Solved Possible svchost.exe problem, unsure though.

OTL Extras logfile created on: 8/5/2013 8:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\barb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 75.66% Memory free
10.96 Gb Paging File | 9.29 Gb Available in Paging File | 84.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 122.11 Gb Free Space | 27.10% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.65 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: BARB-PC | User Name: barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103C4FCE-B69A-4895-8343-3DAED14FA63B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10D80000-0D53-4435-BEE9-C6BE0634D866}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D627992-7C3E-4607-A525-DBE0D923BB62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29F2C772-2ADC-4CFB-8B27-BA64A8EBB0DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{3237BD14-5E3D-47A9-8D0E-94A243349DEB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E6CFEC3-EEAF-43CE-800A-C7F351277D58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5418F4FA-4AB5-4338-AF3A-ECC002C47A33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61B4E3E9-D467-4083-A1D5-826E60222E68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{66EE9690-2C97-4558-805E-8DED79771A0E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6AAA0C6B-00E7-43EA-BAB4-5F47AED5EC12}" = rport=137 | protocol=17 | dir=out | app=system |
"{81438936-84AC-4BA7-86D6-31289151152F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8239024A-5042-4733-BC3A-D02F8EC542C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9FD2DC31-3B68-4B7A-AC60-978FBEEC89E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FF9CFAF-8962-4B1E-A251-D6B02FF9779A}" = rport=138 | protocol=17 | dir=out | app=system |
"{A6C1C629-ABC4-4066-8316-46478B98E155}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9BA73DB-F9A4-447C-ACA9-7096FAD4A38E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B29C4F47-3247-4BC2-A167-FCF43AB532A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4E11893-4485-44CD-973C-70E662672E6C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB1ABAD3-A2DE-4ABC-936C-1D091A87380B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1E9E5BB-3906-4D68-91E5-A66F525BF956}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DBE66A31-E326-45DF-8293-ADDAED166394}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E4C1EC4F-0415-4475-B8E4-AD513B2824A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0004F1E-3895-4866-9EF7-C1861C1A2C9E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FEE6FDF0-15BE-4BE4-8911-5C78AFE5DA48}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAE8F5-8715-4867-824D-BAC03BFEE90D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{013194FD-892A-4AC8-91F1-1A2982D66459}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pagecr\opposing force\hl.exe |
"{01D2F5C9-9ADE-4540-95CF-956AFA96DFC1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0212139C-F805-42C3-B2BD-EABD3480F1C8}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{06C6E329-6539-4A6D-A588-2BBEE46941C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{0713B331-4861-4D86-A7CB-F6ABCA359E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{07306C82-2CE1-449E-8DD5-52BC8E44444A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{08CC5033-619E-458F-9972-9DA510606DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{08E7D42E-4005-4B3E-90AC-59149AEA45C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{0CCEE861-C08F-413F-885B-10A827C55ACA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{0CF73EA2-2F1F-4088-93A3-412074DF27F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0D00E404-1ECA-4A70-BD70-2B8D6A91D0CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{10B597C7-BB8D-49B2-A9A0-136ED69CC6BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{11F0E25A-C3E4-4736-BCC6-B168B2B5C393}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{11F5B73B-27BA-4A48-AACF-60202A227452}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{180B9C9B-71AB-4B67-9FB1-1E54EAA7BAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{182F945E-87D0-431B-B53B-F0F71979DC57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{18E377D6-774E-416B-AFD3-760B11C0608F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{19153F5B-5EC2-41DF-8A35-BC22C5DC77FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{1C2A0B46-A73C-470A-8B97-E216BBCF12FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F63AFE8-B643-477F-AA08-71D4C006DD5D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{23C48574-EB84-4CB7-B9EC-06371A8F835B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{28152FFE-8B4A-407D-A811-57998C260235}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{28247775-0B96-40CD-AC69-22E6B3A7FD35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28BB58B0-FB65-44A8-8966-CE68789B0862}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2 beta\payday2_win32_release.exe |
"{2E412637-5C2E-4CB1-BFBA-4C4A2EDDCBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\client\tl.exe |
"{2F8162AE-741C-40B5-85B4-529F54CA65EF}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\tera-launcher.exe |
"{344E2CFE-58C6-4ED8-BB2B-CA8183FDCA6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{34B07E6F-1721-4350-85B3-24899AE54535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35FDE7DA-CD49-471D-AD95-23515E78A274}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4013EB12-7DF4-4109-B414-45DD59A8E52A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{422779B5-B986-46ED-B47E-9AB1DFDEE8C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{42B63C70-BEBA-421F-9857-8E17E2AA6FC1}" = protocol=17 | dir=in | app=c:\nexon\mabinogi\mabinogi.exe |
"{43AB3E39-7BB8-41E3-8DF3-E0CC6F256FE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{446A94CB-5B4A-4D06-ADDE-A7D683225A45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{4B5C3E22-7D07-43A6-B6D2-1F5DB7247BFD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4CE474C9-4BDD-49C4-A8C6-3D2BDC8336DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{5003543C-F3B2-485A-8130-E9D3112D66FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{58648AF3-EAC7-4448-B081-491C0AE411B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{5992F335-5E51-4C27-905A-E247E6236CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{5A6BECC2-9C7D-422F-96F4-8F16D3B21306}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2BFEC8-8F2B-42D4-9731-D39512DF8E42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{5C662704-2548-4FFB-B2FB-ACADA029456B}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\tera-launcher.exe |
"{5E054E14-F091-451D-892B-65E71399943C}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{5E92CE56-1ECB-4E94-BADE-060CE4E0D110}" = protocol=6 | dir=out | app=system |
"{5FB5A1B2-4AD7-4D66-89CD-54EA367C8784}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{61A665EA-EBCB-4CC3-9244-33215D44D993}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62577A9C-C15F-4FBE-8947-B6F98BBC104F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{638531B6-BD9B-493F-95B8-02A7A37AE6C2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{65409D86-91FD-4502-B281-D016B0D4FDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{67AA745C-2E6B-4F63-826A-185F7A88592D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6DBD868A-B05A-48A5-9C7A-E4C18579DCF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe |
"{6E3D4A9F-508C-4F9C-AF69-C39FC666F26B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6EEDF4EB-F851-43B5-92E4-406D97FC5B28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{708EBF39-1691-4536-A0E4-04BFA20AA942}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{71FA8B6F-A516-47D7-AFE9-1D0672EC5015}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7232F033-B545-400F-9144-194C732AD52D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7320B239-1074-488D-B365-8A58D5969B9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{736AC7AE-3745-48E8-BDFD-0E74B7F9F9E8}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{75A731B4-9396-4207-8E29-D94670525289}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75C13F43-B82F-4875-BED8-5DB63A3A8DF3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B62B09E-3A72-4B22-8D07-9DFAA64A75DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7D64B22B-E76C-4737-89F2-02A29DFC6D6A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{7DFAD88A-6B2B-4E84-B306-0B3FF25CD2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{80B97626-893C-4014-BC15-6DB298669229}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{80D155A8-614D-4867-AEB1-28ED79777C15}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8191F517-106A-4D8D-9653-0D08BA0400DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{883777A2-DAC8-426F-8917-50DB17F1110F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{8A1BAFAA-AE65-4C92-ADA1-D17F009159C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{92183EE8-660A-480C-81A7-C3641268E9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{92CFBF65-0BDA-457C-A600-A6010E6455BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93618B7B-EBDC-44CB-909F-CC075EEF7AD9}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\client\tl.exe |
"{9728E2F3-2804-4605-8BE0-3092028A0CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{998595F3-4C83-4E52-8CEF-56F9FABAAF24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9A8BCCF6-84EE-4B0C-9F19-C28AFAA8C579}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{9BF307A9-9650-46F9-B0D9-D4406693201F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D22CCCD-559C-48A5-9173-96BCAA85FA29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A34EFCFA-9B06-46D4-8439-50613FD54FE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{A430E5FE-B894-4758-8E57-A4CA992BE1E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{A4C95A7C-CEEC-42FA-A0CE-8504B5BF5DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A9396225-5064-4CF3-BC95-26F87CE0C3B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aceofspades\aos.exe |
"{AA046287-D6E8-40CB-A75F-9F4BA2A2D9D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AB43D8A0-C431-4EEB-AF7F-75ADAED9836B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AC452E7F-DFD9-4192-B949-E5232049C255}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pagecr\opposing force\hl.exe |
"{ACF88A92-CB6B-4195-94FC-1CB4217DE67F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AF3F11E0-95A8-4E65-B97A-BE66F6914211}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{B2220111-A985-45C2-8B7D-EABC2B279959}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B28C1848-E8CE-4D8F-8B2A-9415BC4A42A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{B41195A5-4956-4482-9087-9884CC1D4F63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B4C7D3B6-FFFA-436F-B7A2-7D1AEBA11DDC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B604D0AD-5330-4A01-8C07-B05D9583435A}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B744EA81-F206-4904-8F6B-A99DF0CF70F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{B7DB212F-DB22-4080-BA27-FC3B6A78BBD6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{B7E76F2A-7E5B-4BC1-96F9-9398804DB43D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2 beta\payday2_win32_release.exe |
"{B8D73A3D-C4CF-4B08-9EF2-D59E743867F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{BA6BDC62-0BD8-4B44-8F5F-7CCB452B0ED1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE6AC5F8-DDF5-47E0-BEF7-A79DDE4A0490}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C17C6133-6950-4B04-AB52-EA7F5F46FD53}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{C3CE9F7B-9536-4612-84A2-9BA3FFAA0631}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C930BEAA-9E96-472E-A160-5B322833B0E6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C97C5142-F53B-4A65-899B-F9D9BFF6EE0C}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{CBD38F71-EBFD-4FF2-9BA6-56871CA20BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D122552D-D9E2-42EC-993F-2959020A10F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D298EA09-C95C-49EF-B604-3CE94911F83D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{D2AE5B2C-888C-48DC-BF12-8854517DF38F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2D07D75-707E-4F11-AEE0-D95B37D57508}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D388CF24-BD29-472C-9573-CBFA348885F6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D55D2F84-89DD-4D7A-9DAD-7AB1300ED28D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DBAC5EEA-0299-40D5-AEE8-774C65411F27}" = protocol=6 | dir=in | app=c:\nexon\mabinogi\mabinogi.exe |
"{DCA291A4-00A7-47B7-B311-94029C076D10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE27EB76-65CD-48F5-9368-4D909D0CCD7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{E0BCC8FA-767E-4BC4-95BE-D28A9BE34672}" = dir=in | app=c:\users\barb\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E7072AF3-8C4E-4C2C-97F7-8099119A6A30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8ED1193-72D2-4E04-86BB-BD02CAB3EDC4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{EBA7608D-5EC1-47AA-AEEC-AABF4711B3A9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EC433F1B-9BAC-4AE7-B14F-4B221F6BC408}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{ED4E147C-BB61-4CB1-BCEF-AF8866497E13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{EDC92E1E-2971-4EE7-8DAF-DEF7400AC511}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\client\tl.exe |
"{EDEE6C8A-C61A-4067-A9ED-FAD903B8CCE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{EE9941B5-1D96-4C54-8EF2-819A81217AA4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EEA04364-FF7D-42C7-A93E-79C0D5A9B0B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{EEA73957-3856-41CA-9DA3-F749C28EBE64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{F10A3DC1-1165-4151-957F-6FD5E8FF405D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F18E2B9D-FC1B-4D8B-A700-1AF005B638CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe |
"{F19968D1-B020-4C5C-8108-1E54C7BDE87B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{F1E01C98-D249-4C06-B36A-62317B47401D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F3BE135A-870D-4745-A184-5C84DD17FDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{F8FEE436-1F90-4D74-B1F8-759902E9A69B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{FA5095D5-EACC-47FF-931F-4C8DE67DE82F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{FB9BD745-E2B3-4FDE-B1A2-235D3E92BBB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{FC54CEE8-1BD7-4D5D-88C4-58F349C474BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FCE74DE2-5721-4C45-A4EC-C12B90FFBB93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{FF07BFD0-C604-444D-AD05-F36C6A970E9B}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\client\tl.exe |
"TCP Query User{1521DCB2-FDB3-4F94-8200-ADFA08EB8CD0}C:\users\barb\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\barb\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{2EE2FA57-89D3-4351-AD09-19D88944F455}C:\users\barb\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\barb\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3086E546-0285-42F3-9DB3-4C22A1C736E7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{34A30259-BB91-446C-8DCC-60B9A8E1FD42}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{4084BBD3-5AA2-4CE1-8482-F569B4827E19}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5E4A7E76-03E7-43A7-96C8-294EAEA8DCFE}C:\users\barb\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\barb\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7AD0DB20-6F83-4D48-8B2E-F68063D97F6C}C:\nexon\mabinogi\mabinogi.exe" = protocol=6 | dir=in | app=c:\nexon\mabinogi\mabinogi.exe |
"UDP Query User{029C01A8-3B8A-4BE0-B1E9-8D4FD2FCF109}C:\users\barb\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\barb\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4B21F3D0-31D6-43FD-A616-BD8D39F4060E}C:\users\barb\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\barb\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{A57F8395-6FB9-45F5-AF18-348A05EA66FB}C:\nexon\mabinogi\mabinogi.exe" = protocol=17 | dir=in | app=c:\nexon\mabinogi\mabinogi.exe |
"UDP Query User{ABD5D6B5-AA56-4C19-A7B1-C328AE96BB94}C:\users\barb\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\barb\appdata\roaming\spotify\spotify.exe |
"UDP Query User{AD917F79-B69E-4821-B46C-3ADD108D4BA5}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{AF587929-FA47-475D-8339-112916AD9EA8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B234FB71-F22F-422D-A612-D09FBCA480B3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.5.6366 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.WORD_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.WORD_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.POWERPOINT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.WORD_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.POWERPOINT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.WORD_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.WORD_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.WORD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.WORD_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AFCE058-629E-B087-80A8-E0E415BA6FB9}" = ATI Catalyst Install Manager
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF96295B-E886-72A1-E6DC-CC070A57FF57}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.WORD" = Microsoft Word 2010
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B39274C-477D-CA4D-E6C1-60A6722860A3}" = CCC Help English
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1" = gpedt.msc 1.0
"{130BDA4D-12ED-2624-4585-C6EAC1CF602A}" = CCC Help French
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.03.1
"{21385C6D-1112-47BB-6F1A-576D8A59C3E0}" = CCC Help Turkish
"{21D4B54B-70A0-78A8-E48A-EDA545CDD199}" = CCC Help Chinese Standard
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1" = DreamScene Seven version 1.6
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{244B00F8-96FA-FCBD-A98B-8D9F84E461F7}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{329C30DE-361A-3A2C-7F35-2CA30E1A78F5}" = AMD VISION Engine Control Center
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3B9AC5E0-31D9-F327-265E-957B4B17AC05}" = CCC Help Czech
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{411C5D92-2AE4-436F-A027-1E441EDC05CE}" = VIPRE Antivirus Premium
"{417E8AF0-DAED-4807-82CD-0E4232EFA559}" = Rusty Hearts PWE
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{472D7EAA-D8E2-ADEA-49D0-6DD4B607B48D}" = CCC Help Japanese
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E6F1D1C-EBC0-B062-D906-AB665FAECA75}" = CCC Help Russian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53C1926B-6453-B42F-C2F6-D76CCA194743}" = CCC Help Polish
"{56B08684-5EFF-F62B-F623-FF292FD6AC27}" = CCC Help German
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5ADF52AA-C4DE-AC02-19E8-339533AC5162}" = CCC Help Greek
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{616DACD7-52CF-2085-AE5F-C47D861F90E1}" = CCC Help Swedish
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63059735-CA97-FDFB-0E7A-3B8D81572EFD}" = Application Profiles
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{660B65CF-9B82-6126-60F4-85CA5E404A16}" = CCC Help Chinese Traditional
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D58D407-029F-EA4E-23DF-7111A9176BFF}" = CCC Help Norwegian
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{792850F1-8487-7770-DADE-2B431E146DAC}" = Catalyst Control Center Localization All
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90F5AB66-BCB9-F187-AB43-8DB3FB0B7917}" = Catalyst Control Center Graphics Previews Common
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F528E4-77C1-B94B-6084-7652E8C037D3}" = CCC Help Hungarian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98F13022-172A-4653-9394-AC52E4413194}" = MorphVOX Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2105162-7B4E-C863-FF81-94AF3902EB78}" = CCC Help Thai
"{A5A967ED-9186-5488-6C32-5DBBDB99C8DD}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AE71ED-BF08-E242-E063-F3EF4C06AED7}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AEDFE02E-FDDB-40A5-B5A9-5F955A75693F}" = XSplit
"{B093E145-7A77-0AD5-02D2-4DA5A5FE3AD3}" = CCC Help Danish
"{B0CFC08F-ED8E-5275-E785-DB4D9C45EA42}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus Premium
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C88CC5DF-82FD-FEE4-528A-2810BE5D9370}" = CCC Help Italian
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3CBE0A9-03D1-37B6-8EF9-204658BB9C2A}" = CCC Help Portuguese
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D78149D7-480E-4012-8071-7B68B3E02527}" = ExamGuard
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}" = MorphVOX Pro
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED18FCE4-1FEE-DF36-E5AE-2A7EB885CE41}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{ef159e9a-ca8c-4e71-bf97-d1f4eec75004}" = Slots Inferno
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"510005659" = Slot Quest - The Vampire Lord
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BFGC" = Big Fish Games: Game Manager
"BFG-European Mystery Scent of Desire Collectors Edition" = European Mystery: Scent of Desire Collector’s Edition
"BFG-Fairway Collector's Edition" = Fairway ™ Collector's Edition
"BFG-Fierce Tales - The Dog's Heart Collector's Edition" = Fierce Tales: The Dog's Heart Collector's Edition
"BFG-House of 1000 Doors - Serpent Flame Collectors Edition" = House of 1000 Doors: Serpent Flame Collector's Edition
"BFG-Jewel Quest" = Jewel Quest
"BFG-Living Legends - Frozen Beauty Collectors Edition" = Living Legends: Frozen Beauty Collector's Edition
"BFG-Love Story - The Way Home" = Love Story: The Way Home
"BFG-Maestro - Music from the Void Collector's Edition" = Maestro: Music from the Void Collector's Edition
"BFG-Mystery Case Files - Shadow Lake Collector's Edition" = Mystery Case Files&reg;: Shadow Lake Collector's Edition
"BFG-Mystery Trackers - Four Aces Collector's Edition" = Mystery Trackers: Four Aces Collector's Edition
"BFG-Nightmares from the Deep - The Cursed Heart Collector's Edition" = Nightmares from the Deep: The Cursed Heart Collector's Edition
"BFG-Redemption Cemetery - Grave Testimony Collector’s Edition" = Redemption Cemetery: Grave Testimony Collector’s Edition
"BFG-Redemption Cemetery - Salvation of the Lost Collectors Edition" = Redemption Cemetery: Salvation of the Lost Collector's Edition
"BFG-Secrets of the Dark - Eclipse Mountain Collector's Edition" = Secrets of the Dark: Eclipse Mountain Collector's Edition
"BFG-Seven Seas Solitaire" = Seven Seas Solitaire
"BFG-Surface - The Soaring City Collector's Edition" = Surface: The Soaring City Collector's Edition
"BFG-The Lake House - Children of Silence" = The Lake House: Children of Silence
"BN_DesktopReader" = NOOK for PC
"Borderlands 2_is1" = Borderlands 2
"Cleos Vip Room_is1" = cleosviproom
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dishonored_is1" = Dishonored
"ffdshow_is1" = ffdshow v1.2.4496 [2012-12-13]
"Fraps" = Fraps (remove only)
"Game Dev Tycoon v1.3.91.3.9" = Game Dev Tycoon v1.3.9
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"GOGPACKHOTLINEMIAMI_is1" = Hotline Miami
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Gateway MyBackup
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"L.A.Noire_R.G. Mechanics_is1" = L.A.Noire
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MapleStory" = MapleStory
"Notepad++" = Notepad++
"Pivot Animator_is1" = Pivot Animator version 4.1.9
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Razer Game Booster_is1" = Razer Game Booster
"ReClock" = ReClock
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rockstar Games Social Club" = Rockstar Games Social Club
"Safe Saver" = Safe Saver
"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited
"SecondLifeViewer" = SecondLifeViewer (remove only)
"sl-w3i" = SelectionLinks
"Steam App 113200" = The Binding of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 215470" = Primal Carnage
"Steam App 218230" = PlanetSide 2
"Steam App 220" = Half-Life 2
"Steam App 220240" = Far Cry® 3
"Steam App 224540" = Ace of Spades
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 246210" = PAYDAY 2 Beta
"Steam App 35450" = Rising Storm/Red Orchestra 2 Multiplayer
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 4920" = Natural Selection 2
"Steam App 50" = Half-Life: Opposing Force
"Steam App 55230" = Saints Row: The Third
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"Uplay" = Uplay
"uTorrent" = µTorrent
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WTA-1610af20-1162-477f-adba-a78643ac5719" = Zuma's Revenge
"WTA-1cce4333-50c1-479c-9cce-008a80103f46" = Cradle of Rome 2
"WTA-21ed3f11-53f9-41a9-a134-d1ca51f55c0e" = Torchlight
"WTA-24e706c4-5bc2-4095-970b-a321614c3ee5" = Final Drive: Nitro
"WTA-42ca0cba-c730-42b3-a4bf-d1a4d97596a0" = Dora's World Adventure
"WTA-45ec23d2-4e7a-47c3-8018-41ef7955efeb" = Virtual Villagers 5 - New Believers
"WTA-5f81fca5-9a12-4e7a-bbda-cdbd6bbca988" = Governor of Poker 2 Premium Edition
"WTA-651d119e-3fcf-438b-bfc1-67050abcc26f" = Penguins!
"WTA-772d23af-7cb8-42a3-99bd-b8891d6ed8b4" = Polar Golfer
"WTA-8528727c-729c-4b7e-934b-67a02c23ea54" = Polar Bowler
"WTA-964bf27e-eb63-4ba9-806d-b654958f9e92" = Build-a-lot 4 - Power Source
"WTA-a17d9bae-e826-4195-8fd0-9b7ac3b984bf" = FATE: The Cursed King
"WTA-c437f308-aedd-4643-b1c3-146e43aaeef2" = Jewel Match 3
"WTA-ca44a8ce-e9ef-4cec-9182-27bdc4c4f804" = Plants vs. Zombies - Game of the Year
"WTA-cc8ba9c7-98ae-42e8-a0ef-6f15392f8c71" = Agatha Christie - Death on the Nile
"WTA-cf52e6c8-10d8-4944-a907-052f375a4083" = Bejeweled 2 Deluxe
"WTA-e41ba258-1b5f-407e-8d28-0fd5f01a4f8a" = Mystery of Mortlake Mansion
"WTA-f71b45fc-c547-416f-a28a-5784ac720336" = Chronicles of Albian
"WTA-fe9c89f7-26f0-47cd-a644-683ab49db5de" = Chuzzle Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FileZilla Client" = FileZilla Client 3.7.1.1
"Flux" = F.lux
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player

< End of report >
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
IE - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {459D13D6-F4B3-43A7-B465-0865464B87C8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {459D13D6-F4B3-43A7-B465-0865464B87C8} - No CLSID value found.
O3 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2736274946-839652594-1312385167-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 260 bytes -> C:\ProgramData\Temp:A7C40691
@Alternate Data Stream - 255 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:3C4BD225
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:997DA6D7
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:CE3AADB7
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:EC3A9923
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:1AC933DC
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:F2E92DCD
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9836B5E4
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:00F3978A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:95D421DF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4B325725
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EC752217
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:92BD9737
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:02172F27
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:96372A73
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E3E91030
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3241739E

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{459D13D6-F4B3-43A7-B465-0865464B87C8} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459D13D6-F4B3-43A7-B465-0865464B87C8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{459D13D6-F4B3-43A7-B465-0865464B87C8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459D13D6-F4B3-43A7-B465-0865464B87C8}\ not found.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:A7C40691 deleted successfully.
ADS C:\ProgramData\Temp:B3A5945E deleted successfully.
ADS C:\ProgramData\Temp:3C4BD225 deleted successfully.
ADS C:\ProgramData\Temp:997DA6D7 deleted successfully.
ADS C:\ProgramData\Temp:CE3AADB7 deleted successfully.
ADS C:\ProgramData\Temp:EC3A9923 deleted successfully.
ADS C:\ProgramData\Temp:1AC933DC deleted successfully.
ADS C:\ProgramData\Temp:F2E92DCD deleted successfully.
ADS C:\ProgramData\Temp:9836B5E4 deleted successfully.
ADS C:\ProgramData\Temp:00F3978A deleted successfully.
ADS C:\ProgramData\Temp:8866C899 deleted successfully.
ADS C:\ProgramData\Temp:95D421DF deleted successfully.
ADS C:\ProgramData\Temp:4B325725 deleted successfully.
ADS C:\ProgramData\Temp:EC752217 deleted successfully.
ADS C:\ProgramData\Temp:92BD9737 deleted successfully.
ADS C:\ProgramData\Temp:02172F27 deleted successfully.
ADS C:\ProgramData\Temp:96372A73 deleted successfully.
ADS C:\ProgramData\Temp:E3E91030 deleted successfully.
ADS C:\ProgramData\Temp:3241739E deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: barb
->Temp folder emptied: 2745875 bytes
->Temporary Internet Files folder emptied: 11310948 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 349290543 bytes
->Flash cache emptied: 5803 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 310372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67691 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb


[EMPTYJAVA]

User: All Users

User: barb
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: fbwuser

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: barb
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: fbwuser

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08062013_001616

Files\Folders moved on Reboot...
C:\Users\barb\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\barb\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\barb\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{459D13D6-F4B3-43A7-B465-0865464B87C8} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459D13D6-F4B3-43A7-B465-0865464B87C8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{459D13D6-F4B3-43A7-B465-0865464B87C8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{459D13D6-F4B3-43A7-B465-0865464B87C8}\ not found.
Registry value HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2736274946-839652594-1312385167-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:A7C40691 deleted successfully.
ADS C:\ProgramData\Temp:B3A5945E deleted successfully.
ADS C:\ProgramData\Temp:3C4BD225 deleted successfully.
ADS C:\ProgramData\Temp:997DA6D7 deleted successfully.
ADS C:\ProgramData\Temp:CE3AADB7 deleted successfully.
ADS C:\ProgramData\Temp:EC3A9923 deleted successfully.
ADS C:\ProgramData\Temp:1AC933DC deleted successfully.
ADS C:\ProgramData\Temp:F2E92DCD deleted successfully.
ADS C:\ProgramData\Temp:9836B5E4 deleted successfully.
ADS C:\ProgramData\Temp:00F3978A deleted successfully.
ADS C:\ProgramData\Temp:8866C899 deleted successfully.
ADS C:\ProgramData\Temp:95D421DF deleted successfully.
ADS C:\ProgramData\Temp:4B325725 deleted successfully.
ADS C:\ProgramData\Temp:EC752217 deleted successfully.
ADS C:\ProgramData\Temp:92BD9737 deleted successfully.
ADS C:\ProgramData\Temp:02172F27 deleted successfully.
ADS C:\ProgramData\Temp:96372A73 deleted successfully.
ADS C:\ProgramData\Temp:E3E91030 deleted successfully.
ADS C:\ProgramData\Temp:3241739E deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: barb
->Temp folder emptied: 2745875 bytes
->Temporary Internet Files folder emptied: 11310948 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 349290543 bytes
->Flash cache emptied: 5803 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 310372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67691 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb


[EMPTYJAVA]

User: All Users

User: barb
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: fbwuser

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: barb
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: fbwuser

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08062013_001616

Files\Folders moved on Reboot...
C:\Users\barb\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\barb\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\barb\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Sunbelt VIPRE
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 04-08-2013
Ran by barb (administrator) on 06-08-2013 at 00:37:39
Running from "C:\Users\barb\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB) and install one of two free alternatives:

- Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Your computer was pretty seriously infected.
I can't pinpoint your internet issue to some specific item.
 
You must log in or register to reply here.

Similar threads

zohaibahd
TSMC is once again in talks with US officials over a possible gigafab in the UAE
Replies
4
Views
150
HeeeF
HeeeF
zohaibahd
New Microsoft Windows recovery feature aims to prevent CrowdStrike-like outages
Replies
3
Views
180
bitwarden
B
N
Herbie Hancock, jazz legend and electronic music 'pioneer', welcomes and embraces AI
Replies
0
Views
87
New Day
N

Latest posts

Back