 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2013/12/19 16:17:14 | 001,677,080 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files (x86)\GameTracker\GSInGameService.exe -- (GS In-Game Service) SRV - [2013/08/22 03:21:36 | 000,119,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2013/08/22 02:55:00 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2011/12/15 12:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3e\WNt600x64\Sandra.sys -- (SANDRA) DRV:[b]64bit:[/b] - [2014/11/17 16:37:21 | 000,129,600 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk) DRV:[b]64bit:[/b] - [2014/11/06 12:07:49 | 000,019,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV:[b]64bit:[/b] - [2014/10/31 18:27:07 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk) DRV:[b]64bit:[/b] - [2014/10/03 14:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2014/09/18 12:38:22 | 000,063,160 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2014/09/16 23:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2014/09/04 22:28:00 | 000,033,448 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt) DRV:[b]64bit:[/b] - [2014/09/04 22:27:58 | 000,031,912 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard) DRV:[b]64bit:[/b] - [2014/09/04 22:27:52 | 000,160,424 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:[b]64bit:[/b] - [2014/09/04 22:27:52 | 000,039,592 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt) DRV:[b]64bit:[/b] - [2014/08/18 10:28:34 | 000,222,280 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2014/08/18 10:28:32 | 000,243,440 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2014/08/18 10:28:32 | 000,169,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2014/08/18 10:28:32 | 000,044,632 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:[b]64bit:[/b] - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2014/08/15 23:13:34 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:[b]64bit:[/b] - [2014/07/24 12:45:41 | 000,098,464 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:[b]64bit:[/b] - [2014/06/12 17:23:04 | 000,064,728 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:[b]64bit:[/b] - [2014/06/12 17:22:50 | 000,031,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:[b]64bit:[/b] - [2014/06/12 17:22:02 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:[b]64bit:[/b] - [2014/06/12 17:22:02 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:[b]64bit:[/b] - [2014/06/12 17:21:58 | 000,033,496 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:[b]64bit:[/b] - [2014/05/29 13:33:16 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:[b]64bit:[/b] - [2014/05/16 19:42:38 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:[b]64bit:[/b] - [2014/04/24 13:44:44 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ptun0901.sys -- (ptun0901) DRV:[b]64bit:[/b] - [2014/02/27 17:40:32 | 000,054,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:[b]64bit:[/b] - [2014/02/07 12:17:24 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:[b]64bit:[/b] - [2013/11/13 21:42:00 | 000,039,576 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2) DRV:[b]64bit:[/b] - [2013/10/15 11:02:08 | 000,386,560 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CMUSBDAC.sys -- (CMUSBDAC) DRV:[b]64bit:[/b] - [2013/10/14 14:35:12 | 000,094,208 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys -- (vzandnetndis) DRV:[b]64bit:[/b] - [2013/10/08 17:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:[b]64bit:[/b] - [2013/10/08 17:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2013/05/31 09:53:12 | 000,222,200 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler) DRV:[b]64bit:[/b] - [2013/05/08 09:05:46 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetadb.sys -- (vzandnetadb) DRV:[b]64bit:[/b] - [2013/05/06 13:48:54 | 000,036,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys -- (vzandnetmodem) DRV:[b]64bit:[/b] - [2013/05/06 13:48:20 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys -- (vzandnetdiag) DRV:[b]64bit:[/b] - [2013/04/12 10:41:28 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/12/15 12:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2010/07/01 12:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2014/10/08 18:10:48 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 C1 A8 05 AD 9F CF 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - prefs.js..network.proxy.type: FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0: C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.20.2: C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2: C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0: C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.20.2: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.20.2: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014/07/29 15:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Bugg\AppData\Roaming\mozilla\Extensions [2014/07/29 15:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony Bugg\AppData\Roaming\mozilla\Firefox\Profiles\org1oc1n.default\extensions [2014/10/03 20:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/07/29 15:04:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2014/09/26 16:55:08 | 000,000,047 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 lgloader O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot) O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1418904101 File not found O4 - Startup: C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cookies [2014/12/13 12:25:49 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\logs [2014/12/06 20:21:09 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353214FA-413A-4188-B7EB-41D35A35FFB7}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7447BA64-5EF7-4F44-B022-F624C28E0539}: DhcpNameServer = 172.20.10.1 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/12/18 19:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2 [2014/12/18 19:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2 [2014/12/17 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Process Hacker 2 [2014/12/16 17:58:41 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\X-Chat 2 [2014/12/16 17:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat [2014/12/16 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xchat [2014/12/14 11:55:41 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Titanium [2014/12/14 11:54:36 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access [2014/12/14 11:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\pia_manager [2014/12/06 14:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler [2014/12/06 14:22:11 | 000,222,200 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys [2014/12/06 14:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler [2014/12/05 23:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6.8 [2014/12/05 23:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software [2014/12/05 21:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2014/12/05 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014/12/05 21:42:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2014/12/02 18:20:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/11/29 14:30:37 | 000,129,600 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpnk.sys [2014/11/29 14:30:22 | 000,037,184 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpmgrk.sys [2014/11/29 14:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2014/11/29 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\RzStats [2014/11/29 00:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LustGaming [2014/11/22 21:38:13 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\enchant [2014/11/22 21:37:47 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr [2014/11/22 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pidgin-otr [2014/11/21 21:56:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\.technic [2014/11/20 17:14:07 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\pangu [2014/11/20 17:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2014/11/20 17:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2014/11/20 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2014/11/20 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2014/11/20 17:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 [2014/11/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReiBoot [2014/11/20 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReiBoot [2014/11/20 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Roaming\Apple Computer [2014/11/20 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\Apple Computer [2014/11/20 16:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2014/11/20 16:30:57 | 000,000,000 | ---D | C] -- C:\Users\Anthony Bugg\AppData\Local\Apple [2014/11/20 16:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2014/11/20 16:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2014/11/20 16:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2014/11/20 16:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2014/11/20 16:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2014/11/20 16:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2014/11/20 03:23:06 | 000,009,728 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\RzStats.IPC.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/12/18 19:14:12 | 000,002,538 | ---- | M] () -- C:\Windows\Sandboxie.ini [2014/12/18 19:05:08 | 000,001,841 | ---- | M] () -- C:\Users\Anthony Bugg\Desktop\Process Hacker 2.lnk [2014/12/18 18:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/12/18 16:59:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2193515018-1396474700-500218789-1001.job [2014/12/18 16:17:24 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2014/12/18 16:17:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/12/18 06:52:33 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys [2014/12/17 22:09:44 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/12/17 22:09:44 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/12/17 20:35:32 | 000,003,584 | ---- | M] () -- C:\Users\Anthony Bugg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/12/02 18:20:24 | 000,788,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/12/02 18:20:24 | 000,666,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/12/02 18:20:24 | 000,124,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/11/29 14:44:22 | 000,268,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/11/24 22:00:04 | 000,001,292 | ---- | M] () -- C:\Users\Anthony Bugg\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk [2014/11/20 16:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2014/11/20 03:23:06 | 000,009,728 | ---- | M] (Razer Inc.) -- C:\Windows\SysWow64\RzStats.IPC.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/12/18 19:05:08 | 000,001,841 | ---- | C] () -- C:\Users\Anthony Bugg\Desktop\Process Hacker 2.lnk [2014/12/17 20:35:32 | 000,003,584 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/11/24 22:00:04 | 000,001,292 | ---- | C] () -- C:\Users\Anthony Bugg\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk [2014/11/22 21:35:40 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk [2014/11/20 16:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2014/11/20 16:30:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2014/10/13 13:38:44 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ABUGG-Microsoft-Windows-7-Ultimate-(64-bit).dat [2014/10/03 20:34:15 | 000,001,877 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Roaming\VPNMasterFreeVPN.pbk [2014/09/28 16:49:29 | 000,002,538 | ---- | C] () -- C:\Windows\Sandboxie.ini [2014/09/07 15:48:19 | 174,606,558 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\ACCCx2_7_1_418.zip.aamdownload [2014/09/07 15:48:19 | 000,002,111 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd [2014/08/17 17:13:09 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2014/07/30 01:40:45 | 000,348,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014/07/30 01:40:44 | 000,076,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014/07/22 10:04:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014/07/22 10:04:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014/07/22 10:04:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014/07/22 10:04:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014/07/22 10:04:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2014/07/14 21:27:13 | 000,000,059 | ---- | C] () -- C:\Users\Anthony Bugg\AppData\Local\UserProducts.xml [2014/07/14 17:46:27 | 000,780,628 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014/11/30 20:14:01 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\.minecraft [2014/12/14 12:01:03 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\.purple [2014/11/21 22:03:56 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\.technic [2014/10/28 20:54:21 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\DMCache [2014/07/14 19:01:40 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\ESET [2014/11/27 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\FileZilla [2014/10/19 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\GameTracker [2014/10/28 20:56:37 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Garena [2014/10/01 16:40:14 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Greenshot [2014/09/24 16:26:14 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Gyazo [2014/08/15 20:14:37 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\java [2014/07/29 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\JPEXS [2014/11/29 00:27:54 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\LustGaming [2014/09/25 17:53:43 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Mael [2014/07/29 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Notepad++ [2014/08/11 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\NuGet [2014/07/14 16:57:07 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Opera Software [2014/09/22 18:19:35 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Oracle [2014/11/16 16:49:00 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Origin [2014/12/18 19:15:32 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Process Hacker 2 [2014/09/30 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\QFX Software [2014/10/18 19:38:25 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Screaming Bee [2014/10/28 18:48:24 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Softplicity [2014/08/08 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\TamoSoft [2014/07/23 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\TeamViewer [2014/12/14 11:55:41 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\Titanium [2014/12/16 21:38:56 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\TS3Client [2014/12/06 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\uTorrent [2014/12/17 21:32:00 | 000,000,000 | ---D | M] -- C:\Users\Anthony Bugg\AppData\Roaming\X-Chat 2 [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 12 bytes -> C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD} @Alternate Data Stream - 12 bytes -> C:\Users\Anthony Bugg\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} < End of report > Extras.txt ---------- OTL Extras logfile created on: 12/18/2014 7:17:52 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anthony Bugg\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 4.41 Gb Available Physical Memory | 55.09% Memory free 16.00 Gb Paging File | 11.73 Gb Available in Paging File | 73.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 268.10 Gb Free Space | 57.57% Space Free | Partition Type: NTFS Computer Name: ABUGG | User Name: HomePC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 1 "NoControlPanel" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- () "C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- () [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08649C33-32AD-40B4-A1A0-3BF460B50666}" = lport=139 | protocol=6 | dir=in | app=system | "{0BB47A2B-B2F9-473E-AD3D-0A422DFAA863}" = lport=32535 | protocol=6 | dir=in | name=skype anti resolver tcp | "{21BF0083-381E-490C-BD2F-670FED76C22F}" = rport=10243 | protocol=6 | dir=out | app=system | "{256F4BAA-16DD-4E67-9DC6-7D92B312E59F}" = lport=1601 | protocol=6 | dir=in | name=dc | "{29E9A321-8C6F-4C38-A15F-16D41503E609}" = rport=139 | protocol=6 | dir=out | app=system | "{2DE458AD-00B2-47A0-B0CD-4C377157705E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{3512D144-33DA-4400-A090-DB2BE4114DF7}" = rport=1601 | protocol=6 | dir=out | name=dc | "{3C9E86F2-262F-45CA-8221-B2F59795F0F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4307B82F-F7A3-447C-A428-1268D8529205}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{48001CAE-8AEE-4F4B-A937-243F5EA0B6F8}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{4A828923-232C-4B7D-BB21-52C16E9793B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4BE5714F-A023-426E-8837-AC3ACF5E0A67}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C4777D2-3EF5-42E3-8020-CEB09294B6E1}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{53514A4A-CDF6-404D-A754-96AA3A444F75}" = rport=445 | protocol=6 | dir=out | app=system | "{5A2F985B-A500-4209-98BD-7BAEB0EB7514}" = lport=32535 | protocol=17 | dir=out | name=skype anti resolver udp | "{5E3BD7E9-E62F-4F4C-93BF-C35AD12CFE3B}" = lport=32535 | protocol=17 | dir=in | name=skype anti resolver udp | "{5E543418-C10D-44F2-A89F-2E2927D2BCAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6427FEBD-31B2-484C-8D3C-8DEA7E69D921}" = lport=138 | protocol=17 | dir=in | app=system | "{689C2714-EBB6-43A9-9549-91B5DBAE4FBE}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{6902F496-9A00-4AFD-9B60-42417D718AF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6E537A05-E59C-4DB1-95FF-726CF3175A55}" = rport=138 | protocol=17 | dir=out | app=system | "{6FE0E4B4-0ED1-4B07-9D96-730DC4D713E3}" = lport=40031 | protocol=17 | dir=out | name=skype anti resolver udp | "{789F4705-07B4-4DB8-87D7-74CFDD50E5C0}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{7A089CF7-BD82-4936-8AC1-0C20D6ADB60B}" = rport=137 | protocol=17 | dir=out | app=system | "{7AF64DE5-8381-48C5-9C37-4B71B23AA1C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{804ED42C-AC73-4B43-8F2C-FB1B1DDF98B4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{8176DEEA-FE31-4277-B65D-A101D72E2F72}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{88EB015A-D8DC-44E9-BB37-7DB3DBFE7087}" = lport=10243 | protocol=6 | dir=in | app=system | "{8DBBB811-E442-4CE9-A957-ABE189F056D1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2014.sp3e\wnt600x64\rpcsandrasrv.exe | "{9267554C-1634-4D3B-BAE1-B17D8BC22BAB}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{9E45A155-7959-4829-8E8C-48695D5EEE52}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{B07C3ADF-899A-4D5E-A3AB-D0DF70784D0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BA14E8EB-51AB-43D1-8AB2-1C7659967E68}" = lport=32535 | protocol=6 | dir=out | name=skype anti resolver tcp | "{C013236E-70C0-4E03-8527-743982A68267}" = lport=40031 | protocol=6 | dir=in | name=skype anti resolver tcp | "{D35F42AE-38F6-4F08-83C8-FC8D1E0A9412}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{D61BED83-FBB1-4D0F-B872-1F8B24F222F1}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{D822CF36-F512-4D6E-8894-7170F7D95E48}" = lport=40031 | protocol=17 | dir=in | name=skype anti resolver udp | "{D8AF4BB7-52A3-41E7-94C2-3445ADE7706F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA0D56B2-AC6F-41E1-A22F-6BEB283E999E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DF66EB4C-4264-4128-B0F2-A26E79A9422D}" = lport=40031 | protocol=6 | dir=out | name=skype anti resolver tcp | "{E2731627-86E9-45C6-9CEA-7980334B701D}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{E387BAA7-5217-459F-8895-78B502101C99}" = lport=445 | protocol=6 | dir=in | app=system | "{E6FB27BE-6518-45C2-8748-1BCFBD0F63BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{E84CDBE3-770F-43D7-90CB-158F4C8DDB2D}" = lport=137 | protocol=17 | dir=in | app=system | "{F0A324ED-2258-4B82-983F-21A76C00DBB7}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{F11F1B40-3C35-4F7C-B594-2BD6CDB2E433}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe | "{F284EA2A-4FAC-473A-B94C-D68D335F4908}" = lport=2869 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00510D8C-A4F3-426C-A178-1D5AB0EFAC4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{06247F0B-8692-466E-B68D-41CC90BE5EE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DE52684-924D-4B74-9059-B09E654C01B9}" = protocol=6 | dir=in | app=c:\users\anthony bugg\appdata\roaming\utorrent\utorrent.exe | "{0E284A04-8700-4CE1-9C04-0D1A66E582E8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{157A9100-D2F9-4547-91D0-ACC0B02BFA2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{179BEF8D-1E49-4F2F-9C3B-E9F004178D83}" = dir=in | name=twitch/youtube | "{189FC842-BE30-44D9-8AD0-ACB4D930DB7A}" = protocol=17 | dir=in | app=c:\users\anthony bugg\appdata\roaming\utorrent\utorrent.exe | "{1B1B3046-8F57-4A2B-A0B9-4C429F14A649}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2466C65A-8692-4FC8-9342-B46A18D44E87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | "{24820A03-50DD-47C0-8D43-81C4A84C55D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{24E88933-4A0B-4A14-A9C0-6990238B4D1D}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{25B8C216-7EEB-451D-BE28-8B168C72BD2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | "{263B5825-2354-461F-B839-02831D33D2E9}" = dir=in | name=mitchribarytube | "{2921D07E-993B-4972-BBFB-B229AFA0C127}" = dir=in | app=c:\users\anthon~1\appdata\local\temp\nsmed52.tmp\cnetinstaller-76037571.exe | "{2CFC6713-9C4B-48C1-88F8-3ED8C4302AF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | "{2E69F6AC-A428-4221-9FE8-BAAD683530E1}" = dir=in | name=sdwd | "{2FC0FA7C-CDE3-4309-A8B5-FE341DEB31D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2FEBE8B8-0046-478F-8391-566E0FFCEBD1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2FFCEBF3-9614-49A5-A400-D1801645170A}" = protocol=6 | dir=in | app=c:\program files\blackshot\blackshot\system\blackshot.exe | "{34E8C665-855C-4103-81B8-1319E20A9B33}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3DE6DFB0-13DC-456B-8EDD-B0C276F11BB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz_be.exe | "{3DE9A248-0270-42E9-AD43-4F055D416482}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | "{3ED162C3-5D78-4AC5-A66F-A3368A30CC9C}" = dir=in | name=swag | "{40D2EA8E-1302-4AE9-B269-96F4EC159302}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{418C042F-FF5D-40AF-B131-BFE2C7CF75E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{44342452-AE66-46B2-AB57-A848258D1982}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{44ABDFFF-1BFA-4BCC-B0A5-01F9E113B073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{44C954FD-CECC-4427-ACB6-9A861DC8B0BA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{48547775-99C3-4D05-8494-09E6F5F843E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{4E148AB4-3CCD-4E5C-ABC4-330E5E3DEC20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4EC4BBB6-16A4-41C0-A6AA-FF381EFF823D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5349E1A0-FF56-4680-B59A-8E8D7CDC9337}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | "{5371EC6B-E3EB-49AE-8F2F-988950A27944}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5C65F73B-DFC9-4AA2-BE4A-50589D75AB7E}" = dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | "{5F5709F6-BEF4-4E7E-8ED2-204A80276E25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz.exe | "{63F1E97E-2EAA-4949-A444-8B2081853356}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | "{6665D980-1E60-48EB-BB23-E4BFF595D660}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | "{67FFEBD1-E6EE-47EE-B3EE-9BA8C0E35AEE}" = protocol=6 | dir=out | app=system | "{6D3E2247-7DBB-489F-BFCF-22A64FBC3610}" = protocol=1 | dir=out | [email protected],-28544 | "{779B0588-A0A7-4505-A52F-52423A5427DF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | "{79906D6E-3B8F-4E8E-A500-D46F57ABC012}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{7D19AC5C-B95E-417F-83BB-8ED98A5496A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{81E6F96C-C5F9-4ED7-9C1C-D8ACF4C9B6A5}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "{828B6385-19E6-4E81-81FF-0B844293B644}" = protocol=1 | dir=in | [email protected],-28543 | "{84B54153-D3CC-4753-B5D8-F439DABC2577}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{88CF1339-3E9B-4399-9256-16CE9FB3787E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{8D753FC5-A154-4E8F-916E-36DA39D419B4}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | "{900D6E3D-A587-4275-8621-A75F4A11EE7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{949B16C3-FFA2-4D7B-A698-85C99EC00BD1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9584A850-8F22-44AF-A0C5-EB8BF931E086}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | "{967CC699-A4FB-4C79-9423-B2D6EAFAD600}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{9B32484F-1756-48CB-96C8-2882074E60AA}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "{9D154F12-EE9B-432E-AA83-5D012E89A475}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9D70CE82-8D30-43CA-A860-12ED6146BCE9}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\xrat 2.0 release3\xrat 2.exe | "{9DC323D7-E120-4C97-A720-FF6D446D42EA}" = dir=out | app=c:\users\anthon~1\appdata\local\temp\nsmed52.tmp\cnetinstaller-76037571.exe | "{A577362D-4F5E-421A-BF9B-6FDABFAC014D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A5774E71-4E20-44C9-B62E-11C10FFE87F3}" = dir=in | app=c:\program files (x86)\garena plus\ggdllhost.exe | "{A84C1D17-DA80-4B91-9978-5902557772DF}" = protocol=58 | dir=out | [email protected],-28546 | "{A8F9D45B-0DBA-4E9E-8BF2-0810ACE27B15}" = protocol=17 | dir=in | app=c:\program files\blackshot\blackshot\system\blackshot.exe | "{A9ACC16E-DF99-4C44-9BED-8DF1EF2C0344}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\xrat 2.0 release3\xrat 2.exe | "{AABD623A-8E8B-43DB-B360-838CDF018108}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD7A9D75-CECC-4246-A3C8-D5F09E8463A7}" = dir=in | name=mitchribarytube | "{B479A5F2-14EA-44A7-BE20-9595D368E16F}" = protocol=58 | dir=in | [email protected],-28545 | "{B9B9461F-18D4-4496-ADD2-40CAA23C539E}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | "{BB6DE89B-5093-45CD-B2E9-2E969A968C8E}" = dir=in | app=c:\program files\smartftp client\smartftp.exe | "{C08DF588-0DA4-4328-98F8-8AACEA0CA7A0}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | "{C16B83AB-E6FF-4643-9864-A10E827F8938}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C1B19FBF-C1CF-4FA4-BCC4-A3B6B05CAF66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dayz\dayz_be.exe | "{C79D7935-1CF3-43F8-B561-8E90E884B4E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C8722C67-661C-4242-91EC-8C63A2324831}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CAF52842-5264-479A-8748-301114B380F1}" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\server.exe | "{CE094998-F2E8-4316-9EC0-ED5479120979}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{D27AC4A1-ABC8-4381-B202-926999B55EBC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D3073E2B-6633-4820-AD45-E0AB2B261123}" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | "{DEC34735-B2E3-4342-AB08-F22A5044EAEC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{DF920CC8-06C6-4113-A57F-62F64D601DBA}" = dir=in | name=mitchribarytube | "{E359F38F-1B63-455D-BB8E-26907F22F4BB}" = protocol=6 | dir=in | app=c:\users\anthony bugg\downloads\blackshot_garenaplus_installer.exe | "{E8A19430-E735-46F7-B9B3-95222274DC49}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{EBC945A9-A3DD-4922-B597-E0D375D04B52}" = protocol=17 | dir=in | app=c:\users\anthony bugg\downloads\blackshot_garenaplus_installer.exe | "{F151ACCB-88BB-4F48-832A-CD1CFED87EDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F91C2425-0626-49ED-93CD-64C60F9271D9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FACBEF88-EEAB-43A6-9C93-3C81D94020A1}" = dir=out | app=c:\program files (x86)\simple port forwarding\spf.exe | "{FC8ABBBC-8942-45AB-B621-94201216501A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FE29B4B4-17D5-4A66-9182-121B4E434244}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | "TCP Query User{34F8A414-9984-4905-94EA-FBBCC1C5E3CB}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "TCP Query User{4BA3EF93-543E-43D1-AD86-9572DF0B15F8}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | "TCP Query User{5C7A603D-90BD-4D9B-BB3B-F154D801FF71}C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | "TCP Query User{92D11E34-73CE-4317-9699-717F8B5A205E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{D868B1DB-EE75-41A2-8210-89A96DEE4342}C:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe" = protocol=6 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | "UDP Query User{1258541D-DBC2-457B-9FD8-AB12FA5E2E1E}C:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe" = protocol=17 | dir=in | app=c:\users\anthony bugg\desktop\icons\rat\njrat v0.7d.exe | "UDP Query User{3BEB8DD9-0A4F-4CBF-B294-CB510CE45544}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe | "UDP Query User{5CD48BE8-BCE7-4AEC-9152-10807E62EB17}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | "UDP Query User{BF01DC6C-E049-4EE3-83FE-B533197C78C2}C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe | "UDP Query User{CFC2F42F-6983-4A43-AF32-D6ACD6627DEA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05198C22-FFCE-374A-B190-9F18CC99DAEA}" = Build Tools Language Resources - amd64 "{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64) "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0B6BDD27-3097-4FE1-BDE6-1D5EC7399563}" = Visual Studio 2013 Prerequisites "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation "{127B5371-1802-4EDD-A25A-A43BF761D383}" = PBO Manager v.1.4 beta "{16222DF7-8513-491E-91F0-F489AB2D3CB0}" = Visual Studio 2013 Prerequisites - ENU Language Pack "{199C6892-5DED-409B-88B2-3BE6421552B2}" = Workflow Manager Client 1.0 "{1D2CEC61-C3F0-C27E-7280-F9D6B10378BE}" = Windows App Certification Kit Native Components "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E4064EE-26B4-341E-9208-72859FCDE1DA}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64) "{1F4004F7-3BC0-3ABC-86F6-7A125D11F98B}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) "{2044FC4C-4EA3-4113-BC1E-962DF568D201}" = JavaScript Tooling "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{26A24AE4-039D-4CA4-87B4-2F06417065FF}" = Java 7 Update 65 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86418020F0}" = Java 8 Update 20 (64-bit) "{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3674F088-9B90-473A-AAC3-20A00D8D810C}" = Microsoft Web Deploy 3.5 "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects (x64) "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64) "{49055838-1EF5-40BB-89B6-8E3456B3E817}" = Microsoft Visual Studio 2013 Performance Collection Tools - ENU "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote "{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0180110}" = Java SE Development Kit 8 Update 11 (64-bit) "{65C91666-C3E8-3A42-BDA8-87932DD34F89}" = Microsoft Team Foundation Server 2013 Object Model (x64) "{6C026A91-640F-4A23-8B68-05D589CC6F18}" = Microsoft SQL Server 2012 Express LocalDB "{6D7131D1-87E5-4677-BD6A-08DCF2529076}" = Microsoft Visual Studio 2013 Performance Collection Tools "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU "{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95150001-1163-0409-1000-0000000FF1CE}" = SharePoint Client Components "{95176218-0F93-3376-912E-B82DACCEA01B}" = Microsoft Visual C++ 2013 x64 Designtime - 12.0.21005 "{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote "{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++ "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64 "{A36AC685-4435-4C16-861F-221231DE165D}" = Hex Workshop v6.8 "{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework (x64) "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.4 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.26 "{B50B367A-AFE1-489D-87E7-6CCCD96049A3}" = Microsoft Visual Studio 2013 IntelliTrace Core amd64 "{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU "{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support "{C082CDB9-D173-4740-AE0E-C685E6F44850}" = ESET Smart Security "{C41498FE-0BF8-3B22-9785-231CE53C728E}" = Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU "{C458ABBB-B610-3195-80A2-A69E28332732}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack "{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 "{C95DA72B-814E-3A55-BA6C-DF0202CAB9F0}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D50F2AF3-91EA-4D41-A277-6620EAF90BD0}" = SmartFTP Client "{E1F79421-EC32-437F-8525-ABE902C85AC5}" = Workflow Manager Tools 1.0 for Visual Studio "{F17662A3-4569-4A61-ABD4-E51B632D3C4D}" = Microsoft Visual Studio 2013 VsGraphics Helper Dependencies "{F74753A3-C93C-34F5-A199-993CAF602B7D}" = Build Tools - amd64 "{F99F24BF-0B90-463E-9658-3FD2EFC3C992}" = Microsoft Identity Extensions "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86 "CyberGhost 5_is1" = CyberGhost 5 "Greenshot_is1" = Greenshot 1.1.9.13 "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "OpenVPN" = OpenVPN 2.3.4-I002 "Process_Hacker2_is1" = Process Hacker 2.33 (r5590) "Sandboxie" = Sandboxie 4.12 (64-bit) "TAP-Windows" = TAP-Windows 9.9.2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unlocker" = Unlocker 1.9.1-x64 "Virtual Audio Cable 4.13" = Virtual Audio Cable 4.13 "WinRAR archiver" = WinRAR 5.10 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{0099B899-7894-3B1D-9FF3-5992F84E631F}" = Microsoft LightSwitch for Visual Studio 2013 Core "{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1 "{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service "{0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}" = Windows Runtime Intellisense Content - en-us "{06EEE072-B561-38E5-85D9-485ABCBE8342}" = Visual F# 3.1 SDK "{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012 "{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013 "{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}" = Behaviors SDK (XAML) for Visual Studio "{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++ x64 Libraries "{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1" = Sothink SWF Editor "{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5 "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0 "{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1) "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5 "{16A901BB-CD8E-3B48-9932-5927FB13508D}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK "{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23127FE2-983D-305A-904D-89ED86D36269}" = Microsoft Visual Studio Ultimate 2013 "{2386192E-D6DB-4AD2-9564-65586A0AE53E}" = Dotfuscator and Analytics Community Edition "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.22 "{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67 "{26A24AE4-039D-4CA4-87B4-2F83218020F0}" = Java 8 Update 20 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2DF5765E-5386-4540-9383-DBC9A0A596F9}" = System Requirements Lab CYRI "{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects "{30F2491C-9410-4DB1-BE66-77B360B1F484}" = Microsoft Visual C++ x64-arm Cross Compilers "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT "{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps "{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3E456233-1EA5-42ED-8556-0481BA728B41}" = Microsoft NuGet - Visual Studio 2013 "{3EA16E23-14D2-466A-8268-D7CD40DC46B6}" = Open XML SDK 2.5 for Microsoft Office "{3FBFCF2C-392A-4632-9442-14C305B44D5E}" = AzureTools.Notifications "{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime "{4345E9A5-1300-4710-919D-077BA7E6B3DA}" = Windows Azure Mobile Services SDK "{46910786-E4AC-41E4-A4A0-C086EA85242D}" = WCF Data Services 5.6.0 Runtime "{492498A3-F88C-FE2F-755C-9B1B91724CA5}" = LocalESPC Dev12 "{49273419-5179-4866-9F71-5CF346F302CF}_is1" = Sothink SWF Catcher "{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum) "{5481F163-B9E5-30A8-8441-4DBBB87D6AA2}" = Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries "{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote "{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack "{5793BB91-4E91-3C3C-B93F-C2B1EEA35A5F}" = Microsoft Visual Studio Ultimate 2013 - ENU "{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU "{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6321F2D4-366B-3AE4-877A-8E539EC3331A}" = Visual F# 3.1 VS "{64297226-2B81-4588-89BD-76440BC0BCFC}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU "{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) "{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers "{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack "{6AB13C21-C3EC-46E1-8009-6FD5EBEE515B}" = Microsoft Advertising SDK for Windows 8.1 - ENU "{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources "{6EE9E2DF-2CD7-4952-A649-95DEA8697BD8}" = Microsoft Exchange Web Services Managed API 2.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72076159-B94A-42AE-A64C-CA3855E9CB28}" = Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 "{721C380F-E296-4118-9ACE-589E8EF86208}" = Microsoft Visual Studio 2013 Profiling Tools "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{794D38B6-C8B2-4DFC-BF1B-122233A336F3}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU "{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}" = Private Internet Access Support Files "{82DAD82D-0139-3F7A-A22F-67A694F9CAA4}" = Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU "{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support "{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries "{8DCCC556-265B-478A-8B32-C12DA988BA74}" = BlueStacks Notification Center "{9027FE9C-5488-30C3-AA42-7330D25BF92D}" = Microsoft Portable Library Multi-Targeting Pack "{9347889B-C22A-3905-901F-C05D8F73C929}" = Build Tools Language Resources - x86 "{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}" = PreEmptive Analytics Visual Studio Components "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec "{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 "{96563105-F726-4865-8C32-416753ECA5F1}" = Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources "{97592A5E-6A50-38E0-885C-7334BA7A43D8}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package "{976C3D92-0DEC-37A6-A870-FF4FC18CD029}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps "{979C7495-FB42-484E-92EA-7F2A59DD7718}" = Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU "{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit "{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources "{99665AC0-9DBA-11E1-6784-014E6F7A18BE}" = SmartWhois "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C593464-7F2F-37B3-89F8-7E894E3B09EA}" = Microsoft Visual Studio Professional 2013 "{9E673C3F-423B-458E-8EA4-9AE87C49AFC8}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools "{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}" = Blend for Visual Studio 2013 ENU resources "{A17B9856-40CF-4BEA-BB65-ADB8154A83DC}" = LG Verizon United Driver "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote "{A1D06677-1103-32DE-AA74-6EE44DCF7F81}" = Microsoft Visual C++ 2013 Extended Libraries "{A223B446-EC3D-3031-828D-5188800AB782}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) "{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013 "{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++ x86 Libraries "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types "{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote "{A8229A09-E570-412B-8D18-E78985673E34}" = Microsoft Visual C++ ARM Libraries "{AA0964AF-0F95-4A72-BD29-F833A382EDC2}" = Microsoft Visual Studio 2013 IntelliTrace Core x86 "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies "{B0A82E02-E959-3C46-AB11-D38527BC573E}" = Microsoft Visual Studio Premium 2013 "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B1C38F27-D377-8C98-D98D-29B67C0B978D}" = LocalESPCui for en-us Dev12 "{B3C98C29-A2BE-455F-9285-13B745282271}" = Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources "{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX "{B536762B-1047-4B51-8ECF-46D5686E5416}" = Microsoft ASP.NET Web Pages 2 Runtime "{B6A0A174-33E0-3D42-92EA-547D318CB149}" = Microsoft Visual Studio 2013 Devenv "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B86C786E-11A2-4CAB-BB2E-D7CD5D65D552}" = Microsoft LightSwitch v4.0 SDK "{BB0D9EE5-F7B1-4986-AF62-DB3BED9A83BC}" = Microsoft Visual C++ x64 Native Compilers - ENU Resources "{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler "{BD63060C-F4C7-4E86-9C2A-4A102E7EE12C}" = Microsoft Web Developer Tools 2013 - Visual Studio 2013 "{BD72C04F-892F-48EE-A236-CC10891610D6}" = Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0 "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{BF3E2194-F89B-44FB-A801-464BF787599F}" = WCF Data Services Tools for Microsoft Visual Studio 2013 "{C00453B2-27AD-4858-A20D-F44E39481C7D}" = Microsoft Report Viewer Add-On for Visual Studio 2013 "{C1D0E508-ECAF-45AA-A549-1E26B9ECE0FB}" = Microsoft Visual C++ x64-x86 Cross Compilers "{C26C1495-8EBE-3F71-BDA1-7DE2010840D8}" = Microsoft Visual Studio 2013 Devenv Resources "{C5A17590-8CBE-3581-965D-EF183BE07920}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core "{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013 "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cd09eea6-d0b3-4246-bb80-e047ceadf61f}" = Microsoft Visual Studio Ultimate 2013 "{CDECCD37-EBCE-4AF8-8D1C-5DF13194FEA1}" = Microsoft Advertising Service Extension for Visual Studio "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) "{D42681AA-BC16-3C84-949E-45F05D2AA997}" = Microsoft Visual C++ 2013 Core Libraries "{D4E77BFD-ECA9-40BB-89DC-1367B4139227}" = Microsoft Visual Studio 2013 Preparation "{D574CE3E-0376-4BED-B609-5C2C2AD655ED}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU "{D69874BF-D864-4EB2-91C3-2EDD05A64F70}" = Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0 "{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014 "{DB5600F1-DE83-46DE-B162-5FC4400EAF5B}" = Microsoft Visual C++ 2013 Compilers "{DE0E8FAF-9758-4BFD-A16E-009DB4B8C912}" = Microsoft Visual C++ x64 Native Compilers "{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}" = MorphVOX Pro "{DF15CD8F-9295-3AD9-B814-7A60184AA1CD}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack "{E10D1D9A-AD92-4DE1-BECB-7F7F41A2C51A}" = Microsoft Visual Studio 2013 IntelliTrace Front End x86 "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK "{E319EB83-57EA-4435-B340-B26156D43014}" = LustGaming Loader "{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 "{E6F3851E-CEEB-4ECB-A6FA-337C8F662E3D}" = Microsoft Visual C++ 2013 Compilers - ENU Resources "{E9674444-9491-3961-873C-017D8912185E}" = Microsoft Visual Studio Professional 2013 - ENU "{EB37C117-9C83-4696-A493-8AFBAC8F9FFC}" = JavaScript Tooling "{EB514FFD-5FBA-3C53-94F8-3A2B96C5E7A8}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources "{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}" = Blend for Visual Studio 2013 "{ED6C8E61-363B-355C-80C7-E676BC781478}" = Microsoft Visual Studio Premium 2013 - ENU "{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}" = Python Tools Redirection Template "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F20914BB-FD5F-3A3A-8CDF-DF5ADEFD9451}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu "{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++ "{F395FD4F-40E5-7B56-2BCB-B3CF52B3B52C}" = Windows App Certification Kit x64 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86 "{FF39514D-E2EB-40BA-A23F-C83B8E0ED110}" = Visual Studio Extensions for Windows Library for JavaScript "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "{ffec63c3-090d-45ea-afd7-eab07edb5822}_is1" = Acunetix Web Vulnerability Scanner 9.5 "Adobe Flash Player PPAPI" = Adobe Flash Player 16 PPAPI "Adobe Shockwave Player" = Adobe Shockwave Player 12.1 "AutoHotkey" = AutoHotkey 1.0.48.05 "Battlelog Web Plugins" = Battlelog Web Plugins "BattlEye for OA" = BattlEye for OA Uninstall "BlackShot" = BlackShot Á¦°Å "BlueStacks App Player" = BlueStacks App Player "BSRScreenRecorder6" = BSR Screen Recorder 6 "Cheat Engine 6.4_is1" = Cheat Engine 6.4 "Fallout New Vegas_is1" = Fallout New Vegas 1.4 "FastStone Capture" = FastStone Capture 7.8 "FileZilla Client" = FileZilla Client 3.9.0.6 "fragMOTION 1.2.6_is1" = fragMOTION 1.2.6 "FreeDNS Update" = FreeDNS Update 1.8.4 "GameTracker Lite" = GameTracker Lite "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "KeyScrambler" = KeyScrambler "LustGaming Loader 6.1.0" = LustGaming Loader "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025 "Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1 "Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU "Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US) "Nmap" = Nmap 6.47 "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenVPN" = OpenVPN 2.2.2 "Opera 26.0.1656.60" = Opera Stable 26.0.1656.60 "Origin" = Origin "Pidgin" = Pidgin "pidgin-otr" = pidgin-otr 4.0.1 "Postal 2_is1" = Portal 2 "PunkBusterSvc" = PunkBuster Services "ReiBoot" = ReiBoot "Simple Shutdown Timer1.1.2" = Simple Shutdown Timer "Steam" = Steam "Steam App 209170" = Call of Duty: Ghosts - Multiplayer "Steam App 221100" = DayZ "Steam App 4000" = Garry's Mod "Steam App 730" = Counter-Strike: Global Offensive "TeamViewer 9" = TeamViewer 9 "TMACv6.0" = Technitium MAC Address Changer v6.0.5 "VMware_Workstation" = VMware Workstation "WinPcapInst" = WinPcap 4.1.3 "xchat" = XChat 2 (remove only) [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "JoinMe" = join.me "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 12/18/2014 8:20:16 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8050 Error - 12/18/2014 8:20:17 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/18/2014 8:20:17 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9048 Error - 12/18/2014 8:20:17 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9048 Error - 12/18/2014 8:20:18 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 12/18/2014 8:20:18 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10046 Error - 12/18/2014 8:20:18 AM | Computer Name = ABugg | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10046 Error - 12/18/2014 6:05:54 PM | Computer Name = ABugg | Source = .NET Runtime | ID = 1026 Description = Application: Sony Vegas Pro.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: Microsoft.DirectX.Direct3D.DeviceLostException Stack: at Microsoft.DirectX.Direct3D.Device.PresentInternal(Microsoft.DirectX.PrivateImplementationDetails.tagRECT*, Microsoft.DirectX.PrivateImplementationDetails.tagRECT*, IntPtr) at Microsoft.DirectX.Direct3D.Device.Present() at ????????????????????????????????????????.????????????????????????????????????????() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error - 12/18/2014 6:05:56 PM | Computer Name = ABugg | Source = Application Error | ID = 1000 Description = Faulting application name: Sony Vegas Pro.exe, version: 1.0.0.0, time stamp: 0x547f6af7 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86 Exception code: 0xe0434352 Fault offset: 0x0000c42d Faulting process id: 0x2fc Faulting application start time: 0x01d01b0e6fb61380 Faulting application path: C:\Users\Anthony Bugg\Desktop\Icons\EBOOT Builder 1.03\Sony Vegas Pro.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 09df9710-8702-11e4-9b18-005056c00008 Error - 12/18/2014 6:55:29 PM | Computer Name = ABugg | Source = .NET Runtime | ID = 1026 Description = Application: Sony Vegas Pro.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: Microsoft.DirectX.Direct3D.GraphicsException Stack: at Microsoft.DirectX.Direct3D.Device.PresentInternal(Microsoft.DirectX.PrivateImplementationDetails.tagRECT*, Microsoft.DirectX.PrivateImplementationDetails.tagRECT*, IntPtr) at Microsoft.DirectX.Direct3D.Device.Present() at ????????????????????????????????????????.????????????????????????????????????????() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() [ System Events ] Error - 12/16/2014 5:14:37 PM | Computer Name = ABugg | Source = DCOM | ID = 10001 Description = Error - 12/16/2014 5:39:58 PM | Computer Name = ABugg | Source = WMPNetworkSvc | ID = 866333 Description = Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. Error - 12/16/2014 10:49:30 PM | Computer Name = ABugg | Source = DCOM | ID = 10001 Description = Error - 12/17/2014 5:17:40 PM | Computer Name = ABugg | Source = DCOM | ID = 10001 Description = Error - 12/17/2014 9:37:16 PM | Computer Name = ABugg | Source = WMPNetworkSvc | ID = 866333 Description = Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. Error - 12/18/2014 7:54:04 AM | Computer Name = ABugg | Source = Service Control Manager | ID = 7023 Description = The BlueStacks Android Service service terminated with the following error: %%1064 Error - 12/18/2014 7:54:04 AM | Computer Name = ABugg | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdrom Error - 12/18/2014 8:20:23 AM | Computer Name = ABugg | Source = Microsoft-Windows-HAL | ID = 12 Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error - 12/18/2014 5:27:13 PM | Computer Name = ABugg | Source = DCOM | ID = 10001 Description = Error - 12/18/2014 6:30:29 PM | Computer Name = ABugg | Source = WMPNetworkSvc | ID = 866333 Description = Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. < End of report >
Edited by anthonybugg, 19 December 2014 - 03:41 PM.