Solved Virus help

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SafeSearch = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_0\
CHR - Extension: SafeSearch = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SafeSearch = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_0\
CHR - Extension: SafeSearch = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/11 15:32:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Search Enhancement Tool) - {8E0B5CFE-A7EB-4F19-848A-C862F2AD464D} - C:\Program Files (x86)\Search Enhancement Tool\ScriptHost.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PocketCloud Location] C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe (Wyse Technology Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3483428752-1065640187-117278773-1001..\Run: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan File not found
O4 - HKU\S-1-5-21-3483428752-1065640187-117278773-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3483428752-1065640187-117278773-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3483428752-1065640187-117278773-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3483428752-1065640187-117278773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CD337DF-52CD-43E5-9077-B97A39B0DDB8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C198D7BB-C461-459E-AE12-7906DB84A4DC}: DhcpNameServer = 167.206.245.130 167.206.245.129
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/11 23:08:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/11 23:03:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/11 23:02:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home PC\Desktop\OTL.exe
[2013/10/11 23:02:22 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Home PC\Desktop\JRT.exe
[2013/10/11 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/11 19:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/11 16:06:14 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/11 16:06:14 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/11 16:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/11 16:06:13 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/11 16:06:13 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/11 16:06:07 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/11 16:06:07 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/11 16:05:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/11 15:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_52332
[2013/10/11 15:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/10/11 15:33:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/11 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\Home PC\AppData\Local\temp
[2013/10/11 15:11:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/11 15:11:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/11 15:11:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/10/11 15:11:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/11 15:11:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/11 15:11:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/11 14:53:17 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/10/10 14:23:51 | 005,131,844 | R--- | C] (Swearware) -- C:\Users\Home PC\Desktop\ComboFix.exe
[2013/10/09 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/09 22:58:27 | 000,000,000 | ---D | C] -- C:\Users\Home PC\Desktop\mbar
[2013/10/09 22:57:55 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Home PC\Desktop\mbar-1.07.0.1005.exe
[2013/10/09 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\Home PC\Desktop\RK_Quarantine
[2013/10/09 20:12:08 | 003,191,888 | ---- | C] (McAfee, Inc.) -- C:\Users\Home PC\Desktop\MCPR.exe
[2013/10/07 21:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/10/07 21:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/10/07 21:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/10/04 18:18:32 | 000,000,000 | ---D | C] -- C:\Users\Home PC\AppData\Roaming\Malwarebytes
[2013/10/04 18:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/04 18:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/04 18:16:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/04 18:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/04 18:08:00 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/04 18:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/04 18:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/04 16:46:08 | 000,000,000 | ---D | C] -- C:\Users\Home PC\AppData\Local\MyTechGurus
[2013/10/04 16:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTechGurus
[2013/09/23 19:43:51 | 000,000,000 | ---D | C] -- C:\sn0wbreeze
[2013/09/18 15:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/18 15:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/18 15:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/18 15:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/18 15:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

========== Files - Modified Within 30 Days ==========

[2013/10/11 23:07:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/11 23:05:43 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/10/11 23:05:40 | 2467,315,711 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/11 23:02:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home PC\Desktop\OTL.exe
[2013/10/11 23:02:22 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Home PC\Desktop\JRT.exe
[2013/10/11 23:01:25 | 001,048,960 | ---- | M] () -- C:\Users\Home PC\Desktop\adwcleaner.exe
[2013/10/11 22:58:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483428752-1065640187-117278773-1001UA.job
[2013/10/11 16:58:02 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483428752-1065640187-117278773-1001Core.job
[2013/10/11 16:10:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/11 16:06:14 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/11 16:04:35 | 131,918,888 | ---- | M] () -- C:\Users\Home PC\Desktop\avast_free_antivirus_setup.exe
[2013/10/11 15:39:38 | 000,850,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/11 15:39:38 | 000,720,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/11 15:39:38 | 000,133,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/11 15:32:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/11 14:55:27 | 000,415,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 14:23:52 | 005,131,844 | R--- | M] (Swearware) -- C:\Users\Home PC\Desktop\ComboFix.exe
[2013/10/09 23:27:45 | 000,000,335 | ---- | M] () -- C:\local.conf
[2013/10/09 22:57:55 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Home PC\Desktop\mbar-1.07.0.1005.exe
[2013/10/09 22:14:08 | 000,950,272 | ---- | M] () -- C:\Users\Home PC\Desktop\RogueKiller.exe
[2013/10/09 20:12:08 | 003,191,888 | ---- | M] (McAfee, Inc.) -- C:\Users\Home PC\Desktop\MCPR.exe
[2013/10/07 21:21:38 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/10/04 21:35:59 | 000,002,376 | ---- | M] () -- C:\Users\Home PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/04 21:35:59 | 000,002,374 | ---- | M] () -- C:\Users\Home PC\Desktop\Google Chrome.lnk
[2013/10/04 18:17:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/01 13:22:35 | 000,781,193 | ---- | M] () -- C:\Users\Home PC\Desktop\paspo.jpeg
[2013/09/26 18:31:21 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2013/09/18 15:48:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/10/11 23:01:25 | 001,048,960 | ---- | C] () -- C:\Users\Home PC\Desktop\adwcleaner.exe
[2013/10/11 16:06:14 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/11 16:06:07 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/11 16:06:07 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/11 16:04:35 | 131,918,888 | ---- | C] () -- C:\Users\Home PC\Desktop\avast_free_antivirus_setup.exe
[2013/10/11 15:11:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/11 15:11:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/11 15:11:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/11 15:11:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/11 15:11:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/11 14:55:16 | 000,415,440 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 23:17:33 | 000,000,335 | ---- | C] () -- C:\local.conf
[2013/10/09 22:14:08 | 000,950,272 | ---- | C] () -- C:\Users\Home PC\Desktop\RogueKiller.exe
[2013/10/07 21:21:38 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/10/04 18:17:02 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/04 18:08:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/10/04 17:13:09 | 000,002,159 | ---- | C] () -- C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Tech Gurus, Inc (3).lnk
[2013/10/04 17:01:54 | 000,002,195 | ---- | C] () -- C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Tech Gurus, Inc (2).lnk
[2013/10/04 16:28:42 | 000,002,219 | ---- | C] () -- C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Tech Gurus, Inc.lnk
[2013/10/01 13:20:19 | 000,781,193 | ---- | C] () -- C:\Users\Home PC\Desktop\paspo.jpeg
[2013/09/18 15:48:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/12 20:40:32 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/12 20:39:34 | 000,387,583 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/20 01:38:54 | 000,000,258 | RHS- | C] () -- C:\Users\Home PC\ntuser.pol
[2013/05/11 10:27:15 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/03/02 22:15:01 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/11 22:11:45 | 000,220,540 | ---- | C] () -- C:\Windows\hpwins22.dat
[2013/01/11 22:11:45 | 000,002,658 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2012/11/16 21:39:53 | 000,866,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/06 01:12:28 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/10/06 01:12:22 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/10/06 01:12:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/12/08 17:48:27 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/04 18:24:04 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\.minecraft
[2013/07/03 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\.technic
[2013/07/20 01:38:50 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\AVSoftware
[2013/05/18 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/05/07 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\iFunbox_UserCache
[2012/12/08 17:40:01 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\Leadertech
[2013/04/17 14:53:27 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\Open Download Manager
[2012/12/21 22:46:40 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\PCDr
[2013/08/07 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\PDF Software
[2013/05/29 16:38:57 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\player
[2013/05/11 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\redsn0w
[2013/05/16 20:08:44 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\skyz
[2013/02/03 14:25:00 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\TomTom
[2013/05/11 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\TuneUp Software
[2013/05/07 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\Unity
[2013/07/20 01:43:21 | 000,000,000 | ---D | M] -- C:\Users\Home PC\AppData\Roaming\uTorrent

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 10/11/2013 11:17:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home PC\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 80.33% Memory free
9.31 Gb Paging File | 7.60 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.45 Gb Total Space | 776.49 Gb Free Space | 84.54% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Home PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006147D5-86D0-4EAC-AB7E-8998DC1B9020}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0690AF4B-A79B-40D9-BD80-2187E4A0835E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{1222EF47-0412-431D-BDB2-A6AE222DA87B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1225492E-574E-437D-A635-6014C3EB53E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{12282618-E006-4BD4-996C-D5B9EFB52CA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1255C16F-2AB5-41C2-ABA2-F604D596085E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{185E1C84-C855-4544-9B12-93E6551B1E94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{234EB174-3199-4EE4-9BC5-A697A49D7BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2930A1E7-D07C-44B9-90E5-0260A73684B2}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30CAE24F-56B4-4C83-8CF8-4488C07B8B6E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{30F24531-3C9F-4B6A-80D5-D2C2B8599DFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35B7A1C1-0D9A-441F-9CC8-11568571C1A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3619646F-9D18-47D2-933C-33411976AEEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{544C7F6E-250D-4E5B-B1D3-DB20BC40CD8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A71BBC3-0CB3-491A-8022-E11777F7279A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{759475DD-AD40-4420-832F-80FE95E0971C}" = lport=139 | protocol=6 | dir=in | app=system |
"{766DBB75-AFBE-420B-B56A-EBB9A67D5F0C}" = rport=138 | protocol=17 | dir=out | app=system |
"{76DF8F60-3280-48BC-8B9E-10ADF9E139FC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B7861D3-F3F4-49EF-BCE8-95DCD6F878B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FC76CDF-2C93-42CF-8EB5-EDFBE6ADF610}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{815365E3-72E0-4850-850C-910AD3B65CCD}" = rport=445 | protocol=6 | dir=out | app=system |
"{867CDA79-479F-4D3B-8186-52981896BA31}" = rport=139 | protocol=6 | dir=out | app=system |
"{88C8EFEF-D555-477B-A70B-7B4FF13BBF10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93E84D1C-CD9B-4634-AA15-07823341710E}" = rport=137 | protocol=17 | dir=out | app=system |
"{959EDA1E-E327-47A9-9610-F177E784FF17}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96950689-5A48-4C45-9AF5-ABCCF793D8CB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9990B47E-BDF3-48A9-BA79-43DA0426A4F6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A6D18AD3-CC78-485C-A8C8-0026E4201ED9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9A19B93-B3ED-450A-8944-E5C9D712F950}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D260E214-5D7C-49F4-9B70-8E0B62C770E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D33ED546-3649-4D7B-9C85-31F514E5E97A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D4D23DFA-9944-481F-AFEF-233B1532CC8B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D59FA983-EC99-4DE5-94C0-C961EF1E9CD6}" = lport=138 | protocol=17 | dir=in | app=system |
"{DCBB19D7-DAF6-4B14-9C7F-D9AE322B3B2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1F55668-1FD2-4816-901A-E93A82C09449}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA57C250-513E-4ED9-9C37-B405463CA6F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4971F51-8550-4141-B894-42FAC353D1E0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{F61F8435-0ADA-4D4D-82D2-E80C2346F5F3}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ABA7E1-B415-43EA-BFE5-5B5C8F78FEA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0E1236C3-D1C9-42AF-AFE5-4D8FF9344584}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{10442420-553C-4A9A-806F-8FFD6AFBACCE}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{139D967E-B3CD-4B41-A4A7-EFF6A2A7C1F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13A8697C-226D-40C1-87B5-3FCBA2C7497A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{1B2EC2B4-32F9-489A-882A-BDDDB7CF6023}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1B93ADBB-CBF9-4534-874C-DBFC632BB8AE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1E558310-6A05-47F1-9613-6E238022733C}" = dir=out | name=amazon |
"{1EFD8BA5-CCFD-4B1F-977C-C5BF08C3A4A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{21FD186C-53E1-429E-AC40-DEC8201FD468}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24F3D878-6F81-417B-9AAD-7B9528C804F2}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{293CF154-6E16-4361-9723-6478589E8EA6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29B45B9A-7198-4166-93B9-004EBEBB038D}" = dir=in | name=dell shop |
"{29FE1209-766E-4123-B0DB-C2BAAD0CD089}" = dir=in | name=jetpack joyride |
"{2A736AE9-C434-495F-A400-6985DC5E5031}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2BC9C1F6-EBCF-4991-90EF-4FDB332F1641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3422D9A0-BEEF-4F5F-8302-61C2E3C046E9}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{34E9791B-82C6-43AD-854F-7EFD4DFF9107}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{361BEFB9-6006-4F03-9FE5-E2DE8141B1B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{374846BA-BDC2-4C39-87AC-AB335E4AC51F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{376216FC-7CBA-46D4-B227-AFF270D2D7FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{38D2DC07-976F-43C1-AFD2-F3716C7548E2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{398BBDAF-09E4-4CCD-9F0B-8431AD58E603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3C24F2B2-0353-4E6C-A8FE-5C05DFA39F8D}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |
"{4106B48B-5337-4B09-9DF5-03F27D33626D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{419957DC-412E-477B-B35A-B284D575D586}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{41C85A06-118B-448F-854F-932BD635F9D6}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{41DCF2EA-C139-4A0A-A140-C9B35572C5BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{42363DC2-2442-4456-85C8-820385141A6C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{45AFCCB4-9D74-4A88-B643-BFA896715B44}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4B5A58BE-E8CA-4298-94D9-E0DB4C208F8C}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{4CB817A8-408E-44C7-A8D9-AC753FD9150E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D3DB9F0-774C-4C8B-8DDA-1EADD4FE419E}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{4F889ECB-C433-40A5-BDC9-48C89D42B77B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{581002D6-BEC6-4182-B7C1-85E90849B1E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF7C68A-C562-427B-A916-19DF35330B66}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{5D038BD0-5421-40DD-85DC-E1550553987E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5EAE78DD-D4FA-4E98-A3EA-2871BCE311BE}" = protocol=6 | dir=out | app=system |
"{628D0B03-676C-4CDB-BD37-1274C786B72C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{649F3764-9B2E-41A3-9C6D-979BED695883}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{673DFEA2-CCB0-4853-9546-B363847CB65E}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |
"{6BCE40D2-3D31-4596-9701-31B3AF58C660}" = dir=out | name=cut the rope |
"{713F54CD-E64A-4F44-88D0-A4C0F3A398DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73D91880-89E4-41E7-AB98-284F5B8A16EB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{82990A8B-AA18-4FA8-9ED9-3D8671FCCC0C}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{830E2151-CAA2-4DD7-992B-75BEE7D0F904}" = dir=out | name=ebay |
"{855D23C8-2C8C-4A9E-B777-B107D07A5754}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{856C3348-3E2E-4C2B-81F5-934B6D33877A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{857EAFCC-B9B7-461B-A7A2-9DD895CB5177}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{87CA091E-DA85-431C-8C23-E8600DA1C2F3}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{87DD6609-61BE-4B03-8445-3A1828C378D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{894E1E10-438D-4C1D-9F61-7FB683A72864}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D6D2213-3074-415C-8626-26A8E84EE1DA}" = dir=out | name=kindle |
"{9509B482-F35D-401C-9119-5DF74FA01A18}" = dir=in | name=skype |
"{9862E06B-EBBB-475C-84B5-4E4445D8241E}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{99D8E94D-BD4F-4110-A80A-33197B598574}" = dir=out | name=windows_ie_ac_001 |
"{9A2475C5-B4A3-4F7C-B772-1AA511A999EC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A6D3E4DC-DE55-4C50-A58B-56DAF0699892}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{A90EAF64-527C-4A73-8FAA-27848A4FA333}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9A97315-FDB2-467F-8021-FC97DC2C82FB}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A9F5C918-4910-4A86-9690-9BF1EBADF255}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudservice.exe |
"{AB932791-28F8-469D-B2F5-41834FAE2045}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{AC176314-6980-483A-8153-46511D8124D6}" = dir=out | name=mcafee® central for dell |
"{AC271727-E3F0-4776-8DE9-1297FFC7855D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{AD34CF30-5B72-4D0E-9053-807D4C64C160}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{ADDCED78-8803-4426-AAD4-9698D28BF341}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{AEE794F6-5C6B-4632-8B60-605BD5D7F584}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B060BCA8-B2BE-4044-8829-B52A1C2588B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B233E41A-0350-4A78-B142-7342E0E8DBD0}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{B87DDEA6-2867-4D75-9AB0-9850F57C8DC0}" = dir=out | name=dell shop |
"{BAE8DC9B-9ED5-47D7-B764-5DFAE91271CE}" = dir=in | name=mcafee® central for dell |
"{BB8C8EF1-FE29-430A-9013-87CB99197262}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{BD5993FB-4505-48D4-8548-228967242480}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{BE0FDBBD-3CA5-4E51-B84D-C3E3655C82B4}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{BEB947B7-AE31-4320-99CA-1A5310B67F82}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{C0B0CE50-1E43-46B2-A6E3-C152EE238D8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{C138B498-B939-4861-A60F-C02CBFBC24DD}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C36B23E0-306F-41BB-A9CE-4425EDF21157}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C569206E-4020-477E-ABD2-EBB202EB3BB0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C61A6355-A202-45D8-94DE-CC87E47FD53D}" = dir=out | name=jetpack joyride |
"{C6B3ADFA-6A35-408C-B21A-8F80981040B4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C86190E1-ACC8-4D8A-B7E1-FBDADE3221A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{C97E1385-268C-42B3-8256-D412E774DD44}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9BB5FBE-F301-4A3D-80E0-174E68B01433}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{D002E62C-44C5-4FF8-9D3A-9252C39271A7}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{D4992031-E9A0-428D-BA62-79C646731B34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{D4DC2A1E-C9D1-4B4B-88AB-077E9CEA23F7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D9E3051A-8467-4EC8-8C03-284495057D05}" = dir=out | name=wordament |
"{DA2EC82B-BCB2-4A7C-9903-0BA5B08E1524}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\wyseremoteaccess.exe |
"{DAF4D6C3-89D3-4D5B-B804-81A7F8E6E7E1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DD16BB6D-A715-4920-94C9-E87C01A17F19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E281442B-0E3D-4F76-A0B9-D024FDFDCBA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2976839-F3D2-4A75-8770-9614A4B62573}" = dir=out | name=skype |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9A6E76B-DA36-4FB2-8DF0-954975DB9139}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\wysebrowser.exe |
"{F53630BC-CD9E-4B0D-AA54-744CBB605E43}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FA00E95A-BF93-437C-BFE5-EB4189672ECA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC7BAF89-24C8-402C-B1B3-F0354345C31B}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{49C2B7C1-A4E7-4770-8E30-255795AD4712}" = HP Officejet Pro 8500 A909 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99FDAE3B-6905-45A6-8F73-595363AAD3D1}" = Intel® PROSet/Wireless WiFi Software
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel(R) WiDi
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CNXT_AUDIO_HDA" = Conexant SmartAudio HD
"Elantech" = Dell Touchpad
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SafeSearch_is1" = SafeSearch
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA54C97-67B1-4507-9BE0-0ED39C24FA32}" = TurboTax 2012 wpaiper
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E096525-4E2E-40D0-8092-CAD9D6294346}" = TouchCopy 12
"{4FCA6934-2AE3-4ACA-9931-A6D38A3EDB13}" = BPDSoftware
"{51099874-058F-4580-A794-924391EB900B}" = 8500A909g
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{683214A6-4003-4C57-B55E-079FD77A185F}" = The Print Shop Deluxe 15 EEV
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98CB551E-EDB1-4535-82A6-E3258597F64E}" = Dell Digital Delivery
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6D659BE-795D-4726-AEE8-91EB25CF26F7}" = TurboTax 2012 wnjiper
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF0228E9-A5A7-4703-A0A5-F5E3532937B4}" = ProductContext
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EC67E1FF-4433-4096-A091-CF2828434493}" = PocketCloud Windows Companion
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"avast" = avast! Free Antivirus
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.7.1.4
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MyTomTom" = MyTomTom 3.2.0.906
"Savings Explorer" = Savings Explorer
"Search Enhancement Tool" = Search Enhancement Tool
"Shockwave" = Shockwave
"TurboTax 2012" = TurboTax 2012
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3483428752-1065640187-117278773-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2013 3:52:52 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0xb78 Faulting application start time: 0x01cec6ba3519e058 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: b66b26e1-32ae-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 3:52:58 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0x1afc Faulting application start time: 0x01cec6ba75a4c0bc Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: b9de9863-32ae-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 3:54:34 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: newsetup.exe, version: 0.0.0.0, time stamp:
0x520b2f23 Faulting module name: newsetup.exe, version: 0.0.0.0, time stamp: 0x520b2f23
Exception
code: 0x40000015 Fault offset: 0x0006612c Faulting process id: 0xa88 Faulting application
start time: 0x01cec6bbb4ccd45b Faulting application path: C:\Users\HOMEPC~1\AppData\Local\Temp\newsetup.exe
Faulting
module path: C:\Users\HOMEPC~1\AppData\Local\Temp\newsetup.exe Report Id: f3528047-32ae-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 3:54:38 PM | Computer Name = Home | Source = CltMngSvc | ID = 1000
Description =

Error - 10/11/2013 3:58:52 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0x1568 Faulting application start time: 0x01cec6bc3ae209d1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: 8cf97832-32af-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 3:59:07 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0x1b2c Faulting application start time: 0x01cec6bc3c5d249c Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: 95e400c1-32af-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 4:04:42 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0x1020 Faulting application start time: 0x01cec6bc3c5d249c Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: 5d5fe882-32b0-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 4:04:48 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0xdcc Faulting application start time: 0x01cec6bc5573428f Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: 612a51e4-32b0-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 4:05:11 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0x19dc Faulting application start time: 0x01cec6bd28270a88 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: 6eb6378a-32b0-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

Error - 10/11/2013 4:05:11 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: GenericAskToolbar.dll, version: 5.15.23.36191,
time stamp: 0x5158b12a Exception code: 0xc0000417 Fault offset: 0x000c6f00 Faulting
process id: 0x21e4 Faulting application start time: 0x01cec6bd28382796 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Report Id: 6eb65e9a-32b0-11e3-bebe-84a6c8ccae92
Faulting
package full name: Faulting package-relative application ID:

[ System Events ]
Error - 9/28/2013 8:39:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 9/29/2013 10:10:37 PM | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 9/30/2013 9:29:51 AM | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 9/30/2013 7:35:52 PM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:53:35 PM on ?9/?30/?2013 was unexpected.

Error - 9/30/2013 7:36:06 PM | Computer Name = Home | Source = Service Control Manager | ID = 7023
Description = The Soda PDF 5 Service service terminated with the following error:
%%2147500037

Error - 9/30/2013 7:36:16 PM | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/30/2013 7:36:22 PM | Computer Name = Home | Source = Service Control Manager | ID = 7023
Description = The Intel(R) PROSet/Wireless Zero Configuration Service service terminated
with the following error: %%2147770990

Error - 10/1/2013 1:02:36 PM | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 10/2/2013 10:58:33 AM | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 10/2/2013 9:28:35 PM | Computer Name = Home | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_medi...ce=sm&utm_content=1&utm_term=C285F318BDEC4F15
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_medi...ce=sm&utm_content=1&utm_term=C285F318BDEC4F15
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesearch.net/search?q=...ce=sm&utm_content=1&utm_term=C285F318BDEC4F15
IE:64bit: - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearch.net/search?q=...ce=sm&utm_content=1&utm_term=C285F318BDEC4F15
IE:64bit: - HKLM\..\SearchScopes\{FC0C0170-4EB0-430D-A7F3-939EE7EA1A25}: "URL" = http://www.safesearch.net/search?q=...ce=sm&utm_content=1&utm_term=C285F318BDEC4F15
IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = http://www.safesearch.net/search?q=...ce=sm&utm_content=1&utm_term=C285F318BDEC4F15
IE - HKU\S-1-5-21-3483428752-1065640187-117278773-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3483428752-1065640187-117278773-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49245;https=127.0.0.1:49245
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKCU\Software\MozillaPlugins\avsoftware.org/safesearch: C:\Program Files\SafeSearch\npsafesearch.dll (AVSoftware, Ltd)
CHR - Extension: SafeSearch = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_0\
CHR - Extension: SafeSearch = C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpooidjoepcceohjkoffjgioneogihij\1.11_1\
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Search Enhancement Tool) - {8E0B5CFE-A7EB-4F19-848A-C862F2AD464D} - C:\Program Files (x86)\Search Enhancement Tool\ScriptHost.dll File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4 - HKU\S-1-5-21-3483428752-1065640187-117278773-1001..\Run: [MPOptimizer] "C:\Program Files\MaxPerforma Optimizer\MaxPerforma.exe" /scan File not found
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
ESET didn't find any virus

Results of screen317's Security Check version 0.99.74
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 40
Google Chrome 30.0.1599.66
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 13-09-2013
Ran by Home PC (administrator) on 12-10-2013 at 00:26:07
Running from "C:\Users\Home PC\Desktop"
Microsoft Windows 8 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-09-12 20:39] - [2013-06-10 15:15] - 0723968 ____A (Microsoft Corporation) 73133A0C0CA63817BFF2CB9DE65B64E7
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-09-12 20:40] - [2013-08-16 01:21] - 3275776 ____A (Microsoft Corporation) 9DEC60D4783377097014DFCCA31E69F8
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Thank u for fixing my machine - everything is running smoothly.


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home PC
->Temp folder emptied: 423840 bytes
->Temporary Internet Files folder emptied: 33170884 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15533 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 346624 bytes

Total Files Cleaned = 32.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Home PC
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10122013_142001
Files\Folders moved on Reboot...
C:\Users\Home PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\WyseRemoteAccess\WyseRemoteAccess.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
T
Windows Logon Password Box Fully Populated Coming Out of Hibernation, Why?
Replies
1
Views
468
Nelson28
N
D
Wifi suddenly stopped working but ethernet works
Replies
1
Views
492
learninmypc
learninmypc

Latest posts

Back