Solved wow.dll error message when right clicking a file

The WobMob · 2013/05/05

The other half of the OTL file;
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /p \??\J
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/05 22:03:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/05 22:03:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/05 21:51:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2013/05/05 21:51:07 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Bill\Desktop\JRT.exe
[2013/05/05 21:30:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/05 21:24:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/05 21:11:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/05 21:11:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/05 21:11:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/05 21:07:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/05 21:07:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/05 21:02:03 | 005,066,321 | R--- | C] (Swearware) -- C:\Users\Bill\Desktop\ComboFix.exe
[2013/05/05 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2013/05/05 20:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2013/05/05 20:19:17 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Opera
[2013/05/05 20:19:17 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Opera
[2013/05/05 20:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/05/05 20:17:45 | 013,168,216 | ---- | C] (Opera Software ASA) -- C:\Users\Bill\Documents\Opera_1215_int_Setup.exe
[2013/05/05 16:22:39 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\mbar-1.05.0.1001
[2013/05/05 15:25:22 | 000,000,000 | ---D | C] -- C:\Users\Bill\Desktop\RK_Quarantine
[2013/05/05 01:04:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bill\Desktop\dds.com
[2013/05/05 00:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/05 00:00:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/05 00:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/04 10:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wheel of Time Demo
[2013/05/04 10:42:51 | 000,000,000 | ---D | C] -- C:\WoTDemo
[2013/04/30 09:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\bos_sr_1.0
[2013/04/27 22:50:25 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\vlc
[2013/04/27 22:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/27 10:15:19 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Menus
[2013/04/26 08:38:36 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\kse_333
[2013/04/23 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2013/04/23 19:43:07 | 251,453,331 | ---- | C] (Werner Spahl ) -- C:\Users\Bill\Documents\VTMBup86.exe
[2013/04/21 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\FOMM
[2013/04/20 23:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/04/18 19:29:55 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Malwarebytes
[2013/04/18 07:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/13 09:27:33 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Comic Vine Scraper
[2013/04/13 08:57:28 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\cYo
[2013/04/13 08:57:28 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\cYo
[2013/04/13 08:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
[2013/04/13 08:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/11 08:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2013/04/11 08:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2013/04/11 08:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/04/11 08:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/05 22:06:39 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/05 22:06:39 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/05 21:59:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/05 21:59:03 | 461,590,527 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/05 21:51:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2013/05/05 21:51:08 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Bill\Desktop\JRT.exe
[2013/05/05 21:50:51 | 000,628,743 | ---- | M] () -- C:\Users\Bill\Desktop\adwcleaner.exe
[2013/05/05 21:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/05 21:24:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/05 21:02:04 | 005,066,321 | R--- | M] (Swearware) -- C:\Users\Bill\Desktop\ComboFix.exe
[2013/05/05 20:19:08 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/05/05 20:17:46 | 013,168,216 | ---- | M] (Opera Software ASA) -- C:\Users\Bill\Documents\Opera_1215_int_Setup.exe
[2013/05/05 16:18:57 | 000,793,234 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/05 16:18:57 | 000,669,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/05 16:18:57 | 000,125,514 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/05 15:24:56 | 012,917,756 | ---- | M] () -- C:\Users\Bill\Documents\mbar-1.05.0.1001.zip
[2013/05/05 15:24:29 | 000,791,040 | ---- | M] () -- C:\Users\Bill\Desktop\winlogon.exe
[2013/05/05 01:11:51 | 000,080,384 | ---- | M] () -- C:\Users\Bill\Desktop\MBRCheck.exe
[2013/05/05 01:04:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bill\Desktop\dds.com
[2013/05/05 00:00:54 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/30 09:00:34 | 001,241,088 | ---- | M] () -- C:\Users\Bill\Documents\fws_setup.msi
[2013/04/30 08:29:41 | 000,000,221 | ---- | M] () -- C:\Users\Bill\Desktop\Star Wars Knights of the Old Republic.url
[2013/04/29 19:55:28 | 026,027,813 | ---- | M] () -- C:\Users\Bill\Documents\SWKotOR1_03.exe
[2013/04/29 19:53:21 | 676,740,416 | ---- | M] () -- C:\Users\Bill\Documents\bos_sr_1.0.rar
[2013/04/27 22:49:50 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/26 08:38:09 | 004,438,652 | ---- | M] () -- C:\Users\Bill\Documents\kse_333.zip
[2013/04/26 08:36:26 | 064,590,798 | ---- | M] ( ) -- C:\Users\Bill\Documents\tslrcm_182.exe
[2013/04/24 08:06:19 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013/04/24 08:06:19 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2013/04/24 08:06:19 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2013/04/23 21:02:27 | 001,911,677 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/23 19:49:14 | 251,453,331 | ---- | M] (Werner Spahl ) -- C:\Users\Bill\Documents\VTMBup86.exe
[2013/04/17 07:56:34 | 000,002,326 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/17 07:55:42 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013/04/13 08:56:14 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2013/04/10 08:00:49 | 000,315,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 21:56:21 | 000,001,113 | ---- | M] () -- C:\Windows\GTA-SA_Trn_Settings.ini
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/05 21:50:51 | 000,628,743 | ---- | C] () -- C:\Users\Bill\Desktop\adwcleaner.exe
[2013/05/05 21:11:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/05 21:11:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/05 21:11:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/05 21:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/05 21:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/05 20:19:08 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013/05/05 20:19:07 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013/05/05 15:24:56 | 012,917,756 | ---- | C] () -- C:\Users\Bill\Documents\mbar-1.05.0.1001.zip
[2013/05/05 15:24:29 | 000,791,040 | ---- | C] () -- C:\Users\Bill\Desktop\winlogon.exe
[2013/05/05 01:11:51 | 000,080,384 | ---- | C] () -- C:\Users\Bill\Desktop\MBRCheck.exe
[2013/05/05 00:00:54 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/30 09:00:34 | 001,241,088 | ---- | C] () -- C:\Users\Bill\Documents\fws_setup.msi
[2013/04/30 08:29:41 | 000,000,221 | ---- | C] () -- C:\Users\Bill\Desktop\Star Wars Knights of the Old Republic.url
[2013/04/29 19:54:04 | 026,027,813 | ---- | C] () -- C:\Users\Bill\Documents\SWKotOR1_03.exe
[2013/04/29 19:48:15 | 676,740,416 | ---- | C] () -- C:\Users\Bill\Documents\bos_sr_1.0.rar
[2013/04/27 22:49:50 | 000,000,647 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/26 08:38:04 | 004,438,652 | ---- | C] () -- C:\Users\Bill\Documents\kse_333.zip
[2013/04/26 08:32:44 | 064,590,798 | ---- | C] ( ) -- C:\Users\Bill\Documents\tslrcm_182.exe
[2013/04/23 20:01:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013/04/23 20:01:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013/04/23 20:01:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013/04/13 08:56:14 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\ComicRack.lnk
[2013/03/30 15:42:29 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/03/30 15:42:27 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe
[2013/03/30 15:42:27 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/01/12 19:35:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/01/11 13:06:40 | 000,000,079 | ---- | C] () -- C:\Windows\XP400.ini
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/10 11:51:15 | 000,000,604 | ---- | C] () -- C:\Windows\Sof2.INI
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/10/09 19:58:53 | 000,000,029 | ---- | C] () -- C:\Windows\Ultima IX Ascension Extended Setup b6 b2a.INI
[2012/08/10 12:05:08 | 000,221,283 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/08/10 12:05:08 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/08/02 11:38:27 | 000,000,029 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/07/31 15:11:00 | 001,062,889 | ---- | C] () -- C:\Users\Bill\AppData\Local\census.cache
[2012/07/31 15:10:58 | 000,138,494 | ---- | C] () -- C:\Users\Bill\AppData\Local\ars.cache
[2012/07/31 15:03:36 | 000,000,036 | ---- | C] () -- C:\Users\Bill\AppData\Local\housecall.guid.cache
[2012/06/11 10:30:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012/06/11 10:30:28 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012/06/05 22:39:54 | 000,000,029 | ---- | C] () -- C:\Windows\Ultima Saved Game Editor.INI
[2012/05/28 09:43:59 | 000,119,560 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/04/28 13:35:34 | 000,000,092 | ---- | C] () -- C:\Users\Bill\AppData\Local\fusioncache.dat
[2012/03/25 18:49:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/03/25 15:45:40 | 000,000,789 | ---- | C] () -- C:\Windows\SOFPLAT.ini
[2012/03/20 18:24:39 | 000,000,230 | ---- | C] () -- C:\Windows\AlienNations_usa.ini
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/29 11:16:00 | 000,001,090 | ---- | C] () -- C:\Windows\eReg.dat
[2011/12/22 11:44:24 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/12/13 21:29:10 | 000,001,113 | ---- | C] () -- C:\Windows\GTA-SA_Trn_Settings.ini
[2011/12/12 15:08:21 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/11 14:27:44 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/12/11 13:13:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/11 10:33:28 | 000,786,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/11 02:36:55 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/07/25 07:23:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/14 18:19:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2012/12/29 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Atari
[2012/11/09 15:29:05 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Bioshock
[2012/10/25 12:32:55 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\CCS64
[2011/12/23 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\CDisplayEx
[2013/03/12 21:09:09 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Com.Atari.Desktop.YarsRevenge
[2011/12/14 09:00:35 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2013/04/13 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Comic Vine Scraper
[2013/04/13 08:57:28 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\cYo
[2013/01/17 02:19:04 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Epson
[2012/04/27 08:44:06 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GOG.com
[2012/12/03 12:14:18 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\ICAClient
[2013/01/11 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Leader Technologies
[2011/12/22 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Leadertech
[2012/11/02 16:44:51 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Nucleosys
[2011/12/10 20:18:24 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\OEM
[2012/12/17 22:36:43 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\OpenOffice.org
[2013/05/05 20:19:17 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Opera
[2012/07/06 00:41:43 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\ScummVM
[2012/08/02 11:06:15 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Sierra
[2012/02/16 10:47:39 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Subversion
[2012/11/08 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\System
[2012/07/10 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\To the Moon - Freebird Games
[2012/09/20 08:24:26 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Tropico 3
[2012/01/04 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Windows Live Writer
[2012/10/25 12:32:56 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\xu4

========== Purity Check ==========

< End of report >

The WobMob · 2013/05/05

The OTL Extras file;
OTL Extras logfile created on: 5/5/2013 10:09:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bill\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 71.83% Memory free
11.81 Gb Paging File | 10.18 Gb Available in Paging File | 86.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.41 Gb Total Space | 627.91 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive K: | 7.32 Gb Total Space | 6.65 Gb Free Space | 90.87% Space Free | Partition Type: FAT32

Computer Name: BILL-PC | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Games\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Games\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Games\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Games\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B00C90-06FE-4A92-9DFE-151AFBB23A51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CF47017-C3F1-449C-9188-769FE52A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1EB4EA0A-2613-425F-B7B5-0ACC7081CB7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2AB8C53B-BEB1-45C8-846F-509A85B98A22}" = rport=139 | protocol=6 | dir=out | app=system |
"{2FBB66F6-3F75-4C6A-8370-F32A3DE0CAEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36DA1584-F78E-4FA3-8054-F11811E94A58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38958E21-7C7D-43A5-9FE1-BB277734D455}" = lport=10243 | protocol=6 | dir=in | app=system |
"{44B7B7C7-6819-4B56-9F34-F16D742E9C16}" = rport=10243 | protocol=6 | dir=out | app=system |
"{474A48B4-9AE1-4934-8DBB-B794FB45FBFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D99688F-B609-4838-A29B-27E2B23E6B1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{500FB4B0-4A26-452F-9C58-CBD853AC675C}" = rport=137 | protocol=17 | dir=out | app=system |
"{55EB557F-2A71-4AB7-A41F-20230D876DFA}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B2F4378-46FC-4821-B8E7-4A404296BF78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CBAD1FF-020F-4A55-A401-2992910F2F36}" = lport=139 | protocol=6 | dir=in | app=system |
"{7288360D-4472-4BC0-A88D-D611B0E64ACD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72C8AF74-C393-402F-94AB-242101B3DA3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77165EDD-074B-48C5-AE5A-FFB321E63C66}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{78A9E702-6154-4049-B0F8-84EDB565AFF1}" = rport=138 | protocol=17 | dir=out | app=system |
"{796C0F66-FB49-4467-AAC6-996131FBFCC0}" = lport=445 | protocol=6 | dir=in | app=system |
"{84C882F4-8F71-4C01-810E-193B08E1C9FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A194D19A-DF49-4F8E-ABC8-EF5E2664868A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB6E18EB-20D8-45DD-958F-B4F8EC2B352B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE07BB31-F85A-48E6-899D-EB73A4C9FD45}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3F418AF-BC14-4911-A62A-7289004FDEE4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4D3401D-798D-4FBB-B75A-4F665D313E66}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E86E97-3C66-4945-B2F7-F479FD9092EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0464767F-020F-4E50-B048-58899D512CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\astaldo711\half-life\hl.exe |
"{054473CF-DD81-4CAC-B9D6-3337208ECDC3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0A5400A6-ED5A-4782-8310-EC2B8F7A91B5}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0B728D47-3D85-4209-B666-6AEA962C7E4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{0E0B1B13-FB69-45EB-BAF9-7BCDB4E7A562}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0E701FA9-9BBC-4BB9-BC0E-693B63758929}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{0EE6B101-B9B8-40EA-814D-EDC98AB9BB1D}" = protocol=17 | dir=in | app=c:\users\bill\appdata\local\temp\7zs7f26\hppiw.exe |
"{10D46648-E123-40E4-B122-8A715CF0ED69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{124D9289-A359-4E22-BCC4-C9998781ECEA}" = protocol=17 | dir=in | app=c:\unrealgold\system\unreal.exe |
"{12D9BEFF-E295-4786-B804-B2D0592009EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1423DB6F-B911-49EA-81CF-316319E19074}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{15044377-3272-4551-97DF-71CF042D5C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\winquake.exe |
"{15C964CB-EB21-4861-8026-4A9019238063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"{17FA542A-C8F8-47AD-9C22-D81850A13B21}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{181E74DD-22DA-4929-A572-60A2878E6057}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AC0E41D-4C28-403E-B071-86AC42CB0BF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{1CD0CBFD-26CB-408C-9A6A-F480F77C8ECF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1CDB5E5B-115A-45F8-B7BF-CA3CAD624F52}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{1D1B3527-7FD5-4256-8F7C-8C15BEFDEECF}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{1F80F2FE-045A-41D5-B421-757A1BD643C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{1FB2041D-2FAE-4C39-8CBA-F4FC7D787F13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{238DAF0C-1513-46C6-A1F8-BBCECA4439B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{24181A55-84E8-4C3A-ADED-939F23FB5B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen\base\dosbox.exe |
"{247CA8E1-C4A2-439A-9782-C9723FD0F3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{2750AEDB-8807-4927-954B-FEFE153FE361}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2972DE7B-268C-4A18-AA49-1533BB96F9E8}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe |
"{2BD703B4-7DBB-4C25-B522-DBD96AEBB0C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen 2\glh2.exe |
"{2FB0AD60-C9FD-4AEF-BBE9-B0ABE8384403}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{3854A695-7B7B-4BDB-B171-659B4F99E5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\qwcl.exe |
"{38B58BE4-457C-43A4-8DFD-19FF3E8B4E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{43178B1D-6F2F-410E-ACDC-8261E34827EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{43A3055C-C874-4DEE-A04F-E065B482C431}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{459892EA-E058-4177-B763-BCA59560290B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{4621FA32-30CF-4DB9-A9F3-67D33270133B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\base\dosbox.exe |
"{465FD46A-66E3-4938-B4E5-4B93E4AB5E7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4758D8D0-7E7D-4B43-A852-177A53BAFD51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glqwcl.exe |
"{4AE4420E-D18D-420F-8C12-9AADB66EEF07}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D5D404F-1096-4233-A2E7-9D84667279B8}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{50B557D5-F392-43CE-85B5-8142F97071BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{52239E74-4B16-46A5-B59F-F31F5826DFAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\quake2.exe |
"{54A702AB-21F3-480B-A348-E53BCE6BA7FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\astaldo711\half-life\hl.exe |
"{5C4442AD-98AF-45B7-BBB9-CE0B7C7C72A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C8036FA-0D2F-4E42-87B5-A947E23BA277}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{5C911DFD-4887-4C24-BCDF-F109A340FE2B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{5DC96623-2E11-4DDC-BA1D-21AE6BBE1FDF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5E69A5E7-335A-4878-A21C-BA767F6C5B30}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{635DB88A-D315-406A-B1BF-B6D473713957}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{6426C4F6-7D3E-4D98-AC5B-A3F642CA5C35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{64A0B7AB-FD50-4B38-8AF0-89C504DD6C32}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{650DE1B6-627F-4ECE-8B9A-0F4B54D44490}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{657B5A2E-EC91-42DD-AF6B-B8CBFE9FB7B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{672BAD2B-0C24-4255-9966-A940EF2440D2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{67AC6926-AA15-4FFA-8BF0-408AA7BF93C8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{68D008AD-44CD-420F-8890-6F5894B96D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{68D28B56-B487-4B24-AA0A-ABD47DB9BE2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{6AD42BC8-B766-4E77-B47C-F07498599A3C}" = protocol=17 | dir=in | app=c:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{6B05259A-1AAD-4A22-8874-5895FB7B6091}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{6B5C0159-4488-484C-A32D-0B47D345AE2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F58FA92-F8B9-4C82-98DC-D6D07AE508C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6F83274F-B28E-4BCF-A730-1D03AFCF85A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2.bat |
"{6FF6E6AA-DD19-4FC7-A79D-2B88BAFACCBD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{709748FB-24D3-42A2-BF9B-E64DD04A5503}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{723AAB1F-9291-4AC1-B2DE-A5D9C4C46194}" = protocol=6 | dir=in | app=c:\unrealgold\system\unreal.exe |
"{764898A3-42D8-4D25-A25F-22D52C8C14BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2.bat |
"{764CBAFA-9182-485B-B4B4-7B44D735626E}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearxp\fearxp.exe |
"{782F9891-A5B3-4D3E-BEB0-B38FF6BA98CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{79BFBAF8-400E-42C8-AAEC-33D96AB07F25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A4D48EA-F989-48C0-9454-6BD59491D0E9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A6076FA-B0FF-4F50-A269-84751099D2CC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7AF3880F-6DF9-4892-BEFB-BE4B3DB4758C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{7FC7FB7D-1CFF-47EC-B2B8-079CDAAB7352}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen deathkings of the dark citadel\base\dosbox.exe |
"{8104F175-D994-4313-A8EA-C4BD2FC27BEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{839499DB-8B0A-4F73-8181-53AC49FD1DFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{839BF23E-46DA-4847-9E65-851ADAB18067}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\base\dosbox.exe |
"{84CA3C35-EC1E-46C9-9FB3-2115F63B1F0A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{85708A63-3721-4FF7-9326-D35A383E7652}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89638232-7166-499D-9153-F8412B705811}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen 2\glh2.exe |
"{8C3D0695-466D-4818-9F88-FB88D1DD90C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{8ED35BA3-15E8-4572-8618-9AB6A0E08CAD}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{90D922A6-2C8A-48C3-835E-7FA9B3C554AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
"{9276B672-6173-4244-BE16-46938F532F80}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{935898E4-3993-49BF-9CED-34C01C203B3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{95B47AC5-1552-4D6D-A871-26F6F538D4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{96CE7820-1458-4FE1-8A02-BB86AE702EA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\astaldo711\half-life\hl.exe |
"{97690CA5-7228-430E-BC66-E4976ACAFD06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99DBDA35-2422-406F-9519-08889BA7ED6E}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{A09496FA-1A27-4430-9651-A01AE067F6D2}" = protocol=6 | dir=in | app=c:\users\bill\appdata\local\temp\7zs7f26\hppiw.exe |
"{A273594D-5A0B-47D8-A9EC-7EE8BDF7A908}" = protocol=17 | dir=in | app=c:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{A478B5C8-ABAF-49A9-9278-08D996D8E457}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\fear perseus mandate\fearxp2.exe |
"{A4FA78FC-3387-43BD-B77A-8CABBB9AAD10}" = protocol=6 | dir=in | app=c:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{A5151D34-8483-4B67-8AF8-7FAE0CE9AE2E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A55EF05F-931B-44FF-B925-D688469E7F13}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{A7391C51-076C-442C-B205-CB021243E7DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A76340B6-8ACC-45BD-9E90-EC64E03C04D0}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{AA1846A5-50EE-4E1B-9A25-803C61CE89E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glquake.exe |
"{AB647105-562A-4FA7-91EC-CBE6F1AF782F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe |
"{ACF54840-FEB6-417D-BF3B-3EAEC5D99A13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{AE2045EE-D524-4780-8A87-4D6DD1E6DBE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{AE58AB09-0E24-49B8-B450-6C06BBDB6A38}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{AF9BB300-C21E-4892-9814-95C81C65128B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B06B3F5A-BF36-4F35-A86D-C07E05F377A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
"{B27552AF-74D6-4496-A1F7-0299148351B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glqwcl.exe |
"{B4136B6A-1106-45B1-8ADF-B44B697FC417}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\astaldo711\half-life\hl.exe |
"{B6D18A5D-3E44-41D3-8AB1-F9E0B54D4048}" = protocol=6 | dir=out | app=system |
"{B839CA70-6DF2-409A-AC98-F9C5A9B2741D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake 2\quake2.exe |
"{BA2EFEC7-82CC-442C-A387-235479E18460}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe |
"{BB152E37-374B-4DF5-B252-F15ADE597C47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\base\dosbox.exe |
"{BD5E5AEB-4321-4619-87CE-7DEB99AE9641}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{BDFD8DFA-3C6B-4E8B-827A-5488D8EB4394}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C15F112C-4087-48AD-AE89-EBB1176D6A0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\winquake.exe |
"{C1E16AC1-F0FD-4F0E-967B-2D0F2A2903D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4DD2C74-7924-4901-BA1B-5D34F9B6D283}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C70D6339-8DFE-4880-BFDC-712047523D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C84BC86C-52C9-4364-971F-4570F057F0E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
"{C890C984-E680-4A62-8512-5685E9D4C297}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAF5ABF8-E00A-47B0-8789-DA50F8D24174}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{CB7AE7E2-964B-4149-B329-F1D636BE8E76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{CDC855B2-4D56-468A-B7C2-8C435844986F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CFE755F8-2214-4FF8-9600-4A5D8833A9A2}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{CFED3D74-3168-4BFC-A402-9BCEE6A0E49E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\fear perseus mandate\fearxp2.exe |
"{D11AFFD4-84DF-4E10-9D2E-1E082EA0EFDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |
"{D3459BA2-F2EA-4295-B7A3-75BB27819C9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{D494813F-D763-4794-A868-DB2B5D709A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen deathkings of the dark citadel\base\dosbox.exe |
"{D5092BAF-A861-4194-8448-D44A4C0D115F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\base\dosbox.exe |
"{D6CFB0C2-99D4-45A8-AA90-669D8B986B73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{DA40FF57-1CDF-482C-AE0B-0BA6FF6D9FBC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DEC8E195-1E6E-497A-9B9A-9FA454BC0A82}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{DF682359-CD44-4627-844D-DA9AB5624326}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DFD2266F-2644-4913-AAB3-889335656210}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{E4891B7E-D006-4888-AFDD-21015772AA2E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearxp\fearxp.exe |
"{ECE85B92-3915-4A24-939D-F7DE69BAEFE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{EE1A53B5-3C4E-4FE2-8435-21807E44AADD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\glquake.exe |
"{EE2F8486-0F8A-4F06-9CB5-500F1B1614A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quake\qwcl.exe |
"{EE3F6BE5-9B9A-40D1-9543-97808DC7B606}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
"{EE637870-AC61-406F-BEA9-40B13B25F209}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{EEEC6BCE-A9EB-4825-9B75-EDD17208312B}" = protocol=6 | dir=in | app=c:\games\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F07ECA54-EC72-405B-A5C2-28B18EEBC559}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{F2B2E215-6DD3-46C7-87B4-7EF63EA76500}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\doom 3\doom3.exe |
"{F3397301-2DC8-451B-8749-84B809F4AE28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3B46DA6-4890-4372-AB59-46B013E496F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hexen\base\dosbox.exe |
"{F3F80366-D99E-4E8A-9A0C-2CF561AB1073}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
"{F69A21F7-12B2-4E49-B459-DB2BF8CB325C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{F7355814-4C41-4E40-8213-8AFDC8F18369}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F7874BF9-7AB0-4EEC-9CD6-6A27310D08DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEAE7665-3431-4452-B064-BF5130C187ED}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FED2B1A8-6C5D-4B27-9B5C-CE022E69A99B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"TCP Query User{49229D18-AEFB-4F80-9DD2-EB3514211A67}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"TCP Query User{5B70808C-7C51-4FB9-806E-CE99F0B651AA}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"TCP Query User{A226664E-76CE-4EDD-BADF-B818A88945D2}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{F1EC0C00-1B93-4197-B1CF-C2E67B89D681}C:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe |
"UDP Query User{553C210D-949F-4A90-9B9C-ACB9AF5A8428}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"UDP Query User{A1D27C5E-CB4F-4CE6-B48F-56E7478292A2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"UDP Query User{E11D8826-AF39-4445-92D2-7434AD61E655}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{E21557EC-D968-4086-8170-A404B2D7D2C2}C:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{090e977a-bebc-47e5-afb2-d115164574fa}.sdb" = GOG.com Shogo
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DCF07D-0F89-4818-8B41-50DABC1A310D}" = TortoiseSVN 1.7.12.24070 (64 bit)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ComicRack" = ComicRack v0.9.168
"EPSON Remote Print" = EPSON Remote Print Uninstall
"EPSON XP-400 Series" = EPSON XP-400 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.5.2
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B157EE4-0BAB-4CCE-B92C-5844AB6E20F1}" = HP Smart Print 1.1.5.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB3E96C-41E0-4C5D-9622-7C2EFA5E2245}_is1" = Fall Further 051
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D4BA6D-8CFE-4441-AC0C-3BDEE9905AAA}" = Citrix online plug-in (SSON)
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E078671F-A754-4D31-BDB8-74E855FB02F2}" = Epson E-Web Print
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E7C5763F-948D-453B-9138-4A8F552B3CE3}" = Citrix online plug-in (PNA)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.2
"ArenaSetup_is1" = Arena
"Blood II: The Chosen_is1" = Blood II: The Chosen
"BOSS" = BOSS
"CDisplayEx_is1" = CDisplayEx 1.8
"CitrixOnlinePluginFull" = Citrix online plug-in
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ContentMod_2.6" = ContentMod2.6
"DaggerfallSetup_is1" = Daggerfall (DaggerfallSetup 2.6)
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstall)
"Duke Nukem 3D_is1" = Duke Nukem 3D
"Elrond's MM6 Editor [v3.7]" = Elrond's MM6 Editor [v3.7]
"EPSON Scanner" = EPSON Scan
"Fallout 2 Restoration Project_is1" = FO2 Restoration Project 2.1.2b
"Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.27.3
"Fallout 2_is1" = Fallout 2
"Fallout_is1" = Fallout
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GOGPACKKINGSQUEST456_is1" = King's Quest 4-5-6
"GOGPACKMM6LE_is1" = Might and Magic VI Limited Edition
"GOGPACKSHOGO_is1" = Shogo - Mobile Armor Division
"GOGPACKSSHOCK2_is1" = System Shock 2
"Heroes of Might and Magic V Bundle_is1" = Heroes of Might and Magic V Bundle
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"Kingpin" = Kingpin: Life of Crime
"Kingpin - Life of Crime_is1" = Kingpin - Life of Crime
"King's Bounty_is1" = King's Bounty
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Might & Magic VI Limited Edition_is1" = Might & Magic VI Limited Edition
"Might and Magic VII: For Blood and Honor_is1" = Might and Magic VII: For Blood and Honor
"Might and Magic VIII: Day of the Destroyer_is1" = Might and Magic VIII: Day of the Destroyer
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NETGEAR Genie" = NETGEAR Genie
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Phantasmagoria 2 A Puzzle of Flesh_is1" = Phantasmagoria 2 A Puzzle of Flesh
"PunkBusterSvc" = PunkBuster Services
"Roberta Williams Phantasmagoria_is1" = Roberta Williams Phantasmagoria
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"Soldier of Fortune Platinum" = Soldier of Fortune Platinum
"Steam App 130" = Half-Life: Blue Shift
"Steam App 1313" = SiN
"Steam App 208580" = Star Wars: Knights of the Old Republic II
"Steam App 215" = Source SDK Base 2006
"Steam App 2280" = The Ultimate DOOM
"Steam App 2290" = Final DOOM
"Steam App 2300" = DOOM II: Hell on Earth
"Steam App 2310" = Quake
"Steam App 2320" = Quake II
"Steam App 2330" = Quake II: The Reckoning
"Steam App 2340" = Quake II: Ground Zero
"Steam App 2360" = HeXen: Beyond Heretic
"Steam App 2370" = HeXen: Deathkings of the Dark Citadel
"Steam App 2390" = Heretic: Shadow of the Serpent Riders
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 47890" = The Sims(TM) 3
"Steam App 50" = Half-Life: Opposing Force
"Steam App 70" = Half-Life
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9010" = Return to Castle Wolfenstein
"Steam App 9060" = HeXen II
"The Guild Gold_is1" = The Guild Gold
"The Sith Lords Restored Content Mod_is1" = TSLRCM 1.8.1
"Ultima 4 - Quest of the Avatar_is1" = Ultima 4 - Quest of the Avatar
"Ultima IX - Ascension_is1" = Ultima IX - Ascension
"Ultima Second Trilogy_is1" = Ultima Second Trilogy
"Ultima Trilogy_is1" = Ultima Trilogy
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.4.2
"Unofficial Official Mods Patch_is1" = Unofficial Official Mods Patch v17.1
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.5.1
"Unreal Gold" = Unreal Gold
"VLC media player" = VLC media player 2.0.6
"Wheel of Time Demo" = Wheel of Time Demo
"Wilderness Sounds 3.0 by Puma Man" = Wilderness Sounds 3.0 by Puma Man
"WinLiveSuite" = Windows Live Essentials
"Wrye Bash" = Wrye Bash
"xu4_is1" = xu4 SVN
"ZMBV" = Zip Motion Block Video codec (Remove Only)

< End of report >

broni · 2013/05/05

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20130421-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-23277736-3843086524-4285810997-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.5.11.0.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

The WobMob · 2013/05/06

Here are the logs;
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 14-04-2013
Ran by Bill (administrator) on 05-05-2013 at 23:22:57
Running from "C:\Users\Bill\Desktop\AV Files from WindowsBBS "
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdjgddfdedggegfgfdhdcdeggdfdi\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined

broni · 2013/05/06

OTL fix log?

The WobMob · 2013/05/06

Gak! Thought I forgot one;

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20130421-0404\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-23277736-3843086524-4285810997-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56550 bytes

User: All Users

User: Bill
->Temp folder emptied: 40613 bytes
->Temporary Internet Files folder emptied: 101420706 bytes
->Java cache emptied: 542473 bytes
->FireFox cache emptied: 64893569 bytes
->Google Chrome cache emptied: 372037247 bytes
->Opera cache emptied: 1047626 bytes
->Flash cache emptied: 79879 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 515.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Bill
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05052013_230400

Files\Folders moved on Reboot...
C:\Users\Bill\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

broni · 2013/05/06

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===========================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

The WobMob · 2013/05/06

Here's the last OTL log;
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Temp folder emptied: 2318422 bytes
->Temporary Internet Files folder emptied: 12129607 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6691677 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 775435 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Bill
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 05062013_202401

Files\Folders moved on Reboot...
C:\Users\Bill\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

broni · 2013/05/07

14. Please, let me know, how your computer is doing.
Click to expand...

.....

The WobMob · 2013/05/07

So far running perfect. Thank you Bruni!

broni · 2013/05/07

Yes!!
Good luck and stay safe

Log in or Sign up

Solved wow.dll error message when right clicking a file

The WobMob Well-Known Member Thread Starter

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved wow.dll error message when right clicking a file

The WobMob Well-Known Member Thread Starter

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

The WobMob Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches