Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System failing to boot / takes too long


  • This topic is locked This topic is locked

#1
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Recently, my computer has been failing to boot up. I'd get past the first windows screen that says initializing and then I'd get a black screen with only my mouse showing. Naturally, I thought it was a problem with explorer.exe. So what I'd do is open task manager through CTRL-ALT-DEL (that'd work) and kill explorer.exe, then re-open it from "New Task". After doing this a few times, explorer would finally work and I'd be able to operate my system like normal. Obviously I shouldn't have to do that, that's why I'm here. Today, I couldn't get this method to work anymore, so what I did was open chrome.exe from task manager and navigate over here to see what I could do. My system wouldn't even let me download OTL to start a new topic! I'd click and click and OTL would never appear as downloading. I tried the other methods described for in case I couldn't run MBAM, and chrome wouldn't even download those. I was at a loss. But after about fifteen to twenty minutes, explorer.exe randomly booted up (rather slowly, I might add) and I could see my wallpaper. The task bar appeared and out of the blue I'd get all the downloads I was trying to do before appear as downloading. I think something's up. I'm taking advantage of this opportunity that my system IS running and I'll post the OTL log I got.

OTL logfile created on: 9/22/2013 7:21:56 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Usuario\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.12% Memory free
15.99 Gb Paging File | 13.61 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 273.67 Gb Free Space | 29.38% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/22 19:17:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Downloads\OTL (1).exe
PRC - [2013/09/19 23:12:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013/09/17 00:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/09 17:39:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/03 19:00:11 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/17 00:21:27 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/17 00:21:26 | 013,611,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
MOD - [2013/09/17 00:21:25 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 00:20:34 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 00:20:33 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 00:20:31 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 22:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/20 14:28:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 23:12:47 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013/09/09 17:39:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/06 17:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stop_Pending] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/03 19:02:05 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/03 19:00:11 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/08/02 11:56:54 | 001,095,824 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe -- (RoxMediaDBGame1X)
SRV - [2011/05/03 18:10:00 | 004,116,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/21 14:15:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/15 06:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 23:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 22:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 08:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/01/25 16:38:04 | 000,088,448 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/10/03 19:04:03 | 000,035,376 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/02 11:18:08 | 000,101,632 | ---- | M] (UT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uth5x64.sys -- (H5xUSB)
DRV:64bit: - [2012/07/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/05 02:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/22 20:40:52 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/11/22 20:40:52 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/07 12:43:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/24 20:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 06:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/20 08:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 08:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/29 19:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2013/09/22 19:20:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/10/03 19:04:02 | 000,040,520 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/03 19:04:01 | 000,061,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/10/03 19:00:30 | 000,062,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2011/12/19 15:33:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/12/17 01:32:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/06/25 11:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE C2 83 3E AD 38 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {61E5EAE4-43B0-4562-BD65-D201070F0FBC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{569D602A-DD24-45ca-BF93-92FD47A73086}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{61E5EAE4-43B0-4562-BD65-D201070F0FBC}: "URL" = http://ar.search.yah...icevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre1.7.0_09\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Nico\Tools\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 16:33:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/28 22:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/27 22:09:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/28 22:32:42 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Nico\Tools\VLC\npvlc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Media Hint = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.13_0\
CHR - Extension: Missing e = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\
CHR - Extension: YouTube = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0\
CHR - Extension: Tumblr Savior = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.8_0\
CHR - Extension: Gmail = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/10 12:48:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0_09\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.7.0_09\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Nico\Tools\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [F.lux] C:\Users\Usuario\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [ONAIR] C:\Nico\Tools\ONAIR\ONAIR.exe (DJMASTER.COM)
O4 - HKCU..\Run: [Steam] C:\Nico\Tools\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.44 200.42.4.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}: DhcpNameServer = 200.49.130.44 200.42.4.207
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{86e0adb3-876a-11e1-8d66-1c6f65ae73bb}\Shell - "" = AutoRun
O33 - MountPoints2\{86e0adb3-876a-11e1-8d66-1c6f65ae73bb}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 00:37:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.sol Editor
[2013/09/22 00:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.sol Editor
[2013/09/22 00:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sol Edit
[2013/09/20 14:34:44 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Adobe_Systems_Incorporate
[2013/09/20 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\My Digital Editions
[2013/09/18 18:35:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/09/11 12:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
[2013/09/11 12:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minilyrics
[2013/09/09 19:26:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\EA Games
[2013/08/29 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Electronic Arts
[2013/08/29 12:42:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\PunkBuster
[2013/08/29 12:42:40 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\Battlefield 3
[2013/08/29 12:42:20 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\ESN
[2013/08/29 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013/08/29 12:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013/08/29 12:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013/08/29 07:49:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/08/28 23:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/08/28 23:50:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Origin
[2013/08/28 23:49:59 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Origin
[2013/08/28 23:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/08/28 23:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/08/28 23:14:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Criterion Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/22 19:20:32 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/22 19:20:05 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/09/22 19:07:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 19:07:05 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 18:37:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 18:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 11:57:38 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/09/21 10:41:20 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:41:20 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 14:24:39 | 000,689,144 | ---- | M] () -- C:\Users\Usuario\Desktop\Reality Is Broken - McGonigal_ Jane.epub
[2013/09/19 23:12:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/19 23:12:32 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/09/12 16:42:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/12 03:44:26 | 005,101,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/10 17:29:10 | 002,802,948 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/09/10 17:29:10 | 002,719,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/10 17:29:10 | 000,838,178 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/09/10 17:29:10 | 000,802,048 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/10 17:29:10 | 000,006,462 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/10 00:26:24 | 000,007,604 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2013/09/09 17:39:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/20 14:24:37 | 000,689,144 | ---- | C] () -- C:\Users\Usuario\Desktop\Reality Is Broken - McGonigal_ Jane.epub
[2013/09/19 23:12:29 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013/08/29 12:42:56 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/07/22 07:49:17 | 000,000,430 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/28 23:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 23:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/12/15 02:49:52 | 000,000,132 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/09/15 01:15:53 | 000,711,240 | ---- | C] () -- C:\Windows\is-ISB6J.exe
[2012/08/14 21:38:29 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/08/14 20:26:52 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/07/28 22:17:17 | 000,226,437 | ---- | C] () -- C:\Windows\hpwins20.dat
[2012/06/01 20:14:27 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/04/16 16:17:53 | 000,170,636 | ---- | C] () -- C:\Windows\hpwins27.dat.temp
[2012/04/16 16:15:46 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2012/04/16 15:50:54 | 000,170,689 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/04/16 15:24:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/16 15:24:19 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/14 18:39:45 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/05 17:42:47 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/04/05 17:42:47 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2012/03/17 00:23:35 | 000,007,604 | ---- | C] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2012/03/09 01:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 01:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/21 01:09:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/19 13:09:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/30 22:59:26 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/11/18 22:05:08 | 000,163,840 | ---- | C] () -- C:\Windows\IsUninst.exe
[2011/10/20 03:36:50 | 000,111,616 | ---- | C] () -- C:\Windows\sysk32.dll
[2010/02/26 21:22:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\saopts.dat

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 23:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/05 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2012/06/04 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.Nitrous
[2012/10/18 17:23:46 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.techniclauncher
[2013/07/09 00:16:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\avidemux
[2013/04/13 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Awesomium
[2012/07/27 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\BANDISOFT
[2013/09/21 23:29:52 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\BitTorrent
[2013/06/14 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Blender Foundation
[2012/06/17 23:28:18 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Braid
[2012/03/22 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\CheckPoint
[2012/05/30 14:25:12 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/14 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
[2012/11/04 02:58:56 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DiskAid
[2013/02/27 16:18:20 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Doublefine
[2012/06/06 23:54:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Dropbox
[2013/05/05 18:40:11 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\eve Updater
[2012/06/11 18:38:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\fltk.org
[2013/04/24 00:48:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\fofix
[2012/07/31 17:22:07 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Highresolution Enterprises
[2013/04/26 02:20:52 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\ihelper
[2012/03/01 00:30:46 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\JoyChina
[2011/11/22 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Leadertech
[2012/06/11 15:15:40 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\LoneSurvivor
[2012/03/05 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\LOVE
[2013/09/22 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\MediaMonkey
[2013/09/22 17:20:04 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\MiniLyrics
[2013/07/06 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/01/05 23:55:39 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\MoreTerra
[2012/08/27 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Mount&Blade Warband
[2012/07/15 16:19:53 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Mumble
[2012/04/05 17:45:18 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\OnlineArmor
[2013/08/29 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Origin
[2012/12/11 19:10:26 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PACE Anti-Piracy
[2012/05/31 14:15:43 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PDAppFlex
[2013/05/21 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PowerISO
[2011/09/28 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Publish Providers
[2012/04/16 15:24:17 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\PunkBuster
[2012/10/25 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Rainmeter
[2012/11/03 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\redsn0w
[2012/03/11 14:23:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\RotMG.Production
[2011/12/29 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\runic games
[2012/07/02 18:01:14 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\six-updater
[2012/07/02 18:00:18 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\six-zsync
[2011/09/28 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Sony
[2012/05/31 14:16:27 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/13 13:50:23 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\StepMania 5
[2013/07/06 14:15:09 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\stetic
[2012/02/20 02:00:20 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\SuperHideIP
[2012/04/16 00:15:42 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Synthesia
[2011/09/12 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TeamViewer
[2012/01/24 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Tomato
[2013/07/30 20:21:41 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Transformice
[2011/08/07 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TrueCrypt
[2013/03/13 21:01:54 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TS3Client
[2013/03/12 23:57:13 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\ts3overlay
[2012/11/18 17:49:00 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\ts3overlay_hook_win64
[2011/08/21 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TuneUp Software
[2012/06/04 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TunkDesign Inc
[2013/07/31 00:27:44 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Unity
[2012/04/23 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\uTorrent
[2012/06/10 16:38:54 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >

Thanks in advance.
  • 0

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Micaso,

Welcome to Geeks to Go! :)

My name is Donna and I would be happy to help you with your computer issues.

I am presently in training and my replies might be delayed a bit since I do have to receive approval from my instructor if this fix goes beyond basic maintenance/computer help.

I see that you have MSE installed as your current realtime AV and Online Armor as your resident firewall. Recently, many users have been having issues with BSOD's due to the combination of the 2 programs running.

At this time, please uninstall Online Armor. Reboot your computer and see if the problem is resolved.

Let me know the results and we can continue from there..

Thank you,

Donna :)
  • 0

#3
Micaso

Micaso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello DonnaB,

Thanks for taking the time to help me out! I've did as you said and uninstalled Online Armor. My computer booted up as normal and I had no issues whatsoever....But I'm left without a really good firewall now. What can I use to replace Online Armor and why was it causing me problems anyway?

Micaso

Edited by Micaso, 24 September 2013 - 11:11 AM.

  • 0

#4
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Micaso,

Thanks for taking the time to help me out! I've did as you said and uninstalled Online Armor. My computer booted up as normal and I had no issues whatsoever...


You are most welcome! That's great to hear that once the OA firewall was uninstalled that your system booted with no issues! For the time being, please enable your Windows Firewall. Win Vista, 7, and 8 have great firewalls that can be trusted. If your system was XP, I'd be worried.

Question: Did you pay for the version of Online Armor firewall that is/was installed or is it the free version?

In the meantime, please allow me a bit of time to research this issue concerning the combination of MSE and the OA firewall. I'd also like to discuss this with my instructor. Not to worry, though. You're being well taken care of and I'll post back with my next set of instructions and your last question as to why this problem has occurred as soon as possible.

Thank you kindly for your patience.

Donna :)
  • 0

#5
Micaso

Micaso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello DonnaB!

To reply to your question: I was using the free version of Online Armor. I've done a couple more reboots and had no problems, so it appears to have been just that! I really appreciate your help. Good luck with the research! My fear is that it may not be just Online Armor causing problems.

Micaso
  • 0

#6
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Micaso,

Please accept my apologies for the delay.

Couple questions if I may....

How has your computer been booting since yesterday?

How do you have your system connected to the internet? Modem > router? If you are connected via NAT (network address translation) feature of a router, which is connected to your modem, you should be perfectly secure without the use of a 3rd party Firewall.

I'd like to verify that you are clean. Please do the following:

  • Uninstall Malwarebytes' Anti-Malware using Add/Remove Programs on Windows XP and Programs and Features on Windows Vista and Windows 7.
  • Restart your computer <--very important.
  • Download and run MBAM Removal Tool<--- link
  • It will ask to restart your computer (please allow it to).
  • After the computer restarts, install the latest version from the link below.

Next:

Please download Malwarebytes Antimalware from >>>HERE<<<

Once downloaded, double Click mbam-setup.exe on XP or right click and choose Run as administrator on Vista, Win7 to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

In your next reply, please post the following logs:

MBAM log
ESET log


Thank you,
Donna :)
  • 0

#7
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Micaso,

Is all ok? Please let me know if you need further assistance and post the requested logs when you have the time.

Thank you,
Donna :happy:
  • 0

#8
Micaso

Micaso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello DonnaB,

Sorry for the late reply! Haven't been on the computer much lately. It has been booting up just fine since I uninstalled Online Armor. To your question, I have my computer connected to the internet through a Modem my ISP gave me. It's connected through an ethernet cable. Here are the two logs requested:

MBAM Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Usuario :: USUARIO-PC [administrator]

9/29/2013 1:21:48 AM
mbam-log-2013-09-29 (01-21-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211579
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET LOG
(ESET had one log on their folder that had really little data, so I'm guessing you were probably asking for the log they created when I exported the found threats to a text log? Just in case I'll post both)

This is the log I found in the folder:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

And here's the threats it found:

C:\Nico\Backup\LG Optimus ME\Backup 8-1-12\Taringa\GingerBreak-v1.20.apk multiple threats
C:\Nico\Backup\LG Optimus ME\LG Optimus Backup Backup\Bac\GingerBreak-v1.20.apk multiple threats
C:\Nico\Games\Dark Souls\xlive.dll a variant of Win32/Packed.VMProtect.AAN trojan
C:\Users\Usuario\Downloads\cbsidlm-tr1_10a-Real_Lives_2010-SEO-10185137.exe Win32/DownloadAdmin.G application
C:\Users\Usuario\Downloads\Setup_FreeConverter.exe Win32/Toolbar.SearchSuite application
C:\Users\Usuario\Downloads\SweetHome3D-4.1-windows-oc.exe Win32/OpenCandy application
C:\Windows\sview.exe a variant of Win32/Monitor.Spyagent.NAF application
C:\Windows\sysk32.dll a variant of Win32/Monitor.Spyagent.NAG application


Thanks, and sorry again for the delay in response!
Micaso
  • 0

#9
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts

Thanks, and sorry again for the delay in response!

You're welcome, and not to worry. I wanted to verify that you were found to be clean. Many think that once the initial problem is resolved, they're safe, which is not always true.

I have my computer connected to the internet through a Modem my ISP gave me.


I'd like to recommend that you purchase a reliable router. Connect the modem to the router, then connect the router to your computer. This will provide an extra layer of security. Make sure to secure the router as well. That alone with the windows firewall and your AV is sufficient protection. If you are unsure how to set up a connection in this manner, we have some excellent Techs in our Networking forum that will be happy to assist you.

WARNING!

P2P Program installed: I see hints of uTorrent installed. I feel that I must warn you that this type of program is of the highest nature that infections are invited into your Computer. I suggest that you remove it IMMEDIATELY.

P2P Programs can invite spyware, viruses, Trojan horses, or worms into your computer. When the files are downloaded, your computer becomes infected. If you share these files with others, their computer becomes infected as well. You also invite the possibilities of others stealing your personal information such as passwords, online banking accounts, personal files, etc.

Please read the following link for more information:

P2P File-Sharing: Evaluate the Risks

I see that ESET picked up on a crack. The process of cracking is unethical, not to mention dangerous.

Let's remove what ESET found, then I'd like to see new OTL logs and go from there:


  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]

    :Files
    C:\Nico\Backup\LG Optimus ME\Backup 8-1-12\Taringa\GingerBreak-v1.20.apk
    C:\Nico\Backup\LG Optimus ME\LG Optimus Backup Backup\Bac\GingerBreak-v1.20.apk
    C:\Nico\Games\Dark Souls\xlive.dll a variant of Win32/Packed.VMProtect.AAN
    C:\Users\Usuario\Downloads\cbsidlm-tr1_10a-Real_Lives_2010-SEO-10185137.exe Win32/DownloadAdmin.G
    C:\Users\Usuario\Downloads\Setup_FreeConverter.exe Win32/Toolbar.SearchSuite
    C:\Users\Usuario\Downloads\SweetHome3D-4.1-windows-oc.exe Win32/OpenCandy
    C:\Windows\sview.exe a variant of Win32/Monitor.Spyagent.NAF
    C:\Windows\sysk32.dll a variant of Win32/Monitor.Spyagent.NAG


    :Commands
    [emptytemp]

  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • I'll need you to post the log that is found in C:\_OTL\Moved Files in your next reply along with the 2 following logs.
    Open OTL again:
  • Right-click on Posted Image and select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    [list]
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.

Please post the following logs in your next reply:


C:\_OTL\Moved Files
OTL.txt
Extras.txt


Thank you,
Donna :)
  • 0

#10
Micaso

Micaso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello DonnaB,

Sorry again for the delay. Here are the three logs you requested:

OTL Moved Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Nico\Backup\LG Optimus ME\Backup 8-1-12\Taringa\GingerBreak-v1.20.apk moved successfully.
C:\Nico\Backup\LG Optimus ME\LG Optimus Backup Backup\Bac\GingerBreak-v1.20.apk moved successfully.
Invalid Switch: Packed.VMProtect.AAN
Invalid Switch: DownloadAdmin.G
Invalid Switch: Toolbar.SearchSuite
Invalid Switch: OpenCandy
Invalid Switch: Monitor.Spyagent.NAF
Invalid Switch: Monitor.Spyagent.NAG
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Usuario
->Temp folder emptied: 96587852 bytes
->Temporary Internet Files folder emptied: 23408893 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 368315657 bytes
->Flash cache emptied: 71002 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1266519211 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310930 bytes
RecycleBin emptied: 5635913033 bytes

Total Files Cleaned = 7,089.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09302013_150207

Files\Folders moved on Reboot...
File move failed. C:\Users\Usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL Log

OTL logfile created on: 10/2/2013 12:05:34 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Usuario\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.68% Memory free
15.99 Gb Paging File | 12.62 Gb Available in Paging File | 78.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 273.21 Gb Free Space | 29.33% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/21 15:35:00 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/09/21 15:34:58 | 001,814,440 | ---- | M] (Valve Corporation) -- C:\Nico\Tools\Steam\Steam.exe
PRC - [2013/09/19 23:12:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013/09/17 00:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/09 17:39:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/26 19:05:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Nico\Tools\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Nico\Tools\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Nico\Tools\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/11/20 08:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/08/29 03:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Usuario\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/21 15:35:00 | 001,121,192 | ---- | M] () -- C:\Nico\Tools\Steam\bin\chromehtml.dll
MOD - [2013/09/17 00:21:27 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/17 00:21:25 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/17 00:20:34 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
MOD - [2013/09/17 00:20:33 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
MOD - [2013/09/17 00:20:31 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/09/10 19:20:56 | 020,625,832 | ---- | M] () -- C:\Nico\Tools\Steam\bin\libcef.dll
MOD - [2013/08/21 19:18:28 | 000,687,104 | ---- | M] () -- C:\Nico\Tools\Steam\SDL2.dll
MOD - [2013/06/14 20:49:12 | 001,100,800 | ---- | M] () -- C:\Nico\Tools\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 20:49:12 | 000,192,000 | ---- | M] () -- C:\Nico\Tools\Steam\bin\avformat-53.dll
MOD - [2013/06/14 20:49:12 | 000,124,416 | ---- | M] () -- C:\Nico\Tools\Steam\bin\avutil-51.dll
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/29 03:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Usuario\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 22:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/21 15:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/20 14:28:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 23:12:47 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013/09/09 17:39:26 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Nico\Tools\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Nico\Tools\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/02 11:56:54 | 001,095,824 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe -- (RoxMediaDBGame1X)
SRV - [2011/05/03 18:10:00 | 004,116,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/21 14:15:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/15 06:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 23:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 22:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 08:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/01/25 16:38:04 | 000,088,448 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/12/19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/02 11:18:08 | 000,101,632 | ---- | M] (UT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uth5x64.sys -- (H5xUSB)
DRV:64bit: - [2012/07/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/05 02:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/22 20:40:52 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/11/22 20:40:52 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/07 12:43:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/24 20:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/02 16:19:10 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 06:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/20 08:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 08:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/29 19:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2013/09/30 15:26:11 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/19 15:33:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/12/17 01:32:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/06/25 11:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?r...AR&dcc=AR&opt=0
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 62 58 B2 CC BC CE 01 [binary data]
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..\SearchScopes,DefaultScope = {61E5EAE4-43B0-4562-BD65-D201070F0FBC}
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..\SearchScopes\{569D602A-DD24-45ca-BF93-92FD47A73086}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..\SearchScopes\{61E5EAE4-43B0-4562-BD65-D201070F0FBC}: "URL" = http://ar.search.yah...icevm&type=IEBD
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre1.7.0_09\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Nico\Tools\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 16:33:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/28 22:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/27 22:09:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/28 22:32:42 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Nico\Tools\VLC\npvlc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Media Hint = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.13_0\
CHR - Extension: Missing e = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\
CHR - Extension: YouTube = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0\
CHR - Extension: Tumblr Savior = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.8_0\
CHR - Extension: Gmail = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/10 12:48:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.7.0_09\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.7.0_09\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000..\Run: [Akamai NetSession Interface] C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000..\Run: [DAEMON Tools Lite] C:\Nico\Tools\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000..\Run: [F.lux] C:\Users\Usuario\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000..\Run: [ONAIR] C:\Nico\Tools\ONAIR\ONAIR.exe (DJMASTER.COM)
O4 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000..\Run: [Steam] C:\Nico\Tools\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-601339211-1191364849-2417053759-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.44 200.42.4.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}: DhcpNameServer = 200.49.130.44 200.42.4.207
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{86e0adb3-876a-11e1-8d66-1c6f65ae73bb}\Shell - "" = AutoRun
O33 - MountPoints2\{86e0adb3-876a-11e1-8d66-1c6f65ae73bb}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/29 01:21:19 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Malwarebytes
[2013/09/29 01:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/29 01:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/29 01:20:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/22 00:37:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.sol Editor
[2013/09/22 00:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.sol Editor
[2013/09/22 00:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sol Edit
[2013/09/20 14:34:44 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\Adobe_Systems_Incorporate
[2013/09/20 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\My Digital Editions
[2013/09/20 14:28:16 | 017,154,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/18 18:35:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/09/12 03:24:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/12 03:24:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/12 03:24:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/12 03:24:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/12 03:24:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/12 03:24:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/12 03:24:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/12 03:24:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/12 03:24:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/12 03:24:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/12 03:24:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/12 03:24:05 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/12 03:24:05 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/12 03:24:04 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/12 03:24:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 13:06:35 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 13:06:28 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 13:06:27 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 13:06:26 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 13:06:25 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 13:06:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 13:06:24 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 13:06:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 13:06:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 13:06:22 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 13:06:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 13:06:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 13:06:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 13:06:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 13:06:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 13:06:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 13:06:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 13:06:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 13:06:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 13:06:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 13:06:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 13:06:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 13:06:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 13:06:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 13:06:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 13:06:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 13:06:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 13:06:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 13:06:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 13:06:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 13:06:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 13:06:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 13:06:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 13:06:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 13:06:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 13:06:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 13:06:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 13:06:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 13:06:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 13:06:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 13:06:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 13:06:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/11 12:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
[2013/09/11 12:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minilyrics
[2013/09/09 19:26:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\EA Games
[2013/09/09 17:19:37 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/09/09 17:19:37 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/09/09 17:19:37 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files - Modified Within 30 Days ==========

[2013/10/01 23:37:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 23:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 22:08:58 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 21:56:48 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/10/01 21:56:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/30 15:34:47 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/30 15:34:47 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/30 15:26:11 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/09/30 15:25:50 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/09/30 15:25:17 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/26 17:55:30 | 002,832,020 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/09/26 17:55:30 | 002,749,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/26 17:55:30 | 000,847,742 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/09/26 17:55:30 | 000,811,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/26 17:55:30 | 000,006,462 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/24 16:09:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/20 14:28:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/20 14:28:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/20 14:28:18 | 017,154,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/20 14:24:39 | 000,689,144 | ---- | M] () -- C:\Users\Usuario\Desktop\Reality Is Broken - McGonigal_ Jane.epub
[2013/09/19 23:12:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/09/19 23:12:32 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/09/12 16:42:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/09/12 03:44:26 | 005,101,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/10 00:26:24 | 000,007,604 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2013/09/09 17:39:26 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/09/09 17:19:27 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2013/09/09 17:19:27 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2013/09/30 10:50:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/20 14:24:37 | 000,689,144 | ---- | C] () -- C:\Users\Usuario\Desktop\Reality Is Broken - McGonigal_ Jane.epub
[2013/09/19 23:12:29 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013/07/22 07:49:17 | 000,000,430 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/28 23:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 23:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/12/15 02:49:52 | 000,000,132 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/09/15 01:15:53 | 000,711,240 | ---- | C] () -- C:\Windows\is-ISB6J.exe
[2012/08/14 21:38:29 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2012/08/14 20:26:52 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/07/28 22:17:17 | 000,226,437 | ---- | C] () -- C:\Windows\hpwins20.dat
[2012/06/01 20:14:27 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/04/16 16:17:53 | 000,170,636 | ---- | C] () -- C:\Windows\hpwins27.dat.temp
[2012/04/16 16:15:46 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2012/04/16 15:50:54 | 000,170,689 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/04/16 15:24:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/16 15:24:19 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/14 18:39:45 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/17 00:23:35 | 000,007,604 | ---- | C] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2012/03/09 01:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 01:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/21 01:09:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/19 13:09:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/30 22:59:26 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/11/18 22:05:08 | 000,163,840 | ---- | C] () -- C:\Windows\IsUninst.exe
[2011/10/20 03:36:50 | 000,111,616 | ---- | C] () -- C:\Windows\sysk32.dll
[2010/02/26 21:22:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\saopts.dat

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 23:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >





Extras Log

OTL Extras logfile created on: 10/2/2013 12:05:34 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Usuario\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 73.68% Memory free
15.99 Gb Paging File | 12.62 Gb Available in Paging File | 78.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 273.21 Gb Free Space | 29.33% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Nico\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Nico\Tools\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Nico\Tools\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Nico\Tools\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Nico\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Nico\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Nico\Tools\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Nico\Tools\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Nico\Tools\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Nico\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0016BD2B-E380-47AC-82B4-E7452AB3E5E5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{02296C97-1A26-4421-B0C6-85C5749F13B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0704F77C-4542-494A-A7FC-AF4764AA3CF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0A52A786-7E1C-4674-AF57-48A7B3A9840E}" = lport=137 | protocol=17 | dir=in | app=system |
"{0BD4FD6C-147F-4EE4-998F-6EB915A05F3B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{107AB621-22F4-40BF-BA27-24836A50A453}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{20AE948E-A9CB-4B95-8EBB-4E994AC6EE10}" = rport=445 | protocol=6 | dir=out | app=system |
"{26E36FB3-1595-4829-8229-58E574BB3E3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38E75B1F-7703-43B2-934A-F6989A9A419D}" = rport=137 | protocol=17 | dir=out | app=system |
"{503CFA4E-380C-43E6-BFDB-98497F49F6BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51E272CE-C0EA-41FC-B3FA-58C06E2599EF}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{57596BD6-029D-4C05-B7D3-D79AF68AA8CF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6160164E-6447-463C-8657-320A510824A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{6309AE18-0B76-498D-B0D3-84192691FF58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BD183EF-365E-4E8A-94DF-22FB32CF4618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E8D45C8-11B7-4B5E-981E-E8E336E6383E}" = lport=139 | protocol=6 | dir=in | app=system |
"{84015206-7523-4BFC-8A41-F9DB5C2AB1C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89A88A91-F9A4-4BE0-8FB1-E82E760F5D37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B4FCC1C-977B-4D77-AE78-E5A7E3E32290}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CA7D878-B02C-46B7-BA27-342CA1717EA4}" = lport=49237 | protocol=6 | dir=in | name=akamai netsession interface |
"{A65127E3-41E3-4564-A184-2036B25F54A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A71D1E19-48F3-4987-8E44-B42B6EB09D90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD130624-367E-4EDB-8B19-77AECDA38620}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD56BDA3-B121-4D03-943D-8F95DB37CB29}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF8AD2E2-8265-4830-9536-8E7F5D77F730}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB2B860C-E91B-40F7-B93E-070447E67186}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F598F873-0EC0-4541-BA90-6BD7F69134F2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FE639976-75D0-4F7A-9E6D-70F005E077DD}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DCD86E-4C40-4D02-93D3-963705571775}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\company of heroes\reliccoh.exe |
"{010ED1C4-6884-4BB9-8ABA-82F8787AF06C}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{0199093E-3FAA-41F9-9B91-AEC2F160C479}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{01D883C8-138B-4248-A7FE-6CC465CB9177}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{0228CAB2-1C4A-47D1-9D69-C06FE1C666A1}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{02801306-2026-466C-B3AD-8D0D474E306A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03A8FD30-3253-454F-AFEA-972F9933F812}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\darksiders\darksiderspc.exe |
"{0416C9E5-9273-4FEA-B64B-EC36DABDC62A}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{042B2D83-E4A9-4FE1-AA94-0FB801093378}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{04881F36-4E94-42AD-AFEF-063127F491B3}" = protocol=17 | dir=in | app=c:\nico\games\acr\acrsp.exe |
"{0544F225-0D8E-47CB-A50B-0F878D38A079}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{06172D2D-B84B-4AFB-88C1-7227EBCE5F63}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{06336A11-DB3C-4733-A8BB-7DD671631D6E}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\darksiders\darksiderspc.exe |
"{064F3FB0-42D6-42EA-879F-AE676DA4DBE7}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\garrysmod\hl2.exe |
"{0761A6F4-0B16-4846-9F6B-6092BCC41EAF}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dawn of war gold\w40k.exe |
"{07AAEBD6-DC59-4C0C-BA18-121D57392B8E}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{07B5AE07-8218-4346-9EF4-EE81243CE09D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{081BCA56-FCB7-40CB-9440-6C235A5269E4}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\projectzomboid\projectzomboid32.exe |
"{08FC1BCA-01B8-42E9-AAB1-910FFE078410}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{0BFF9258-A7A1-4A2E-B1BD-016D61E58989}" = protocol=6 | dir=in | app=c:\nico\games\dragon nest sea\dragonnest.exe |
"{0DF778C4-1E6C-4DEC-BDAD-859176C583BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0EADB10F-793F-433E-91F6-C9450A858124}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\magicka\magicka.exe |
"{0EF56233-CF17-4541-A262-C0198B5D433C}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\intrusion 2\intrusion2.exe |
"{10DEC458-C59F-43B9-AE34-0D3D11F266C7}" = protocol=6 | dir=in | app=c:\nico\games\eden eternal\edeneternal\_launcher.exe |
"{12196969-38C0-43D6-9380-D3DCB9D7A988}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\capsized\capsized.exe |
"{13B55D9E-1A6C-4D88-8607-0F57987A55A4}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{14CA4DEF-6326-4CC1-85B5-0B2C64F80FDD}" = protocol=17 | dir=in | app=c:\nico\games\acr\acrmp.exe |
"{1508E082-07A1-4B59-B473-FDCDD85AB6B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15541E3A-0B9D-4DB2-AE4E-223568CCF4E2}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{163AC30C-D022-437C-A4DD-A8733DB74085}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{16EDEFBE-0CCA-47D2-B220-030F2339E318}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{176754D7-8A41-4AFD-AA7B-89A7AB68A77C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{17CDE83C-6EAA-4AD4-B6E1-2968D4E39943}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 beta\dota.exe |
"{182CCD8E-1C36-4EFF-A975-CE88D4B16756}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\intrusion 2\intrusion2.exe |
"{198B1D98-5E21-4038-BA71-5F9C738688DC}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\portal 2\portal2.exe |
"{1ABF7FC3-28D0-4B11-88DA-A758C332908A}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dead space\dead space.exe |
"{1E26409C-20C5-4481-8FF7-F0B7A207097E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{204315AE-C2C4-437E-BDF7-4DE91DB77FDE}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{204F52AA-5D84-45BA-82CF-5A8DAC296767}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{20B5DAD7-3180-4D11-BB2D-2534F7DF4D5B}" = protocol=17 | dir=in | app=c:\nico\tools\bittorrent\bittorrent.exe |
"{20DDDB77-8689-4ED5-B5E8-378C4EF3CA8B}" = protocol=58 | dir=out | [email protected],-503 |
"{22519E9D-8FA9-4BB7-AF66-8B0F2CE098BB}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{25213B08-0EA3-48FC-8EC8-8CD06F9E0066}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2571D183-433A-44A7-8DAE-40E5B493AB76}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{25ACCF3D-4C96-4D9D-865D-2FB003F5AB2C}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\oil rush\launcher_steam.bat |
"{26C245FE-EFFE-452A-BD75-17265B3EB324}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\projectzomboid\projectzomboid32.exe |
"{2887D23E-BD62-4058-8A1E-CF9466E5BFB1}" = protocol=17 | dir=in | app=c:\nico\games\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{29C0CCEE-83CE-469A-9756-01ED28C852FA}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\bastion\bastion.exe |
"{2BD2763B-547C-4D26-8391-EBEAC0461064}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{2C265C26-1292-444C-B122-98A5FE94DBD0}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{2C5DC137-593A-47E7-BF57-C6E5274E1BFB}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{2D56E33D-4890-4C35-ACD8-FC6AE8540631}" = dir=in | app=c:\nico\games\dark souls\darksouls.exe |
"{2D978E39-AB0F-4BBA-B670-850A4C592091}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{30BB7FCC-D727-4329-A41A-4379A5A732C7}" = protocol=6 | dir=in | app=c:\nico\games\acr\acrsp.exe |
"{30DAED99-7161-4DA2-92A1-31B5C1A7FDFA}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{30F2FE5F-5A99-4845-A181-02891E111758}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\company of heroes\reliccoh.exe |
"{3175763B-7D0C-4687-8419-FB22A600090D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dear esther\dearesther.exe |
"{318212A2-341D-470C-AF78-ACE87C01D865}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{324C1FA0-7CC0-490A-9559-D3750BFD03A0}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{325364C6-5220-47D6-90B5-780B9F47804A}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\metro 2033\metro2033.exe |
"{329F6AD5-DF97-4CD6-A785-78B8E4946624}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{33E18CAA-1DF0-40B2-B386-36D3434A7080}" = protocol=17 | dir=in | app=c:\nico\games\acr\assassinscreedrevelations.exe |
"{355E5369-893E-4039-B431-11BAFD8464E5}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\counterstrike source beta\hl2.exe |
"{357DBE30-34EB-4C03-BDF2-277785C0C992}" = protocol=6 | dir=in | app=c:\nico\games\eden eternal\edeneternal\launcher.exe |
"{35E4B88B-9C3F-40FA-8AA7-C3CF3BD9624A}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{36B2A6E5-8155-47CD-9AD7-AF02CDF02823}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{38141CCC-16A9-40F6-82D9-DCE2AA56A140}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{383ADAE4-CDD7-4420-8656-03AE195CD7C8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{38E916AF-B19A-4F89-ABB7-C351BFABE344}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{390EA74E-EC76-4310-A9E2-7B0DB2C83E76}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{3976B266-6087-4D2D-BFD2-7FDEA0D5A593}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B211095-13EE-4E51-9485-6527CD18E8DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BB88492-AA96-42AA-B8BC-CF984BCF6ECB}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\eye\eye.exe |
"{3DE6178D-D9D8-451F-9877-B851EA95A1A7}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\game_launcher.exe |
"{3EB1DB5F-B17C-4000-8354-AC02EEF02778}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3F9502F7-8868-4952-8C5B-E0529B3E9577}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\ricochet\hl.exe |
"{40576CBA-1882-49FF-8671-9671C4BBF9D9}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{4062E3B4-43D0-49F8-8018-9DB80A727ADE}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{40DDCDCE-3ACF-4443-8CEF-2A09371FCF67}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{41432EAF-D578-40CA-A343-46EEC58582F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{417DAAF3-7575-4FE0-8B9D-75A81E6105AA}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\bastion\bastion.exe |
"{41AB448F-E0CA-488C-8C90-23ED15A6519D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{43FC7536-2D26-4D98-A5C8-56A01038666E}" = protocol=6 | dir=out | app=system |
"{45BD6E54-E54B-44BC-8C48-B5FBA7CF1520}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4685B7BB-0D06-4431-945C-52720B4AAC6D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{46A97949-B9D5-4AFB-BFAC-7308751DB0AF}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{477F5983-7867-43BF-8086-59799DFF5E4C}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{484094CC-ABF0-4889-8F5A-99690EAB321B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{48E0624C-DAC4-468E-8FAF-E6575389DEEF}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dawn of war gold\w40k.exe |
"{4A51AF83-08A7-4A6B-A242-429804760190}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{4A7613CB-7697-49F6-B303-B6E573CBA196}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{4DAD3E73-3A6A-4DD6-AF24-D23829036F09}" = protocol=58 | dir=in | [email protected],-28545 |
"{4DC1A028-C17C-4F92-A226-306E19268414}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{4DC7C069-C278-4BA2-AFA9-080AB0A0F3D1}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{4E2BDDB3-EE82-47B6-8A1D-507BEA656C40}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{4F743E4F-8F11-49B7-8A69-936A1C3D2F8A}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\psychonauts\psychonauts.exe |
"{50724406-AB85-4DA5-AC3A-91F0741ADEBC}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 beta\dota.exe |
"{51A81A94-5153-4528-8D86-312DFC05C332}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\magicka\magicka.exe |
"{528C66E8-5177-4D6D-B429-EF2BA489F601}" = protocol=17 | dir=in | app=c:\nico\games\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{530B5C24-FF41-45EE-B238-05E9CFC6C69D}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\portal 2\portal2.exe |
"{536C8D01-B39C-40FC-AB62-051E684DB7D1}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{53ABB52B-063B-4C91-B163-7FB1FDDA80F2}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\ricochet\hl.exe |
"{53DF8A7E-FC69-4136-8327-2F204A0213F4}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\garrysmod\hl2.exe |
"{54B58DF4-BBE0-4E4E-A46F-6886D53FAE48}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{55CE8DEB-1E4B-465B-8C47-C9FA6EB1B220}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\oil rush\launcher_steam.bat |
"{5644CAC1-8114-4F43-98C7-C8765CF3E18F}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{564EF241-5B78-48F4-B7BC-2469DF82A67F}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\deathmatch classic\hl.exe |
"{575F7AD2-F68A-4507-85D6-7966517C7D4F}" = protocol=6 | dir=in | app=c:\nico\games\acr\assassinscreedrevelations.exe |
"{5825EABF-FD9D-4463-BFAA-99913E8C2A15}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{5948E752-0FAE-4F8E-BDD8-6C35DA23D8D1}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{59588110-EA06-43D4-80CD-B421E3796C48}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{596D11B5-696F-4122-8CBA-1116A91EDCA1}" = protocol=17 | dir=in | app=c:\nico\games\dragon nest sea\dragonnest.exe |
"{5A29CFA3-ED0B-4860-AF28-68EB1FFF2DB2}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{5A4FBE4B-C0E4-4D97-89EA-27E598170C61}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2\arma2.exe |
"{5B2B4579-EDC6-4091-B8FD-205D99D22E84}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{5B4671D0-729E-420D-88B9-95C51C60BCBC}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5CDE7B91-7965-49FB-A7CC-D2EE43D96229}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{5E7069E9-79A1-4CD7-B75A-5C7790172EF5}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dead space\dead space.exe |
"{5F1D3E66-EBDA-491D-BF64-31A4F7C84F4E}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{61DCAC0B-D4A6-4EA9-ABF1-B580631976F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{623A84BF-24FF-4E4F-9E5F-B4219C3F7325}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6304C0C0-EB38-44C2-9A4E-0D44A591BA94}" = protocol=17 | dir=in | app=c:\nico\games\eden eternal\edeneternal\_launcher.exe |
"{63DCE907-5C81-4E0B-A016-DC267F0485D6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{64291E2D-A6D6-465B-BD05-B15FBB9EA357}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{66511B76-E731-4FF5-8766-391D819C3ADB}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{66D1CABE-9717-49F9-A465-7A80BD19DFA9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67142BF2-7D9B-4BCE-884B-9DB98CBCE54E}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{6798D11F-2B0A-4803-A0F2-74F65E3725C2}" = protocol=6 | dir=in | app=c:\nico\games\acr\acrmp.exe |
"{679EEC3C-0BC7-4EF4-B946-C85D411BCCDE}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\cry of fear\coflaunchapp.exe |
"{67D0C306-2292-4C1B-9444-38C61DFE054E}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{685BC7CD-F85C-4291-A6F0-9A5BDB520903}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dear esther\dearesther.exe |
"{694921C2-26AE-4CFB-BCB5-CA9B84F6D409}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AE6DFDC-1CDA-4CF9-9D45-00D290963FD1}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\metro 2033\metro2033.exe |
"{6CDA9E27-1396-445E-9C24-D784A912F0F6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{6DDBDD58-EFA3-48DF-A9AD-EF7B2F3D79C9}" = protocol=6 | dir=in | app=c:\nico\games\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{6EAC3E11-2EB7-437B-8323-8DC60ABEE8F5}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\psychonauts\psychonauts.exe |
"{6ECD8F6B-A3DD-4FBB-8253-80D6166C557D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\titan quest\titan quest.exe |
"{6F9F5484-3DB7-434A-BABC-772D73BA605D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{7111E599-9009-4A15-A439-F140EC9486A6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{718B2EDC-4332-46B1-BE51-CF21411FBDF6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7237A5B9-5130-4D89-95A3-AF713DC8F3C5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7331D7CB-EE28-46A3-AAD8-1283ED1C053D}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\game_launcher.exe |
"{7492666F-53E0-4D7C-9E35-614AB116EF52}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{753B0659-FF93-45FA-BA38-F5B839EAC893}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{757B142F-52CF-4948-87CB-931DF185265D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{764E1E15-433A-417B-B2E2-2677E34F02D0}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\little inferno beta\little inferno.exe |
"{7749B14B-ECAE-4010-8836-77D4ADBB4D81}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{77513F02-5C1F-4532-93E0-AADFFBF2DB78}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\kerbal space program demo\ksp.exe |
"{77705720-8C60-41FC-8265-CB564C24AA1D}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\counterstrike source beta\hl2.exe |
"{779E5805-8305-4091-948C-54DA169D3500}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{77C671F0-9CAB-4F41-B561-9B53EA0540DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{77F4C4E5-AAF2-4439-8DCF-A025FC873021}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{78150600-3084-4F75-98E6-6FD865D14355}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\eye\eye.exe |
"{781E454C-386C-4285-9D01-1DBAE37C8F6F}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{7821E1F4-6466-4925-8A15-4EA457896554}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\portal 2\portal2.exe |
"{7A2F80F2-780D-4ADD-879E-7FFCC741CEB6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{7AD6655B-AF60-40B6-8C33-CA52326329AA}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 beta\dota.exe |
"{7ADD629D-64D5-4F16-B1C4-4FF6720325D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B0186AC-C6DA-4A21-ABAA-0614C9F30066}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{7B170575-AAE0-46DC-93E2-72F4146D418F}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{7C9527FF-EBE2-4101-81B1-BDAB1FC64B2C}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{7D93D17C-B19B-49D9-B29C-298448B69D42}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{7D9D4A38-E613-435F-B963-DC2E11A57D9D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{7E7BD9D6-F718-4693-828E-304E91661EAE}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{7E8F7061-3384-4201-9C5E-BB257BE4B675}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FBF62D2-AD53-4FD1-AAD6-C06EA8E5B14D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{801DAF1F-C704-4267-9353-648EABEEB4C6}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{81045A20-BAE5-41AA-B52F-88CCA017921B}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{810BCCE8-1D04-4E5B-B1A4-615293041006}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 beta\dota.exe |
"{81238A04-BF27-4E5B-B4AA-90A168A8B9AD}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{81A3D1A1-E877-43BC-9A8A-8B326DDAA34C}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{81BFBAF8-EBC5-411E-89BB-A43D5B6288BD}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{829AC89A-4A41-4471-92DF-3B21BA4C2AB3}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\kerbal space program demo\ksp.exe |
"{85EFCF55-F8F5-4CC6-B7A1-089D6F7E16A3}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\team fortress 2\hl2.exe |
"{86EE1856-028F-40F8-A517-011BCD6AABE7}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{87EEC4FF-2A42-4E03-B903-6B610C3BDCB1}" = protocol=6 | dir=in | app=c:\nico\games\eden eternal\edeneternal\_launcher.exe |
"{8847FA18-130E-4E9C-930A-0D7B4DA22ABB}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\thomaswasalone\thomaswasalone.exe |
"{88B8E19A-5FCD-4387-ACEA-60B1F4909A92}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{88D955BE-A997-4042-8F80-4AE19C1CD6EE}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\garrysmod\hl2.exe |
"{8952132A-83EB-4150-819E-D3B385C45323}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{89DD612C-2CD5-4DD9-A456-4C116EDDA91A}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 test\dota.exe |
"{8B7719F3-D4BF-4296-835E-DEE47F25E1C6}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\team fortress 2\hl2.exe |
"{8BA9A4AC-D375-4604-B025-400A8564BD04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8C8BFFB2-DFCE-4A92-85D6-5280E778E552}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{8D4818E1-50C4-4D3F-A2AA-0FB1B95FB4AB}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{8E520F11-7F68-4B44-8D1D-544622E1D4D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90D268A8-2B98-4636-A1AF-0EE4591D5A9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{91651B59-24BE-4084-9645-F4D5CF39A8A0}" = protocol=1 | dir=in | [email protected],-28543 |
"{9172F706-0282-4FF5-9648-B275053B3466}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\counter-strike\hl.exe |
"{921794DA-BE6F-4B12-A317-234F99A8DF46}" = protocol=17 | dir=in | app=c:\nico\games\eden eternal\edeneternal\launcher.exe |
"{93BC792F-7D64-402F-A685-6AF54EFF7471}" = protocol=58 | dir=out | [email protected],-28546 |
"{94429392-5B8C-49E5-B522-68BF8A183EEC}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{956AE83D-8E34-48E5-89B2-782BC751B6BD}" = protocol=17 | dir=in | app=c:\nico\games\eden eternal\edeneternal\_launcher.exe |
"{96022FA7-BDB6-492D-AD87-D5FFE5B64950}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\little inferno beta\little inferno.exe |
"{961840C9-AD5D-4C53-A166-6011CA07625F}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{972FA7F4-DCA3-4461-94D1-2DD61103BDAA}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{97639713-A753-4371-A2DE-F8372262476B}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{985E9905-B652-4873-B43C-CF845584725B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9907C70D-3F17-4898-87B6-47E0D70360A2}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\proteus\proteus.exe |
"{9AE4A255-6BBB-4FD1-8D05-88DC07AF17A3}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{9D1AABA4-3984-4DC6-AE5D-287FACB66E29}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\portal 2\portal2.exe |
"{9D834B39-8F56-452B-8C0E-AD00098F89F7}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{9E37D07C-0B95-4B9D-85C7-A804A3FE58A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{9EDCDF17-C8E9-408F-A8E1-508244B93D9A}" = protocol=17 | dir=in | app=c:\nico\games\dragon nest sea\dragonnest.exe |
"{9EEB8235-17E8-4112-BB9C-0E6F8260B7D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9F65B54C-FEEB-4A5C-A8A8-F5464585863C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{9F78E258-BBC1-44DF-9294-2F63B27B28CF}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\day of defeat\hl.exe |
"{9FA141BA-EE83-4D06-9323-9BFDE5282BF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A0FD8EA4-E398-4A5D-B0A2-38BDA44D913C}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\team fortress 2\hl2.exe |
"{A164A586-BDD2-4E69-B019-2E0C8E770406}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2\arma2.exe |
"{A19B8300-FA44-4752-B4E3-D3264BC092BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A248D867-4B73-4BDB-BCA8-32C0A48D13AF}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{A25C5A5B-40A2-457E-BB0C-784B484D0F58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{A2EE5657-57B8-4DE2-A041-C39AA3D6FBE2}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{A3DA4A14-BA99-46B7-949F-2C51FF815981}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A42F191A-EA8C-4990-8CAD-B4A754FDAB13}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{A4928BAE-E768-4C00-9CA6-B3499D398BD6}" = protocol=1 | dir=out | [email protected],-28544 |
"{A557307F-24C8-4BC2-AFE4-3384C2119587}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{A5946388-7EC2-401E-B054-08CB5C1D2DEE}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{A5E5D73D-45A6-4DA8-9337-54101AC76ED4}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight\torchlight.exe |
"{A75A14C2-8880-4E34-B07D-8D9308709EC5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{A779754B-23D4-4857-855E-4A2D8BD5CE57}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{A9670152-6BAD-4B96-AD81-3BC5C6910EFC}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{A9CE30EE-089D-4489-8CA2-B6536CD7D51D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{AEC6B067-9F8B-42A6-BDFF-FFC0598F1CC6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 test\dota.exe |
"{B0C64335-A965-41F4-8131-599EA4A48933}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{B1065F71-319D-4D86-9A11-44EA105B9561}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\brutallegend\brutallegend.exe |
"{B15000E1-31F8-4227-811C-8447A081ED74}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{B269FEED-D61A-4B65-A05F-B1E169ADE892}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B53412E1-7849-4256-BD04-CE9C9349B8B0}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\game_launcher.exe |
"{B6A03CEA-EA57-4F37-B950-1C65A332DE17}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B78930E2-EAFE-45E0-AB45-2E62B473799C}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{B79A9BF3-7AE9-4935-B9A1-952D76BEA089}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{B79C4E68-E464-47BD-9C17-6F7965FC378F}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{B89DE45F-1B36-434A-B267-03B72EB62318}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\proteus\proteus.exe |
"{B89F68BF-3754-4B76-9BC5-7FAF310AA5C0}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\planetside 2\launchpad.exe |
"{B9066F16-329D-4978-9A6C-5B320163749C}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\planetside 2\launchpad.exe |
"{BA2AECB4-026A-462D-B709-69665EC0AF97}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\tinyandbig\tinyandbig.exe |
"{BA2D4DDE-8DA9-4FB6-BEFE-2E02828EB907}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{BA7095D2-7FB0-42C9-BEC0-9575AC60A625}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\tinyandbig\tinyandbig.exe |
"{BAE7682E-B23F-4E31-9D22-C09A58FE9F02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB6CFF1C-5A25-49D0-9378-7813853005B8}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{BBB9BA1D-D650-436B-BBF3-37F382B5EC70}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\capsized\capsized.exe |
"{BC752FDE-EC8A-4C32-ACD2-E9BC789E88F1}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{BD80A7EC-BA20-43D5-B26B-218A295BC8D8}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{BD864D9E-558D-44B0-8D65-085414F9453F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BD8F0CF2-A04C-41C2-B848-588D8481B70C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDDB4897-CD56-4307-B4D7-F0F2F8FA68A0}" = protocol=58 | dir=in | app=system |
"{BE4E5AB2-FFFB-4DA2-95ED-0F46CEB24A69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C04E780F-48A3-4F7F-8676-3969E826CB5C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C0B4ED35-4C32-42D6-A01A-F4C9CC84976A}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{C27891FE-CD87-43D8-944B-3A7C5A3BC9A9}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steam.exe |
"{C2E1E47D-D220-496B-B846-5DAC4EFB14E8}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\brutallegend\brutallegend.exe |
"{C3141978-DD6B-4780-8540-F208C166F99B}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\garrysmod\hl2.exe |
"{C34DAA9F-D0C9-4691-8018-E3345E31D43D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\saints row the third\game_launcher.exe |
"{C3A824B0-9798-41A9-B86B-19EF83D6CF12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C44A52ED-2D1D-40B7-89F4-AED35B17BB5C}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{C5F844EC-BDFE-49D0-BE39-E568D4370DD9}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{C651B892-1281-44B8-8BF3-F510AEE088AB}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{C7FA8DE0-4A01-4212-9B86-5C0B81F29316}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{C80F4E80-19D0-473C-9FAB-A9E112D025C6}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{C853D656-8921-4A72-A0AE-AD060DB534C0}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{C93044A9-261D-4F81-AC60-F71CD87C60D2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C9D382AE-5497-4767-A0A2-7CF65FF3856C}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{CADB4B6D-8FA1-4002-A12B-314BE27C2D03}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{CBBE677C-8BE3-4686-BFBB-67B2479A3D0F}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 test\dota.exe |
"{CE3BC518-5E7A-4ED9-90BB-97D3D45372DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CF24593E-BBE9-40E3-8991-779CB0A6413E}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{CF70AC30-6A9A-4E0B-BB7E-B383C5D13375}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{D026A187-C03B-4E83-92A7-01F01F411171}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\bastion\bastion.exe |
"{D02711F3-699E-492D-A90C-119D14094B37}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D107EFC3-1F97-476C-BD92-392F438302BB}" = protocol=6 | dir=in | app=c:\nico\tools\bittorrent\bittorrent.exe |
"{D20DD233-A35D-471C-BC1B-E52B34C72093}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight\torchlight.exe |
"{D23F8BFD-3781-451F-8E2E-AAC68ABAF5F4}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{D2652609-33A1-41B1-B466-6DC8B5AF5127}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{D3753FBD-E6A4-4480-B94C-8480ED7641CC}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{D4C7EBB7-A1D0-4A51-AE3A-5E5F8FEFA1D9}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{D6203618-CA4F-43A0-A638-C9F1EBCC4E71}" = protocol=17 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |
"{D68A0218-7444-498F-89F6-F13F3A9D00F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{D6ED20DA-88D0-40E3-AC37-CC14AE5F825F}" = protocol=6 | dir=in | app=c:\nico\games\dragon nest sea\dragonnest.exe |
"{D9196B7B-F0BF-4047-B163-F76395F898E2}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{D98A8384-B380-47FC-A9F2-4B519AF82816}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DA41DCE3-EF9C-4ACD-BDC4-3FA69025A0F6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\day of defeat\hl.exe |
"{DA905878-7A2F-48C8-B569-68008846A1CF}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{DB1F0F27-1887-402E-B573-8710367EC955}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{DE0F3217-A28D-4975-99E3-63C1180A3307}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{DE6ADA98-028F-4EA9-9E40-347CDA44FF38}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E05A8429-44AB-437C-855F-6F28240C2344}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2\arma2.exe |
"{E08492ED-0EE7-4A07-8359-11B30ADFD8A2}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2\arma2.exe |
"{E178EFB9-F2B2-41B3-B975-203489AA3BC6}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\dota 2 test\dota.exe |
"{E59407A2-71F7-4AF1-B3E1-6AE9B010397E}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\terraria\terraria.exe |
"{E5BF1D7E-D7A8-4346-A6B3-FB27E3310A85}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{E75079B1-3694-424F-92CA-286E358DB613}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\counter-strike\hl.exe |
"{E7A04256-0062-4D65-9E82-985D0D88C16D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E882E7F2-EEAE-4B49-A826-F0E528F5C3E3}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\counter-strike\hl.exe |
"{EA850F73-54DA-4D59-9ABE-D375E4604E85}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\terraria\terraria.exe |
"{EB5431F4-CDC9-4D0B-A277-C9D8A99158A1}" = protocol=6 | dir=in | app=c:\nico\games\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{EC06D4CC-37A8-4604-90C8-877EE3D091CD}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{ED22E29D-6E3E-487D-A501-CA0227298B51}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\psychonauts\psychonauts.exe |
"{ED777B57-CF85-472C-8F39-22C3D9C7E4B9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EE5CCC99-7542-49A4-97C9-482CEA969669}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\counter-strike\hl.exe |
"{EEBED772-437B-40B1-A8EB-C335CC8A36B0}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{F020D27F-3555-45C2-A3A4-AE7BC700279E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{F0AC8AF8-2500-4BED-86EC-01D935A1332B}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\team fortress 2\hl2.exe |
"{F0BB46BE-2CBC-4B3E-A512-62B8BD017DCF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F1136F94-A8E4-4652-977A-64BBC95C7AC5}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{F18A8131-80E5-42D2-97B6-61844153F64D}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{F33F70AA-CC31-4B9A-92B3-F9E455BA5F04}" = protocol=6 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |
"{F3FD8687-CAEC-47DF-91B0-9CDEFF158590}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight\torchlight.exe |
"{F44D3CD8-F70B-4BDA-B3FD-7874E71C394D}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\micaso\deathmatch classic\hl.exe |
"{F490E425-1678-4F69-8BE4-B120252DA6EE}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{F50CC104-6D67-41F3-98FC-027BC8611563}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\titan quest\titan quest.exe |
"{F5A67B0A-5166-4CBF-8251-AB20AE802C3C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{F6C9F72E-015B-4BFF-89C2-8E01F19D7692}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{F7145213-750E-4275-8375-8D8135C9D248}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{F766C8D1-27EE-46FB-87E4-C638FAD0FC5F}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\torchlight\torchlight.exe |
"{F78B73CB-B260-4FA4-83E8-B170176F749D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F7AB51CA-B3B4-4E04-9DAD-8B507DE64782}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{F87E8B66-6B7C-4C1E-B382-009219ACF7B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F9223824-3444-40D5-8746-3C449B70AE50}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\psychonauts\psychonauts.exe |
"{F99AE3B4-6749-4CEE-9038-3480A25F57C7}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{FA204E1D-085D-456B-AD82-0D07289D3274}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{FBC606B1-F591-4720-8CDA-4923AECE3E83}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\bastion\bastion.exe |
"{FBC8122A-C116-4986-B7E5-7A7B42747E82}" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{FD50BD97-D1EE-49AA-BD0B-FD078CC46837}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDE350B5-D974-470B-B9EB-06EB16B18F31}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FE06C0C3-71E2-4BD5-9196-BA222D461BA2}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{FEEAC7EC-EBA5-4E4B-AFBE-FBAA8C8E0747}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{FFBB500F-82A9-418F-91CD-C4DB7AF07FA6}" = protocol=17 | dir=in | app=c:\nico\tools\steam\steam.exe |
"TCP Query User{7FC687EA-5B5A-4470-B773-BFCD9EF70FBD}C:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{E6C300AC-C770-41A0-A6E2-5B4207C03ECF}C:\users\usuario\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |
"UDP Query User{059998FE-ED04-4D9D-8725-473AC317C853}C:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\nico\tools\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{24AF65EE-3FCA-4DE3-818E-CB752435FEC2}C:\users\usuario\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\usuario\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24965A31-311D-462D-BAA8-B482ABA115D8}" = Microsoft SQL Server Compact 3.5 SP2 x64 ESN
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009F0}" = Java 7 Update 9 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3BC6E87B-7E7B-3F78-9BD1-708B199B1EB5}" = Microsoft .NET Framework 4 Extended ESN Language Pack
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6397820D-9FC6-774C-1EF5-CBA09049E426}" = AMD Fuel
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10 (64-bit)
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6C87B73-79A5-401A-A12A-4DD96EC40442}" = Microsoft SQL Server Management Studio Express
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{D207019F-D0A5-11DF-A282-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF0CAFE1-87E6-3DCD-8B93-C6A528A22E77}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Blender" = Blender
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Extended ESN
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN" = Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ONAIR_is1" = ONAIR 4.0.0.854
"Shop for HP Supplies" = Shop for HP Supplies
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10A16AF7-AD18-40A1-8A94-5CB2316C7323}" = Microsoft Silverlight 4 SDK - Espaol
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.0
"{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java™ 6 Update 45
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A78694E-ACFE-4D5A-9B0F-C0EBEFA3F280}" = Microsoft SQL Server Compact 3.5 SP2 ESN
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}" = Roxio Game Capture HD PRO
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGcN[2000 ^CpbP[W
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{476CD9DE-C45F-4443-BFA7-E51C58B7E455}" = Populous
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.6
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F187E71-93D7-4849-B5C2-1DD1747C81A7}" = Roxio CinePlayer Decoder Pack
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69290A89-5CD6-42A2-BBD9-D1EE95A3E490}" = Roxio GameCAP HD PRO
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6CD8D350-5B72-471B-86D5-4BC6DEB8EC6A}" = S4 League_EU
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = AMD VISION Engine Control Center
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6FF4C560-A95B-42DE-83AD-62C8737115E9}" = Roxio Game Capture HD PRO
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7E60A32D-7AD9-7CF6-1378-2FBCDBB37E71}" = Transformice
"{7F71FDE8-7D81-4faa-8B6A-A792375813EB}" = J4660
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A3D4A048-7012-4255-A800-D392DD0BE7C2}_is1" = Sleeping Dogs Limited Edition version Repack by FMETAL333
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Franais, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B531E735-8ED5-4270-ACCE-3809086FBD02}_is1" = Batman Arkham City version 1.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1" = Auto Clicker v1.1
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galera fotogrfica de Windows Live
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{FD869F35-AEBD-4AEB-90FB-8C1288AD40F6}_is1" = Arcane Worlds DEMO version 0.09
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"aTube Catcher" = aTube Catcher
"Battlelog Web Plugins" = Battlelog Web Plugins
"BioShock Infinite_is1" = BioShock Infinite
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cobalt" = Cobalt
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dishonored_is1" = Dishonored
"DivX Setup" = DivX Setup
"EdenEternal" = EdenEternal
"ESN Sonar-0.70.4" = ESN Sonar
"FlashDevelop" = FlashDevelop 4.0.4
"Fraps" = Fraps
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Google Chrome" = Google Chrome
"HunterBlade" = HunterBlade 0.050413
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"LogMeIn Hamachi" = LogMeIn Hamachi
"Makehuman" = Makehuman
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MapleStory" = MapleStory
"MediaMonkey Script: MiniLyrics Embedder v1.4b_is1" = MediaMonkey Script: MiniLyrics Embedder v1.4b
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"MiniLyrics" = Minilyrics(remove only)
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PP PC" = PP PC 1.0.6.6
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 108600" = Project Zomboid
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 113420" = Fallen Earth
"Steam App 1250" = Killing Floor
"Steam App 12900" = Audiosurf
"Steam App 17410" = Mirror's Edge
"Steam App 17460" = Mass Effect
"Steam App 17470" = Dead Space
"Steam App 17500" = Zombie Panic Source
"Steam App 200210" = Realm of the Mad God
"Steam App 200390" = Oil Rush
"Steam App 200710" = Torchlight II
"Steam App 203810" = Dear Esther
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204300" = Awesomenauts
"Steam App 205790" = Dota 2 Test
"Steam App 205910" = Tiny and Big: Grandpa's Leftovers
"Steam App 207610" = The Walking Dead
"Steam App 209830" = Lone Survivor
"Steam App 214970" = Intrusion 2
"Steam App 215" = Source SDK Base 2006
"Steam App 218230" = PlanetSide 2
"Steam App 219150" = Hotline Miami
"Steam App 219680" = Proteus
"Steam App 220780" = Thomas Was Alone
"Steam App 221260" = Little Inferno
"Steam App 223710" = Cry of Fear
"Steam App 225260" = Brtal Legend
"Steam App 231410" = Kerbal Space Program Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 24980" = Mass Effect 2
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 26800" = Braid
"Steam App 30" = Day of Defeat
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3830" = Psychonauts
"Steam App 40" = Deathmatch Classic
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 4540" = Titan Quest
"Steam App 4570" = Warhammer 40,000: Dawn of War - Game of the Year Edition
"Steam App 47790" = Medal of Honor™ Single Player
"Steam App 47830" = Medal of Honor™ Multiplayer
"Steam App 47890" = The Sims™ 3
"Steam App 48000" = LIMBO
"Steam App 48700" = Mount & Blade: Warband
"Steam App 49520" = Borderlands 2
"Steam App 50620" = Darksiders
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 60" = Ricochet
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8980" = Borderlands
"Steam App 91700" = E.Y.E: Divine Cybermancy
"Steam App 95300" = Capsized
"Steam App 99900" = Spiral Knights
"StepMania 5" = StepMania v5.0 alpha 3 (remove only)
"SuperHideIP" = Super Hide IP
"Sweet Home 3D_is1" = Sweet Home 3D version 4.1
"Transformice" = Transformice
"TrueCrypt" = TrueCrypt
"Unity" = Unity
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-601339211-1191364849-2417053759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Flux" = F.lux
"HappyCloud" = Happy Cloud Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"teraenmasse" = TERA
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2013 6:34:29 AM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15600

Error - 9/30/2013 2:06:26 AM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/30/2013 2:06:26 AM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585

Error - 9/30/2013 2:06:26 AM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585

Error - 9/30/2013 9:49:10 AM | Computer Name = Usuario-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 9/30/2013 2:26:24 PM | Computer Name = Usuario-PC | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 9/30/2013 2:26:24 PM | Computer Name = Usuario-PC | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.3:5353 4 Usuario-PC.local.
Addr 192.168.0.3

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Usuario-PC.local.
Addr 192.168.0.4

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Usuario-PC.local already in use; will try Usuario-PC-2.local
instead

[ System Events ]
Error - 9/29/2013 12:09:44 AM | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 9/29/2013 12:09:56 AM | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 9/30/2013 2:02:07 PM | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Reiniciar el servicio.

Error - 9/30/2013 2:26:03 PM | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 9/30/2013 2:26:11 PM | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A211ED2F-02C5-4962-8E30-96622E81039C}
because another computer on the network has the same name. The server could not
start.

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = NetBT | ID = 4321
Description = The name "USUARIO-PC :0" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.3 did not
allow the name to be claimed by this computer.

Error - 10/1/2013 8:56:51 PM | Computer Name = Usuario-PC | Source = NetBT | ID = 4321
Description = The name "USUARIO-PC :20" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.3 did not
allow the name to be claimed by this computer.

Error - 10/1/2013 8:57:19 PM | Computer Name = Usuario-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements


#11
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Micaso,

I need you run that fix one more time. It appears I didn't remove all the descriptive data from the files we need to remove.

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]

    :Files
    C:\Nico\Games\Dark Souls\xlive.dll
    C:\Users\Usuario\Downloads\cbsidlm-tr1_10a-Real_Lives_2010-SEO-10185137.exe
    C:\Users\Usuario\Downloads\Setup_FreeConverter.exe
    C:\Users\Usuario\Downloads\SweetHome3D-4.1-windows-oc.exe
    C:\Windows\sview.exe
    C:\Windows\sysk32.dll


    :Commands
    [emptytemp]

  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • I'll need you to post the log that is found in C:\_OTL\Moved Files in your next reply along with the 2 following logs.


Next:

Let's have a look to see if you have any out of date software besides IE which can result in vulnerabilities.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.



Please post the following logs in your next reply:


C:\_OTL\Moved Files
checkup.txt


Thank you,
Donna :)
  • 0

#12
Micaso

Micaso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello DonnaB,

Here are the two logs:

OTL Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Nico\Games\Dark Souls\xlive.dll moved successfully.
C:\Users\Usuario\Downloads\cbsidlm-tr1_10a-Real_Lives_2010-SEO-10185137.exe moved successfully.
C:\Users\Usuario\Downloads\Setup_FreeConverter.exe moved successfully.
C:\Users\Usuario\Downloads\SweetHome3D-4.1-windows-oc.exe moved successfully.
C:\Windows\sview.exe moved successfully.
C:\Windows\sysk32.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Usuario
->Temp folder emptied: 12028105 bytes
->Temporary Internet Files folder emptied: 2876568 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 376986445 bytes
->Flash cache emptied: 725 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 106832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 374.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10052013_163730

Files\Folders moved on Reboot...
File\Folder C:\Users\Usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Checkup Log

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java™ 6 Update 45
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Google Chrome 29.0.1547.76
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Tools Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thanks!
Micaso
  • 0

#13
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Perfect! I see Internet Explorer updated from IE9 to IE10 since your first thread. I was worried about that. :thumbsup:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove the older version of Java components and upgrade the application. NOT supported for use in 9x or ME

  • Please download JavaRa (Stable version 2.1) to your desktop.
  • Right click and choose Extract all to place into it's own folder.
  • Double click on the JavaRa-2.1 folder (if not open)
  • Double click on JavaRa folder to open.
  • Double click on JavaRa (Application).
  • Click on Remove Java Runtimeand follow the onscreen instructions.

Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed properly. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises that it is needed.

You can read more about the need for Java and how to disable it here.

If you would like to reinstall Java, please do so from here. Do pay close attention as you install the new version once downloaded, to prevent from accepting any unwanted software that might be included with the install. If you have the option to choose Custom Install during the installation of this or any software, please do so.

Once complete, you may uninstall JavaRa by right click and deleting both folders from your desktop.

Let me know when you are finished.

Thank you,
Donna :)
  • 0

#14
Micaso

Micaso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Hello DonnaB,

I've uninstalled Java Runtime Environment following the instructions and installed the newest version. While installing, Java offered to check for old versions that may pose a security risk on my computer. I agreed to the checkup and Java found three versions that were old and insecure. One of which the uninstaller was unable to remove. I tried to manually remove it myself, but a DLL Missing error popped up that didn't allow me to proceed any further. The java version I was unable to uninstall was Java™ 6 Update 26 (64-bit). Should I do anything about this or just leave it as it is?

Thanks!
Micaso

Edited by Micaso, 05 October 2013 - 07:24 PM.

  • 0

#15
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,493 posts
Hi Micaso,

No. We need to get rid of Java 6 Update 26 (64-bit). You mentioned that you tried to manually uninstall that older version. If it is displayed in your Programs and Features, Revo Uninstaller should find it. I see you have Revo installed, if it has since been uninstalled, please download Revo Uninstaller Pro (30 DAYS FREE TRIAL) and save to your desktop.

  • Double click RevoUninProSetup.exe icon on the desktop and click Run
  • Click OK in the Select Setup Language box.
  • Click Next>
  • Select I accept the agreement and click Next>
  • Be sure the install location is C:\Program Files\VS Revo Group\Revo Uninstaller Pro and click Next>
  • Make sure that Create a desktop icon is checked and click Next>. (you may uncheck any other option if you choose)
  • Click Install
  • Make sure that Launch Revo Uninstaller Pro is checked then click [b]Finish

Let me know how if Java 6 Update 26 (64-bit) is found and removed.

:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP