1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Dead in the water since Friday - plz help!

Discussion in 'Virus & Other Malware Removal' started by Peachykeen, Jan 16, 2013.

Thread Status:
Not open for further replies.
  1. Peachykeen

    Peachykeen Thread Starter

    Joined:
    May 19, 2001
    Messages:
    300
    I have a BAD bug. Running Windows 7 Home Premium x64 SP1. Virus scans are freezing my computer, and I have to keep restarting it.
    Please help me get rid of this virus. I think one of the scans found 2 Trojans, which I thought it deleted, but something is terribly wrong. I can't do anything when I'm not in Safe Mode - whatever program I open in normal mode freezes.
    I can't run DDS - it freezes and locks up the computer. I have included OTL files below the HJT log. Thank you SO much for any help!

    HiJack This log is below:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:35:16 PM, on 1/16/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Users\Tricia\Desktop\HijackThis(1).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1849.mail.yahoo.com/mc/...050&pSize=50&.rand=1051248067&.jsrand=1286539
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Download and Sa - {598F626D-4ACD-DD59-A01C-EDCD19B8FFD8} - C:\ProgramData\Download and Sa\508c59615eb78.ocx (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
    O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll c:\PROGRA~2\APPSAR~1\sprotector.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - c:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14222 bytes

    OTL Files follow:

    OTL logfile created on: 1/17/2013 8:06:21 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tricia\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.90 Gb Total Physical Memory | 6.96 Gb Available Physical Memory | 88.16% Memory free
    15.79 Gb Paging File | 14.88 Gb Available in Paging File | 94.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 911.88 Gb Total Space | 818.42 Gb Free Space | 89.75% Space Free | Partition Type: NTFS

    Computer Name: TRICIA-PC | User Name: Tricia | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/17 08:02:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - [2013/01/10 14:55:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/06 18:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2012/12/04 14:02:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/06 04:56:56 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/06/14 13:09:08 | 000,342,016 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
    SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011/11/04 08:19:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/11/03 13:24:06 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2011/06/07 12:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/05/12 16:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
    SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Stopped] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/12/16 22:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/10 22:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/06/14 13:09:16 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2012/06/14 13:09:12 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2011/01/24 12:04:00 | 000,028,416 | ---- | M] (Vireo Software) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\WNTPPORT.sys -- (wntpport)
    DRV - [2011/01/24 12:04:00 | 000,013,359 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SydexFDD.sys -- (SydexFDD)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{10BE93D4-6198-4495-B9FE-33266AC4B7FA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1849.mail.yahoo.com/mc/...050&pSize=50&.rand=1051248067&.jsrand=1286539
    IE - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\..\SearchScopes,DefaultScope = {10BE93D4-6198-4495-B9FE-33266AC4B7FA}
    IE - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    FF - prefs.js..browser.startup.homepage: "http://us.mc1814.mail.yahoo.com/mc/welcome?.partner=sbc&.gx=1&.tm=1352327768&.rand=egghukdgm0met#_pg=showFolder&fid=Inbox&order=down&tt=1810&pSize=50&.rand=1649583958&hash=ae928cf424fcaae98c123d43f3e46d30&.jsrand=1375596"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/29 18:37:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 20:30:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/05/31 16:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Extensions
    [2012/12/09 19:59:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\uc4dm9km.default\extensions
    [2012/12/09 19:59:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Tricia\AppData\Roaming\Mozilla\Firefox\Profiles\uc4dm9km.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/10 20:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/10 20:30:02 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - Extension: No name found = C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: No name found = C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Users\Tricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/07 17:34:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Download and Sa Class) - {598F626D-4ACD-DD59-A01C-EDCD19B8FFD8} - C:\ProgramData\Download and Sa\508c59615eb78.ocx File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2074780487-1278886055-1847173632-1002\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65B34109-16A4-448B-A2D0-56F68A6D6911}: DhcpNameServer = 13.36.0.104
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2E49111-A289-4C91-BD56-B0A994362B46}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (c:\PROGRA~2\APPSAR~1\sprotector.dll) - c:\Program Files (x86)\AppsAreFun\sprotector.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/17 08:02:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
    [2013/01/16 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Local\Safe mirror
    [2013/01/16 19:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
    [2013/01/16 19:07:46 | 015,492,608 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Tricia\Desktop\cbSetup10.exe
    [2013/01/16 17:49:54 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Tricia\Desktop\dds(1).scr
    [2013/01/16 17:49:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tricia\Desktop\HijackThis(1).exe
    [2013/01/16 14:19:19 | 077,904,960 | ---- | C] (Microsoft Corporation) -- C:\Users\Tricia\Desktop\msert.exe
    [2013/01/12 20:36:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/01/12 20:29:59 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tricia\Desktop\HousecallLauncher64.exe
    [2013/01/11 17:46:14 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/01/11 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Tricia\Desktop\RK_Quarantine
    [2013/01/11 10:35:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Tricia\Desktop\dds.scr
    [2013/01/10 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/09 19:26:04 | 000,000,000 | ---D | C] -- C:\Users\Tricia\AppData\Roaming\IrfanView
    [2013/01/09 14:10:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/01/09 14:10:13 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
    [2013/01/09 14:10:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
    [2013/01/09 14:10:13 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
    [2013/01/09 14:10:13 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
    [2013/01/09 14:10:13 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
    [2013/01/09 14:10:13 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
    [2013/01/09 14:10:13 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
    [2013/01/09 14:10:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
    [2013/01/09 14:10:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
    [2013/01/09 14:10:13 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
    [2013/01/09 14:10:12 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
    [2013/01/09 14:10:12 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
    [2013/01/09 14:10:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
    [2013/01/09 14:10:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
    [2013/01/09 14:10:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
    [2013/01/09 14:10:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
    [2013/01/09 14:09:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/01/09 14:09:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/01/09 14:09:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/01/09 14:09:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/01/09 14:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/01/09 14:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/01/09 14:09:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/01/09 14:09:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/01/09 14:09:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/01/09 14:09:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/01/09 14:09:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/01/09 14:09:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/01/09 14:09:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/12/29 18:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
    [2012/12/29 18:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
    [2012/12/29 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2012/12/29 18:37:27 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2012/12/29 18:37:19 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2012/12/29 18:37:19 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2012/12/29 18:37:18 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/12/29 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    [2012/12/21 09:19:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/21 09:19:21 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/18 21:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/18 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/12/18 21:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/12/18 08:38:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/12/18 08:38:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/12/18 08:38:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/12/18 08:38:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/12/18 08:38:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/12/18 08:38:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/01/17 08:07:12 | 004,718,592 | -HS- | M] () -- C:\Users\Tricia\ntuser.dat
    [2013/01/17 08:02:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tricia\Desktop\OTL.exe
    [2013/01/17 07:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/17 07:54:23 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/16 20:46:40 | 000,000,227 | ---- | M] () -- C:\Windows\password.klc
    [2013/01/16 20:22:11 | 000,085,177 | ---- | M] () -- C:\Users\Tricia\Documents\SignBlazer License info.png
    [2013/01/16 19:24:11 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2013/01/16 19:23:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2013/01/16 19:08:23 | 015,492,608 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Tricia\Desktop\cbSetup10.exe
    [2013/01/16 17:49:58 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Tricia\Desktop\dds(1).scr
    [2013/01/16 17:49:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tricia\Desktop\HijackThis(1).exe
    [2013/01/16 15:55:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/16 14:21:30 | 077,904,960 | ---- | M] (Microsoft Corporation) -- C:\Users\Tricia\Desktop\msert.exe
    [2013/01/16 14:02:06 | 000,873,274 | ---- | M] () -- C:\Users\Tricia\AppData\Local\census.cache
    [2013/01/16 14:02:02 | 000,133,357 | ---- | M] () -- C:\Users\Tricia\AppData\Local\ars.cache
    [2013/01/15 16:40:59 | 000,180,544 | ---- | M] () -- C:\Users\Tricia\AppData\Local\GDIPFONTCACHEV1.DAT
    [2013/01/15 16:31:10 | 000,038,324 | ---- | M] () -- C:\Users\Tricia\Desktop\Stahls Tiffany - 2000.ttf
    [2013/01/12 20:53:57 | 000,839,696 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/12 20:31:02 | 000,000,036 | ---- | M] () -- C:\Users\Tricia\AppData\Local\housecall.guid.cache
    [2013/01/12 20:30:59 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tricia\Desktop\HousecallLauncher64.exe
    [2013/01/11 11:03:14 | 000,753,152 | ---- | M] () -- C:\Users\Tricia\Desktop\RogueKillerX64.exe
    [2013/01/11 10:35:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Tricia\Desktop\dds.scr
    [2013/01/11 10:20:25 | 000,524,288 | -HS- | M] () -- C:\Users\Tricia\ntuser.dat{32b5c771-5c02-11e2-ab3a-848f69c829d8}.TMContainer00000000000000000002.regtrans-ms
    [2013/01/11 10:20:25 | 000,524,288 | -HS- | M] () -- C:\Users\Tricia\ntuser.dat{32b5c771-5c02-11e2-ab3a-848f69c829d8}.TMContainer00000000000000000001.regtrans-ms
    [2013/01/11 10:20:25 | 000,065,536 | -HS- | M] () -- C:\Users\Tricia\ntuser.dat{32b5c771-5c02-11e2-ab3a-848f69c829d8}.TM.blf
    [2013/01/10 20:21:20 | 000,490,111 | ---- | M] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 007.JPG
    [2013/01/10 20:21:13 | 001,328,692 | ---- | M] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 005.JPG
    [2013/01/10 20:21:06 | 000,611,303 | ---- | M] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 004.JPG
    [2013/01/10 20:21:00 | 000,492,049 | ---- | M] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 003.JPG
    [2013/01/10 20:20:54 | 001,351,833 | ---- | M] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 002.JPG
    [2013/01/10 20:20:46 | 000,568,881 | ---- | M] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 001.JPG
    [2013/01/10 19:41:06 | 000,259,829 | ---- | M] () -- C:\Users\Tricia\Desktop\jBw cap.jpg
    [2013/01/10 14:55:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/01/10 14:55:33 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/10 12:29:36 | 000,714,203 | ---- | M] () -- C:\Users\Tricia\Desktop\Oklahoma.ai
    [2013/01/10 10:01:45 | 000,003,574 | ---- | M] () -- C:\Windows\mozy.flt
    [2013/01/10 10:01:45 | 000,003,016 | ---- | M] () -- C:\Windows\mozy.blk
    [2013/01/10 07:36:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2013/01/09 19:52:36 | 000,440,720 | ---- | M] () -- C:\Users\Tricia\Desktop\Oklahoma Shirt Ideas.pdf
    [2013/01/09 16:54:17 | 000,065,343 | ---- | M] () -- C:\Users\Tricia\Desktop\rope.zip
    [2013/01/07 12:54:32 | 000,289,418 | ---- | M] () -- C:\Users\Tricia\Desktop\heart_frame.zip
    [2013/01/07 12:54:27 | 004,914,605 | ---- | M] () -- C:\Users\Tricia\Desktop\pocket_set1.zip
    [2013/01/07 12:13:55 | 000,450,015 | ---- | M] () -- C:\Users\Tricia\Desktop\IMG_6019.png
    [2013/01/05 12:18:32 | 000,013,126 | ---- | M] () -- C:\Users\Tricia\Desktop\Car Bill of Sale Example.pdf
    [2013/01/04 16:12:32 | 000,040,305 | ---- | M] () -- C:\Users\Tricia\Desktop\Bridgewater Directory.pdf
    [2013/01/04 12:03:18 | 010,361,214 | ---- | M] () -- C:\Users\Tricia\Desktop\Fancy Fabric Folders by SewMichelle.zip
    [2013/01/03 10:34:28 | 000,059,447 | ---- | M] () -- C:\Users\Tricia\Desktop\9419.jpg
    [2013/01/02 17:09:24 | 000,000,424 | ---- | M] () -- C:\Windows\system32commongn.dat
    [2012/12/29 18:37:27 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2012/12/29 18:37:19 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2012/12/29 18:37:19 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2012/12/29 18:37:18 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/12/26 14:41:29 | 000,008,889 | ---- | M] () -- C:\Users\Tricia\Desktop\Periwinkle Cap.jpg
    [2012/12/21 15:17:20 | 000,227,963 | ---- | M] () -- C:\Users\Tricia\Desktop\Tools and Equipment Quote.pdf
    [2012/12/21 15:16:31 | 001,670,959 | ---- | M] () -- C:\Users\Tricia\Desktop\K800P_specsheet.pdf
    [2012/12/21 12:09:08 | 000,089,400 | ---- | M] () -- C:\Users\Tricia\Desktop\Aqua RobeTTWN.jpg
    [2012/12/21 12:06:00 | 000,010,374 | ---- | M] () -- C:\Users\Tricia\Desktop\Tropical Blue Robe PI.jpg
    [2012/12/21 09:54:35 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/12/20 19:58:08 | 000,613,680 | ---- | M] () -- C:\Users\Tricia\Desktop\GA sales certificate.pdf
    [2012/12/18 21:41:46 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2013/01/16 20:22:11 | 000,085,177 | ---- | C] () -- C:\Users\Tricia\Documents\SignBlazer License info.png
    [2013/01/16 15:48:05 | 000,002,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    [2013/01/16 15:48:05 | 000,002,327 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
    [2013/01/16 15:48:05 | 000,002,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    [2013/01/16 15:48:05 | 000,002,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    [2013/01/16 15:48:05 | 000,000,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
    [2013/01/15 16:31:08 | 000,038,324 | ---- | C] () -- C:\Users\Tricia\Desktop\Stahls Tiffany - 2000.ttf
    [2013/01/12 20:51:21 | 000,873,274 | ---- | C] () -- C:\Users\Tricia\AppData\Local\census.cache
    [2013/01/12 20:51:12 | 000,133,357 | ---- | C] () -- C:\Users\Tricia\AppData\Local\ars.cache
    [2013/01/12 20:31:02 | 000,000,036 | ---- | C] () -- C:\Users\Tricia\AppData\Local\housecall.guid.cache
    [2013/01/11 11:03:11 | 000,753,152 | ---- | C] () -- C:\Users\Tricia\Desktop\RogueKillerX64.exe
    [2013/01/11 10:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat{32b5c771-5c02-11e2-ab3a-848f69c829d8}.TMContainer00000000000000000002.regtrans-ms
    [2013/01/11 10:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat{32b5c771-5c02-11e2-ab3a-848f69c829d8}.TMContainer00000000000000000001.regtrans-ms
    [2013/01/11 10:20:25 | 000,065,536 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat{32b5c771-5c02-11e2-ab3a-848f69c829d8}.TM.blf
    [2013/01/10 20:21:19 | 000,490,111 | ---- | C] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 007.JPG
    [2013/01/10 20:21:12 | 001,328,692 | ---- | C] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 005.JPG
    [2013/01/10 20:21:04 | 000,611,303 | ---- | C] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 004.JPG
    [2013/01/10 20:20:59 | 000,492,049 | ---- | C] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 003.JPG
    [2013/01/10 20:20:52 | 001,351,833 | ---- | C] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 002.JPG
    [2013/01/10 20:20:45 | 000,568,881 | ---- | C] () -- C:\Users\Tricia\Desktop\Mahogany Cabinet Clayton 001.JPG
    [2013/01/10 19:41:05 | 000,259,829 | ---- | C] () -- C:\Users\Tricia\Desktop\jBw cap.jpg
    [2013/01/10 12:29:33 | 000,714,203 | ---- | C] () -- C:\Users\Tricia\Desktop\Oklahoma.ai
    [2013/01/09 19:52:41 | 000,440,720 | ---- | C] () -- C:\Users\Tricia\Desktop\Oklahoma Shirt Ideas.pdf
    [2013/01/09 16:54:16 | 000,065,343 | ---- | C] () -- C:\Users\Tricia\Desktop\rope.zip
    [2013/01/09 14:09:43 | 000,420,064 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
    [2013/01/07 12:54:31 | 000,289,418 | ---- | C] () -- C:\Users\Tricia\Desktop\heart_frame.zip
    [2013/01/07 12:54:23 | 004,914,605 | ---- | C] () -- C:\Users\Tricia\Desktop\pocket_set1.zip
    [2013/01/07 12:13:49 | 000,450,015 | ---- | C] () -- C:\Users\Tricia\Desktop\IMG_6019.png
    [2013/01/05 12:18:53 | 000,013,126 | ---- | C] () -- C:\Users\Tricia\Desktop\Car Bill of Sale Example.pdf
    [2013/01/04 12:03:06 | 010,361,214 | ---- | C] () -- C:\Users\Tricia\Desktop\Fancy Fabric Folders by SewMichelle.zip
    [2013/01/03 10:34:27 | 000,059,447 | ---- | C] () -- C:\Users\Tricia\Desktop\9419.jpg
    [2012/12/26 14:41:28 | 000,008,889 | ---- | C] () -- C:\Users\Tricia\Desktop\Periwinkle Cap.jpg
    [2012/12/21 15:17:24 | 000,227,963 | ---- | C] () -- C:\Users\Tricia\Desktop\Tools and Equipment Quote.pdf
    [2012/12/21 15:16:35 | 001,670,959 | ---- | C] () -- C:\Users\Tricia\Desktop\K800P_specsheet.pdf
    [2012/12/21 12:09:06 | 000,089,400 | ---- | C] () -- C:\Users\Tricia\Desktop\Aqua RobeTTWN.jpg
    [2012/12/21 12:05:59 | 000,010,374 | ---- | C] () -- C:\Users\Tricia\Desktop\Tropical Blue Robe PI.jpg
    [2012/12/20 19:58:08 | 000,613,680 | ---- | C] () -- C:\Users\Tricia\Desktop\GA sales certificate.pdf
    [2012/12/18 21:41:46 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/08 14:27:37 | 000,039,936 | ---- | C] () -- C:\Users\Tricia\AppData\Roaming\SharedSettings.ccs
    [2012/11/23 13:51:34 | 000,000,017 | ---- | C] () -- C:\Users\Tricia\AppData\Local\resmon.resmoncfg
    [2012/10/23 12:49:26 | 000,000,424 | ---- | C] () -- C:\Windows\system32commongn.dat
    [2012/10/09 16:43:41 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat{59a5dbcf-1258-11e2-822d-88532eeba027}.TMContainer00000000000000000002.regtrans-ms
    [2012/10/09 16:43:41 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat{59a5dbcf-1258-11e2-822d-88532eeba027}.TMContainer00000000000000000001.regtrans-ms
    [2012/10/09 16:43:41 | 000,065,536 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat{59a5dbcf-1258-11e2-822d-88532eeba027}.TM.blf
    [2012/10/04 18:31:27 | 000,000,025 | ---- | C] () -- C:\Windows\WebEasy.INI
    [2012/09/30 18:19:38 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{259232d0-0b55-11e2-b3d4-848f69c829d8}.TMContainer00000000000000000002.regtrans-ms
    [2012/09/30 18:19:38 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{259232d0-0b55-11e2-b3d4-848f69c829d8}.TMContainer00000000000000000001.regtrans-ms
    [2012/09/30 18:19:38 | 000,065,536 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{259232d0-0b55-11e2-b3d4-848f69c829d8}.TM.blf
    [2012/08/09 08:20:38 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{dac6ff04-e224-11e1-a9c0-c1a8f2fd8d79}.TMContainer00000000000000000002.regtrans-ms
    [2012/08/09 08:20:37 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{dac6ff04-e224-11e1-a9c0-c1a8f2fd8d79}.TMContainer00000000000000000001.regtrans-ms
    [2012/08/09 08:20:37 | 000,065,536 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{dac6ff04-e224-11e1-a9c0-c1a8f2fd8d79}.TM.blf
    [2012/07/31 09:22:14 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{e32f83c5-db1a-11e1-a981-e27c39903672}.TMContainer00000000000000000002.regtrans-ms
    [2012/07/31 09:22:14 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{e32f83c5-db1a-11e1-a981-e27c39903672}.TMContainer00000000000000000001.regtrans-ms
    [2012/07/31 09:22:14 | 000,065,536 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{e32f83c5-db1a-11e1-a981-e27c39903672}.TM.blf
    [2012/06/12 11:12:39 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2012/06/12 11:12:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2012/06/12 11:12:39 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2012/06/12 11:12:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2012/06/12 11:12:39 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2012/06/12 11:12:39 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2012/06/12 11:12:39 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2012/06/12 11:12:39 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2012/06/12 11:12:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2012/06/12 11:12:39 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2012/06/12 11:12:39 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2012/06/12 11:12:39 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2012/06/12 11:12:39 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2012/06/12 11:12:39 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2012/06/12 11:12:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2012/06/12 11:12:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2012/06/12 11:10:06 | 000,000,080 | ---- | C] () -- C:\Windows\EPWF1100.ini
    [2012/06/11 15:50:18 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/06/03 12:25:29 | 000,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI
    [2012/05/31 15:47:29 | 000,180,544 | ---- | C] () -- C:\Users\Tricia\AppData\Local\GDIPFONTCACHEV1.DAT
    [2012/05/31 15:46:34 | 004,718,592 | -HS- | C] () -- C:\Users\Tricia\ntuser.dat
    [2012/05/31 15:46:34 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2012/05/31 15:46:34 | 000,524,288 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2012/05/31 15:46:34 | 000,065,536 | -HS- | C] () -- C:\Users\Tricia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2012/05/31 15:46:34 | 000,000,020 | -HS- | C] () -- C:\Users\Tricia\ntuser.ini
    [2012/05/07 06:51:30 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/05/07 06:51:27 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/05/07 06:51:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/05/07 06:51:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/05/07 06:51:23 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/11/03 13:24:18 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/02/10 11:10:51 | 000,839,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/07/21 11:04:04 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Avanquest
    [2012/08/02 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/05/31 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\eFax Messenger
    [2012/10/09 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\EMBIRD32
    [2012/06/16 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\EMBIRD32_STUDIO_N
    [2012/05/31 15:56:45 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Fingertapps
    [2013/01/11 10:09:59 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\IrfanView
    [2012/05/31 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\j2 Global
    [2012/06/12 18:59:33 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Leader Technologies
    [2012/06/12 12:02:32 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\Leadertech
    [2012/08/21 10:34:16 | 000,000,000 | ---D | M] -- C:\Users\Tricia\AppData\Roaming\SignCut

    ========== Purity Check ==========



    < End of report >

    OTL Extras logfile created on: 1/17/2013 8:06:21 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tricia\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.90 Gb Total Physical Memory | 6.96 Gb Available Physical Memory | 88.16% Memory free
    15.79 Gb Paging File | 14.88 Gb Available in Paging File | 94.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 911.88 Gb Total Space | 818.42 Gb Free Space | 89.75% Space Free | Partition Type: NTFS

    Computer Name: TRICIA-PC | User Name: Tricia | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2074780487-1278886055-1847173632-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{031ADC09-D3D8-4461-B2C0-5087B5BEF98C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{13CFEFCD-85D3-48E3-948C-B543AFD59A50}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1AD74864-951B-44B6-AEB0-A49023369FA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1BA691D6-6C08-4A14-83A9-87CFFD445BBA}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
    "{1E1B934E-7F27-4C81-A79E-416D4BEB90E2}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2489DB60-F09D-4033-9340-97E4F0CC14FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4914570F-C526-49BA-A95E-9507EA8E6620}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4F4AF923-E55B-48E1-A805-C3DB9A0E7FBC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{56CB9B80-1670-479E-AD22-76672A441C5C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5E399F65-4A5B-49F1-8252-EC1F3BAF01E2}" = rport=445 | protocol=6 | dir=out | app=system |
    "{6A721AB3-521B-46A4-A521-ACBE0E7DC6DA}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
    "{72F953F1-848F-4862-98CA-482B6F8AA17A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{78016341-9985-463A-B12F-BFB3436EB06E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7D9EA3E1-F7D7-4AE8-A88C-B391BA02B0DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7DB85C3F-3A60-4B4D-B4D3-6FF654103AB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{8F0DE93A-A715-4447-8590-70571DA919C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9D20A0DB-CB35-49E8-B05E-70F6D718147D}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A1D92EFC-2852-4430-96AD-C4EA85918DFA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{ABC536B8-8210-4142-865E-75DEF3180784}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
    "{AEF90A1D-D346-4753-AD01-9A475C4AE653}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C01F7A23-9950-49BA-A63D-53C4ECF8C20F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C9545BBC-3F02-4637-A3AC-CE2EFA6D6343}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C9820E5D-F0CB-41E1-B760-91EAFD4A2432}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E38D605F-46DA-4DDD-8416-0A590A485C0C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E8F64D83-DA6B-4223-932D-21E0AACB81D4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{EB7606E1-EFCB-47A7-A861-C7E47BF1D1F6}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F20AF50E-C644-4DF5-80F5-DD45EE2E73CF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F4FBADC7-12C1-45E8-BD20-F7484EB433ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FDABC32E-5FDB-460B-8ABA-52B6391626AE}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06907CF4-7766-4A0C-8FDF-D34FDF3E294D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0D1BA48D-C632-4EAE-81EC-C5C06404F1A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0DD7524D-79E4-4462-887D-E71A56B236E4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
    "{0FC3159F-EBCC-4C83-9B2F-F0A1F0BE4B76}" = protocol=6 | dir=out | app=system |
    "{12A0E23D-A07F-4A64-8F0B-C89303FDDBE8}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
    "{1368DBEC-9A7A-4EDA-BE6D-22E65AC411CF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1B33C8B6-DF92-428F-8AB0-077A52EDDE1F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{239346B1-684A-4F32-8AFA-9697A95DBE4F}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
    "{25655EE0-9085-465E-87AF-ACA846ADE697}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
    "{26535F4E-364B-410C-87AF-5B6A56838732}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
    "{29986E3C-39E4-480A-AE8D-359F4DE47B6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2DF66CF5-0465-4D9A-8038-D8F7AE793AB7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{316307D9-172C-4E10-B785-C191D46BE701}" = protocol=1 | dir=in | [email protected],-28543 |
    "{38BE79C9-9AD3-491D-AF59-3D3FA327B592}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3A47757A-7838-43BE-A3E6-5E7E95BF8377}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3FE14C38-C210-40D6-B73E-552DFF577C83}" = protocol=58 | dir=in | [email protected],-28545 |
    "{42A749FE-0CB8-4FA4-A339-6E2DEF112735}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
    "{44C1D587-296E-415B-8B89-86ED5C00BC86}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
    "{4774C179-0006-46E3-AEFB-B50D31E2B89C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{4AC45BB2-EAED-4B5B-B333-13F96B339DEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4C7F475C-9D05-4955-8E71-15840172B234}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5CAE7E92-D51B-489F-8AC4-B92E67336073}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
    "{5D6D66AA-5355-4B11-B801-CD72B80428C8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{5F421BEF-AE54-4812-8393-8C9BE3EF2EA4}" = protocol=6 | dir=in | app=c:\users\tricia\appdata\local\temp\7zsb988.tmp\symnrt.exe |
    "{61AAC58E-F031-42C9-921D-D2F5FEB8BCA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{71FF73DF-40EA-494B-BC24-A197AB733263}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{7B29682B-0E5B-4412-A60E-92CDA0B0627A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "{7C945EA1-F3A8-4881-AD89-579BA402F236}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
    "{8260C45A-11AB-4590-BD08-F1050BEF3AE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{841A18DB-0EBC-4787-8C94-91DA0EDFA76E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{853D6150-EFD2-4B87-B66E-7A39C49AFFA8}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
    "{85809037-0708-4CF1-9A17-681D663036AE}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "{8EB9FC30-1403-4A10-8DA6-FB6D04AA0EE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8F5EF4BA-A679-4EB0-8314-CE47C4BAB7DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{98A6235A-AB75-4DC7-9FDA-4CB982C6C6BE}" = protocol=58 | dir=out | [email protected],-28546 |
    "{A0B9651B-44A6-452A-9A57-30B423954F56}" = protocol=1 | dir=out | [email protected],-28544 |
    "{AAF0CC28-6328-49D2-98FE-E9E8D3BC6A30}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
    "{AD5584BC-7721-4005-97FF-B25FEA872A0D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{B24245B7-FC9F-44D9-9701-5BCA990FBA10}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
    "{B93E36EF-5462-4224-937F-10AD9311E6F4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
    "{B9F449B5-B211-40C4-9BF5-F79F75D32645}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
    "{C28F61E2-DFD7-433E-A10A-CCD8EF7CB4AB}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
    "{C46EFD0B-4704-48C8-82C4-E5BCBAE524EF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C71946CF-3969-4F02-9F3F-0075AF379ED1}" = dir=in | app=c:\windows\system32\hasplms.exe |
    "{CDDDE79B-48DF-49C3-A5BE-73BA285583A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D285EC89-9026-49FC-8E98-A7307C4ECE19}" = protocol=17 | dir=in | app=c:\users\tricia\appdata\local\temp\7zsb988.tmp\symnrt.exe |
    "{D6BA1927-F196-4BEF-BF25-91B047B000E8}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
    "{DAE69E82-8C7D-491F-B85A-BDC9C1F9E3BA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\pcservicehost.exe |
    "{E1C3CA53-A7BE-4C36-BF89-0F985E5D29E9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{E1DDC9F5-A922-4A8C-A020-C450842533A2}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
    "{E5C73B40-2C19-452C-B998-68C26814631F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E645179A-6E56-4ACE-8A05-3AA54E8BA48C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{EB74D1EB-F34B-43CB-BE1A-644834463D08}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F31D1865-0BCD-4CBE-A1C2-A1DF5A8A6B46}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
    "{F3BD5EAF-89D4-4F9B-85DD-76ACC33DE5A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7B0562B-003D-46C4-9448-878F60079164}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F7E213EE-EF6F-4315-B651-273E5FD379D8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{FDFA0CDA-559D-4A4A-8B99-CF436999E074}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "TCP Query User{4DC826E8-EDB4-43DF-AF3E-B5EA6E36CDCA}C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\avanquest\web easy professional 8\webeasy.exe |
    "TCP Query User{687E5DF6-46DA-42C9-95DE-B829CC702FCF}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
    "TCP Query User{7BC9C936-34DD-43FF-95E7-B98ECCCD4561}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "TCP Query User{C004B613-D064-49D7-930E-D3991BC68656}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "TCP Query User{D3AF2983-B1E1-41AF-A2D3-4465078AF6A7}C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\avanquest\web easy professional 8\webeasy.exe |
    "UDP Query User{3D3A4531-2A9D-4D6E-BCF0-E5E12C92D439}C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\avanquest\web easy professional 8\webeasy.exe |
    "UDP Query User{5139FF44-9192-44A2-BBB2-49124B190F0C}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
    "UDP Query User{9B108CAD-87AB-450C-A574-F244F58C0333}C:\program files (x86)\dell\stage remote\stageremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
    "UDP Query User{CC5A5A00-BB33-4681-B1C8-F4025713FEC5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{F302EC4D-A21C-4EDA-8023-C582AA03F2C8}C:\program files (x86)\avanquest\web easy professional 8\webeasy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\avanquest\web easy professional 8\webeasy.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
    "_{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
    "_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
    "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
    "_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{00D3BDAF-C064-4821-89C5-89105F6C738E}" = Portfolio Browser
    "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
    "{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}" = TrustedID IDMonitor Identity Protection
    "{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
    "{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
    "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
    "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35DC9F1E-5E88-4E69-A49A-9F4C2B33DDF3}" = Web Easy Professional
    "{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
    "{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D3A8142-EABE-4B2E-8DED-C9710D6761DE}" = Monogram Wizard
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
    "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
    "{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011 Deluxe
    "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{799BF34E-07A9-4FBB-A29B-43B2A26AEAE3}" = Monogram Wizard Product Update 3.0.5
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{837AD9F7-264D-4B76-98F8-E1CD7B250E27}" = Monogram Wizard Plus V2.5 R20v
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E87B846-1F6A-49D0-9216-3135A654403E}" = iDo Wedding Couple Edition
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    "{A2B12CAE-BD32-43E4-AAA1-640EC03B4E53}" = Free Web Image Studio
    "{A3E06E7F-2515-49E3-B43A-49E4231F077B}" = Wilcom EmbroideryStudio e2.0
    "{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
    "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
    "{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7A395AC-04A1-4ABB-89C0-45A5D5B29189}" = CorelDRAW Graphics Suite X5 - JP
    "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
    "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{DB818EED-E69E-40F9-A206-CABA178020A7}" = Wilcom EmbroideryStudio e2.0
    "{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
    "{E3C08D47-28EB-4D20-BA10-1B26F53E0D6D}" = SignCut Driver patch
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
    "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
    "{FE711F05-7B75-4137-9620-F4CDFBD04513}" = CorelDRAW Graphics Suite X5 - IPM
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "ATT-SST" = AT&T Troubleshoot & Resolve Tool
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CobBackup10" = Cobian Backup 10
    "CoffeeCup Shopping Cart Creator Pro 3.9.4296" = CoffeeCup Shopping Cart Creator Pro
    "Dell Webcam Central" = Dell Webcam Central
    "Embird 2010" = Embird 2010
    "fdrawcmd" = Fdrawcmd.sys 1.0.1.10
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Lettering Pro" = Lettering Pro
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PremElem90" = Adobe Premiere Elements 9
    "ProInst" = Intel PROSet Wireless
    "RealPlayer 16.0" = RealPlayer
    "SB_USCutter_Elements_ID_is1" = SignBlazer Elements for USCutter release 6.0.17
    "SignCut" = SignCut (remove only)
    "SP_0e313256" = Search Assistant AppsAreFun 1.66
    "WinLiveSuite" = Windows Live Essentials
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2074780487-1278886055-1847173632-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/10/2013 11:25:57 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/10/2013 11:25:57 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1997

    Error - 1/10/2013 11:25:57 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1997

    Error - 1/10/2013 11:25:58 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/10/2013 11:25:58 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3089

    Error - 1/10/2013 11:25:58 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

    Error - 1/10/2013 11:25:59 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/10/2013 11:25:59 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4088

    Error - 1/10/2013 11:25:59 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4088

    Error - 1/10/2013 11:26:00 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/10/2013 11:26:00 AM | Computer Name = Tricia-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5086

    [ System Events ]
    Error - 10/26/2012 4:35:47 PM | Computer Name = Tricia-PC | Source = NetBT | ID = 4319
    Description = A duplicate name has been detected on the TCP network. The IP address
    of the computer that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.

    Error - 10/26/2012 4:36:17 PM | Computer Name = Tricia-PC | Source = NetBT | ID = 4319
    Description = A duplicate name has been detected on the TCP network. The IP address
    of the computer that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.

    Error - 10/28/2012 1:53:19 PM | Computer Name = Tricia-PC | Source = Service Control Manager | ID = 7000
    Description = The wntpport service failed to start due to the following error: %%1275

    Error - 10/28/2012 1:53:19 PM | Computer Name = Tricia-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\wntpport.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 10/28/2012 1:58:13 PM | Computer Name = Tricia-PC | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 10/28/2012 8:56:16 PM | Computer Name = Tricia-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\wntpport.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 10/28/2012 8:56:16 PM | Computer Name = Tricia-PC | Source = Service Control Manager | ID = 7000
    Description = The wntpport service failed to start due to the following error: %%1275

    Error - 10/29/2012 7:37:24 AM | Computer Name = Tricia-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\wntpport.SYS has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 10/29/2012 7:37:24 AM | Computer Name = Tricia-PC | Source = Service Control Manager | ID = 7000
    Description = The wntpport service failed to start due to the following error: %%1275

    Error - 10/29/2012 8:17:58 AM | Computer Name = Tricia-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWOW64\Drivers\sydexfdd.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.


    < End of report >

    Thanks again!!!
     
  2. Peachykeen

    Peachykeen Thread Starter

    Joined:
    May 19, 2001
    Messages:
    300
    UPDATE... Seems I have a failing hard drive. That must be why no one ever commented on my plea for help - I must not have been infected???? But one of my scans did show (and deleted?) two trojans???
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085587

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice