Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trish and Chrome Infections [Solved]


  • This topic is locked This topic is locked

#1
CGTIII

CGTIII

    Member

  • Member
  • PipPip
  • 17 posts

Believe I've cleared the worst of it. Appreciate some help with the rest.

 

OTL logfile created on: 11/11/2014 7:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Trish\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 59.21% Memory free
11.82 Gb Paging File | 9.37 Gb Available in Paging File | 79.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 342.34 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
 
Computer Name: TRISH-PC | User Name: Trish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/11 18:56:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trish\Desktop\OTL.exe
PRC - [2014/10/13 16:54:15 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/10/13 16:53:55 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/09/12 19:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Trish\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/06/27 13:27:12 | 001,056,976 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/08/21 13:48:28 | 003,110,808 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
PRC - [2012/02/16 12:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/01/27 16:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 21:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 21:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/12/31 17:04:38 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2011/05/20 11:16:10 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/11 18:32:34 | 000,043,008 | ---- | M] () -- c:\Users\Trish\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifd5ym.dll
MOD - [2014/10/16 03:00:20 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b20319dfb7dd671d2de2f383cd2551ce\WindowsFormsIntegration.ni.dll
MOD - [2014/10/16 03:00:18 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9c41049a9716f9c34e8dfad27ac45153\System.WorkflowServices.ni.dll
MOD - [2014/10/16 02:59:52 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\26e521624e8e8c879ac83245694d809a\System.ServiceModel.Web.ni.dll
MOD - [2014/10/16 02:59:46 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3063abda312516739bc808360071bad9\System.Xml.Linq.ni.dll
MOD - [2014/10/16 02:59:40 | 009,923,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8e483bbfa7864054aa99acd72eee21b5\System.Data.Entity.ni.dll
MOD - [2014/10/16 02:58:33 | 002,297,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
MOD - [2014/10/16 02:57:42 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\11295b4ad79dbeadee6c83ae45a8a07f\System.IdentityModel.ni.dll
MOD - [2014/10/16 02:57:41 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\b1e0939384cc320d6ac7b8921ccc2877\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 02:57:38 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\da4175d4363c1bcecb984a44cd53664f\SMDiagnostics.ni.dll
MOD - [2014/10/16 02:57:37 | 017,477,120 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0d51a457c4cb85cd5ae8439094387ad3\System.ServiceModel.ni.dll
MOD - [2014/10/16 02:56:47 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/16 02:56:46 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0d7a4560a5b939eb607da09c13507785\IAStorUtil.ni.dll
MOD - [2014/10/16 02:51:38 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/16 02:51:23 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/10/16 02:51:12 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b3011370dcbf33751d3b9dce8091c6c6\System.Runtime.Remoting.ni.dll
MOD - [2014/10/16 02:51:11 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\42a8344f2ddff36fe1453c8df3991b6d\System.EnterpriseServices.ni.dll
MOD - [2014/10/16 02:51:11 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f45bc0251cceb599622f55cc1c7f4aba\System.Transactions.ni.dll
MOD - [2014/10/16 02:51:09 | 006,638,592 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\4b335bfaa07fc54f2d72213d33f53e97\System.Data.ni.dll
MOD - [2014/10/16 02:51:03 | 001,117,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cbe531dae622018576dbf7b1fca5ce47\System.DirectoryServices.ni.dll
MOD - [2014/10/16 02:50:59 | 001,044,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e417824f8cf1fcfc1b1c2647eaf1da4e\System.Printing.ni.dll
MOD - [2014/10/16 02:50:58 | 002,157,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\17c9c9622fa7c6ff3fe034b4a8c0f3ec\ReachFramework.ni.dll
MOD - [2014/10/16 02:50:56 | 001,658,368 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\1f472dae0ef73288dc4fddb0e3c0cce2\PresentationUI.ni.dll
MOD - [2014/10/16 02:50:52 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014/10/16 02:50:38 | 012,435,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 02:50:38 | 000,039,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\72f49527a25b388720860af3ab9801ba\PresentationCFFRasterizer.ni.dll
MOD - [2014/10/16 02:50:29 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 02:50:28 | 001,812,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3255feb104f23880ebda5e530e6f07dc\System.Deployment.ni.dll
MOD - [2014/10/16 02:50:27 | 000,688,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\fc21baf1fd69ebbc21be4a9189951fc0\System.Security.ni.dll
MOD - [2014/10/16 02:50:24 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 02:50:20 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 02:50:18 | 012,236,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014/10/16 02:50:07 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/16 02:49:49 | 007,991,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/09/12 19:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Trish\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/12 02:49:48 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e8d9058b7f59f6d3d134b086916d8674\IAStorCommon.ni.dll
MOD - [2014/09/12 02:46:59 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\61bea915a98d92c2748dc18d5fc594a7\UIAutomationTypes.ni.dll
MOD - [2014/09/12 02:46:59 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\999c911e76788a9129049c062707dcec\UIAutomationProvider.ni.dll
MOD - [2014/09/12 02:46:59 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\0483c93466914f3fbd5b44454b0c8a98\Accessibility.ni.dll
MOD - [2014/09/12 02:46:53 | 000,015,872 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\664b5d4e3a1e23bfa586206f5534ab7b\Microsoft.VisualC.ni.dll
MOD - [2014/09/12 02:46:31 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/03/20 17:49:19 | 002,952,704 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/03/04 00:57:21 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Trish\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012/01/26 21:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/12/31 17:04:40 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
MOD - [2011/12/31 17:04:28 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/06/27 13:15:52 | 007,641,296 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/05/27 14:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/11/04 08:26:45 | 000,226,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/11/04 08:26:10 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/10/13 16:54:15 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/09/28 17:59:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/30 04:04:26 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/07/30 01:17:08 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/08/24 14:41:30 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/16 12:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/05/20 11:16:10 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/05/20 11:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/02/01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/04 08:26:14 | 000,107,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/25 12:24:53 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/11/01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/24 14:41:30 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/08/24 14:41:16 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 14:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/20 11:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/05/20 11:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/05/20 11:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/05/20 11:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/05/20 11:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/05/20 11:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/20 11:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/04/21 20:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/31 22:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/25 21:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/29 19:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 04:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/06/01 15:33:21 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.13: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.13.2: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@microsoft.com/Office on Demand;version=1: C:\Users\Trish\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Trish\Desktop\Babylon\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9D2AA73B-6049-4799-B8AC-925723370070}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/10/13 16:55:56 | 000,000,000 | ---D | M]
 
[2013/12/15 10:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - default_search_provider: 16F32A41EB53FA92AAB02017008BD5C6015538E8BF72D21EA5AA344ACDF00831 (Enabled)
CHR - default_search_provider: search_url = 75709DC16D5CAE11CB74484F99CB831011BABA7E4E5D3E68545779E4C5F04B06
CHR - default_search_provider: suggest_url =
CHR - homepage: 2EFA66455FD6D188E8710F17F9C05247AA6161F3680802B80A90DE0916881D74
CHR - Extension: topbuyer = C:\Users\Trish\AppData\Local\Google\Chrome\User Data\Default\Extensions\joikjodmdfofnbaamdnmpgoedapljcmg\4.1\
CHR - Extension: Yumprint = C:\Users\Trish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboinfelnglhdhgchcmomigiddalpjka\214\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (MSN GamesBar) - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (MSN GamesBar) - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (MSN GamesBar) - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll ()
O3 - HKLM\..\Toolbar: (MSN GamesBar) - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe File not found
O4 - Startup: C:\Users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Trish\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8427F707-82FF-4A20-948C-4C822E76A476}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B93587-10AB-4AB1-9D83-6087214CA1DD}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/11 18:57:51 | 002,116,096 | ---- | C] (Farbar) -- C:\Users\Trish\Desktop\FRST64.exe
[2014/11/11 18:56:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trish\Desktop\OTL.exe
[2014/11/11 18:39:47 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/11/11 18:07:44 | 001,706,808 | ---- | C] (Thisisu) -- C:\Users\Trish\Desktop\JRT.exe
[2014/11/11 18:07:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/10 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\Trish\AppData\Roaming\1H1Q1V1N1N1O2V
[2014/10/23 14:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/23 14:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/10/23 14:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/23 14:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/23 14:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/10/23 09:51:37 | 000,000,000 | ---D | C] -- C:\Users\Trish\Documents\Letter to the one I love_files
[2014/10/20 16:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/20 16:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/20 16:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/10/13 17:04:06 | 000,000,000 | ---D | C] -- C:\Users\Trish\AppData\Roaming\RealNetworks
[2014/10/13 16:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/10/13 16:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/03/21 00:25:54 | 004,911,088 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[1 C:\Users\Trish\Documents\*.tmp files -> C:\Users\Trish\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/11 18:57:54 | 002,116,096 | ---- | M] (Farbar) -- C:\Users\Trish\Desktop\FRST64.exe
[2014/11/11 18:57:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/11/11 18:56:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trish\Desktop\OTL.exe
[2014/11/11 18:38:29 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 18:38:29 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 18:37:35 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/11/11 18:37:35 | 000,662,634 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/11/11 18:37:35 | 000,122,470 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/11/11 18:33:03 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/11 18:29:45 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/11 18:29:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/11/11 18:29:19 | 464,732,159 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/11 18:07:47 | 001,706,808 | ---- | M] (Thisisu) -- C:\Users\Trish\Desktop\JRT.exe
[2014/11/11 14:24:44 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/10 16:03:01 | 000,000,044 | ---- | M] () -- C:\Users\Trish\AppData\Roaming\WB.CFG
[2014/11/04 08:26:14 | 000,107,392 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2014/11/04 08:26:12 | 000,092,520 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2014/11/04 08:26:12 | 000,035,688 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2014/11/01 00:22:12 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2014/10/23 15:33:15 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/23 14:41:44 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/23 09:51:38 | 000,023,944 | ---- | M] () -- C:\Users\Trish\Documents\Letter to the one I love.htm
[2014/10/16 02:31:07 | 000,410,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/14 17:12:59 | 005,353,472 | ---- | M] () -- C:\Users\Trish\Documents\GRANDS.pub
[2014/10/13 16:54:42 | 000,001,246 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/10/13 16:54:20 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[1 C:\Users\Trish\Documents\*.tmp files -> C:\Users\Trish\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/10 16:03:01 | 000,000,044 | ---- | C] () -- C:\Users\Trish\AppData\Roaming\WB.CFG
[2014/10/23 14:41:44 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/23 09:51:37 | 000,023,944 | ---- | C] () -- C:\Users\Trish\Documents\Letter to the one I love.htm
[2014/10/14 17:12:58 | 005,353,472 | ---- | C] () -- C:\Users\Trish\Documents\GRANDS.pub
[2014/10/13 16:54:42 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/08/03 22:30:21 | 000,004,096 | -H-- | C] () -- C:\Users\Trish\AppData\Local\keyfile3.drm
[2014/03/25 08:30:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/26 15:19:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2013/12/26 15:19:10 | 000,000,268 | RH-- | C] () -- C:\Users\Trish\AppData\Roaming\Classic Thick
[2013/12/26 15:18:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\ColorSync
[2013/12/26 15:18:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2013/12/26 15:18:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Console
[2013/12/26 12:21:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\Common
[2013/12/26 12:21:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\Bass Reduction
[2013/12/26 12:02:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/12/26 12:02:20 | 000,000,268 | RH-- | C] () -- C:\Users\Trish\AppData\Roaming\Classical
[2013/12/26 12:02:20 | 000,000,268 | RH-- | C] () -- C:\Users\Trish\AppData\Roaming\Chorus
[2013/12/26 12:02:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/12/26 12:02:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/12/26 12:01:58 | 000,000,268 | RH-- | C] () -- C:\Users\Trish\AppData\Roaming\Components
[2013/12/26 12:01:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/12/24 10:21:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/12/24 10:21:28 | 000,000,000 | ---- | C] () -- C:\Users\Trish\AppData\Roaming\Caches
[2013/12/24 10:19:48 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/12/24 10:19:48 | 000,000,000 | ---- | C] () -- C:\Users\Trish\AppData\Roaming\CIOSupport
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/10 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\1H1Q1V1N1N1O2V
[2013/01/25 13:34:42 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Blio
[2014/03/25 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\dlg
[2014/11/11 18:32:58 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Dropbox
[2012/11/14 12:06:40 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Fingertapps
[2014/09/30 17:14:20 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Hoyle Blackjack
[2014/11/11 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Hoyle Card Games
[2012/11/21 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Hoyle FaceCreator
[2013/06/08 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\IDT
[2012/11/14 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Leadertech
[2014/10/10 16:00:56 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\MyPublisher
[2013/12/26 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Nikon
[2014/08/09 12:00:50 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Oberon Media
[2014/07/15 18:19:39 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\PCDr
[2013/10/21 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Trish\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 379 bytes -> C:\ProgramData\Temp:117374BE
@Alternate Data Stream - 376 bytes -> C:\ProgramData\Temp:3B68494D

< End of report >
 

OTL Extras logfile created on: 11/11/2014 7:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Trish\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.50 Gb Available Physical Memory | 59.21% Memory free
11.82 Gb Paging File | 9.37 Gb Available in Paging File | 79.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 342.34 Gb Free Space | 76.73% Space Free | Partition Type: NTFS
 
Computer Name: TRISH-PC | User Name: Trish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F3AF21-66CC-45EA-9C8E-0422685B7B85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04CB9184-1964-43E1-B18B-80C38474FFCA}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C311F8F-8CCA-4E21-A6AF-293693481056}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{20D6F834-66A8-4D39-905B-5775563D5109}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{2402852F-126A-498E-BD5D-D622D476111D}" = lport=139 | protocol=6 | dir=in | app=system |
"{26268062-8F2F-4B87-A5EF-02A6D194562E}" = rport=139 | protocol=6 | dir=out | app=system |
"{26A8E7E8-97AB-406F-9606-243100A4A552}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27838B57-3383-4F09-A7D4-5C1DD8EB5EB2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3274B89C-254D-4219-9933-3E04050A8C69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F0D0A53-1C3B-40CA-A53F-EBFA8DF82D2F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4D4A104B-C223-4BBF-89DD-6E96CE4ABD22}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50075E8C-EB78-433F-AD59-AFCEF93D53ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{57C45140-AE14-4551-BE08-B445974AF492}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AF890DE-6D95-4088-B105-CA8D03400C5C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C378693-4411-42CC-95D2-9047A4C61D91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{790EA9FB-8C4A-4406-AA74-025CC00F133D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{791FA525-0FF4-4B93-A8A9-A08890ADADC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{793B6612-9762-41C8-8845-272E1ECAFCA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7CDDBA17-D15A-4D26-9AA7-4A644921DE9E}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{8BE53F12-D147-47DC-959E-25D2B83B0FFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E3881A4-AE8B-471F-A1C5-8CD2C55476C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{908C0501-A3EC-4777-BBF0-1DB084DF068C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98311F0E-6D82-4D7E-959C-E590CD3CBB3B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A287CE06-59B2-4BCA-8112-8F47AE2E03D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{A63F02A0-EFB7-418B-977B-C21B3E433736}" = rport=445 | protocol=6 | dir=out | app=system |
"{A86E3483-BBA6-4137-8A8B-C0032BA8FBB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD20C296-27E5-4364-BD33-DB7884D4C996}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF613DEC-FAD9-4B93-AD47-7DBCE91411FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBE6ABA3-7AE6-46CF-8343-449D3899659D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{C08122F1-C05D-4781-9AD9-02077DE61228}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0AFC238-881B-435B-9FD4-8A1A5713C35A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB577BC3-CE4C-4C43-881A-2545C278A986}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DEE4E2A2-2E4C-4677-A139-D7C9DCE49123}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{E19BEDE7-5D2A-45CA-AFC6-E09D5B349BBD}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{E58E9B2B-3089-4909-9508-F3A4064720C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F33AAFD7-8107-401C-9C3D-96A41ECCA29F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F859594C-A925-41D8-8F0E-A40CA3FB0443}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F92EB530-EE33-45E1-B27E-A55468CB6D7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA3EDF30-46B5-401C-9FE1-CE3ED16E0FFC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068E49E3-076B-4891-8286-679341B4D28B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11F867A9-5428-4A16-ADB1-66DD3977531B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{175FCDA4-0F23-4E6F-95F9-83EA3D4237E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21CDE041-D013-455E-8964-5E0A0794EB32}" = protocol=6 | dir=in | app=c:\users\trish\appdata\roaming\dropbox\bin\dropbox.exe |
"{2652E529-8919-4D25-B6DD-EEFA88C6466E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{3682360E-18EF-4870-9B74-32E265E6CFED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CAA6CE4-73F4-4AAF-A5CF-17FAFAEAC469}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{4019ED50-CA8C-45CC-9DD3-91C2D382751D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{47DD3884-8CC3-4FF3-9103-D1D14BD7D271}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4914772B-FE1C-417C-948A-A004C4FDF257}" = protocol=6 | dir=out | app=system |
"{4990D1CD-22F1-4B7E-B1FE-ABC14A3EF9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C51318D-80F6-491E-92AF-3471DB82C698}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59D0ECF3-63B8-454D-AE4B-28FD93E7DA59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C7933AD-F8AD-4CC3-BCB6-E4F04B710DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{607C94F8-91AC-47EA-8D00-88123C2C6D7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60C21562-60B0-4A69-81CA-A4D5CFCA0FF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64A43BF1-6D15-42E7-A636-EBF758E932BD}" = protocol=17 | dir=in | app=c:\users\trish\appdata\roaming\dropbox\bin\dropbox.exe |
"{64DA9B23-E66B-4A84-B293-653645529FF3}" = protocol=17 | dir=in | app=c:\program files (x86)\msn_en\dtuser.exe |
"{68FA00C8-4BC5-40E9-85C5-32163D65EE00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{73A9A355-09C9-4F43-A463-6743BCE96FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{7549ADBD-D365-4A5D-A643-0C0BC3EFB6E6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7A3169C0-4BF8-4EAC-B15D-BB1C6FC446CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FAA9B35-8E3B-46B7-955C-4E546C222862}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{847987CC-8566-41E5-83D4-58A2D1D481D5}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{8632F11C-81B5-4C62-9807-407E1D901865}" = protocol=1 | dir=in | [email protected],-28543 |
"{8D60DAB4-3EC9-48B1-A7F6-1CF7F10272E9}" = protocol=58 | dir=in | [email protected],-28545 |
"{99B44E68-A14E-4C1E-8D6F-C187809EE83A}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
"{9CC42A29-AB93-42F7-AC06-6141FE40A135}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A59ABD65-44A0-4453-982E-76036E575398}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A5E42D4C-66CA-40CD-84F4-BF179AD04AC3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{ABD4F156-8C52-4DB8-B3A2-38B5A8B4F042}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD572663-D530-41ED-813A-8E1879F56628}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6911CC9-8CF1-423C-8DB0-CE2B02919E87}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C47E7159-6C16-42F8-BB58-D12A8BB2E07A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{C47F5D93-CE3E-4F1D-8FE9-B14746D69BB1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD5C8B20-8F54-430D-9FDA-21B1D080C0C2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CDBFB074-A732-44CE-84B8-2EE45182EE45}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0BB3F09-D250-4186-BB8C-1928E576DB18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D977D960-EF26-4B4C-BCEC-44E8F9C58D01}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{DE355B93-CC83-4572-BA52-CD35F9344ACE}" = protocol=58 | dir=out | [email protected],-28546 |
"{E1E7E216-B007-4DA2-8CD2-AFAFD8C4DDD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E297652D-6E39-45BF-A07D-A7F24E89B4C8}" = protocol=6 | dir=in | app=c:\program files (x86)\msn_en\dtuser.exe |
"{EAD71D14-E517-43C2-A69A-2732971AF1E8}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{EB357873-0127-4667-A36B-DE483F03F1E7}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{ED5C571E-1442-4E23-B49A-B3F80E1D5623}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EF3EC4EA-3ED6-4C86-B3AC-9A5776AAAFBA}" = protocol=1 | dir=out | [email protected],-28544 |
"{F00224B5-DAA5-4B24-BD41-C6B03754DC26}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{F2AE1AB1-BC25-4C19-A3A7-452BB283816D}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{F473FAB3-2CC4-45AD-9043-A3AF060F7AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{F6AE4EBF-2755-4369-90AD-B9B9353FB31D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8A6DD03-7304-4C23-9BB3-822C9908CB58}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"TCP Query User{A45E7855-BC28-46C0-AB37-FC2CF50754EC}C:\users\trish\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\trish\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CC08AD37-1C1C-4609-815D-C3E38A2476A8}C:\program files (x86)\google\picasa3\picasa3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\picasa3\picasa3.exe |
"UDP Query User{95DB6A69-62EE-48A1-BB69-F726C542BEB4}C:\program files (x86)\google\picasa3\picasa3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\picasa3\picasa3.exe |
"UDP Query User{BB7F030A-03A2-45C5-A9EE-466A05595997}C:\users\trish\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\trish\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"KONICA MINOLTA bizhub C353 Series Installer" = KONICA MINOLTA bizhub C353 Series
"Microsoft Security Client" = Microsoft Security Essentials
"msn_en" = MSN GamesBar
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01709BCA-8553-4B46-8A75-DBCCAC95DD62}" = Hoyle Card Games 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F524A2D-5350-4500-76A7-A758B70C1200}" = Search App by Ask
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C5778DB-3E5A-499D-865D-740E67D1F165}" = LogMeIn
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FBAD091-89F7-4C77-A224-15FF4423C7D2}" = RealDownloader
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}" = ArcSoft Panorama Maker 6
"{DB10BAB5-AD91-4A8C-B1B0-E52E33409BE9}" = KONICA MINOLTA TWAIN V4
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"510007518" = Super Collapse 2
"510008693" = Super Collapse 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Carbonite Backup" = Carbonite
"Dell Webcam Central" = Dell Webcam Central
"Free PDF Solutions PDF to WORD_is1" = Free PDF Solutions PDF to WORD version 1.0
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"MyPublisher" = MyPublisher
"ODIR_is1" = ODIR
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 15.0" = RealPlayer
"RealPlayer 17.0" = RealPlayer Cloud
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Firefox Packages" = Firefox Packages
"Microsoft Office on Demand Browser Add-ons" = Microsoft Office on Demand Browser Add-ons
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 8/13/2014 10:35:51 AM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2571
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 8/14/2014 5:12:20 PM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 364
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 8/21/2014 8:58:03 AM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 615
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 8/23/2014 11:07:13 AM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3967
 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error - 8/27/2014 7:29:16 PM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/1/2014 11:56:43 PM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 9/30/2014 9:27:01 AM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/16/2014 5:37:51 PM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 772
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 10/16/2014 5:38:17 PM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/22/2014 5:51:36 PM | Computer Name = Trish-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13111
 seconds with 120 seconds of active time.  This session ended with a crash.
 
 
< End of report >
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Trish (administrator) on TRISH-PC on 11-11-2014 19:29:03
Running from C:\Users\Trish\Desktop
Loaded Profiles: Trish & LogMeInRemoteUser (Available profiles: Trish & LogMeInRemoteUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\Trish\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-10-10] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-10-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3367699262-726317081-71985535-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
HKU\S-1-5-21-3367699262-726317081-71985535-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-3367699262-726317081-71985535-1003\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-3367699262-726317081-71985535-1003\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-3367699262-726317081-71985535-1003\...\MountPoints2: {c785b344-a966-11e1-95ad-806e6f6e6963} - D:\Welcome.exe
HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe [102522 2009-08-19] (DataLode, Inc.)
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Trish\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: MSN GamesBar -> {5e7c3693-318c-4f0f-9ff2-db485880944c} -> C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: MSN GamesBar -> {5e7c3693-318c-4f0f-9ff2-db485880944c} -> C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MSN GamesBar - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM-x32 - MSN GamesBar - {5e7c3693-318c-4f0f-9ff2-db485880944c} - C:\Program Files (x86)\msn_en\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKU\S-1-5-21-3367699262-726317081-71985535-1001 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} -  No File
Toolbar: HKU\S-1-5-21-3367699262-726317081-71985535-1003 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3367699262-726317081-71985535-1001: @microsoft.com/Office on Demand;version=1 -> C:\Users\Trish\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Trish\Desktop\Babylon\Utils\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\Trish\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (topbuyer) - C:\Users\Trish\AppData\Local\Google\Chrome\User Data\Default\Extensions\joikjodmdfofnbaamdnmpgoedapljcmg [2014-11-10]
CHR Extension: (Yumprint) - C:\Users\Trish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboinfelnglhdhgchcmomigiddalpjka [2014-11-10]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-04] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-04] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-08-24] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-01] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-25] ()
S3 cpuz134; \??\C:\Users\Trish\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:29 - 2014-11-11 19:29 - 00021927 _____ () C:\Users\Trish\Desktop\FRST.txt
2014-11-11 19:28 - 2014-11-11 19:29 - 00000000 ____D () C:\FRST
2014-11-11 19:28 - 2014-11-11 19:28 - 00110260 _____ () C:\Users\Trish\Desktop\OTL.Txt
2014-11-11 19:28 - 2014-11-11 19:28 - 00073168 _____ () C:\Users\Trish\Desktop\Extras.Txt
2014-11-11 18:57 - 2014-11-11 18:57 - 02116096 _____ (Farbar) C:\Users\Trish\Desktop\FRST64.exe
2014-11-11 18:56 - 2014-11-11 18:56 - 00602112 _____ (OldTimer Tools) C:\Users\Trish\Desktop\OTL.exe
2014-11-11 18:52 - 2014-11-11 18:52 - 00081264 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (16).exe
2014-11-11 18:44 - 2014-11-11 18:44 - 00003052 _____ () C:\Users\Trish\Desktop\JRT.txt
2014-11-11 18:39 - 2014-11-11 18:39 - 00000000 ____D () C:\windows\ERUNT
2014-11-11 18:31 - 2014-11-11 18:31 - 00003362 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3367699262-726317081-71985535-1001
2014-11-11 18:31 - 2014-11-11 18:31 - 00003228 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3367699262-726317081-71985535-1001
2014-11-11 18:07 - 2014-11-11 18:10 - 00000000 ____D () C:\AdwCleaner
2014-11-11 18:07 - 2014-11-11 18:07 - 01706808 _____ (Thisisu) C:\Users\Trish\Desktop\JRT.exe
2014-11-11 18:06 - 2014-11-11 18:06 - 02140160 _____ () C:\Users\Trish\Downloads\AdwCleaner.exe
2014-11-11 18:05 - 2014-11-11 18:05 - 00079216 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (15).exe
2014-11-11 18:04 - 2014-11-11 18:04 - 00081264 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (14).exe
2014-11-11 18:04 - 2014-11-11 18:04 - 00079216 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (13).exe
2014-11-11 07:28 - 2014-11-11 17:52 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3367699262-726317081-71985535-1001
2014-11-11 07:28 - 2014-11-11 17:52 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3367699262-726317081-71985535-1001
2014-11-10 16:03 - 2014-11-10 16:03 - 00000044 _____ () C:\Users\Trish\AppData\Roaming\WB.CFG
2014-11-10 15:04 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\1H1Q1V1N1N1O2V
2014-11-10 15:03 - 2014-11-10 15:03 - 24656704 _____ (Mozilla) C:\Users\Trish\Downloads\FirefoxSetup [1].exe
2014-11-10 15:02 - 2014-11-10 15:02 - 00860576 _____ ( ) C:\Users\Trish\Downloads\FirefoxSetup.exe
2014-10-23 14:41 - 2014-10-23 14:41 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-23 14:41 - 2014-10-23 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 14:40 - 2014-10-23 14:41 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 14:40 - 2014-10-23 14:41 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 14:40 - 2014-10-23 14:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 14:40 - 2014-10-23 14:40 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 09:51 - 2014-10-23 09:51 - 00023944 _____ () C:\Users\Trish\Documents\Letter to the one I love.htm
2014-10-23 09:51 - 2014-10-23 09:51 - 00000000 ____D () C:\Users\Trish\Documents\Letter to the one I love_files
2014-10-20 16:20 - 2014-10-20 16:20 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-20 16:20 - 2014-10-20 16:20 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-20 16:20 - 2014-10-20 16:20 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-20 16:20 - 2014-10-20 16:20 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 16:20 - 2014-10-20 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-20 16:20 - 2014-10-20 16:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 10:01 - 2014-10-29 11:09 - 00009657 _____ () C:\Users\Trish\Documents\TO DO OCT.xlsx
2014-10-15 07:41 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 07:41 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 07:41 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 07:41 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 07:41 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 07:41 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 07:41 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 07:41 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00368128 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 07:41 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 07:41 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 07:41 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00516096 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 07:41 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 07:41 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 07:41 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 07:41 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 07:41 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 07:41 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 07:41 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 07:41 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 07:41 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 07:41 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 07:41 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 07:41 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 07:40 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 07:40 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 07:40 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 07:40 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 07:40 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 07:40 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 07:40 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 07:40 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 07:40 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 07:40 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 07:40 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 07:40 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 07:40 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 07:40 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 07:40 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 07:40 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 07:40 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 07:40 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 07:40 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 07:40 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 07:40 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 07:40 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 07:40 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 07:40 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 07:40 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 07:40 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 07:40 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 07:40 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 07:40 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 07:40 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 07:40 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 07:40 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 07:40 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 07:40 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 07:40 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 07:40 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 07:40 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 07:40 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 07:40 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 07:40 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 07:40 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 07:40 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 07:40 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 07:40 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 07:40 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 07:40 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 07:40 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 07:40 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 07:40 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 07:40 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 07:40 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 07:40 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 07:40 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 07:40 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 07:40 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 07:40 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 07:40 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 07:40 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 07:40 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 07:40 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 07:40 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 07:40 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 07:40 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 07:40 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 07:40 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 07:40 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 07:40 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 07:40 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 07:40 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 07:40 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 07:40 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 07:40 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 07:40 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 07:40 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 07:40 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 07:40 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 07:40 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 07:40 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 07:40 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 07:40 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 07:40 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 07:40 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 07:40 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 07:40 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 07:40 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 07:40 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 07:40 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 07:40 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 07:40 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 07:40 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 07:40 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 07:40 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 07:40 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 07:40 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 07:40 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 07:40 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 07:40 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 07:40 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 07:40 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 07:40 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 07:40 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 07:40 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 07:40 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 07:40 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 07:40 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 07:40 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 07:40 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 07:40 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 07:40 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 07:40 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-10-15 07:40 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-10-15 07:40 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-10-15 07:40 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-10-15 07:40 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 07:40 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-10-15 07:40 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-10-15 07:39 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 07:39 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-14 17:12 - 2014-10-14 17:12 - 05353472 _____ () C:\Users\Trish\Documents\GRANDS.pub
2014-10-13 17:04 - 2014-10-13 17:04 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\RealNetworks
2014-10-13 16:55 - 2014-10-13 16:55 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-10-13 16:55 - 2014-10-13 16:55 - 00000000 ____D () C:\Program Files (x86)\RealNetworks

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 19:24 - 2013-05-12 08:57 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{935AC3F5-8112-46FD-9BB8-983025E003F5}
2014-11-11 18:58 - 2012-11-17 15:57 - 00000000 ____D () C:\Users\Trish\AppData\Local\Nero
2014-11-11 18:57 - 2012-12-13 07:41 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 18:51 - 2012-05-29 03:01 - 01765313 _____ () C:\windows\WindowsUpdate.log
2014-11-11 18:38 - 2009-07-13 23:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 18:38 - 2009-07-13 23:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 18:37 - 2009-07-14 00:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-11 18:33 - 2012-12-12 10:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 18:32 - 2013-08-18 16:51 - 00000000 ___RD () C:\Users\Trish\Dropbox
2014-11-11 18:32 - 2013-08-18 16:48 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\Dropbox
2014-11-11 18:30 - 2014-01-28 22:26 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-11 18:30 - 2014-01-28 22:26 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-11 18:30 - 2012-05-29 03:48 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-11 18:30 - 2012-05-29 03:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-11 18:30 - 2012-05-29 03:36 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-11 18:29 - 2012-12-12 10:37 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 18:29 - 2010-11-20 22:47 - 00303880 _____ () C:\windows\PFRO.log
2014-11-11 18:29 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-11 18:29 - 2009-07-13 23:51 - 00065017 _____ () C:\windows\setupact.log
2014-11-11 16:12 - 2013-05-21 15:35 - 00000000 ____D () C:\Program Files\My Dell
2014-11-11 16:12 - 2012-11-14 13:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-11 16:04 - 2013-05-21 15:36 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-11-11 14:24 - 2014-05-08 16:38 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 12:34 - 2012-11-18 00:00 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\Hoyle Card Games
2014-11-11 07:26 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\security
2014-11-11 00:41 - 2012-11-16 09:10 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-10 23:27 - 2011-12-11 22:44 - 00045568 _____ () C:\Users\Trish\Desktop\Trish Info.xls
2014-11-10 16:06 - 2009-07-13 21:34 - 00000612 _____ () C:\windows\win.ini
2014-11-08 23:41 - 2014-08-30 14:06 - 00027444 _____ () C:\Users\Trish\Documents\MOM BANK AMERICA.xlsx
2014-11-04 08:27 - 2012-11-16 09:10 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-04 08:26 - 2012-11-16 09:11 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2014-11-04 08:26 - 2012-11-16 09:11 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2014-11-04 08:26 - 2012-11-16 09:11 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2014-11-04 08:25 - 2012-11-14 00:04 - 00000000 ____D () C:\Users\Trish\AppData\Local\SoftThinks
2014-11-04 08:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2014-11-03 17:45 - 2014-07-17 18:42 - 00000000 ____D () C:\Users\Trish\Documents\Scans
2014-11-01 00:22 - 2013-12-26 12:02 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-10-30 22:10 - 2014-06-19 14:19 - 00000000 ____D () C:\Users\Trish\AppData\Local\Windows Live
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-24 06:28 - 2012-12-12 10:37 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 06:28 - 2012-12-12 10:37 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 23:23 - 2012-11-13 08:54 - 00000000 ____D () C:\Users\Trish\Documents\HOLIDAYS
2014-10-23 15:45 - 2013-12-31 12:23 - 00015270 _____ () C:\Users\Trish\Desktop\2014 BILL PAYMENTS.xlsx
2014-10-23 15:33 - 2014-05-08 16:38 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-23 15:33 - 2014-05-08 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 15:33 - 2014-05-08 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-23 14:40 - 2014-09-04 14:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-23 14:40 - 2012-11-14 22:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-23 10:04 - 2012-11-14 00:04 - 00000000 ____D () C:\Users\Trish
2014-10-22 16:27 - 2012-12-08 13:32 - 00000000 ____D () C:\Users\Trish\AppData\Local\CrashDumps
2014-10-21 17:02 - 2014-10-10 16:01 - 00001616 _____ () C:\Users\Public\clientURLString.txt
2014-10-20 16:21 - 2014-03-05 01:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-18 22:14 - 2014-09-04 14:02 - 00009539 _____ () C:\Users\Trish\Documents\Cecie's Wallace Georgia Colonial Silver.xlsx
2014-10-17 10:18 - 2012-11-13 08:54 - 00000000 ____D () C:\Users\Trish\Documents\TRISH
2014-10-16 03:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-16 02:39 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-16 02:33 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 02:31 - 2009-07-13 23:45 - 00410928 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 02:28 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-16 02:28 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-16 02:09 - 2012-11-16 08:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:05 - 2013-07-28 02:00 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 02:00 - 2012-11-14 12:37 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-13 17:04 - 2012-11-17 16:18 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\Real
2014-10-13 16:56 - 2012-11-17 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-10-13 16:56 - 2012-11-17 16:18 - 00000000 ____D () C:\Program Files (x86)\Real
2014-10-13 16:54 - 2012-11-17 16:22 - 00201800 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2014-10-13 16:54 - 2012-11-17 16:21 - 00278600 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2014-10-13 16:54 - 2012-11-17 16:17 - 00000000 ____D () C:\ProgramData\Real
2014-10-13 16:53 - 2012-11-17 16:21 - 00505416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2014-10-13 16:53 - 2012-11-17 16:21 - 00353864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2014-10-12 18:01 - 2014-09-12 02:41 - 00003340 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3367699262-726317081-71985535-1001
2014-10-12 18:01 - 2014-09-12 02:41 - 00003206 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3367699262-726317081-71985535-1001

Files to move or delete:
====================
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\Trish\AppData\Local\Temp\032939rr.exe
C:\Users\Trish\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Trish\AppData\Local\Temp\air6B4B.exe
C:\Users\Trish\AppData\Local\Temp\air7674.exe
C:\Users\Trish\AppData\Local\Temp\APNSetup.exe
C:\Users\Trish\AppData\Local\Temp\bootstrapper.exe
C:\Users\Trish\AppData\Local\Temp\c2rui.dll
C:\Users\Trish\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Trish\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Trish\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Trish\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifd5ym.dll
C:\Users\Trish\AppData\Local\Temp\GUninstaller.exe
C:\Users\Trish\AppData\Local\Temp\helper.exe
C:\Users\Trish\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Trish\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Trish\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Trish\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Trish\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\Trish\AppData\Local\Temp\lowproc.exe
C:\Users\Trish\AppData\Local\Temp\mssinstaller.exe
C:\Users\Trish\AppData\Local\Temp\npofficeondemand.dll
C:\Users\Trish\AppData\Local\Temp\nss772E.tmp.exe
C:\Users\Trish\AppData\Local\Temp\Quarantine.exe
C:\Users\Trish\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Trish\AppData\Local\Temp\roamingofficeactivex.32.dll
C:\Users\Trish\AppData\Local\Temp\roamingofficeactivex.64.dll
C:\Users\Trish\AppData\Local\Temp\sqlite3.dll
C:\Users\Trish\AppData\Local\Temp\stubhelper.dll
C:\Users\Trish\AppData\Local\Temp\STWSetup.exe
C:\Users\Trish\AppData\Local\Temp\uninst1.exe
C:\Users\Trish\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 18:00

==================== End Of Log ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Trish, not a bad job a few bits still to do though. We will use FRST for this :)

Firstly you must uninstall and then re-install Chrome. It has been changed to developer mode, which means that all safeguards and security aspects are disabled so anything can be installed into Chrome

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
Toolbar: HKU\S-1-5-21-3367699262-726317081-71985535-1001 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No File
Toolbar: HKU\S-1-5-21-3367699262-726317081-71985535-1003 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No File
2014-11-11 18:52 - 2014-11-11 18:52 - 00081264 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (16).exe
2014-11-11 18:05 - 2014-11-11 18:05 - 00079216 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (15).exe
2014-11-11 18:04 - 2014-11-11 18:04 - 00081264 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (14).exe
2014-11-11 18:04 - 2014-11-11 18:04 - 00079216 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (13).exe
2014-11-10 15:04 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\1H1Q1V1N1N1O2V
2014-11-10 15:03 - 2014-11-10 15:03 - 24656704 _____ (Mozilla) C:\Users\Trish\Downloads\FirefoxSetup [1].exe
2014-11-10 15:02 - 2014-11-10 15:02 - 00860576 _____ ( ) C:\Users\Trish\Downloads\FirefoxSetup.exe
C:\ProgramData\pclunst.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thank you again... Anything else for it?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Trish at 2014-11-14 05:56:37 Run:1
Running from C:\Users\Trish\Desktop
Loaded Profiles: Trish & LogMeInRemoteUser (Available profiles: Trish & LogMeInRemoteUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
Toolbar: HKU\S-1-5-21-3367699262-726317081-71985535-1001 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No File
Toolbar: HKU\S-1-5-21-3367699262-726317081-71985535-1003 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} - No File
2014-11-11 18:52 - 2014-11-11 18:52 - 00081264 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (16).exe
2014-11-11 18:05 - 2014-11-11 18:05 - 00079216 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (15).exe
2014-11-11 18:04 - 2014-11-11 18:04 - 00081264 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (14).exe
2014-11-11 18:04 - 2014-11-11 18:04 - 00079216 _____ (Premium Installer ) C:\Users\Trish\Downloads\setup (13).exe
2014-11-10 15:04 - 2014-11-10 15:04 - 00000000 ____D () C:\Users\Trish\AppData\Roaming\1H1Q1V1N1N1O2V
2014-11-10 15:03 - 2014-11-10 15:03 - 24656704 _____ (Mozilla) C:\Users\Trish\Downloads\FirefoxSetup [1].exe
2014-11-10 15:02 - 2014-11-10 15:02 - 00860576 _____ ( ) C:\Users\Trish\Downloads\FirefoxSetup.exe
C:\ProgramData\pclunst.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key deleted successfully.
"HKCR\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key not found.
HKU\S-1-5-21-3367699262-726317081-71985535-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4D78C72-08DB-4A3F-9175-B265157283F3} => value deleted successfully.
"HKCR\CLSID\{C4D78C72-08DB-4A3F-9175-B265157283F3}" => Key not found.
HKU\S-1-5-21-3367699262-726317081-71985535-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4D78C72-08DB-4A3F-9175-B265157283F3} => value deleted successfully.
"HKCR\CLSID\{C4D78C72-08DB-4A3F-9175-B265157283F3}" => Key not found.
"C:\Users\Trish\Downloads\setup (16).exe" => File/Directory not found.
"C:\Users\Trish\Downloads\setup (15).exe" => File/Directory not found.
"C:\Users\Trish\Downloads\setup (14).exe" => File/Directory not found.
"C:\Users\Trish\Downloads\setup (13).exe" => File/Directory not found.
C:\Users\Trish\AppData\Roaming\1H1Q1V1N1N1O2V => Moved successfully.
C:\Users\Trish\Downloads\FirefoxSetup [1].exe => Moved successfully.
C:\Users\Trish\Downloads\FirefoxSetup.exe => Moved successfully.
C:\ProgramData\pclunst.exe => Moved successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{C3FF6DA2-0993-4D24-9023-84CFBA3BE689} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 4.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you experiencing any further problems ? I.e. windows updates etc..

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#5
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Windows Update is off intentionally. I expect Windows Security Essentials turned off Windows Defender.

 

Farbar Service Scanner Version: 21-07-2014
Ran by Trish (administrator) on 14-11-2014 at 20:42:34
Running from "C:\Users\Trish\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Thank you again.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP