Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

*32 chrome processes [Closed]


  • This topic is locked This topic is locked

#1
qfwm2001

qfwm2001

    New Member

  • Member
  • Pip
  • 3 posts

Hello,

 

About a month ago my computer was infected with malware.  I am concerned that I did not remove all issues.  

 

Any time I check task manager, *32 chrome has 15 or more open.  My Cpu fan turns on high very frequently. 

 

Any help will be greatly appreciated.

 

OTL log:

 

OTL logfile created on: 11/4/2014 8:56:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\david.PROHEALTH1\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 4.66 Gb Available Physical Memory | 58.59% Memory free
15.90 Gb Paging File | 12.04 Gb Available in Paging File | 75.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 674.18 Gb Total Space | 498.80 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
Drive D: | 20.29 Gb Total Space | 2.19 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.10% Space Free | Partition Type: FAT32
 
Computer Name: DM | User Name: david | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/04 08:55:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\david.PROHEALTH1\Downloads\OTL.exe
PRC - [2014/10/21 22:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/01 10:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 10:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 10:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/25 19:14:54 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/09/12 18:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/08 09:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/03/03 12:34:54 | 007,382,528 | ---- | M] (Google Inc.) -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2013/12/17 09:25:24 | 000,026,984 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2013/09/12 02:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/31 18:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/05/31 17:56:14 | 000,125,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2011/09/12 19:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/26 05:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 05:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 05:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/09 10:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/09 10:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/12 18:10:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/07/12 18:10:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/07/12 18:10:28 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/07/12 18:10:26 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/07/11 16:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/20 12:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 12:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/04/14 20:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/04 08:31:57 | 000,043,008 | ---- | M] () -- c:\users\david~1.pro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppyyhh7.dll
MOD - [2014/11/04 08:30:41 | 001,175,040 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._core_.pyd
MOD - [2014/11/04 08:30:41 | 001,160,704 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\_ssl.pyd
MOD - [2014/11/04 08:30:41 | 001,062,400 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._controls_.pyd
MOD - [2014/11/04 08:30:41 | 000,811,008 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._windows_.pyd
MOD - [2014/11/04 08:30:41 | 000,805,888 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._gdi_.pyd
MOD - [2014/11/04 08:30:41 | 000,735,232 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._misc_.pyd
MOD - [2014/11/04 08:30:41 | 000,713,216 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\_hashlib.pyd
MOD - [2014/11/04 08:30:41 | 000,686,080 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\unicodedata.pyd
MOD - [2014/11/04 08:30:41 | 000,557,056 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\pysqlite2._sqlite.pyd
MOD - [2014/11/04 08:30:41 | 000,525,640 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\windows._lib_cacheinvalidation.pyd
MOD - [2014/11/04 08:30:41 | 000,364,544 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\pythoncom27.dll
MOD - [2014/11/04 08:30:41 | 000,320,512 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32com.shell.shell.pyd
MOD - [2014/11/04 08:30:41 | 000,167,936 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32gui.pyd
MOD - [2014/11/04 08:30:41 | 000,128,512 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\_elementtree.pyd
MOD - [2014/11/04 08:30:41 | 000,127,488 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\pyexpat.pyd
MOD - [2014/11/04 08:30:41 | 000,122,368 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._wizard.pyd
MOD - [2014/11/04 08:30:41 | 000,119,808 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32file.pyd
MOD - [2014/11/04 08:30:41 | 000,110,080 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\pywintypes27.dll
MOD - [2014/11/04 08:30:41 | 000,108,544 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32security.pyd
MOD - [2014/11/04 08:30:41 | 000,098,816 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32api.pyd
MOD - [2014/11/04 08:30:41 | 000,087,552 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\_ctypes.pyd
MOD - [2014/11/04 08:30:41 | 000,078,336 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._animate.pyd
MOD - [2014/11/04 08:30:41 | 000,070,656 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\wx._html2.pyd
MOD - [2014/11/04 08:30:41 | 000,045,568 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\_socket.pyd
MOD - [2014/11/04 08:30:41 | 000,038,912 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32inet.pyd
MOD - [2014/11/04 08:30:41 | 000,035,840 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32process.pyd
MOD - [2014/11/04 08:30:41 | 000,027,136 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\_multiprocessing.pyd
MOD - [2014/11/04 08:30:41 | 000,025,600 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32pdh.pyd
MOD - [2014/11/04 08:30:41 | 000,024,064 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32pipe.pyd
MOD - [2014/11/04 08:30:41 | 000,022,528 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32ts.pyd
MOD - [2014/11/04 08:30:41 | 000,018,432 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32event.pyd
MOD - [2014/11/04 08:30:41 | 000,017,408 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32profile.pyd
MOD - [2014/11/04 08:30:41 | 000,011,264 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\win32crypt.pyd
MOD - [2014/11/04 08:30:41 | 000,010,240 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\select.pyd
MOD - [2014/11/04 08:30:41 | 000,007,168 | ---- | M] () -- C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI57082\hashobjs_ext.pyd
MOD - [2014/10/21 22:05:00 | 014,902,600 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
MOD - [2014/10/21 22:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 22:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 22:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 22:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/10/15 14:48:02 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\840fbea04bccfe0279aa7fa646f387de\IAStorUtil.ni.dll
MOD - [2014/10/15 14:44:05 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/10/15 14:43:53 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b3011370dcbf33751d3b9dce8091c6c6\System.Runtime.Remoting.ni.dll
MOD - [2014/10/15 14:42:08 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/15 14:41:55 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/15 14:41:50 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/15 14:41:47 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/15 14:41:35 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/15 14:41:27 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/25 19:14:54 | 003,365,488 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/09/25 19:14:54 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/09/25 19:14:54 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/09/16 12:53:14 | 008,896,160 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/09/12 18:20:58 | 003,610,624 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/11 08:57:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\07cf963400f1454398a79308cd9ba191\IAStorCommon.ni.dll
MOD - [2014/09/11 07:47:20 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/03/03 12:14:00 | 000,253,440 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/03/03 12:13:32 | 000,231,936 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/03/03 12:13:26 | 000,344,064 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/03/03 12:13:26 | 000,117,248 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/12/10 15:06:52 | 000,026,624 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 15:06:42 | 010,683,392 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 15:06:40 | 001,681,408 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 15:06:38 | 007,741,952 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 15:06:36 | 002,248,192 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/31 20:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/06/02 07:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/27 13:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 19:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/10/01 10:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 10:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/25 19:14:54 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 20:42:18 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/17 12:03:22 | 000,046,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/12 02:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/31 18:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/05/15 16:03:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/12 19:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/09 19:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/26 05:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/08/09 10:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/09 10:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/12 18:10:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/07/12 18:10:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/07/12 18:10:28 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/07/11 16:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/28 19:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/05/20 12:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 21:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/04 08:31:11 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 10:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 10:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 20:05:46 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/12/04 20:05:46 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/29 14:55:40 | 000,640,344 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/05/25 18:38:48 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/05/25 18:30:34 | 000,027,992 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/05/24 10:34:46 | 000,172,888 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/05/12 16:13:34 | 000,054,064 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/04/13 12:54:06 | 000,458,544 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/03/27 17:34:24 | 000,030,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/09 11:16:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/09 11:16:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/10 01:32:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/05 14:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 14:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/08/03 19:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/06 19:16:40 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/06 18:34:00 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/07/06 18:33:58 | 000,052,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/06/10 19:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 19:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/02 07:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/30 18:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 13:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 13:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 11:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 07:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 05:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/20 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {45BE065F-CDE7-4E91-8FE2-BE09E9629AED}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{45BE065F-CDE7-4E91-8FE2-BE09E9629AED}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.95.149
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.0.12
FF - prefs.js..extensions.enabledAddons: %7B687578b9-7132-4a7a-80e4-30ee31099e03%7D:10.23.0.822
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.0.3382
FF - prefs.js..extensions.enabledAddons: %7B21EAF666-26B3-4a3c-ABD0-CA2F5A326744%7D:2.0.0.438
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\david.PROHEALTH1\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/07/25 11:31:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/26 00:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/26 00:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/26 00:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/07/26 00:25:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/27 10:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 33.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 33.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/05/21 07:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\david.PROHEALTH1\AppData\Roaming\mozilla\Extensions
[2014/09/24 08:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\david.PROHEALTH1\AppData\Roaming\mozilla\Firefox\Profiles\jnxem45a.default\extensions
[2013/12/17 09:05:48 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\david.PROHEALTH1\AppData\Roaming\mozilla\Firefox\Profiles\jnxem45a.default\extensions\[email protected]
[2013/06/16 07:50:17 | 000,002,100 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Roaming\mozilla\firefox\profiles\jnxem45a.default\searchplugins\MyStart.xml
[2014/09/22 07:34:58 | 000,008,074 | ---- | M] () -- C:\Users\david.PROHEALTH1\AppData\Roaming\mozilla\firefox\profiles\jnxem45a.default\searchplugins\yahoo_ff.xml
[2013/11/19 11:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/19 11:50:19 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/09/22 07:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/22 07:39:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/25 11:31:11 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2013/07/26 00:25:35 | 000,000,000 | ---D | M] (反广告) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\V-BATES\FIREFOX
File not found (No name found) -- C:\USERS\DAVID.PROHEALTH1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JNXEM45A.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\USERS\DAVID.PROHEALTH1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JNXEM45A.DEFAULT\EXTENSIONS\[email protected]
[2012/12/05 09:38:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2014/01/22 04:07:48 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: YouTube = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Logo Maker = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh\1_0\
CHR - Extension: Google Search = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Website Logon = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Google Calendar = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Safe Money = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.65_0\
CHR - Extension: Job Search = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgehfboljmhjbmmjhgbakmoocikpkeid\1.0.6_0\
CHR - Extension: LastPass Vault = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: Google Wallet = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_1\
CHR - Extension: Google Drive = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: YouTube = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Logo Maker = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh\1_0\
CHR - Extension: Google Search = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Website Logon = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: Google Calendar = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Safe Money = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.65_0\
CHR - Extension: Job Search = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgehfboljmhjbmmjhgbakmoocikpkeid\1.0.6_0\
CHR - Extension: LastPass Vault = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\
CHR - Extension: Google Wallet = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_1\
 
O1 HOSTS File: ([2012/06/17 15:11:39 | 000,000,862 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 76.233.249.100 remote.prohealth1.com
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\david.PROHEALTH1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\david.PROHEALTH1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\david.PROHEALTH1\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\david.PROHEALTH1\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: LastPass - file://C:\Users\david.PROHEALTH1\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\david.PROHEALTH1\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: prohealth1.com ([remote] https in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prohealth1.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C85C2B78-0C8E-44A6-9E38-5F769271FF3D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E834C2E9-4A3C-4A5C-BF45-90D65C6BD98B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/03 09:07:06 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\076E165C.sys
[2014/10/31 15:07:30 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\3E6A3FCD.sys
[2014/10/27 09:14:54 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\72C57966.sys
[2014/10/24 08:59:35 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\70340347.sys
[2014/10/17 08:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/15 13:56:38 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/15 13:56:07 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 13:56:07 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 13:56:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 13:55:44 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2014/10/15 13:55:44 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2014/10/15 13:55:44 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2014/10/15 13:55:44 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2014/10/15 13:55:43 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/10/15 13:55:42 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/10/15 13:55:42 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2014/10/15 13:55:42 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2014/10/15 13:55:41 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/10/15 13:55:39 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/10/15 13:55:37 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/10/15 13:55:37 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2014/10/15 13:55:37 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2014/10/15 13:55:37 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2014/10/15 13:55:36 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2014/10/15 13:55:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/10/15 13:55:35 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2014/10/15 13:55:35 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2014/10/15 13:55:35 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2014/10/15 13:55:35 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2014/10/15 13:55:35 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/10/15 13:55:34 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/10/15 13:55:34 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/10/15 13:55:34 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2014/10/15 13:55:34 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/10/15 13:55:33 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/10/15 13:55:33 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/10/15 13:55:33 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/10/15 13:55:32 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/10/15 13:55:32 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2014/10/15 13:55:32 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2014/10/15 13:55:32 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2014/10/15 13:55:32 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2014/10/15 13:55:32 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2014/10/15 13:55:31 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2014/10/15 13:55:31 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2014/10/15 13:55:31 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2014/10/15 13:55:31 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2014/10/15 13:55:30 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/10/15 13:55:30 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2014/10/15 13:55:30 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2014/10/15 13:55:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2014/10/15 13:55:30 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2014/10/15 13:55:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014/10/15 13:55:30 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2014/10/15 13:55:30 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2014/10/15 13:55:30 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014/10/15 13:55:30 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2014/10/15 13:55:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2014/10/15 13:55:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014/10/15 13:55:30 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2014/10/15 13:55:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2014/10/15 13:55:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014/10/15 13:55:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014/10/15 13:55:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014/10/15 13:55:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2014/10/15 13:55:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2014/10/15 13:55:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2014/10/15 13:55:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2014/10/15 13:55:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2014/10/15 13:55:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2014/10/15 13:55:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2014/10/15 13:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014/10/15 13:55:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014/10/15 13:55:29 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/10/15 13:55:04 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 13:54:39 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 13:54:39 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 13:54:39 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 13:54:39 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 13:54:39 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 13:54:39 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 13:54:29 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 13:54:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 13:54:29 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 13:53:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 13:53:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/15 13:53:52 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 13:53:52 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 13:53:52 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 13:53:51 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 13:51:46 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 13:51:46 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 13:51:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 13:51:46 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 13:51:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 13:51:45 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 13:51:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/10/15 13:51:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/10/15 13:51:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/10/15 13:51:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/10/15 13:51:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 13:51:44 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 13:51:44 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 13:51:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 13:51:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 13:51:44 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 13:51:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 13:51:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 13:51:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 13:51:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 13:51:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/17 09:05:47 | 013,024,768 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/04 08:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/04 08:42:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA.job
[2014/11/04 08:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/04 08:34:52 | 000,835,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/04 08:34:52 | 000,702,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/04 08:34:52 | 000,134,976 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/04 08:34:35 | 000,047,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/04 08:34:35 | 000,047,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/04 08:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA.job
[2014/11/04 08:31:11 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/04 08:30:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/04 08:30:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2014/11/04 08:27:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/04 08:26:57 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/04 08:25:00 | 000,000,538 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144.job
[2014/11/04 04:00:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy -  Scheduled Task.job
[2014/11/03 13:42:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36.job
[2014/11/03 09:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core.job
[2014/11/03 09:07:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\076E165C.sys
[2014/10/31 15:07:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\3E6A3FCD.sys
[2014/10/29 13:49:46 | 001,908,603 | ---- | M] () -- C:\Users\david.PROHEALTH1\Desktop\letter and title.pdf
[2014/10/27 09:14:54 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\72C57966.sys
[2014/10/24 08:59:35 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\70340347.sys
[2014/10/17 08:05:48 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/15 14:36:38 | 000,493,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/09 20:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/09 20:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/09 20:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/07 10:50:59 | 000,363,928 | ---- | M] () -- C:\Users\david.PROHEALTH1\Desktop\Texas Executive Search.pdf
 
========== Files Created - No Company Name ==========
 
[2014/10/29 13:49:46 | 001,908,603 | ---- | C] () -- C:\Users\david.PROHEALTH1\Desktop\letter and title.pdf
[2014/10/07 10:50:59 | 000,363,928 | ---- | C] () -- C:\Users\david.PROHEALTH1\Desktop\Texas Executive Search.pdf
[2014/01/06 14:58:08 | 000,007,597 | ---- | C] () -- C:\Users\david.PROHEALTH1\AppData\Local\Resmon.ResmonCfg
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/06/13 16:16:11 | 000,000,772 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/06/13 16:16:11 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/06/13 16:15:32 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/06/13 16:15:32 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/06/13 16:15:32 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/05/23 10:41:47 | 000,000,892 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/09 14:50:50 | 000,001,876 | RHS- | C] () -- C:\Users\david.PROHEALTH1\ntuser.pol
[2012/05/09 14:50:15 | 000,048,776 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

If you still need assistance, please follow the instructions below to provide two more logs.

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.

2. Right click to run as administrator. When the tool opens click Yes to disclaimer.

3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
qfwm2001

qfwm2001

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello Brian,
 
Thank you for helping.  I read and followed your instruction.  The only thing I am unclear on is if I should attach the log or copy and paste the contents.  I obviously chose to the latter.  Let me know if I should attach
 
See below:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by david (administrator) on DM on 06-11-2014 08:18:51
Running from C:\Users\david.PROHEALTH1\Desktop
Loaded Profile: david (Available profiles: david & David & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Dropbox, Inc.) C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6240536 2013-07-22] (Piriform Ltd)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [MusicManager] => C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [uTorrent] => C:\Users\david.PROHEALTH1\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\david.PROHEALTH1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - DefaultScope {45BE065F-CDE7-4E91-8FE2-BE09E9629AED} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {45BE065F-CDE7-4E91-8FE2-BE09E9629AED} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 76.233.249.100 remote.prohealth1.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\david.PROHEALTH1\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\searchplugins\yahoo_ff.xml
FF Extension: LastPass - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\Extensions\[email protected] [2013-06-14]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 卡巴斯基网址顾问 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 安全键盘 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]om
FF Extension: 反广告 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 安全支付 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [Not Found]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-24]
CHR Extension: (YouTube) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Logo Maker) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh [2014-11-04]
CHR Extension: (Google Search) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-17]
CHR Extension: (Website Logon) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-10-27]
CHR Extension: (Google Calendar) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-11-04]
CHR Extension: (Safe Money) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-11-04]
CHR Extension: (Job Search) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgehfboljmhjbmmjhgbakmoocikpkeid [2014-11-04]
CHR Extension: (LastPass Vault) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]
CHR Extension: (Gmail) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
CHR Extension: (Anti-Banner) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-03]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\DAVID~1.PRO\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-08]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-06-03]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-06-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-06-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 08:15 - 2014-11-06 08:19 - 00030760 _____ () C:\Users\david.PROHEALTH1\Desktop\FRST.txt
2014-11-06 08:11 - 2014-11-06 08:19 - 00000000 ____D () C:\FRST
2014-11-06 08:10 - 2014-11-06 08:10 - 02114560 _____ (Farbar) C:\Users\david.PROHEALTH1\Desktop\FRST64.exe
2014-11-05 14:10 - 2014-11-05 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\72011B05.sys
2014-11-04 13:04 - 2014-11-04 13:05 - 04890736 _____ (Piriform Ltd) C:\Users\david.PROHEALTH1\Downloads\spsetup126.exe
2014-11-03 09:07 - 2014-11-03 09:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\076E165C.sys
2014-10-31 15:07 - 2014-10-31 15:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3E6A3FCD.sys
2014-10-28 08:53 - 2014-10-28 08:53 - 04362512 _____ (Piriform Ltd) C:\Users\david.PROHEALTH1\Downloads\dfsetup218.exe
2014-10-27 09:14 - 2014-10-27 09:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\72C57966.sys
2014-10-24 14:06 - 2014-10-24 14:06 - 00152601 _____ () C:\Users\david.PROHEALTH1\Downloads\838398.htm
2014-10-24 08:59 - 2014-10-24 08:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\70340347.sys
2014-10-23 15:24 - 2014-10-23 15:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\david.PROHEALTH1\Downloads\mbam_premium.exe
2014-10-17 08:03 - 2014-10-17 08:04 - 00638888 _____ (Oracle Corporation) C:\Users\david.PROHEALTH1\Downloads\chromeinstall-8u25.exe
2014-10-15 13:56 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:56 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:56 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:56 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:56 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:56 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:55 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:55 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:55 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:55 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:55 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:55 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:55 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:55 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:55 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:55 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:55 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:55 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:55 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:55 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:55 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:55 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:55 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:55 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:55 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:55 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:55 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:55 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:55 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:55 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:55 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:55 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:55 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:55 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:55 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:55 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:55 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:55 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:55 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:55 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:55 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:55 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:55 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:54 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:54 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:54 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:54 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:54 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:53 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:53 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 13:53 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:53 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:53 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:53 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:51 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:51 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:51 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:51 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:51 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:51 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:51 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:51 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:51 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:51 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:51 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-10 20:21 - 2014-11-06 04:24 - 01440832 _____ () C:\Windows\WindowsUpdate.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 07:54 - 2012-06-04 16:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 07:42 - 2013-11-12 15:07 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA.job
2014-11-06 07:42 - 2012-06-04 16:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 07:32 - 2012-04-24 08:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA.job
2014-11-06 07:30 - 2013-07-25 23:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-06 07:25 - 2014-03-14 07:09 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144.job
2014-11-06 05:57 - 2014-09-22 12:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 04:00 - 2012-06-09 09:42 - 00000300 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-11-05 19:54 - 2012-06-04 16:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 16:49 - 2012-06-17 14:54 - 00000000 ____D () C:\Users\david.PROHEALTH1\AppData\Roaming\uTorrent
2014-11-05 14:14 - 2012-05-09 14:51 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{95CBCD47-F49B-4D87-AFA3-A98A54D28B2F}
2014-11-05 13:42 - 2013-07-12 14:37 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36.job
2014-11-05 10:54 - 2012-04-25 13:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-05 09:32 - 2012-04-24 08:27 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core.job
2014-11-04 14:55 - 2012-06-04 16:46 - 00000000 ___RD () C:\Users\david.PROHEALTH1\Google Drive
2014-11-04 14:55 - 2012-06-04 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 13:33 - 2009-07-13 22:45 - 00047808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 13:33 - 2009-07-13 22:45 - 00047808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 13:27 - 2009-07-13 23:13 - 00835036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 13:24 - 2014-01-06 13:29 - 00000340 _____ () C:\Windows\Tasks\dsmonitor.job
2014-11-04 13:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 13:05 - 2013-09-19 10:41 - 00000000 ____D () C:\Program Files\Speccy
2014-11-03 08:27 - 2012-05-09 15:19 - 00000000 ____D () C:\Users\david.PROHEALTH1\AppData\Local\CrashDumps
2014-10-30 13:17 - 2013-07-31 13:35 - 00000000 ____D () C:\Users\david.PROHEALTH1\Documents\Outlook Files
2014-10-28 08:53 - 2013-07-25 12:46 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 08:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-24 07:44 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-23 15:25 - 2014-09-22 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 15:25 - 2014-09-22 12:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 18:55 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-21 18:49 - 2012-06-04 16:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 18:49 - 2012-06-04 16:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 07:41 - 2013-07-25 12:01 - 00000000 ___RD () C:\Users\david.PROHEALTH1\Desktop\David's Files
2014-10-17 08:34 - 2014-02-06 19:39 - 00000000 ____D () C:\Users\david.PROHEALTH1\Desktop\Denise
2014-10-17 08:05 - 2014-08-05 07:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 08:05 - 2014-08-05 07:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 08:05 - 2013-11-20 11:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 15:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 14:44 - 2007-01-01 19:25 - 00000000 ____D () C:\Windows\Panther
2014-10-15 14:36 - 2009-07-13 22:45 - 00493624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 14:34 - 2014-04-23 09:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 14:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 14:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 14:31 - 2013-07-25 16:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-15 14:31 - 2012-04-25 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 14:31 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2014-10-15 14:15 - 2013-07-12 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 13:59 - 2012-04-25 16:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 13:21 - 2013-01-27 16:22 - 00000000 ___RD () C:\Users\david.PROHEALTH1\Dropbox
 
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\david.PROHEALTH1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvx6h7r.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 00:00
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by david at 2014-11-06 08:19:25
Running from C:\Users\david.PROHEALTH1\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8690DW (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.12.1 - Uniblue Systems Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FileMaker Pro 10 Advanced (HKLM-x32\...\{FF81EC2D-BD14-4865-BA3B-D037220AB017}) (Version: 10.0.3.0 - FileMaker, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
join.me (HKCU\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.0.3370 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
21-10-2014 08:26:01 Windows Update
27-10-2014 14:26:40 Windows Update
31-10-2014 10:45:44 Windows Update
04-11-2014 10:56:46 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2012-06-17 15:11 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts
76.233.249.100 remote.prohealth1.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D01EECE-11EC-472E-B4D0-8DB01182AC6D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {10F7350A-82E8-408E-B898-B6E93BA376CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {11EA21CE-1513-4E77-A247-56414AB235FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
Task: {26BA1FE6-3CF1-45E6-974B-C3B87EA016DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09] (Google Inc.)
Task: {332916D2-0929-4F34-B13C-6B36488A42E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {3D0A7A88-B534-46E8-B5DF-29DE87E6333A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {45119B7D-64EF-475D-99DD-0F05418EE7C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {498D05EB-75FE-473D-9C5B-D2A00B521B56} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {61385079-AEB8-465A-9875-A971942C3947} - System32\Tasks\Games\UpdateCheck_S-1-5-21-785299455-4106920700-1611061552-1000
Task: {6E321285-67AD-4AC1-839C-AC117744B252} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {74B0028A-D6A8-4650-8D89-3124A01CE7BD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7718CC5A-E2C0-4882-B472-EF2F382315C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-230968282-3390652312-1418619507-1144 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7B0A1970-341C-4CCD-A150-3E5A6AA98418} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
Task: {7E16284C-4BAA-4A05-A9EB-EF6DB9F388FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {7F7BD766-C97A-4809-8687-2E55CC2AFE53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {85A44D59-79CF-42B1-A9FA-5846A6D104FD} - System32\Tasks\{B3E03BE9-1621-42C3-81C5-594F5ABC1B4C} => Chrome.exe http://ui.skype.com/...#38;page=tsMain
Task: {94B7AEA9-4B33-4756-A41C-7E92C4ADF45D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A08FABA8-4CDD-4240-8377-C3809AD56E49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {B12FD100-0E8B-4178-86CD-33C17716DA40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B1855F53-C359-4C73-B0F6-368A099E6EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {B2B0BCDC-3328-4D2C-9628-9383B36BDD6F} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-12-17] (Uniblue Systems Ltd)
Task: {BD6EBD51-ABAB-4177-81F6-15BC503533C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36 => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09] (Google Inc.)
Task: {C28F4BF0-B781-4579-BF73-5962F1ECDD4D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C9A90D98-27CF-4CA2-BD16-374EC91A96B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {CE30113D-ED35-4756-9218-11C63F7E5170} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {D11A0583-280C-42F6-8A32-3D155E01D7DD} - System32\Tasks\{6C571785-2D00-4DED-B50E-3FCA37D4923F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {D8DCC58C-37B5-477E-AA48-3136B8041DFC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DC2D4A05-20B8-4927-BA04-C1AE5005F823} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-230968282-3390652312-1418619507-1144 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EC3E81A4-F3A0-4219-B355-B67E989E5D75} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PROHEALTH1-david DM.prohealth1.local => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {F43A3D55-CE7B-4DFA-BE2F-84C98BD04A66} - System32\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144 => C:\Program Files (x86)\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-10-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F6F4847B-03FC-486C-9CDA-10FC45FD9D9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144.job => C:\Program Files (x86)\Citrix\GoToMeeting\1767\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36.job => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA.job => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 22:07 - 2011-07-27 22:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-06-24 14:59 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2012-01-09 18:03 - 2011-08-10 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 22:07 - 2011-07-27 22:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-09-16 12:52 - 2014-09-16 12:52 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-31 17:58 - 2012-05-31 17:58 - 00072632 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
2012-05-31 17:57 - 2012-05-31 17:57 - 01305016 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-10-15 14:48 - 2014-10-15 14:48 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-01-09 18:03 - 2011-05-20 12:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-16 12:53 - 2014-09-16 12:53 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 10683392 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 07741952 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 02248192 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 01681408 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-03-03 12:13 - 2014-03-03 12:13 - 00117248 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-03-03 12:13 - 2014-03-03 12:13 - 00231936 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-03-03 12:14 - 2014-03-03 12:14 - 00253440 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-03-03 12:13 - 2014-03-03 12:13 - 00344064 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 00026624 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-06-13 16:15 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-04 13:25 - 2014-11-04 13:25 - 00043008 _____ () c:\users\david~1.pro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvx6h7r.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-09-25 19:14 - 2014-09-25 19:14 - 03365488 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-09-25 19:14 - 2014-09-25 19:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-09-25 19:14 - 2014-09-25 19:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-11-04 14:55 - 2014-11-04 14:55 - 00098816 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32api.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00110080 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\pywintypes27.dll
2014-11-04 14:55 - 2014-11-04 14:55 - 00364544 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\pythoncom27.dll
2014-11-04 14:55 - 2014-11-04 14:55 - 00045568 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\_socket.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 01160704 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\_ssl.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00320512 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32com.shell.shell.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00713216 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\_hashlib.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 01175040 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._core_.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00805888 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._gdi_.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00811008 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._windows_.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 01062400 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._controls_.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00735232 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._misc_.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00128512 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\_elementtree.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00127488 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\pyexpat.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00557056 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\pysqlite2._sqlite.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00087552 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\_ctypes.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00119808 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32file.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00108544 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32security.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00007168 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\hashobjs_ext.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00167936 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32gui.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00018432 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32event.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00038912 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32inet.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00011264 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32crypt.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00070656 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._html2.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00027136 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\_multiprocessing.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00035840 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32process.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00686080 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\unicodedata.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00122368 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._wizard.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00024064 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32pipe.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00025600 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32pdh.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00525640 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\windows._lib_cacheinvalidation.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00010240 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\select.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00017408 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32profile.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00022528 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\win32ts.pyd
2014-11-04 14:55 - 2014-11-04 14:55 - 00078336 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53922\wx._animate.pyd
2013-05-11 04:37 - 2013-05-11 04:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-10-27 22:56 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^david.PROHEALTH1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^david.PROHEALTH1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Google Update => "C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: MusicManager => "C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SignIn => "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-785299455-4106920700-1611061552-500 - Administrator - Disabled)
David (S-1-5-21-785299455-4106920700-1611061552-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-785299455-4106920700-1611061552-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2014 04:26:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/06/2014 01:13:45 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (11/05/2014 02:06:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/04/2014 11:55:18 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (11/04/2014 01:24:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/">.
 
Error: (11/04/2014 01:21:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 08:30:58 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/">.
 
Error: (11/04/2014 08:27:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 00:19:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/03/2014 11:27:51 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
 
System errors:
=============
Error: (11/06/2014 08:01:37 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/06/2014 08:00:05 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/06/2014 05:24:56 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PROHEALTH1 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/06/2014 01:32:09 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (11/06/2014 01:24:30 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PROHEALTH1 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/05/2014 09:24:11 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PROHEALTH1 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/05/2014 05:23:47 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PROHEALTH1 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/05/2014 02:00:48 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: PROHEALTH1)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/05/2014 01:51:50 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/05/2014 01:29:36 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
 
Microsoft Office Sessions:
=========================
Error: (11/06/2014 04:26:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/06/2014 01:13:45 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (11/05/2014 02:06:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/04/2014 11:55:18 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (11/04/2014 01:24:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/
 
Error: (11/04/2014 01:21:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 08:30:58 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/
 
Error: (11/04/2014 08:27:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 00:19:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/03/2014 11:27:51 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-08 10:14:40.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:14:35.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:14:29.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:12:19.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:12:14.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:39.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:34.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:29.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:24.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:02:51.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 61%
Total physical RAM: 8139.86 MB
Available physical RAM: 3159.75 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 10444.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:674.18 GB) (Free:496.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.29 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4A73C3CB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=674.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

That was the correct choice. :spoton:  I'll review your logs now. Thanks.


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

There are a few remnants to clean up but nothing major that I see. You mentioned that when you open task manager that you saw 15+ chrome processes. I wanted to ensure that you were aware that you will see a chrome process for every tab that you have open in Google Chrome. Is it possible you had 15 tabs open in Chrome?

 

Please follow the steps below. You should temporarily disable your Antivirus before performing the steps and then re-enable your AV when you are done. Instructions for doing this can be found here.

 

Step#1 - Warnings

 

CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

 

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): uTorrent

To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

uTorrent (Optional)
DriverScanner (Optional)
Internet Explorer Toolbar 4.7 by SweetPacks
Java 7 Update 67

 

 

Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.66KB   35 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. Answer regarding the multiple Chrome processes and having tabs open

2. FRST Fix log

3. Adwcleaner log
4. FRST and Addition logs


  • 0

#6
qfwm2001

qfwm2001

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hello,  Thank you again for helping.

 

I noticed the Chrome processes with it completely closed.  That was why I was concerned.  I will pay closer attention.

 

I chose to keep P2P, and unistall the rest.  I ran into an issue trying to unistall the internet explorer toolbar.  The warning said something about permissions.

 

Here is the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by david at 2014-11-06 12:35:17 Run:1
Running from C:\Users\david.PROHEALTH1\Desktop
Loaded Profile: david (Available profiles: david & David & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SearchEngineOrder.1: Search the web (Babylon)
FF SearchPlugin: C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\searchplugins\MyStart.xml
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [Not Found]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
2014-11-06 04:00 - 2012-06-09 09:42 - 00000300 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
Task: {498D05EB-75FE-473D-9C5B-D2A00B521B56} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
FF user.js: detected! => C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\user.js
C:\Program Files (x86)\Spybot
EmptyTemp:
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-230968282-3390652312-1418619507-1144\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\searchplugins\MyStart.xml => Moved successfully.
C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\[email protected] not found.
C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\[email protected] not found.
C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
C:\Program Files\V-bates\Firefox not found.
C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{498D05EB-75FE-473D-9C5B-D2A00B521B56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{498D05EB-75FE-473D-9C5B-D2A00B521B56}" => Key deleted successfully.
C:\Windows\System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Spybot - Search & Destroy -  Scheduled Task" => Key deleted successfully.
C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job not found.
C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\user.js => Moved successfully.
"C:\Program Files (x86)\Spybot" => File/Directory not found.
EmptyTemp: => Removed 755.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Adwcleaner log:
# AdwCleaner v3.311 - Report created 06/11/2014 at 13:15:15
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : david - DM
# Running from : C:\Users\david.PROHEALTH1\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
File Deleted : C:\Windows\System32\ImhxxpComm.dll
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B01F3F08771A494439EC8990D0180939
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
-\\ Google Chrome v38.0.2125.111
 
*************************
 
AdwCleaner[R0].txt - [6763 octets] - [06/11/2014 13:14:13]
AdwCleaner[S0].txt - [6607 octets] - [06/11/2014 13:15:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6667 octets] ##########
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by david (administrator) on DM on 06-11-2014 13:24:33
Running from C:\Users\david.PROHEALTH1\Desktop
Loaded Profile: david (Available profiles: david & David & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6240536 2013-07-22] (Piriform Ltd)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [MusicManager] => C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-230968282-3390652312-1418619507-1144\...\Run: [uTorrent] => C:\Users\david.PROHEALTH1\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\david.PROHEALTH1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
SearchScopes: HKLM - {0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {0FE48ACD-12FC-49C1-9DAB-02D7C78B07CD} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {45BE065F-CDE7-4E91-8FE2-BE09E9629AED} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 76.233.249.100 remote.prohealth1.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\david.PROHEALTH1\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\searchplugins\yahoo_ff.xml
FF Extension: LastPass - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\Extensions\[email protected] [2013-06-14]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 卡巴斯基网址顾问 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 安全键盘 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 反广告 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: 安全支付 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013-07-25]
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\cros[email protected] [Not Found]
FF Extension: No Name - C:\Users\david.PROHEALTH1\AppData\Roaming\Mozilla\Firefox\Profiles\jnxem45a.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [Not Found]
FF Extension: No Name - C:\Program Files\V-bates\Firefox [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-24]
CHR Extension: (YouTube) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-06]
CHR Extension: (Logo Maker) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciojdpgahhgdpmlhnocojjfhkfdmemdh [2014-11-06]
CHR Extension: (Google Search) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-06]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-17]
CHR Extension: (Website Logon) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2014-10-27]
CHR Extension: (Google Calendar) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-11-06]
CHR Extension: (Safe Money) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-11-06]
CHR Extension: (Job Search) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgehfboljmhjbmmjhgbakmoocikpkeid [2014-11-06]
CHR Extension: (LastPass Vault) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]
CHR Extension: (Gmail) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-06]
CHR Extension: (Anti-Banner) - C:\Users\david.PROHEALTH1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-03]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\DAVID~1.PRO\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-08]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-06-03]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-06-03]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-06-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [218880 2012-05-31] (Kaspersky Lab ZAO)
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [85336 2012-05-29] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [640344 2012-05-29] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\5E683C67.sys [129752 2014-11-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 13:23 - 2014-11-06 13:23 - 00006863 _____ () C:\Users\david.PROHEALTH1\Desktop\AdwCleaner[S0].txt
2014-11-06 13:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-06 13:12 - 2014-11-06 13:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5E683C67.sys
2014-11-06 13:12 - 2014-11-06 13:15 - 00000000 ____D () C:\AdwCleaner
2014-11-06 13:12 - 2014-11-06 13:12 - 01375089 _____ () C:\Users\david.PROHEALTH1\Desktop\AdwCleaner.exe
2014-11-06 08:19 - 2014-11-06 08:20 - 00050966 _____ () C:\Users\david.PROHEALTH1\Desktop\Addition.txt
2014-11-06 08:15 - 2014-11-06 13:25 - 00028553 _____ () C:\Users\david.PROHEALTH1\Desktop\FRST.txt
2014-11-06 08:11 - 2014-11-06 13:24 - 00000000 ____D () C:\FRST
2014-11-06 08:10 - 2014-11-06 08:10 - 02114560 _____ (Farbar) C:\Users\david.PROHEALTH1\Desktop\FRST64.exe
2014-11-05 14:10 - 2014-11-05 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\72011B05.sys
2014-11-04 13:04 - 2014-11-04 13:05 - 04890736 _____ (Piriform Ltd) C:\Users\david.PROHEALTH1\Downloads\spsetup126.exe
2014-11-03 09:07 - 2014-11-03 09:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\076E165C.sys
2014-10-31 15:07 - 2014-10-31 15:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3E6A3FCD.sys
2014-10-28 08:53 - 2014-10-28 08:53 - 04362512 _____ (Piriform Ltd) C:\Users\david.PROHEALTH1\Downloads\dfsetup218.exe
2014-10-27 09:14 - 2014-10-27 09:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\72C57966.sys
2014-10-24 14:06 - 2014-10-24 14:06 - 00152601 _____ () C:\Users\david.PROHEALTH1\Downloads\838398.htm
2014-10-24 08:59 - 2014-10-24 08:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\70340347.sys
2014-10-23 15:24 - 2014-10-23 15:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\david.PROHEALTH1\Downloads\mbam_premium.exe
2014-10-17 08:03 - 2014-10-17 08:04 - 00638888 _____ (Oracle Corporation) C:\Users\david.PROHEALTH1\Downloads\chromeinstall-8u25.exe
2014-10-15 13:56 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 13:56 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 13:56 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 13:56 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 13:56 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 13:56 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 13:56 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 13:55 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 13:55 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 13:55 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 13:55 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 13:55 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 13:55 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 13:55 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 13:55 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 13:55 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 13:55 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 13:55 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 13:55 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 13:55 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 13:55 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 13:55 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 13:55 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 13:55 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 13:55 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 13:55 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 13:55 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 13:55 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 13:55 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 13:55 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 13:55 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 13:55 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 13:55 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 13:55 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 13:55 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 13:55 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 13:55 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 13:55 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 13:55 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 13:55 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 13:55 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 13:55 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 13:55 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 13:55 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 13:55 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 13:55 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 13:54 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 13:54 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 13:54 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 13:54 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 13:54 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 13:54 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 13:53 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 13:53 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 13:53 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 13:53 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 13:53 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 13:53 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 13:51 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 13:51 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 13:51 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 13:51 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 13:51 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 13:51 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 13:51 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 13:51 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 13:51 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 13:51 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 13:51 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 13:51 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 13:51 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-10 20:21 - 2014-11-06 13:21 - 01456204 _____ () C:\Windows\WindowsUpdate.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-06 13:23 - 2009-07-13 22:45 - 00047808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 13:23 - 2009-07-13 22:45 - 00047808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 13:22 - 2012-06-17 14:54 - 00000000 ____D () C:\Users\david.PROHEALTH1\AppData\Roaming\uTorrent
2014-11-06 13:22 - 2009-07-13 23:13 - 00835036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 13:20 - 2013-07-25 23:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-06 13:19 - 2012-06-04 16:46 - 00000000 ___RD () C:\Users\david.PROHEALTH1\Google Drive
2014-11-06 13:19 - 2012-06-04 16:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 13:16 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 13:13 - 2014-03-14 07:09 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144.job
2014-11-06 12:54 - 2012-06-04 16:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 12:42 - 2013-11-12 15:07 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA.job
2014-11-06 12:42 - 2012-06-04 16:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 12:39 - 2014-09-22 12:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 12:32 - 2014-08-05 07:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-06 12:32 - 2012-04-24 08:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA.job
2014-11-06 10:44 - 2012-05-09 14:51 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{95CBCD47-F49B-4D87-AFA3-A98A54D28B2F}
2014-11-06 09:32 - 2012-04-24 08:27 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core.job
2014-11-06 09:25 - 2014-03-14 07:09 - 00003572 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144
2014-11-05 13:42 - 2013-07-12 14:37 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36.job
2014-11-05 10:54 - 2012-04-25 13:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-04 14:55 - 2012-06-04 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 13:05 - 2013-09-19 10:41 - 00000000 ____D () C:\Program Files\Speccy
2014-11-03 08:27 - 2012-05-09 15:19 - 00000000 ____D () C:\Users\david.PROHEALTH1\AppData\Local\CrashDumps
2014-10-30 13:17 - 2013-07-31 13:35 - 00000000 ____D () C:\Users\david.PROHEALTH1\Documents\Outlook Files
2014-10-28 08:53 - 2013-07-25 12:46 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 08:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-24 07:44 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-23 15:25 - 2014-09-22 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-23 15:25 - 2014-09-22 12:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 18:55 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-21 18:49 - 2012-06-04 16:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 18:49 - 2012-06-04 16:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 07:41 - 2013-07-25 12:01 - 00000000 ___RD () C:\Users\david.PROHEALTH1\Desktop\David's Files
2014-10-17 08:34 - 2014-02-06 19:39 - 00000000 ____D () C:\Users\david.PROHEALTH1\Desktop\Denise
2014-10-17 08:05 - 2014-08-05 07:26 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 08:05 - 2014-08-05 07:26 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 08:05 - 2014-08-05 07:26 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 08:05 - 2014-08-05 07:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 08:05 - 2013-11-20 11:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 15:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 14:44 - 2007-01-01 19:25 - 00000000 ____D () C:\Windows\Panther
2014-10-15 14:36 - 2009-07-13 22:45 - 00493624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 14:34 - 2014-04-23 09:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 14:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 14:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 14:31 - 2013-07-25 16:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-15 14:31 - 2012-04-25 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 14:31 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2014-10-15 14:15 - 2013-07-12 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 13:59 - 2012-04-25 16:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 13:21 - 2013-01-27 16:22 - 00000000 ___RD () C:\Users\david.PROHEALTH1\Dropbox
 
Some content of TEMP:
====================
C:\Users\david.PROHEALTH1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqx7_l.dll
C:\Users\david.PROHEALTH1\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 00:00
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by david at 2014-11-06 13:26:03
Running from C:\Users\david.PROHEALTH1\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8690DW (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FileMaker Pro 10 Advanced (HKLM-x32\...\{FF81EC2D-BD14-4865-BA3B-D037220AB017}) (Version: 10.0.3.0 - FileMaker, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
join.me (HKCU\...\JoinMe) (Version: 1.17.0.131 - LogMeIn, Inc.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.0.3370 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.0.3370 - Kaspersky Lab) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 4.2.0.4 (HKLM-x32\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-230968282-3390652312-1418619507-1144_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
21-10-2014 08:26:01 Windows Update
27-10-2014 14:26:40 Windows Update
31-10-2014 10:45:44 Windows Update
04-11-2014 10:56:46 Windows Update
06-11-2014 18:31:01 Removed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2012-06-17 15:11 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts
76.233.249.100 remote.prohealth1.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D01EECE-11EC-472E-B4D0-8DB01182AC6D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {10F7350A-82E8-408E-B898-B6E93BA376CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {11EA21CE-1513-4E77-A247-56414AB235FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
Task: {26BA1FE6-3CF1-45E6-974B-C3B87EA016DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09] (Google Inc.)
Task: {332916D2-0929-4F34-B13C-6B36488A42E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {3D0A7A88-B534-46E8-B5DF-29DE87E6333A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {45119B7D-64EF-475D-99DD-0F05418EE7C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04] (Google Inc.)
Task: {61385079-AEB8-465A-9875-A971942C3947} - System32\Tasks\Games\UpdateCheck_S-1-5-21-785299455-4106920700-1611061552-1000
Task: {6E321285-67AD-4AC1-839C-AC117744B252} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {74B0028A-D6A8-4650-8D89-3124A01CE7BD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7718CC5A-E2C0-4882-B472-EF2F382315C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-230968282-3390652312-1418619507-1144 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7B0A1970-341C-4CCD-A150-3E5A6AA98418} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
Task: {7E16284C-4BAA-4A05-A9EB-EF6DB9F388FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {7F7BD766-C97A-4809-8687-2E55CC2AFE53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {85A44D59-79CF-42B1-A9FA-5846A6D104FD} - System32\Tasks\{B3E03BE9-1621-42C3-81C5-594F5ABC1B4C} => Chrome.exe http://ui.skype.com/...#38;page=tsMain
Task: {94B7AEA9-4B33-4756-A41C-7E92C4ADF45D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A08FABA8-4CDD-4240-8377-C3809AD56E49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {B12FD100-0E8B-4178-86CD-33C17716DA40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B1855F53-C359-4C73-B0F6-368A099E6EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {BD6EBD51-ABAB-4177-81F6-15BC503533C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36 => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-09] (Google Inc.)
Task: {C28F4BF0-B781-4579-BF73-5962F1ECDD4D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C9A90D98-27CF-4CA2-BD16-374EC91A96B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {CE30113D-ED35-4756-9218-11C63F7E5170} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {D11A0583-280C-42F6-8A32-3D155E01D7DD} - System32\Tasks\{6C571785-2D00-4DED-B50E-3FCA37D4923F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {D8DCC58C-37B5-477E-AA48-3136B8041DFC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DC2D4A05-20B8-4927-BA04-C1AE5005F823} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-230968282-3390652312-1418619507-1144 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EC3E81A4-F3A0-4219-B355-B67E989E5D75} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PROHEALTH1-david DM.prohealth1.local => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {F43A3D55-CE7B-4DFA-BE2F-84C98BD04A66} - System32\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144 => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-06] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F6F4847B-03FC-486C-9CDA-10FC45FD9D9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-230968282-3390652312-1418619507-1144.job => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144Core1ce7f3f9f55cb36.job => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230968282-3390652312-1418619507-1144UA.job => C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000Core.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-785299455-4106920700-1611061552-1000UA.job => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 22:07 - 2011-07-27 22:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-06-24 14:59 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-09-16 12:52 - 2014-09-16 12:52 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-01-09 18:03 - 2011-08-10 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 22:07 - 2011-07-27 22:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-31 17:58 - 2012-05-31 17:58 - 00072632 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\vulnerability_status_provider.dll
2012-05-31 17:57 - 2012-05-31 17:57 - 01305016 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-10-15 14:48 - 2014-10-15 14:48 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-01-09 18:03 - 2011-05-20 12:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-16 12:53 - 2014-09-16 12:53 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 10683392 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 07741952 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 02248192 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 01681408 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-03-03 12:13 - 2014-03-03 12:13 - 00117248 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-03-03 12:13 - 2014-03-03 12:13 - 00231936 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-03-03 12:14 - 2014-03-03 12:14 - 00253440 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-03-03 12:13 - 2014-03-03 12:13 - 00344064 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 15:06 - 2013-12-10 15:06 - 00026624 _____ () C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-11-06 13:20 - 2014-11-06 13:20 - 00043008 _____ () c:\users\david~1.pro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqx7_l.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\david.PROHEALTH1\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-06 13:19 - 2014-11-06 13:19 - 00098816 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32api.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00110080 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\pywintypes27.dll
2014-11-06 13:19 - 2014-11-06 13:19 - 00364544 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\pythoncom27.dll
2014-11-06 13:19 - 2014-11-06 13:19 - 00045568 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\_socket.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 01160704 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\_ssl.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00320512 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32com.shell.shell.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00713216 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\_hashlib.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 01175040 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._core_.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00805888 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._gdi_.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00811008 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._windows_.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 01062400 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._controls_.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00735232 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._misc_.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00128512 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\_elementtree.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00127488 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\pyexpat.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00557056 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\pysqlite2._sqlite.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00087552 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\_ctypes.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00119808 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32file.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00108544 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32security.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00007168 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\hashobjs_ext.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00167936 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32gui.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00018432 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32event.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00038912 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32inet.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00011264 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32crypt.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00070656 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._html2.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00027136 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\_multiprocessing.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00035840 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32process.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00686080 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\unicodedata.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00122368 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._wizard.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00024064 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32pipe.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00025600 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32pdh.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00525640 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\windows._lib_cacheinvalidation.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00010240 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\select.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00017408 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32profile.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00022528 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\win32ts.pyd
2014-11-06 13:19 - 2014-11-06 13:19 - 00078336 _____ () C:\Users\DAVID~1.PRO\AppData\Local\Temp\_MEI53482\wx._animate.pyd
2013-06-13 16:15 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 22:56 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-09-25 19:14 - 2014-09-25 19:14 - 03365488 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-09-25 19:14 - 2014-09-25 19:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-09-25 19:14 - 2014-09-25 19:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-10-27 22:56 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^david.PROHEALTH1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^david.PROHEALTH1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Google Update => "C:\Users\david.PROHEALTH1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: MusicManager => "C:\Users\david.PROHEALTH1\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SignIn => "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-785299455-4106920700-1611061552-500 - Administrator - Disabled)
David (S-1-5-21-785299455-4106920700-1611061552-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-785299455-4106920700-1611061552-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2014 01:19:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/">.
 
Error: (11/06/2014 01:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 00:41:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/">.
 
Error: (11/06/2014 00:37:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 04:26:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/06/2014 01:13:45 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (11/05/2014 02:06:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/04/2014 11:55:18 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (11/04/2014 01:24:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/">.
 
Error: (11/04/2014 01:21:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/06/2014 01:19:24 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (11/06/2014 01:19:15 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: PROHEALTH1)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/06/2014 01:17:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/06/2014 01:16:30 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (11/06/2014 01:16:24 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PROHEALTH1 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/06/2014 01:08:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/06/2014 00:40:34 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (11/06/2014 00:39:48 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: PROHEALTH1)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/06/2014 00:38:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/06/2014 00:37:54 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
Error: (11/06/2014 01:19:32 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/
 
Error: (11/06/2014 01:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 00:41:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/
 
Error: (11/06/2014 00:37:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/06/2014 04:26:07 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/06/2014 01:13:45 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (11/05/2014 02:06:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (11/04/2014 11:55:18 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
 
Error: (11/04/2014 01:24:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-230968282-3390652312-1418619507-1144}/
 
Error: (11/04/2014 01:21:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-08 10:14:40.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:14:35.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:14:29.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:12:19.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:12:14.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:39.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:34.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:29.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:03:24.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-08 10:02:51.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8139.86 MB
Available physical RAM: 5153.19 MB
Total Pagefile: 16277.9 MB
Available Pagefile: 12887.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:674.18 GB) (Free:497.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.29 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4A73C3CB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=674.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Things look good. How's your machine doing now?

 

A couple final things to clean up and check for and then we'll be all set. Please do the following.

 

Step#1 - Disable Windows Defender
Since you have an alternate program for spyware protection, you should disable Windows Defender to avoid conflicts. Instructions for doing this are here.

 

Step#2 - Remove References to Firefox Extensions
1. Open Firefox and click the Menu button in the upper right corner of the screen. Settings.JPG

2. Select Add-Ons and remove any Extension that isn't familiar or that has no name. (Examples to remove would be CrossRider, Vbates, uTorrent)

 

Step#3 - Uninstalls
 
Please uninstall the following program.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. If you want to keep this program I recommend that you remove it now and re-install it when we are done cleaning up.

 

MyFreeCodec

 

 

Step#4 - FRST Registry Search
 
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words
SweetPacks into the Search box and click the Search Registry button.
    Search.JPG
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

Step#5 - JRT
 
Note: Please disable your Antivirus Software before doing these steps. You can re-enable once done.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 

Step#6 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

Step#7 - Security Check
 
1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

  

 

Items for your Next Post

1. FRST Registry Search Results

2. JRT Log file

3. Malwarebytes log

4. Security Check log


  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP