Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access Rootkit Help Needed


  • This topic is locked This topic is locked
32 replies to this topic

#1 cdavis82

cdavis82

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 10 November 2014 - 07:17 PM

I have been infected with the ZeroAccess Rootkit according to this thread http://www.bleepingcomputer.com/forums/t/554728/bad-image-error/?p=3529343.

 

I have run MBAM and other software as recommended in the thread. 

 

Here is the DDS log and attach is the Attach log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.60.2
Run by CaseyDavis at 17:08:40 on 2014-11-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7987.3844 [GMT -7:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\CesmAgent\tvnserver.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe
C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe
C:\Program Files (x86)\IIS Express\iisexpress.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\windows\SysWOW64\NMSAccessU.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\COMODO\CesmAgent\AgnService.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files (x86)\HP\hp laserjet m1522\hppfaxprintersrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\mobsync.exe
C:\Program Files (x86)\LogMeIn\Ignition\LMIIgnition.exe
C:\Program Files (x86)\LogMeIn\Ignition\LMIGuardianSvc.exe
C:\Program Files (x86)\Norton Ghost\Agent\SymDB.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\stunnel\stunnel.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\System32\dinotify.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyServer = 127.0.0.1:4444
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - LocalServer32 - <no file>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [PCShowServer] "C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN34PB2JV005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN34OBQGCY05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [HP Officejet 6700 (NET) #2] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN337BQKNP05RQ:NW" -scfn "HP Officejet 6700 (NET) #2" -AutoStart 1
uRun: [HP Officejet 6500 E710n-z (NET)] "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A245J305JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uRun: [HP Officejet Pro 8600 (NET) #2] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN43HFV01S05KD:NW" -scfn "HP Officejet Pro 8600 (NET) #2" -AutoStart 1
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [TrayFactory] C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe /start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\CASEYD~1.MED\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPECTR~1.LNK - C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPECTR~2.LNK - C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - LocalServer32 - <no file>
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: adp.com
Trusted Zone: bankofamerica.com
Trusted Zone: M645
Trusted Zone: M645
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps://vc.adp.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9801309D-65C0-4F3B-91BB-25CA998254BE} - hxxp://192.168.0.91:3391/INetViewProj1_01020715.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP8EP1-15699/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.0.201
TCP: Interfaces\{051CFD10-0949-40B0-AF0E-3FF1863D5705} : DHCPNameServer = 192.168.0.201
TCP: Interfaces\{0DF69E78-131D-4C5D-871D-4B01953452D9} : NameServer = 192.168.0.201,192.168.0.1
TCP: Interfaces\{27CF6684-D4A0-4CDA-9870-7E6BF4F6F0E1} : DHCPNameServer = 192.168.0.201
TCP: Interfaces\{27CF6684-D4A0-4CDA-9870-7E6BF4F6F0E1}\14246594D233D223 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
TCP: Interfaces\{27CF6684-D4A0-4CDA-9870-7E6BF4F6F0E1}\14D6562796374716270234F6E666562756E63656023456E6475627 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{27CF6684-D4A0-4CDA-9870-7E6BF4F6F0E1}\14D65627963747162734163796E6F6255637F62747350716 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{27CF6684-D4A0-4CDA-9870-7E6BF4F6F0E1}\D6169637F6E6 : DHCPNameServer = 68.105.28.13 68.105.28.14
TCP: Interfaces\{27CF6684-D4A0-4CDA-9870-7E6BF4F6F0E1}\D697177756374703736383 : DHCPNameServer = 192.168.0.1 205.171.2.65
TCP: Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F} : NameServer = 192.168.0.201,192.168.0.1
TCP: Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F} : DHCPNameServer = 192.168.0.201
TCP: Interfaces\{B174C860-29A4-41E9-91EE-CF1EF8022424} : DHCPNameServer = 192.168.0.201
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.toshiba.com/
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} -
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe "HP LaserJet M1522 MFP Series Fax"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\
FF - prefs.js: browser.startup.homepage - file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
FF - ExtSQL: !HIDDEN! 2012-10-23 11:47; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-4-27 55856]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-12-15 482384]
R2 CesmAgentService;COMODO ESM Agent;C:\Program Files\COMODO\CesmAgent\AgnService.exe [2013-9-16 155368]
R2 CesmVncServer;COMODO ESM VNC Server;C:\Program Files\COMODO\CesmAgent\tvnserver.exe [2013-8-19 1481592]
R2 cpuz135;cpuz135;C:\windows\System32\drivers\cpuz135_x64.sys [2011-8-2 21992]
R2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2011-11-16 1029480]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-7 9281840]
R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-9-18 450904]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-3-3 136192]
R2 IDMWFP;IDMWFP;C:\windows\System32\drivers\idmwfp.sys [2014-7-23 180136]
R2 IISExpressSVC;IIS Express service;C:\Program Files (x86)\Lansweeper\IISexpress\IISexpressSVC.exe [2013-12-23 106496]
R2 lansweeperservice;Lansweeper Server;C:\Program Files (x86)\Lansweeper\Service\LansweeperService.exe [2013-12-23 8115200]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2014-2-7 16056]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-6-30 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2011-11-16 1037672]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 GenericMount;Generic Mount Driver;C:\windows\System32\drivers\GenericMount.sys [2010-2-12 66608]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-15 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-8-31 317440]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-12-15 35008]
R3 pneteth;PdaNet Broadband;C:\windows\System32\drivers\pneteth.sys [2011-5-6 15360]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-12-15 331880]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-4-26 54136]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2014-7-16 376168]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2014-8-4 72216]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-15 2320920]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-9-6 158936]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [2013-11-11 44944]
S3 dlcdcncm6_x64;dlcdcncm6_x64;C:\windows\System32\drivers\dlcdcncm6_x64.sys [2013-10-7 80688]
S3 dlusbaudio;dlusbaudio;C:\windows\System32\drivers\dlusbaudio_x64.sys [2013-10-7 202128]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
S3 MOSUMAC;USB-Ethernet Driver;C:\windows\System32\drivers\USBMAC64.SYS [2012-1-19 54784]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 radpms;Driver for RADPMS Device;C:\windows\System32\drivers\radpms.sys [2014-2-7 14944]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-4-8 31800]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\windows\System32\dllhost.exe [2009-7-13 9728]
S3 SymDSMon;SymDSMon;C:\windows\System32\drivers\SymDSMon.sys [2011-11-16 191232]
S3 SYMSpeedDisk;SYMSpeedDisk;C:\windows\System32\drivers\SymSpeedDisk.sys [2011-11-16 163384]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-1-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe [2012-5-31 138672]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Virtual TimeClock Server;Virtual TimeClock Server;C:\Program Files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe [2014-4-4 6511032]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-07 15:14:40    --------    d-----w-    C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Diagnostics
2014-11-07 00:22:43    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-04 19:03:34    128728    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-04 19:03:20    92888    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-11-04 19:03:20    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-11-04 19:03:20    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-01 11:14:08    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F13F624-D681-4D13-93D6-909555EE47FF}\mpengine.dll
.
==================== Find3M  ====================
.
2014-11-04 00:04:40    107392    ----a-w-    C:\windows\System32\LMIRfsClientNP.dll
2014-11-04 00:04:39    92520    ----a-w-    C:\windows\System32\LMIinit.dll
2014-11-04 00:04:39    35688    ----a-w-    C:\windows\System32\LMIport.dll
2014-10-22 15:18:25    107392    ----a-w-    C:\windows\System32\LMIRfsClientNP.dll.000.bak
2014-10-22 15:18:24    92520    ----a-w-    C:\windows\System32\LMIinit.dll.000.bak
2014-10-18 15:18:17    107392    ----a-w-    C:\windows\System32\LMIRfsClientNP.dll.001.bak
2014-10-01 18:11:12    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-09-24 17:08:16    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 17:08:16    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 17:08:07    3675824    ----a-w-    C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-15 15:06:02    278152    ------w-    C:\windows\System32\MpSigStub.exe
2013-01-28 21:52:01    9842040    ----a-w-    C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 17:13:01.35 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 13 November 2014 - 03:43 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 13 November 2014 - 03:54 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014
Ran by caseydavis (administrator) on M645 on 13-11-2014 13:47:34
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Loaded Profile: caseydavis (Available profiles: Casey Davis & caseydavis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo) C:\Program Files\COMODO\CesmAgent\tvnserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lansweeper.com) C:\Program Files (x86)\Lansweeper\IISexpress\IISexpressSVC.exe
(Lansweeper) C:\Program Files (x86)\Lansweeper\Service\LansweeperService.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMODO) C:\Program Files\COMODO\CesmAgent\AgnService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m1522\hppfaxprintersrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(NDS Technologies) C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
() C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Telescan) C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe
() C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(PS Soft Lab) C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\SymDB.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1629400 2013-09-06] (COMODO)
HKLM\...\Run: [HP LaserJet M1522 MFP Series Fax] => C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TrayFactory] => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [466946 2009-03-16] (PS Soft Lab)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-03-03] (HP)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [PCShowServer] => C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-05] (Siber Systems)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\MountPoints2: {c4ad0eaa-2f7b-11e2-98d6-00249b0236da} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\MountPoints2: {f3fbb956-19f4-11e4-9504-88ae1dfccefd} - I:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Agent.lnk
ShortcutTarget: Spectrum Agent.lnk -> C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe (Telescan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Messenger (Client).lnk
ShortcutTarget: Spectrum Messenger (Client).lnk -> C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe ()
Startup: C:\Users\Casey Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 127.0.0.1:4444
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - DefaultScope {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - DefaultScope {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKCU - {18DD85CA-5453-4E61-978F-E4EDF0D9E91B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKCU - {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> M:\Program Files (x86)\Shareaza\RazaWebHook64.dll No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://vc.adp.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {9801309D-65C0-4F3B-91BB-25CA998254BE} http://192.168.0.91:3391/INetViewProj1_01020715.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP8EP1-15699/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.201
Tcpip\..\Interfaces\{0DF69E78-131D-4C5D-871D-4B01953452D9}: [NameServer] 192.168.0.201,192.168.0.1
Tcpip\..\Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F}: [NameServer] 192.168.0.201,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default
FF NewTab: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Homepage: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @citrixonline.com/appdetectorplugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @nds.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: NDS.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCentraUpdater.dll (Saba Software, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplansweepershellexec.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: Garmin Communicator - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Default Full Zoom Level - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-12]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-04-27]
FF Extension: IDM CC - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM\idmmzcc5 [2014-08-01]

Chrome:
=======
CHR Profile: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (IE Tab) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2012-10-02]
CHR Extension: (New Tab Redirect) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2013-01-22]
CHR Extension: (RealDownloader) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-01]
CHR Extension: (IDM Integration Module) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-09-09]
CHR Extension: (Google Wallet) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (RoboForm) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-24]
CHR Extension: (Scripting Dictionary) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\ScriptingDictionary\1.0 [2012-09-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CesmAgentService; C:\Program Files\COMODO\CesmAgent\AgnService.exe [155368 2013-09-16] (COMODO)
R2 CesmVncServer; C:\Program Files\COMODO\CesmAgent\tvnserver.exe [1481592 2013-08-19] (Comodo)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6246912 2013-09-06] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-09-06] (COMODO)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
U2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISExpressSVC; C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [106496 2012-10-17] (Lansweeper.com) [File not signed]
R2 lansweeperservice; C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe [8115200 2013-12-12] (Lansweeper) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\windows\SysWOW64\NMSAccessU.exe [71096 2008-05-03] ()
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rcp_service; C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [329080 2011-02-14] (SupportSoft, Inc.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S4 Virtual TimeClock Server; C:\Program Files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe [6511032 2014-03-19] (Redcort Software)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [138672 2012-04-19] (Symantec Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-11] ()
R3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2014-02-07] () [File not signed]
S4 LMIRfsClientNP; No ImagePath
S2 LMIRfsDriver; C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2014-02-07] () [File not signed]
S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [54784 2009-09-17] (--)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2014-02-07] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SymDSMon; C:\windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 SYMSpeedDisk; C:\windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 dlcdcecm; system32\DRIVERS\dlcdcecm.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 13:47 - 2014-11-13 13:47 - 00000000 ____D () C:\FRST
2014-11-10 17:13 - 2014-11-10 17:13 - 00038849 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\dds.txt
2014-11-10 17:13 - 2014-11-10 17:13 - 00026668 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\attach.txt
2014-11-06 22:29 - 2014-11-06 22:32 - 00002280 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Rkill.txt
2014-11-06 17:22 - 2014-11-06 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 15:49 - 2014-11-06 15:49 - 00002664 _____ () C:\windows\SysWOW64\FSS.txt
2014-11-06 15:40 - 2014-11-13 13:47 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
2014-11-04 12:03 - 2014-11-06 17:22 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 12:03 - 2014-11-06 17:21 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-04 12:03 - 2014-11-04 12:03 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-04 11:12 - 2014-11-04 11:12 - 00003240 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 11:11 - 2014-11-04 11:11 - 00003364 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 09:10 - 2014-11-04 09:10 - 00021775 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\CisReport_v6.3.292438.2917_20141104-091035.zip
2014-11-03 17:07 - 2014-11-03 17:08 - 00279320 _____ () C:\windows\Minidump\110314-39842-01.dmp
2014-10-29 09:57 - 2014-10-29 06:56 - 00279820 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\100-07-10292014075347.WAV
2014-10-15 08:38 - 2014-10-15 08:38 - 19072868 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\LoSasso.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 13:43 - 2010-12-15 20:04 - 01066972 _____ () C:\windows\WindowsUpdate.log
2014-11-13 13:22 - 2014-05-13 13:01 - 00000548 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job
2014-11-13 13:08 - 2012-12-26 16:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 13:07 - 2010-10-28 21:08 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 13:01 - 2009-07-13 21:51 - 00007351 _____ () C:\windows\setupact.log
2014-11-13 12:02 - 2009-07-13 22:13 - 00796250 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-13 12:02 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 12:02 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 12:00 - 2011-05-12 10:51 - 00000412 _____ () C:\windows\Tasks\Free File Viewer Update Checker.job
2014-11-13 11:57 - 2011-05-05 20:52 - 00000176 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-13 11:57 - 2010-10-28 21:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 11:52 - 2014-08-04 11:53 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-13 11:52 - 2014-08-04 11:53 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-13 11:52 - 2012-05-23 14:44 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-13 11:52 - 2010-12-15 20:33 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2014-11-13 11:52 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-13 11:51 - 2010-10-28 21:10 - 00320430 _____ () C:\windows\PFRO.log
2014-11-12 09:42 - 2011-11-16 10:59 - 00000270 _____ () C:\windows\Tasks\NUSchedule.job
2014-11-12 09:42 - 2011-11-16 10:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-12 00:04 - 2014-08-04 11:53 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\LogMeInIgnition
2014-11-11 22:54 - 2014-05-13 13:01 - 00003602 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-11 19:06 - 2011-11-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 15
2014-11-11 18:08 - 2012-12-26 16:02 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:08 - 2012-12-26 16:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:08 - 2012-12-26 16:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 11:11 - 2012-05-24 23:19 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Symantec
2014-11-10 19:15 - 2011-05-06 00:57 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\CrashDumps
2014-11-10 16:47 - 2012-05-31 15:46 - 00000000 ____D () C:\TEMP
2014-11-07 12:34 - 2011-05-06 13:47 - 00000000 ____D () C:\Shared
2014-11-07 12:30 - 2011-05-06 15:13 - 00002324 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\My Documents - Shortcut.lnk
2014-11-07 12:05 - 2012-11-05 15:38 - 00001640 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Appointment Reminders.lnk
2014-11-07 08:14 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-07 08:09 - 2011-05-06 10:34 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Sidebar7
2014-11-07 08:00 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Resources
2014-11-06 22:46 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DMCache
2014-11-06 22:28 - 2012-08-23 13:49 - 00003974 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9179F1-EA8F-4343-8435-DC33117DF46D}
2014-11-06 20:55 - 2014-02-26 10:38 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\TAS Scheduler Data
2014-11-06 17:17 - 2012-05-10 20:03 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Audacity
2014-11-06 15:48 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM
2014-11-04 12:03 - 2012-10-18 09:30 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-04 08:47 - 2013-10-11 14:13 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-11-03 17:07 - 2012-08-15 13:42 - 1180372470 _____ () C:\windows\MEMORY.DMP
2014-11-03 17:07 - 2012-08-15 13:42 - 00000000 ____D () C:\windows\Minidump
2014-11-03 17:05 - 2014-08-04 11:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-03 17:04 - 2014-08-04 11:53 - 00107392 _____ () C:\windows\system32\LMIRfsClientNP.dll
2014-11-03 17:04 - 2014-08-04 11:53 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2014-11-03 17:04 - 2014-08-04 11:52 - 00092520 _____ () C:\windows\system32\LMIinit.dll
2014-11-03 13:49 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-03 10:30 - 2011-05-16 12:57 - 00010136 _____ () C:\windows\tba40.INI
2014-10-22 16:02 - 2010-10-28 21:08 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 16:02 - 2010-10-28 21:08 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 08:18 - 2014-08-04 11:53 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-22 08:18 - 2014-08-04 11:52 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll.000.bak
2014-10-20 15:35 - 2012-04-17 10:50 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Applian FLV and Media Player
2014-10-18 08:18 - 2014-08-04 11:53 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll.001.bak

Some content of TEMP:
====================
C:\Users\Casey Davis\AppData\Local\Temp\ose00000.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\ApplnchConfig.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\AskSLib.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\AuConv.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\AuConvEx.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\AVG.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\bcdedit.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\Boot.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootDriver.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\Bootstrapper.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperARA.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperARU.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperCHS.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperCHT.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperCSY.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperDAN.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperDEU.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperELL.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperENU.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperESN.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperESP.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperFIN.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperFRA.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperHEB.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperHRV.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperHUN.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperITA.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperJPN.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperKOR.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperLOC.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperNLD.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperNOR.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperPLK.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperPTB.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperPTG.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperRUS.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperSKY.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperSLV.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperSVE.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperTHA.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperTRK.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\BootstrapperUKR.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\Burn.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\DataMana.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\DeleteProgramDataFiles.CA.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\DevCtrl.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\DivXSetup.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\FatLib.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\GetDriverInfo.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\grubinst.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih_1.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\IPx64_1033.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\ISOExportHome.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\LMkRstPt.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\lowproc.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\MSN9780.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\MSVCP60.DLL
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\RecLib.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\stubhelper.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\SunWin32FunctionCalls_810030.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\syslinux.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\temp.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\tmp96D4.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\tmpF871.exe
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\UserRes.dll
C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\UserResEx.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:11

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014
Ran by caseydavis at 2014-11-13 13:48:59
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

#1 Sound Recorder 4.7.3 (HKLM-x32\...\#1 Sound Recorder_is1) (Version:  - Aonesoft.com,Inc.)
3D Photo Browser 9.2 (HKLM\...\3D Photo Browser (x64 bits)) (Version: 9.2 - Mootools)
4TOPS Compare Spreadsheets using Excel 3.0 (HKLM-x32\...\xlcompare_is1) (Version: 3.0 - AGORA Software BV)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Advanced Batch Converter (HKLM-x32\...\Advanced Batch Converter) (Version: 5.5 - BatchConverter.com)
Advanced IP Scanner (HKLM-x32\...\{6A30BC34-090D-4A77-A184-58B44ACE9B34}) (Version: 2.0.106 - Famatech)
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version:  - )
All Media Fixer 9.03 (HKLM-x32\...\All Media Fixer_is1) (Version:  - New Live Software, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.14 - Google Inc.)
Angry Birds (HKLM-x32\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
BackStreet Browser 3.1 (HKLM-x32\...\BackStreet Browser_is1) (Version:  - )
Best Buy pc app (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BlackVox Playback (HKLM-x32\...\BlackVox Playback) (Version:  - )
Boilsoft ASF Converter 2.68 (HKLM-x32\...\Boilsoft ASF Converter_is1) (Version:  - Boilsoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
COMODO Endpoint Security (HKLM\...\{093F13A3-177C-493E-8958-912A0C690B64}) (Version: 6.3.30294.2917 - COMODO Security Solutions Inc.)
COMODO ESM Agent (HKLM\...\{ED7608DB-B426-4A61-9E1F-120A9810B291}) (Version: 3.0.60913.7 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cool Edit 96 (HKLM-x32\...\Cool Edit 96) (Version:  - )
CopyTrans Suite Remove Only (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CSV2TAB (HKLM-x32\...\CSV2TAB) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DESI Labeling System (HKLM-x32\...\DESI Labeling System) (Version: 2.5 - DESI Telephone Labels, Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}) (Version: 8.0 - DIRECTV)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DisplayLink Core Software (HKLM\...\{61A641A9-9CC7-421F-85CD-A8CDDEE4E3F2}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{C790E802-DB1C-402A-92FB-858AB2925BF6}) (Version: 7.4.51587.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Duplicate Email Remover (HKLM-x32\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 3.0.0 - MAPILab Ltd.)
EASEUS Data Recovery Wizard Free Edition 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Free Edition 5.5.1_is1) (Version:  - EASEUS)
EIPARSE2K3 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Elevated Installer (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Email Decryption 13.1.1.3 (HKLM-x32\...\Email Decryption 13.1.1.3) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ffdshow x64 v1.1.4257 [2012-01-15] (HKLM\...\ffdshow64_is1) (Version: 1.1.4257.0 - )
File And MP3 Tag Renamer 2.2 (HKLM-x32\...\File And MP3 Tag Renamer_is1) (Version:  - 123Renamer.com)
FileLocator Pro x64 (HKLM\...\{2C4DF8C4-9BCF-4D29-895C-CD108AC1BE3F}) (Version: 7.2.2038.1 - Mythicsoft Ltd)
Flash Renamer 6.2 (HKLM-x32\...\Flash Renamer_is1) (Version:  - RL Vision)
FlowBreeze3 (HKLM-x32\...\{63A7070F-4C77-4C59-91CC-B155D4F2076F}) (Version: 3.0.0 - BreezeTree)
Folder Maker Personal Edition (HKLM-x32\...\{D58DC0AC-3532-4902-990A-B07B32F00136}) (Version: 1.1.0 - Lim, Chooi Guan)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Freenet version 0.7.5 build 1465 (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\{3196C62F-9C7B-4392-88B4-05C037D05518}_is1) (Version: 0.7.5 build 1465 - freenetproject.org)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{447c27b7-3a63-4cb2-a49c-864050f9a50f}) (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.25.000 - Runtime Software)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
GoldWave v5.67 (HKLM-x32\...\GoldWave v5.67) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 7.0.3.1963 (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Heatsoft ADCS (HKLM-x32\...\Heatsoft ADCS) (Version:  - )
Heatsoft ADCS 2.01 (HKLM-x32\...\Heatsoft ADCS_is1) (Version: 2.01 build 1 - Heatsoft Corporation)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet M1522 MFP Series 4.2 (HKLM\...\{C8A37F1F-E13B-48ae-93F8-4669264969F9}) (Version: 4.2 - HP)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
hppFaxDrvM1522 (x32 Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (x32 Version: 000.105.00107 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.300.00005 - Hewlett-Packard) Hidden
hppLJM1522 (x32 Version: 002.101.00002 - Hewlett-Packard) Hidden
hppManualsM1522 (x32 Version: 002.103.00002 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
hppScanTo (x32 Version: 002.102.00003 - Hewlett-Packard) Hidden
hppSendFaxM1522 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1522 (x32 Version: 001.005.00009 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 005.013.00185 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Information Tables Editor 11.1.0.0 (HKLM-x32\...\Information Tables Editor 11.1.0.0) (Version:  - )
Information Tables Editor 12.2.0.0 (HKLM-x32\...\Information Tables Editor 12.2.0.0) (Version:  - )
Information Tables Editor 13.2.0.0 (HKLM-x32\...\Information Tables Editor 13.2.0.0) (Version:  - )
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java™ SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LANguard Network Scanner (HKLM-x32\...\{56FBF401-0D15-4BA7-B7EE-2BECD86FC8DA}) (Version:  - )
Lansweeper (HKLM-x32\...\Lansweeper_is1) (Version: 5.1 - Lansweeper.com)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LogMeIn (HKLM-x32\...\{9905E4C1-14D8-4522-88FE-FD00B51A20DC}) (Version: 4.1.4408 - LogMeIn, Inc.)
Lorex Client 12 (HKLM-x32\...\Lorex Client 12) (Version: Ver:3.1.32 - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Media Player Classic fr (HKLM-x32\...\Media Player Classic) (Version: 6.4.9.0 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MessageStudio 2.5 (HKLM-x32\...\MessageStudio_2.1.1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Utilities 15 (HKLM-x32\...\Norton Utilities 15_is1) (Version: 15.0 - Symantec Corporation)
NotePager 32 v3.0 (HKLM-x32\...\NotePager 32 v3.0) (Version: NotePager 32 v3.0 - NotePage, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
On-Call Editor (HKLM-x32\...\{7C8F060A-C8D8-4BB5-B448-21C4FB769198}) (Version: 11.1.0.0 - Telescan LLC)
OnCall Editor 12.2.0.0 (HKLM-x32\...\OnCall Editor 12.2.0.0) (Version:  - )
OnCall Editor 13.2.0.0 (HKLM-x32\...\OnCall Editor 13.2.0.0) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PdaNet for Android 3.00 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
PS Tray Factory 3.0 (HKLM-x32\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Qwest QuickAssist Desktop Tools (HKLM-x32\...\{95DD6A08-2313-4D5B-8BEB-37968D0D799C}) (Version: 21 - SupportSoft)
ReaConverter 5.5 Pro (HKLM-x32\...\ReaConverter 5.5 Pro_is1) (Version:  - ReaSoft)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Toolbox for Outlook 1.0 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version:  - Recovery ToolBox)
Registrar Registry Manager 6.02 (HKLM\...\Registrar_is1) (Version:  - Resplendence Software Projects Sp.)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Saba Client (HKLM-x32\...\CentraClient) (Version:  - )
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Script Designer 12.2.0.0 (HKLM-x32\...\Script Designer 12.2.0.0) (Version:  - )
Script Designer 13.2.0.0 (HKLM-x32\...\Script Designer 13.2.0.0) (Version:  - )
Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
Seagate Drive Settings Installer (x32 Version: 1.00.0000 - Seagate Technologies LLC) Hidden
Shareaza 2.5.5.0 (HKLM-x32\...\Shareaza_is1) (Version: 2.5.5.0 - Shareaza Development Team)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartFTP Client (HKLM\...\{9364B867-D5EA-427B-A5FD-F2C42333130A}) (Version: 4.1.1314.0 - SmartSoft Ltd.)
SmartFTP Client 3.0 Setup Files (remove only) (HKLM-x32\...\SmartFTP Client 3.0 Setup Files) (Version: 3.0 - SmartSoft)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spectrum Messenger (Client) (HKLM-x32\...\Spectrum Messenger (Client)) (Version: 12.02.00.00 - Telescan, LLC)
Spectrum Script Designer (HKLM-x32\...\{0222A3C4-C66E-41F5-8C30-0DC772A87497}) (Version: 11.1.0.0 - Telescan)
Spectrum Spell Check & Thesaurus (HKLM-x32\...\Spectrum Spell Check & Thesaurus) (Version:  - )
Spectrum Spell Check and Thesaurus (HKLM-x32\...\Spectrum Spell Check and Thesaurus) (Version: 12.02.00.00 - Telescan, LLC)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 10.5.2.2570 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Outlook 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 2000-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2010) (Version:  - Stamps.com, Inc.)
Stat/Transfer 11 (64-Bit) (HKLM\...\StatTransfer11-64) (Version: 11 (64-Bit) - Circle Systems)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
stunnel (HKLM-x32\...\stunnel) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version:  - 2BrightSparks)
SysTools Outlook PST Viewer v4.0 version SysTools Outlook PST Viewer v4.0 (HKLM-x32\...\{6D4F8DDE-707B-468F-A4FA-502A2A5FC3CE}_is1) (Version: SysTools Outlook PST Viewer v4.0 - SysTools Software)
TAB2CSV (HKLM-x32\...\TAB2CSV) (Version:  - )
TASScheduler (HKLM-x32\...\{A6674D18-CB15-49E4-9123-6E408FDE162F}) (Version: 3.2.0 - Creative Wizard)
Telescan Email Decryption (HKLM-x32\...\Telescan Email Decryption) (Version:  - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TreeSize Professional 5.3.1 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.1 - JAM Software)
Trim Spaces for Microsoft Excel 1.1 (HKLM-x32\...\Trim Spaces for Microsoft Excel_is1) (Version: 1.1 - Add-in Express Ltd.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.1 - Tweaking.com)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 17.30.1002 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 17.30.1002 - IDM Computer Solutions, Inc.) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )
USB-Ethernet Adapter Device (HKLM-x32\...\USB-Ethernet Adapter Device) (Version:  - )
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual TimeClock Pro Client (HKLM-x32\...\{4D63D226-9FAA-4190-A008-238B93BF434D}_is1) (Version: 14.1 - Redcort Software Inc.)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.1 - WebM Project)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{302A1E2E-DD58-4673-BC99-9CC10EC2637A}) (Version: 24.6.2012 - BillP Studios)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
X-Lite (HKLM-x32\...\{426E4F54-EFFE-4C5B-A02A-23CFE8C3C679}) (Version: 50.6.7284 - CounterPath Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XXConsole: Super Console Generator  ver 0.96 (HKLM-x32\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0812C763-C73E-3633-BC20-DF7C8BF52BC3}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0B11DA33-53A5-3A4D-A49F-7DEE43C7AD95}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7[1].gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{116E35BE-87EA-38D7-9F18-2B688DC946AF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{17B3774F-0F76-3263-8E6C-FAF221DC9285}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{1CB0AF6C-28DB-312F-B473-15B1D07F5AF7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{1EC5A567-A745-3F53-B7FB-ED733072564C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{22C88A52-59DD-3A25-A612-AE880F7E204A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{24CC2B9E-781E-37E3-A5FF-C1DAE029F839}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{2BF92F7B-1E1F-315D-981F-5DE3555064B0}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{2F6941DA-56A6-357E-B7BA-FF835AB8A4E2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{34668BB5-E36F-3061-8AD8-F41A82147A76}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{39930B0E-5665-3B37-8B55-B509F1470352}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{3FE65992-0D1A-3472-8F08-FC40FEC834CE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{48CB6129-BB54-3A61-873E-25F85EA71399}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{4A0AEFA7-5E2D-38CE-8238-2DC36F4EB0C1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{526D752F-B8BB-30D6-9740-DC153A374B0D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{52B38025-1F77-39E1-A37E-CAF8B9D7C86D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{52EB2548-80F0-3091-9AD7-9093760A80C7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{5471E1AB-1A86-3CDF-B8FB-21A44DC0B9AD}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{54DE564C-6FEB-321A-B523-ECC713CD28DC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{568F06CC-F0F0-36C5-84AA-634D48DCAFAA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{59243C39-A255-316C-92F6-F5DCDC116FEA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{663E7799-B0C9-352C-84EB-70661ECC740A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{66B5FAF1-135B-3E9A-A058-C9C82ADE6A50}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{6EF0A29F-51E2-3D04-929B-8CE2D3049CC4}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{713656AF-4B2F-3C0C-BB79-27236AF8D0BF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{82B3F799-7943-322A-86CA-0B7DC2E6E08B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{88F08235-E32C-3F6C-9994-DF3B3CD5F9E6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{8A4B09CA-841D-3C8C-9F7C-94E39EB949A6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{8DF05FC5-F0DE-3B96-A738-E0DB34E606FB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9133B5FA-74DC-3B6D-B88E-D06AFB445C5B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{93C81FEB-3CE0-32C0-8766-68A245045656}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9BE4C1EF-2BAA-32C6-84EF-4CB66E16F9D8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9C30F31A-7AAC-3B27-99F0-C793D384681F}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{A7AB17B5-2566-3249-A715-6A64451DF7FB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{AF743B9E-0CBA-3F10-AEDD-D0668DF19518}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{B4C3B773-BAB0-3BF1-8486-C82398C144EB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{B745F928-6581-3869-8C25-E91717F38558}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{BD059A52-32D5-32DB-A650-242D819F75F6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{C0308E93-8EF5-4F08-8511-6D19A06EBDCD}\InprocServer32 -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{C99CE0B8-7C00-3C5B-B7B9-7E551D753938}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CA22E8DA-AF8F-311F-B765-699538794C14}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CA2D99B2-E9DA-3132-A47C-59FA2478D6BA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CD1032C7-ABB1-3C73-B2A9-398C058029B6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{D75DBE73-8F45-3624-A7A6-11A1E4B39F07}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DC06F929-072A-3856-8AB4-FD91871C5ECE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DE32423D-F8F9-39BA-9445-BEC6A66A0E39}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DFAB2AEB-59D8-3E25-B85C-BF4E5B7AC631}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{E1FDE918-F0F5-3188-AC3B-1EDA60FF3A03}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{E2718554-5373-3CE4-B8FB-D8ECEEBFB6BC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{EA6AE3EA-3B3B-3232-B16D-35871968534C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{ECB036FA-25A9-3AFE-BA88-213B5C28D8ED}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-10-2014 01:05:36 Made by Norton Utilities                                        ì
28-10-2014 01:07:05 Made by Norton Utilities                                        ì
01-11-2014 02:24:44 Made by Norton Utilities                                        ì
05-11-2014 02:05:17 Made by Norton Utilities                                        ì
06-11-2014 02:04:35 Made by Norton Utilities                                        ì
07-11-2014 02:05:44 Made by Norton Utilities                                        ì
07-11-2014 05:26:51 Malwarebytes Anti-Rootkit Restore Point
12-11-2014 02:04:56 Made by Norton Utilities                                        ì

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0030B1DD-A21C-4619-95CF-29A762807DB0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {01FD2247-64A8-4B83-9002-2F016D0A4715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0C9E951E-15D6-4383-B4A9-1B7A8944D5F4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {1388B1C0-81ED-421F-AF72-957320C7D26C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1416A722-7573-4CFA-A574-C2EC4DCBD5E7} - System32\Tasks\{BE4B434F-299D-42C3-A286-E7ECCF092B72} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {1DC6F1DD-B949-4B9C-BA31-175B0D235DD8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {217C1E12-C167-4CBF-BB3D-A6445A38B156} - System32\Tasks\{8E425697-ED08-4FA7-8E7A-559BE3D9B38A} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {2C68CB39-D62B-4E26-AF03-564898351314} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2FDBF1FA-61A1-43A8-A6B3-D293DACACDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {323CB878-198F-4A01-B116-0488BFF45C10} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {35FFF20D-4772-42A2-BFFB-F25A4CCC3EF3} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-2078850058-1484929980-2300844317-1133\{750FDF10-2A26-11D1-A3EA-080036587F03}\Offline Files Sync Schedule 1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {36A8F72C-96B9-4CC7-A1D9-6EFC5493DCC2} - System32\Tasks\{B3B7985A-5437-403A-9250-44BE89CB12CC} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {428EF927-6B83-4EBA-AC2E-CFFB958A4D0D} - System32\Tasks\{67B1FB5D-3216-4289-8D5F-C8D9FF935C90} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {42D2816A-3F6B-4295-B7F4-97F6D61F7C43} - System32\Tasks\{1A22BC20-08F0-448B-8CA4-06AB2B23E3D0} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {495BA680-B0E6-47BF-8D70-09E977A53A23} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-05] (Bitberry Software)
Task: {4B4EDEDA-43E9-457F-8B5F-43ACC5A4F56F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {595DD852-4B5A-4C5D-9BF7-7C02A2490DA8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [2009-03-16] (PS Soft Lab)
Task: {5D223C8C-A9B9-436F-A383-18DE789FD37B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5E022B76-DA55-4EF6-8B4F-CC4B927977A3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5F60A84F-BA3D-4DE8-B811-63595D26D7E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {62959128-EACB-40AC-80BE-43392E034355} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Norton Utilities 15\nu.exe [2012-04-19] (Symantec Corporation)
Task: {6A78132C-3BB9-479C-B949-651A025797EF} - System32\Tasks\{4C08D109-4CC2-4A8E-8F4A-BBFFFA02B630} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {7856CCED-7441-4431-9154-18877BBDA6E3} - System32\Tasks\{E8E3F252-CA8E-4D12-9394-9C981841336C} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {7E9652AB-17E7-4F88-9D6F-99729BF5B904} - System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8CF67F33-83D2-4B98-9ECD-E16EF2C635DE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {99D78F8C-34F8-4C7F-81FE-D04FB3081DB8} - System32\Tasks\HotSwap! Applet => C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\wz497f\64bit\HotSwap!.EXE <==== ATTENTION
Task: {9FBDE7B0-1105-434B-A80C-63A74DFD74F3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A9A1370A-4354-419D-AFD9-84891A0774AB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-09-18] ()
Task: {B0BEDFB6-2F67-4DF5-B9F9-69C1BB63886B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {C772AE47-763E-4568-93C6-1216055AC57B} - System32\Tasks\{21A1B553-60A3-49CA-BD99-2E09A00E283C} => \\ASSISTANT1\tba40\TOPSCAN.EXE
Task: {CB1870C5-202F-4A62-BA76-C025888067C1} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E7980A99-B78B-45AB-8CCC-02DC26DA4DC7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {EE410212-6B1D-4B9B-834F-00E3D9629F00} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {F28731AD-2665-4704-8034-C4E069B18F49} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F47205BA-A3C7-4CB6-BEAE-F523CB0C20E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FBE20F5C-12A6-47E9-AE66-CC0F38292825} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job => C:\Program Files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Norton Utilities 15\nu.exe

==================== Loaded Modules (whitelisted) =============

2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-05-12 11:05 - 2008-05-03 11:31 - 00071096 ____N () C:\windows\SysWOW64\NMSAccessU.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-10-01 19:34 - 2012-10-01 19:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 06442920 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-10-25 05:55 - 2012-10-24 04:48 - 07088640 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-05-12 11:01 - 2009-03-16 15:05 - 00053248 _____ () C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2011-05-12 11:01 - 2009-01-28 11:42 - 00053248 _____ () C:\Program Files (x86)\PS Tray Factory\HKDll.dll
2012-10-25 05:55 - 2002-08-27 17:26 - 00016896 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\TS_HM.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 00273824 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\ndsLogStore.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 02203048 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\DrmSingleton.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 07123880 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\gsttspplugin.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 00688560 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 01402784 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\libxml2-2.dll
2012-10-15 14:39 - 2012-10-15 14:39 - 00091536 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\z.dll
2012-10-25 05:55 - 2002-08-27 17:35 - 00016896 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\TS_HK.dll
2012-04-17 10:15 - 2011-04-14 18:01 - 00548854 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00061440 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00516096 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00840192 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00130560 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
2010-03-03 09:41 - 2010-03-03 09:41 - 00086016 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
2010-03-03 09:41 - 2010-03-03 09:41 - 00835584 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
2009-10-15 07:25 - 2009-10-15 07:25 - 00364544 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-22 08:06 - 2014-09-22 08:07 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 00125056 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL
2012-10-01 19:32 - 2012-10-01 19:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2013-05-10 00:57 - 2013-05-10 00:57 - 00305728 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\Bluestream.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\bootstat.dat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\c96unins.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\CD_Start.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\comsetup.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\cool.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\csup.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DESI.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DirectX.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DPINST.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DtcInstall.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\HomePremium.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\ie8_main.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\IE9_main.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\iun502.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\LGNSlog.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\msdfmap.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\msxml4-KB954430-enu.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\msxml4-KB973688-enu.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\ODBC.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\PFRO.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\Professional.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\regtlib.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\RtlExUpd.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\Setup1.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\ST6UNST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\Starter.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\SynInst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\system.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\tba40.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\TSSysprep.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\win.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\WindowsUpdate.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\WLXPGSS.SCR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\xpsp1hfm.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\xvport.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\õL:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\advanced_ip_scanner_MAC.bin:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\g2mdlhlpx.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\s-1-5-21-2078850058-1484929980-2300844317-1133.rrr:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: scheduler_monitor => C:\Program Files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: X-Lite => "C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe" -bootload

========================= Accounts: ==========================

Administrator (S-1-5-21-1278352989-1785949783-4017258536-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1278352989-1785949783-4017258536-1003 - Limited - Enabled)
Casey Davis (S-1-5-21-1278352989-1785949783-4017258536-1000 - Administrator - Enabled) => C:\Users\Casey Davis
Guest (S-1-5-21-1278352989-1785949783-4017258536-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor (DPMS)
Description: Generic PnP Monitor (DPMS)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: radpms
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor (DPMS)
Description: Generic PnP Monitor (DPMS)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: radpms
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel® Centrino® WiMAX 6250
Description: Intel® Centrino® WiMAX 6250
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: bpmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2014 01:44:05 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (11/13/2014 00:54:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/13/2014 00:54:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/13/2014 00:04:27 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location \\NUS2000\caseydavis\usb3-disk1\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/13/2014 11:53:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/13/2014 11:52:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/12/2014 11:33:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 547845

Error: (11/12/2014 11:33:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 547845

Error: (11/12/2014 11:33:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 11:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 546675


System errors:
=============
Error: (11/13/2014 11:59:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (11/13/2014 11:54:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.

Error: (11/13/2014 11:52:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Remote File System Driver service failed to start due to the following error:
%%193

Error: (11/13/2014 11:52:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (11/13/2014 11:52:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.

Error: (11/13/2014 11:52:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:33:54 AM on ‎11/‎12/‎2014 was unexpected.

Error: (11/11/2014 03:58:25 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (11/11/2014 03:21:43 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (11/11/2014 00:41:16 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (11/11/2014 11:09:51 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.


Microsoft Office Sessions:
=========================
Error: (11/13/2014 01:44:05 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader.dll.ManifestC:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader.dll.Manifest2

Error: (11/13/2014 00:54:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/13/2014 00:54:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/13/2014 00:04:27 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\NUS2000\caseydavis\usb3-disk1\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/13/2014 11:53:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/13/2014 11:52:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/12/2014 11:33:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 547845

Error: (11/12/2014 11:33:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 547845

Error: (11/12/2014 11:33:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 11:33:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 546675


CodeIntegrity Errors:
===================================
  Date: 2012-12-04 15:49:38.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-04 15:25:29.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-04 15:12:07.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-28 17:04:46.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 23:06:56.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 23:00:00.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 22:46:11.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 22:38:38.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-11 13:46:01.487
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-05-09 22:01:40.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 7986.67 MB
Available physical RAM: 4331.87 MB
Total Pagefile: 15971.54 MB
Available Pagefile: 11979.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Main_1) (Fixed) (Total:582.67 GB) (Free:232.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Main_2) (Fixed) (Total:335.34 GB) (Free:333.73 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 62FD86AC)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=582.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
Partition 4: (Not Active) - (Size=335.3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00070815)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 13 November 2014 - 04:19 PM

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 13 November 2014 - 06:44 PM

ComboFix 14-11-12.01 - caseydavis 11/13/2014  16:25:31.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7987.5054 [GMT -7:00]
Running from: c:\users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\QuickTime\QTTask.exe
c:\users\caseydavis.MEDICALTELECOMM\%appda~1
c:\users\caseydavis.MEDICALTELECOMM\%appda~1\microsoft\word\startup\MMtoDocs (2003) Ver 2.7.dot
c:\users\caseydavis.MEDICALTELECOMM\AppData\Local\assembly\tmp
c:\users\caseydavis.MEDICALTELECOMM\g2mdlhlpx.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-13 to 2014-11-13  )))))))))))))))))))))))))))))))
.
.
2014-11-13 23:37 . 2014-11-13 23:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-13 23:37 . 2014-11-13 23:37    --------    d-----w-    c:\users\CASEYD~1~MED\AppData\Local\temp
2014-11-13 23:37 . 2014-11-13 23:37    --------    d-----w-    c:\users\__sbs_netsetup__\AppData\Local\temp
2014-11-13 20:47 . 2014-11-13 20:50    --------    d-----w-    C:\FRST
2014-11-11 01:48 . 2014-11-13 23:31    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F13F624-D681-4D13-93D6-909555EE47FF}\offreg.dll
2014-11-07 15:14 . 2014-11-07 15:14    --------    d-----w-    c:\users\caseydavis.MEDICALTELECOMM\AppData\Local\Diagnostics
2014-11-07 00:22 . 2014-11-07 05:27    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-04 19:03 . 2014-11-07 00:22    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-04 19:03 . 2014-11-07 00:21    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-04 19:03 . 2014-11-04 19:03    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-04 19:03 . 2014-10-01 18:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-03 17:47 . 2014-11-03 17:47    --------    d-----w-    c:\users\caseydavis.MEDICALTELECOMM\AppData\Roaming\HPAppData
2014-11-01 11:14 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F13F624-D681-4D13-93D6-909555EE47FF}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 19:54 . 2014-08-12 12:10    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-11-12 01:08 . 2012-12-26 23:02    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 01:08 . 2012-12-26 23:02    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-04 00:04 . 2014-08-04 18:53    107392    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-11-04 00:04 . 2014-08-04 18:53    35688    ----a-w-    c:\windows\system32\LMIport.dll
2014-11-04 00:04 . 2014-08-04 18:52    92520    ----a-w-    c:\windows\system32\LMIinit.dll
2014-10-22 15:18 . 2014-08-04 18:53    107392    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-22 15:18 . 2014-08-04 18:52    92520    ----a-w-    c:\windows\system32\LMIinit.dll.000.bak
2014-10-18 15:18 . 2014-08-04 18:53    107392    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.001.bak
2014-10-01 18:11 . 2012-10-18 16:29    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-15 15:06 . 2011-04-27 05:39    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-05 16:03 . 2010-06-24 18:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-27 16:44 . 2014-08-27 16:44    69632    ----a-r-    c:\users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Installer\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}\msodrems.chm_7AA3663443244EF48C0CD8EF1FC2BEA4.exe
2014-08-27 16:44 . 2014-08-27 16:44    65536    ----a-r-    c:\users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Installer\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}\license.rtf_7AA3663443244EF48C0CD8EF1FC2BEA4.exe
2013-01-28 21:52 . 2012-10-23 16:40    9842040    ----a-w-    c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-07-23 3858000]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2013-05-10 1272912]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-09-18 688984]
"PCShowServer"="c:\users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-10-15 525240]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"HP Officejet 6700 (NET) 4190104D8EE83AFB09EB9DA31E7CB6D5470D5E21084C330A8E8F9A2B"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"HP Officejet 6500 E710n-z (NET)"="c:\program files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-09-05 111320]
"HP Officejet Pro 8600 (NET) 4190104D8EE83AFB09EB9DA31E7CB6D5470D5E21084C330A8E8F9A2B"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"TrayFactory"="c:\program files (x86)\PS Tray Factory\PSTrayFactory.exe" [2009-03-16 466946]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-12-31 295512]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2010-03-03 53248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Casey Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2012-10-23 9842040]
.
c:\users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
Uninstall Webroot RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2012-10-23 9842040]
.
c:\users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34PB2JV005KD;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Spectrum Agent.lnk - c:\program files (x86)\Telescan\Spectrum\Agent\Agent.exe [2013-10-25 2814464]
Spectrum Messenger (Client).lnk - c:\program files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe [2012-10-25 7088640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dlcdcecm;dlcdcecm;c:\windows\system32\DRIVERS\dlcdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcecm.sys [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\USBMAC64.SYS;c:\windows\SYSNATIVE\DRIVERS\USBMAC64.SYS [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys;c:\windows\SYSNATIVE\DRIVERS\radpms.sys [x]
R3 rcp_service;ReaConverter scheduler service;c:\program files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe;c:\program files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys;c:\windows\SYSNATIVE\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys;c:\windows\SYSNATIVE\drivers\SymSpeedDisk.sys [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\Clt-Inst\vpremote.exe;c:\temp\Clt-Inst\vpremote.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Virtual TimeClock Server;Virtual TimeClock Server;c:\program files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe;c:\program files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 CesmAgentService;COMODO ESM Agent;c:\program files\COMODO\CesmAgent\AgnService.exe;c:\program files\COMODO\CesmAgent\AgnService.exe [x]
S2 CesmVncServer;COMODO ESM VNC Server;c:\program files\COMODO\CesmAgent\tvnserver.exe;c:\program files\COMODO\CesmAgent\tvnserver.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 IISExpressSVC;IIS Express service;c:\program files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe;c:\program files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [x]
S2 lansweeperservice;Lansweeper Server;c:\program files (x86)\Lansweeper\Service\Lansweeperservice.exe;c:\program files (x86)\Lansweeper\Service\Lansweeperservice.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [x]
S3 dlcdcncm6_x64;dlcdcncm6_x64;c:\windows\system32\DRIVERS\dlcdcncm6_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcncm6_x64.sys [x]
S3 dlusbaudio;dlusbaudio;c:\windows\system32\DRIVERS\dlusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlusbaudio_x64.sys [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 09:08    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-26 01:08]
.
2014-11-13 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-05-12 22:50]
.
2014-11-13 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job
- c:\program files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-12 05:54]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 23:01]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 23:01]
.
2014-11-12 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2011-11-16 20:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 02:47    2322576    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 02:47    2322576    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 02:47    2322576    ----a-w-    c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02    25112    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-31 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-31 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-31 417304]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-09-06 1629400]
"HP LaserJet M1522 MFP Series Fax"="c:\program files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe" [2009-09-23 3700736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2014-02-07 57928]
.
------- Supplementary Scan -------
.
uStart Page = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>;192.168.*.*
uInternet Settings,ProxyServer = 127.0.0.1:4444
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
Trusted Zone: adp.com
Trusted Zone: bankofamerica.com
Trusted Zone: M645
TCP: DhcpNameServer = 192.168.0.201
TCP: Interfaces\{0DF69E78-131D-4C5D-871D-4B01953452D9}: NameServer = 192.168.0.201,192.168.0.1
TCP: Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F}: NameServer = 192.168.0.201,192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {9801309D-65C0-4F3B-91BB-25CA998254BE} - hxxp://192.168.0.91:3391/INetViewProj1_01020715.cab
FF - ProfilePath - c:\users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\
FF - prefs.js: browser.startup.homepage - file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF - ExtSQL: !HIDDEN! 2012-10-23 11:47; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-GetRight_is1 - m:\program files (x86)\GetRight\unins000.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-Shareaza_is1 - m:\program files (x86)\Shareaza\Uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2078850058-1484929980-2300844317-1133\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29E5CA1C-27F8-9CE8-CD8A-5E414372F13C}*]
"dabmhbnc"=hex:64,62,63,6f,66,69,6d,6c,62,64,69,70,64,6b,68,65,6b,66,6c,6e,70,
   69,6e,66,64,6f,67,68,6f,67,6f,6c,62,6c,68,67,66,6d,61,6f,00,43
.
[HKEY_USERS\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):24,d4,52,86,79,4d,9d,0e,81,a0,cc,6f,b5,05,fb,1a,69,cd,59,20,08,
   ad,7c,95,61,04,fd,59,dd,2a,87,9b,d7,1b,ee,78,8a,a8,98,b2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\Wow6432Node\CLSID\{8f852b28-9d5b-49d8-ad40-ab72ba512693}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010c
"Therad"=dword:0000001f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-13  16:40:41
ComboFix-quarantined-files.txt  2014-11-13 23:40
.
Pre-Run: 249,525,088,256 bytes free
Post-Run: 261,761,998,848 bytes free
.
- - End Of File - - 7590A7464FEE23D01C16E48A222542A9
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 13 November 2014 - 06:47 PM

Step 1


emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 15 November 2014 - 09:10 PM

Here are the FRST logs.  The EEK report is too big to paste and too big to attach.  How would you like me to handle that?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014
Ran by caseydavis (administrator) on M645 on 15-11-2014 18:51:05
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Loaded Profiles: Casey Davis & caseydavis (Available profiles: Casey Davis & caseydavis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo) C:\Program Files\COMODO\CesmAgent\tvnserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lansweeper.com) C:\Program Files (x86)\Lansweeper\IISexpress\IISexpressSVC.exe
(Lansweeper) C:\Program Files (x86)\Lansweeper\Service\LansweeperService.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Bitberry Software) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m1522\hppfaxprintersrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(NDS Technologies) C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
() C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(COMODO) C:\Program Files\COMODO\CesmAgent\AgnService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(PS Soft Lab) C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\Ignition\LMIIgnition.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\Ignition\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\SymDB.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Telescan LLC) C:\Program Files (x86)\Telescan LLC\On-Call\On-Call Editor\OnCallEditor.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1629400 2013-09-06] (COMODO)
HKLM\...\Run: [HP LaserJet M1522 MFP Series Fax] => C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TrayFactory] => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [466946 2009-03-16] (PS Soft Lab)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-03-03] (HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [PCShowServer] => C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-05] (Siber Systems)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Agent.lnk
ShortcutTarget: Spectrum Agent.lnk -> C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe (Telescan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Messenger (Client).lnk
ShortcutTarget: Spectrum Messenger (Client).lnk -> C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe ()
Startup: C:\Users\Casey Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 127.0.0.1:4444
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - DefaultScope {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - DefaultScope {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKCU - {18DD85CA-5453-4E61-978F-E4EDF0D9E91B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKCU - {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKCU - {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Shareaza Web Download Hook -> {0EEDB912-C5FA-486F-8334-57288578C627} -> M:\Program Files (x86)\Shareaza\RazaWebHook64.dll No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://vc.adp.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {9801309D-65C0-4F3B-91BB-25CA998254BE} http://192.168.0.91:3391/INetViewProj1_01020715.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP8EP1-15699/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.201
Tcpip\..\Interfaces\{0DF69E78-131D-4C5D-871D-4B01953452D9}: [NameServer] 192.168.0.201,192.168.0.1
Tcpip\..\Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F}: [NameServer] 192.168.0.201,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default
FF NewTab: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Homepage: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @citrixonline.com/appdetectorplugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @nds.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: NDS.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCentraUpdater.dll (Saba Software, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplansweepershellexec.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: Garmin Communicator - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Default Full Zoom Level - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-12]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-04-27]
FF Extension: IDM CC - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM\idmmzcc5 [2014-08-01]

Chrome:
=======
CHR Profile: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (IE Tab) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2012-10-02]
CHR Extension: (New Tab Redirect) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2013-01-22]
CHR Extension: (RealDownloader) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-01]
CHR Extension: (IDM Integration Module) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-09-09]
CHR Extension: (Google Wallet) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (RoboForm) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-24]
CHR Extension: (Scripting Dictionary) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\ScriptingDictionary\1.0 [2012-09-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CesmAgentService; C:\Program Files\COMODO\CesmAgent\AgnService.exe [155368 2013-09-16] (COMODO)
R2 CesmVncServer; C:\Program Files\COMODO\CesmAgent\tvnserver.exe [1481592 2013-08-19] (Comodo)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6246912 2013-09-06] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-09-06] (COMODO)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
U2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISExpressSVC; C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [106496 2012-10-17] (Lansweeper.com) [File not signed]
R2 lansweeperservice; C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe [8115200 2013-12-12] (Lansweeper) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\windows\SysWOW64\NMSAccessU.exe [71096 2008-05-03] ()
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rcp_service; C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [329080 2011-02-14] (SupportSoft, Inc.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S4 Virtual TimeClock Server; C:\Program Files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe [6511032 2014-03-19] (Redcort Software)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [138672 2012-04-19] (Symantec Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-14] (Emsisoft GmbH)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-14] (Emsisoft GmbH)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-11] ()
R3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2014-02-07] () [File not signed]
S4 LMIRfsClientNP; No ImagePath
S2 LMIRfsDriver; C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2014-02-07] () [File not signed]
S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [54784 2009-09-17] (--)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2014-02-07] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SymDSMon; C:\windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 SYMSpeedDisk; C:\windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dlcdcecm; system32\DRIVERS\dlcdcecm.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 16:35 - 2014-11-14 16:35 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DESI
2014-11-14 16:34 - 2014-11-14 16:44 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DESI
2014-11-14 16:33 - 2014-11-14 16:33 - 00002567 _____ () C:\Users\Public\Desktop\DESI Labeling System.lnk
2014-11-14 16:32 - 2014-11-14 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESI Labeling System (64-bit)
2014-11-14 16:32 - 2014-11-14 16:33 - 00000000 ____D () C:\ProgramData\DESI
2014-11-14 16:32 - 2014-11-14 16:32 - 00000000 ____D () C:\Program Files\DESI
2014-11-14 10:58 - 2014-11-14 10:58 - 00002925 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\20141114105844.html
2014-11-14 10:58 - 2014-11-14 10:58 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-27
2014-11-14 10:54 - 2014-11-14 10:58 - 00001142 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Index.html
2014-11-14 10:54 - 2014-11-14 10:54 - 00002732 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\20141114105428.html
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-31
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-09
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-08
2014-11-14 08:26 - 2014-11-14 08:26 - 00000749 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-14 08:25 - 2014-11-14 14:56 - 00000000 ____D () C:\EEK
2014-11-14 08:23 - 2014-11-14 08:25 - 157489768 _____ () C:\EmsisoftEmergencyKit.exe
2014-11-13 16:40 - 2014-11-13 16:40 - 00035635 _____ () C:\ComboFix.txt
2014-11-13 15:07 - 2014-11-13 16:40 - 00000000 ____D () C:\Qoobox
2014-11-13 15:07 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-13 15:07 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-13 15:07 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-13 15:05 - 2014-11-13 16:39 - 00000000 ____D () C:\windows\erdnt
2014-11-13 13:47 - 2014-11-15 18:51 - 00000000 ____D () C:\FRST
2014-11-10 17:13 - 2014-11-10 17:13 - 00038849 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\dds.txt
2014-11-10 17:13 - 2014-11-10 17:13 - 00026668 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\attach.txt
2014-11-06 22:29 - 2014-11-06 22:32 - 00002280 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Rkill.txt
2014-11-06 17:22 - 2014-11-06 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 15:49 - 2014-11-06 15:49 - 00002664 _____ () C:\windows\SysWOW64\FSS.txt
2014-11-06 15:40 - 2014-11-15 18:51 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
2014-11-04 12:03 - 2014-11-06 17:22 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 12:03 - 2014-11-06 17:21 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-04 12:03 - 2014-11-04 12:03 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-04 11:12 - 2014-11-04 11:12 - 00003240 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 11:11 - 2014-11-04 11:11 - 00003364 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 09:10 - 2014-11-04 09:10 - 00021775 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\CisReport_v6.3.292438.2917_20141104-091035.zip
2014-11-03 17:07 - 2014-11-03 17:08 - 00279320 _____ () C:\windows\Minidump\110314-39842-01.dmp
2014-10-29 09:57 - 2014-10-29 06:56 - 00279820 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\100-07-10292014075347.WAV

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 18:50 - 2011-05-05 20:52 - 00000176 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-15 18:43 - 2011-11-16 10:59 - 00000270 _____ () C:\windows\Tasks\NUSchedule.job
2014-11-15 18:43 - 2011-11-16 10:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-15 18:28 - 2010-12-15 20:04 - 01461018 _____ () C:\windows\WindowsUpdate.log
2014-11-15 18:22 - 2014-05-13 13:01 - 00000548 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job
2014-11-15 18:08 - 2012-12-26 16:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 13:13 - 2010-10-28 21:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 11:50 - 2011-05-12 10:51 - 00000412 _____ () C:\windows\Tasks\Free File Viewer Update Checker.job
2014-11-15 02:30 - 2012-05-23 14:44 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-15 00:03 - 2014-08-04 11:53 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\LogMeInIgnition
2014-11-14 19:04 - 2011-11-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 15
2014-11-14 17:02 - 2011-05-05 21:13 - 00133192 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 16:28 - 2012-04-17 10:50 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Applian FLV and Media Player
2014-11-14 16:27 - 2013-03-26 08:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-14 14:50 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 14:50 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 14:40 - 2009-07-13 22:13 - 00796250 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-14 14:35 - 2012-05-31 15:46 - 00000000 ____D () C:\TEMP
2014-11-14 14:34 - 2014-08-04 11:53 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-14 14:34 - 2014-08-04 11:53 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-14 14:34 - 2010-12-15 20:33 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2014-11-14 14:31 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-14 14:31 - 2009-07-13 21:51 - 00007463 _____ () C:\windows\setupact.log
2014-11-14 14:30 - 2010-10-28 21:10 - 00320988 _____ () C:\windows\PFRO.log
2014-11-14 13:08 - 2010-10-28 21:08 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 13:08 - 2010-10-28 21:08 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:08 - 2010-10-28 21:08 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 16:40 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-11-13 16:38 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DMCache
2014-11-13 16:38 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-11-13 16:36 - 2014-02-27 17:35 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-13 16:36 - 2011-05-05 20:55 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM
2014-11-13 15:08 - 2011-05-06 00:57 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\CrashDumps
2014-11-11 22:54 - 2014-05-13 13:01 - 00003602 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-11 18:08 - 2012-12-26 16:02 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:08 - 2012-12-26 16:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:08 - 2012-12-26 16:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 11:11 - 2012-05-24 23:19 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Symantec
2014-11-07 12:34 - 2011-05-06 13:47 - 00000000 ____D () C:\Shared
2014-11-07 12:30 - 2011-05-06 15:13 - 00002324 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\My Documents - Shortcut.lnk
2014-11-07 12:05 - 2012-11-05 15:38 - 00001640 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Appointment Reminders.lnk
2014-11-07 08:14 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-07 08:09 - 2011-05-06 10:34 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Sidebar7
2014-11-07 08:00 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Resources
2014-11-06 22:28 - 2012-08-23 13:49 - 00003974 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9179F1-EA8F-4343-8435-DC33117DF46D}
2014-11-06 20:55 - 2014-02-26 10:38 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\TAS Scheduler Data
2014-11-06 17:17 - 2012-05-10 20:03 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Audacity
2014-11-06 15:48 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM
2014-11-04 12:03 - 2012-10-18 09:30 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-04 08:47 - 2013-10-11 14:13 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-11-03 17:07 - 2012-08-15 13:42 - 1180372470 _____ () C:\windows\MEMORY.DMP
2014-11-03 17:07 - 2012-08-15 13:42 - 00000000 ____D () C:\windows\Minidump
2014-11-03 17:05 - 2014-08-04 11:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-03 17:04 - 2014-08-04 11:53 - 00107392 _____ () C:\windows\system32\LMIRfsClientNP.dll
2014-11-03 17:04 - 2014-08-04 11:53 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2014-11-03 17:04 - 2014-08-04 11:52 - 00092520 _____ () C:\windows\system32\LMIinit.dll
2014-11-03 13:49 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-03 10:30 - 2011-05-16 12:57 - 00010136 _____ () C:\windows\tba40.INI
2014-10-22 08:18 - 2014-08-04 11:53 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-22 08:18 - 2014-08-04 11:52 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll.000.bak
2014-10-18 08:18 - 2014-08-04 11:53 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll.001.bak

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:47

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014
Ran by caseydavis at 2014-11-15 18:52:08
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

#1 Sound Recorder 4.7.3 (HKLM-x32\...\#1 Sound Recorder_is1) (Version:  - Aonesoft.com,Inc.)
3D Photo Browser 9.2 (HKLM\...\3D Photo Browser (x64 bits)) (Version: 9.2 - Mootools)
4TOPS Compare Spreadsheets using Excel 3.0 (HKLM-x32\...\xlcompare_is1) (Version: 3.0 - AGORA Software BV)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Advanced Batch Converter (HKLM-x32\...\Advanced Batch Converter) (Version: 5.5 - BatchConverter.com)
Advanced IP Scanner (HKLM-x32\...\{6A30BC34-090D-4A77-A184-58B44ACE9B34}) (Version: 2.0.106 - Famatech)
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version:  - )
AI RoboForm (HKU\S-1-5-21-1278352989-1785949783-4017258536-1000\...\AI RoboForm) (Version:  - )
All Media Fixer 9.03 (HKLM-x32\...\All Media Fixer_is1) (Version:  - New Live Software, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.14 - Google Inc.)
Angry Birds (HKLM-x32\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
BackStreet Browser 3.1 (HKLM-x32\...\BackStreet Browser_is1) (Version:  - )
Best Buy pc app (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BlackVox Playback (HKLM-x32\...\BlackVox Playback) (Version:  - )
Boilsoft ASF Converter 2.68 (HKLM-x32\...\Boilsoft ASF Converter_is1) (Version:  - Boilsoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
COMODO Endpoint Security (HKLM\...\{093F13A3-177C-493E-8958-912A0C690B64}) (Version: 6.3.30294.2917 - COMODO Security Solutions Inc.)
COMODO ESM Agent (HKLM\...\{ED7608DB-B426-4A61-9E1F-120A9810B291}) (Version: 3.0.60913.7 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cool Edit 96 (HKLM-x32\...\Cool Edit 96) (Version:  - )
CopyTrans Suite Remove Only (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CSV2TAB (HKLM-x32\...\CSV2TAB) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DESI Labeling System (HKLM-x32\...\DESI Labeling System 3.6.7.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.)
DESI Labeling System (HKLM-x32\...\DESI Labeling System) (Version: 2.5 - DESI Telephone Labels, Inc.)
DESI Labeling System (Version: 3.6.7.0 - DESI Telephone Labels, Inc.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}) (Version: 8.0 - DIRECTV)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DisplayLink Core Software (HKLM\...\{61A641A9-9CC7-421F-85CD-A8CDDEE4E3F2}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{C790E802-DB1C-402A-92FB-858AB2925BF6}) (Version: 7.4.51587.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Duplicate Email Remover (HKLM-x32\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 3.0.0 - MAPILab Ltd.)
EASEUS Data Recovery Wizard Free Edition 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Free Edition 5.5.1_is1) (Version:  - EASEUS)
EIPARSE2K3 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Elevated Installer (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Email Decryption 13.1.1.3 (HKLM-x32\...\Email Decryption 13.1.1.3) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ffdshow x64 v1.1.4257 [2012-01-15] (HKLM\...\ffdshow64_is1) (Version: 1.1.4257.0 - )
File And MP3 Tag Renamer 2.2 (HKLM-x32\...\File And MP3 Tag Renamer_is1) (Version:  - 123Renamer.com)
FileLocator Pro x64 (HKLM\...\{2C4DF8C4-9BCF-4D29-895C-CD108AC1BE3F}) (Version: 7.2.2038.1 - Mythicsoft Ltd)
Flash Renamer 6.2 (HKLM-x32\...\Flash Renamer_is1) (Version:  - RL Vision)
FlowBreeze3 (HKLM-x32\...\{63A7070F-4C77-4C59-91CC-B155D4F2076F}) (Version: 3.0.0 - BreezeTree)
Folder Maker Personal Edition (HKLM-x32\...\{D58DC0AC-3532-4902-990A-B07B32F00136}) (Version: 1.1.0 - Lim, Chooi Guan)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Freenet version 0.7.5 build 1465 (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\{3196C62F-9C7B-4392-88B4-05C037D05518}_is1) (Version: 0.7.5 build 1465 - freenetproject.org)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{447c27b7-3a63-4cb2-a49c-864050f9a50f}) (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.25.000 - Runtime Software)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
GoldWave v5.67 (HKLM-x32\...\GoldWave v5.67) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.3.1963 (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Heatsoft ADCS (HKLM-x32\...\Heatsoft ADCS) (Version:  - )
Heatsoft ADCS 2.01 (HKLM-x32\...\Heatsoft ADCS_is1) (Version: 2.01 build 1 - Heatsoft Corporation)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet M1522 MFP Series 4.2 (HKLM\...\{C8A37F1F-E13B-48ae-93F8-4669264969F9}) (Version: 4.2 - HP)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
hppFaxDrvM1522 (x32 Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (x32 Version: 000.105.00107 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.300.00005 - Hewlett-Packard) Hidden
hppLJM1522 (x32 Version: 002.101.00002 - Hewlett-Packard) Hidden
hppManualsM1522 (x32 Version: 002.103.00002 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
hppScanTo (x32 Version: 002.102.00003 - Hewlett-Packard) Hidden
hppSendFaxM1522 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1522 (x32 Version: 001.005.00009 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 005.013.00185 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Information Tables Editor 11.1.0.0 (HKLM-x32\...\Information Tables Editor 11.1.0.0) (Version:  - )
Information Tables Editor 12.2.0.0 (HKLM-x32\...\Information Tables Editor 12.2.0.0) (Version:  - )
Information Tables Editor 13.2.0.0 (HKLM-x32\...\Information Tables Editor 13.2.0.0) (Version:  - )
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java™ SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LANguard Network Scanner (HKLM-x32\...\{56FBF401-0D15-4BA7-B7EE-2BECD86FC8DA}) (Version:  - )
Lansweeper (HKLM-x32\...\Lansweeper_is1) (Version: 5.1 - Lansweeper.com)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LogMeIn (HKLM-x32\...\{9905E4C1-14D8-4522-88FE-FD00B51A20DC}) (Version: 4.1.4408 - LogMeIn, Inc.)
Lorex Client 12 (HKLM-x32\...\Lorex Client 12) (Version: Ver:3.1.32 - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Media Player Classic fr (HKLM-x32\...\Media Player Classic) (Version: 6.4.9.0 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MessageStudio 2.5 (HKLM-x32\...\MessageStudio_2.1.1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Utilities 15 (HKLM-x32\...\Norton Utilities 15_is1) (Version: 15.0 - Symantec Corporation)
NotePager 32 v3.0 (HKLM-x32\...\NotePager 32 v3.0) (Version: NotePager 32 v3.0 - NotePage, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
On-Call Editor (HKLM-x32\...\{7C8F060A-C8D8-4BB5-B448-21C4FB769198}) (Version: 11.1.0.0 - Telescan LLC)
OnCall Editor 12.2.0.0 (HKLM-x32\...\OnCall Editor 12.2.0.0) (Version:  - )
OnCall Editor 13.2.0.0 (HKLM-x32\...\OnCall Editor 13.2.0.0) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PdaNet for Android 3.00 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
PS Tray Factory 3.0 (HKLM-x32\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Qwest QuickAssist Desktop Tools (HKLM-x32\...\{95DD6A08-2313-4D5B-8BEB-37968D0D799C}) (Version: 21 - SupportSoft)
ReaConverter 5.5 Pro (HKLM-x32\...\ReaConverter 5.5 Pro_is1) (Version:  - ReaSoft)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Toolbox for Outlook 1.0 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version:  - Recovery ToolBox)
Registrar Registry Manager 6.02 (HKLM\...\Registrar_is1) (Version:  - Resplendence Software Projects Sp.)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Saba Client (HKLM-x32\...\CentraClient) (Version:  - )
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Script Designer 12.2.0.0 (HKLM-x32\...\Script Designer 12.2.0.0) (Version:  - )
Script Designer 13.2.0.0 (HKLM-x32\...\Script Designer 13.2.0.0) (Version:  - )
Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
Seagate Drive Settings Installer (x32 Version: 1.00.0000 - Seagate Technologies LLC) Hidden
Shareaza 2.5.5.0 (HKLM-x32\...\Shareaza_is1) (Version: 2.5.5.0 - Shareaza Development Team)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartFTP Client (HKLM\...\{9364B867-D5EA-427B-A5FD-F2C42333130A}) (Version: 4.1.1314.0 - SmartSoft Ltd.)
SmartFTP Client 3.0 Setup Files (remove only) (HKLM-x32\...\SmartFTP Client 3.0 Setup Files) (Version: 3.0 - SmartSoft)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spectrum Messenger (Client) (HKLM-x32\...\Spectrum Messenger (Client)) (Version: 12.02.00.00 - Telescan, LLC)
Spectrum Script Designer (HKLM-x32\...\{0222A3C4-C66E-41F5-8C30-0DC772A87497}) (Version: 11.1.0.0 - Telescan)
Spectrum Spell Check & Thesaurus (HKLM-x32\...\Spectrum Spell Check & Thesaurus) (Version:  - )
Spectrum Spell Check and Thesaurus (HKLM-x32\...\Spectrum Spell Check and Thesaurus) (Version: 12.02.00.00 - Telescan, LLC)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 10.5.2.2570 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Outlook 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 2000-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2010) (Version:  - Stamps.com, Inc.)
Stat/Transfer 11 (64-Bit) (HKLM\...\StatTransfer11-64) (Version: 11 (64-Bit) - Circle Systems)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
stunnel (HKLM-x32\...\stunnel) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version:  - 2BrightSparks)
SysTools Outlook PST Viewer v4.0 version SysTools Outlook PST Viewer v4.0 (HKLM-x32\...\{6D4F8DDE-707B-468F-A4FA-502A2A5FC3CE}_is1) (Version: SysTools Outlook PST Viewer v4.0 - SysTools Software)
TAB2CSV (HKLM-x32\...\TAB2CSV) (Version:  - )
TASScheduler (HKLM-x32\...\{A6674D18-CB15-49E4-9123-6E408FDE162F}) (Version: 3.2.0 - Creative Wizard)
Telescan Email Decryption (HKLM-x32\...\Telescan Email Decryption) (Version:  - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TreeSize Professional 5.3.1 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.1 - JAM Software)
Trim Spaces for Microsoft Excel 1.1 (HKLM-x32\...\Trim Spaces for Microsoft Excel_is1) (Version: 1.1 - Add-in Express Ltd.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.1 - Tweaking.com)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 17.30.1002 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 17.30.1002 - IDM Computer Solutions, Inc.) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )
USB-Ethernet Adapter Device (HKLM-x32\...\USB-Ethernet Adapter Device) (Version:  - )
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual TimeClock Pro Client (HKLM-x32\...\{4D63D226-9FAA-4190-A008-238B93BF434D}_is1) (Version: 14.1 - Redcort Software Inc.)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.1 - WebM Project)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{302A1E2E-DD58-4673-BC99-9CC10EC2637A}) (Version: 24.6.2012 - BillP Studios)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
X-Lite (HKLM-x32\...\{426E4F54-EFFE-4C5B-A02A-23CFE8C3C679}) (Version: 50.6.7284 - CounterPath Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XXConsole: Super Console Generator  ver 0.96 (HKLM-x32\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0812C763-C73E-3633-BC20-DF7C8BF52BC3}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0B11DA33-53A5-3A4D-A49F-7DEE43C7AD95}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7[1].gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{116E35BE-87EA-38D7-9F18-2B688DC946AF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{17B3774F-0F76-3263-8E6C-FAF221DC9285}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{1CB0AF6C-28DB-312F-B473-15B1D07F5AF7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{1EC5A567-A745-3F53-B7FB-ED733072564C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{22C88A52-59DD-3A25-A612-AE880F7E204A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{24CC2B9E-781E-37E3-A5FF-C1DAE029F839}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{2BF92F7B-1E1F-315D-981F-5DE3555064B0}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{2F6941DA-56A6-357E-B7BA-FF835AB8A4E2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{34668BB5-E36F-3061-8AD8-F41A82147A76}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{39930B0E-5665-3B37-8B55-B509F1470352}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{3FE65992-0D1A-3472-8F08-FC40FEC834CE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{48CB6129-BB54-3A61-873E-25F85EA71399}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{4A0AEFA7-5E2D-38CE-8238-2DC36F4EB0C1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{526D752F-B8BB-30D6-9740-DC153A374B0D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{52B38025-1F77-39E1-A37E-CAF8B9D7C86D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{52EB2548-80F0-3091-9AD7-9093760A80C7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{5471E1AB-1A86-3CDF-B8FB-21A44DC0B9AD}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{54DE564C-6FEB-321A-B523-ECC713CD28DC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{568F06CC-F0F0-36C5-84AA-634D48DCAFAA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{59243C39-A255-316C-92F6-F5DCDC116FEA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{663E7799-B0C9-352C-84EB-70661ECC740A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{66B5FAF1-135B-3E9A-A058-C9C82ADE6A50}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{6EF0A29F-51E2-3D04-929B-8CE2D3049CC4}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{713656AF-4B2F-3C0C-BB79-27236AF8D0BF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{82B3F799-7943-322A-86CA-0B7DC2E6E08B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{88F08235-E32C-3F6C-9994-DF3B3CD5F9E6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{8A4B09CA-841D-3C8C-9F7C-94E39EB949A6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{8DF05FC5-F0DE-3B96-A738-E0DB34E606FB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9133B5FA-74DC-3B6D-B88E-D06AFB445C5B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{93C81FEB-3CE0-32C0-8766-68A245045656}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9BE4C1EF-2BAA-32C6-84EF-4CB66E16F9D8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9C30F31A-7AAC-3B27-99F0-C793D384681F}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{A7AB17B5-2566-3249-A715-6A64451DF7FB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{AF743B9E-0CBA-3F10-AEDD-D0668DF19518}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{B4C3B773-BAB0-3BF1-8486-C82398C144EB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{B745F928-6581-3869-8C25-E91717F38558}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{BD059A52-32D5-32DB-A650-242D819F75F6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{C0308E93-8EF5-4F08-8511-6D19A06EBDCD}\InprocServer32 -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{C99CE0B8-7C00-3C5B-B7B9-7E551D753938}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CA22E8DA-AF8F-311F-B765-699538794C14}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CA2D99B2-E9DA-3132-A47C-59FA2478D6BA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CD1032C7-ABB1-3C73-B2A9-398C058029B6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{D75DBE73-8F45-3624-A7A6-11A1E4B39F07}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DC06F929-072A-3856-8AB4-FD91871C5ECE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DE32423D-F8F9-39BA-9445-BEC6A66A0E39}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DFAB2AEB-59D8-3E25-B85C-BF4E5B7AC631}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{E1FDE918-F0F5-3188-AC3B-1EDA60FF3A03}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{E2718554-5373-3CE4-B8FB-D8ECEEBFB6BC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{EA6AE3EA-3B3B-3232-B16D-35871968534C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{ECB036FA-25A9-3AFE-BA88-213B5C28D8ED}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

05-11-2014 02:05:17 Made by Norton Utilities                                        ì
06-11-2014 02:04:35 Made by Norton Utilities                                        ì
07-11-2014 02:05:44 Made by Norton Utilities                                        ì
07-11-2014 05:26:51 Malwarebytes Anti-Rootkit Restore Point
12-11-2014 02:04:56 Made by Norton Utilities                                        ì
14-11-2014 02:01:12 Made by Norton Utilities                                        ì
14-11-2014 23:27:22 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
14-11-2014 23:31:04 Installed DESI Labeling System
15-11-2014 02:03:53 Made by Norton Utilities                                        ì

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-11-13 16:38 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0030B1DD-A21C-4619-95CF-29A762807DB0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {01FD2247-64A8-4B83-9002-2F016D0A4715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0C9E951E-15D6-4383-B4A9-1B7A8944D5F4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {1388B1C0-81ED-421F-AF72-957320C7D26C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1416A722-7573-4CFA-A574-C2EC4DCBD5E7} - System32\Tasks\{BE4B434F-299D-42C3-A286-E7ECCF092B72} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {1DC6F1DD-B949-4B9C-BA31-175B0D235DD8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {217C1E12-C167-4CBF-BB3D-A6445A38B156} - System32\Tasks\{8E425697-ED08-4FA7-8E7A-559BE3D9B38A} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {2C68CB39-D62B-4E26-AF03-564898351314} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2FDBF1FA-61A1-43A8-A6B3-D293DACACDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {323CB878-198F-4A01-B116-0488BFF45C10} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {35FFF20D-4772-42A2-BFFB-F25A4CCC3EF3} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-2078850058-1484929980-2300844317-1133\{750FDF10-2A26-11D1-A3EA-080036587F03}\Offline Files Sync Schedule 1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {36A8F72C-96B9-4CC7-A1D9-6EFC5493DCC2} - System32\Tasks\{B3B7985A-5437-403A-9250-44BE89CB12CC} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {428EF927-6B83-4EBA-AC2E-CFFB958A4D0D} - System32\Tasks\{67B1FB5D-3216-4289-8D5F-C8D9FF935C90} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {42D2816A-3F6B-4295-B7F4-97F6D61F7C43} - System32\Tasks\{1A22BC20-08F0-448B-8CA4-06AB2B23E3D0} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {495BA680-B0E6-47BF-8D70-09E977A53A23} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-05] (Bitberry Software)
Task: {4B4EDEDA-43E9-457F-8B5F-43ACC5A4F56F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {595DD852-4B5A-4C5D-9BF7-7C02A2490DA8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [2009-03-16] (PS Soft Lab)
Task: {5D223C8C-A9B9-436F-A383-18DE789FD37B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5E022B76-DA55-4EF6-8B4F-CC4B927977A3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5F60A84F-BA3D-4DE8-B811-63595D26D7E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {62959128-EACB-40AC-80BE-43392E034355} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Norton Utilities 15\nu.exe [2012-04-19] (Symantec Corporation)
Task: {6A78132C-3BB9-479C-B949-651A025797EF} - System32\Tasks\{4C08D109-4CC2-4A8E-8F4A-BBFFFA02B630} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {7856CCED-7441-4431-9154-18877BBDA6E3} - System32\Tasks\{E8E3F252-CA8E-4D12-9394-9C981841336C} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {7E9652AB-17E7-4F88-9D6F-99729BF5B904} - System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8CF67F33-83D2-4B98-9ECD-E16EF2C635DE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {99D78F8C-34F8-4C7F-81FE-D04FB3081DB8} - System32\Tasks\HotSwap! Applet => C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Temp\wz497f\64bit\HotSwap!.EXE <==== ATTENTION
Task: {9FBDE7B0-1105-434B-A80C-63A74DFD74F3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A9A1370A-4354-419D-AFD9-84891A0774AB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-09-18] ()
Task: {B0BEDFB6-2F67-4DF5-B9F9-69C1BB63886B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {C772AE47-763E-4568-93C6-1216055AC57B} - System32\Tasks\{21A1B553-60A3-49CA-BD99-2E09A00E283C} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {CB1870C5-202F-4A62-BA76-C025888067C1} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E7980A99-B78B-45AB-8CCC-02DC26DA4DC7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {EE410212-6B1D-4B9B-834F-00E3D9629F00} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {F28731AD-2665-4704-8034-C4E069B18F49} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F47205BA-A3C7-4CB6-BEAE-F523CB0C20E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FBE20F5C-12A6-47E9-AE66-CC0F38292825} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job => C:\Program Files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Norton Utilities 15\nu.exe

==================== Loaded Modules (whitelisted) =============

2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-05-12 11:05 - 2008-05-03 11:31 - 00071096 ____N () C:\windows\SysWOW64\NMSAccessU.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-10-01 19:34 - 2012-10-01 19:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 06442920 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-10-25 05:55 - 2012-10-24 04:48 - 07088640 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-05-12 11:01 - 2009-03-16 15:05 - 00053248 _____ () C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-10-25 05:55 - 2002-08-27 17:26 - 00016896 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\TS_HM.dll
2011-05-12 11:01 - 2009-01-28 11:42 - 00053248 _____ () C:\Program Files (x86)\PS Tray Factory\HKDll.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 00273824 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\ndsLogStore.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 02203048 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\DrmSingleton.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 07123880 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\gsttspplugin.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 00688560 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 01402784 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\libxml2-2.dll
2012-10-15 14:39 - 2012-10-15 14:39 - 00091536 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\z.dll
2012-10-25 05:55 - 2002-08-27 17:35 - 00016896 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\TS_HK.dll
2012-04-17 10:15 - 2011-04-14 18:01 - 00548854 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00061440 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00516096 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00840192 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00130560 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
2010-03-03 09:41 - 2010-03-03 09:41 - 00086016 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
2010-03-03 09:41 - 2010-03-03 09:41 - 00835584 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
2009-10-15 07:25 - 2009-10-15 07:25 - 00364544 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 00125056 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL
2012-10-01 19:32 - 2012-10-01 19:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-09-22 08:06 - 2014-09-22 08:07 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-11 18:08 - 2014-11-11 18:08 - 16840880 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\Bluestream.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\bootstat.dat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\c96unins.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\CD_Start.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\comsetup.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\cool.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\csup.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DESI.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DirectX.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DPINST.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\DtcInstall.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\HomePremium.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\ie8_main.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\IE9_main.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\iun502.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\LGNSlog.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\msdfmap.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\msxml4-KB954430-enu.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\msxml4-KB973688-enu.LOG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\ODBC.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\PFRO.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\Professional.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\regtlib.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\RtlExUpd.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\Setup1.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\ST6UNST.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\Starter.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\SynInst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\tba40.INI:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\TSSysprep.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\win.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\WindowsUpdate.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\WLXPGSS.SCR:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\xpsp1hfm.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\xvport.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\windows\õL:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\advanced_ip_scanner_MAC.bin:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\s-1-5-21-2078850058-1484929980-2300844317-1133.rrr:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: scheduler_monitor => C:\Program Files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: X-Lite => "C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe" -bootload

========================= Accounts: ==========================

Administrator (S-1-5-21-1278352989-1785949783-4017258536-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1278352989-1785949783-4017258536-1003 - Limited - Enabled)
Casey Davis (S-1-5-21-1278352989-1785949783-4017258536-1000 - Administrator - Enabled) => C:\Users\Casey Davis
Guest (S-1-5-21-1278352989-1785949783-4017258536-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® WiMAX 6250
Description: Intel® Centrino® WiMAX 6250
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: bpmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor (DPMS)
Description: Generic PnP Monitor (DPMS)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: radpms
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor (DPMS)
Description: Generic PnP Monitor (DPMS)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: radpms
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 02:41:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/15/2014 08:40:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/15/2014 05:08:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/15/2014 05:08:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/15/2014 02:39:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/15/2014 00:30:01 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (11/14/2014 08:39:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/14/2014 07:00:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location \\NUS2000\caseydavis\usb3-disk1\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/14/2014 04:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program amp.exe version 3.1.1.12 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e24

Start Time: 01d00062c1708538

Termination Time: 9

Application Path: C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe

Report Id: 0e5c1a31-6c56-11e4-99d8-0050b6597822

Error: (11/14/2014 02:56:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program a2emergencykit.exe version 9.0.0.4523 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2230

Start Time: 01d0005453511034

Termination Time: 9

Application Path: C:\EEK\bin\a2emergencykit.exe

Report Id: 113fd0c5-6c49-11e4-99d8-0050b6597822


System errors:
=============
Error: (11/14/2014 04:16:34 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (11/14/2014 02:45:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Ghost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/14/2014 02:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (11/14/2014 02:45:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (11/14/2014 02:44:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (11/14/2014 02:44:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (11/14/2014 02:43:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (11/14/2014 02:43:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (11/14/2014 02:43:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (11/14/2014 02:43:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.


Microsoft Office Sessions:
=========================
Error: (11/15/2014 02:41:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/15/2014 08:40:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/15/2014 05:08:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/15/2014 05:08:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/15/2014 02:39:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/15/2014 00:30:01 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader.dll.ManifestC:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader.dll.Manifest2

Error: (11/14/2014 08:39:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/14/2014 07:00:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\NUS2000\caseydavis\usb3-disk1\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/14/2014 04:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: amp.exe3.1.1.122e2401d00062c17085389C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe0e5c1a31-6c56-11e4-99d8-0050b6597822

Error: (11/14/2014 02:56:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: a2emergencykit.exe9.0.0.4523223001d00054535110349C:\EEK\bin\a2emergencykit.exe113fd0c5-6c49-11e4-99d8-0050b6597822


CodeIntegrity Errors:
===================================
  Date: 2014-11-13 16:36:26.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 16:36:26.269
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-04 15:49:38.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-04 15:25:29.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-04 15:12:07.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-28 17:04:46.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 23:06:56.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 23:00:00.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 22:46:11.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 22:38:38.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 7986.67 MB
Available physical RAM: 3801.16 MB
Total Pagefile: 15971.54 MB
Available Pagefile: 11722.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Main_1) (Fixed) (Total:582.67 GB) (Free:245.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Main_2) (Fixed) (Total:335.34 GB) (Free:333.73 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 62FD86AC)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=582.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
Partition 4: (Not Active) - (Size=335.3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00070815)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 16 November 2014 - 05:24 AM

The EEK report is too big to paste and too big to attach.  How would you like me to handle that?

 

 

Hi,

please try this:

http://www.zippyshare.com/


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 17 November 2014 - 11:35 AM

Here you go:

 

http://www18.zippyshare.com/v/30496363/file.html



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 17 November 2014 - 02:24 PM

Thank you! :)
 
Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   5.82KB   5 downloads

Let's do a final check up:

Step 2


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 4
frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
Step 5
Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
lesestoff.png
Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 18 November 2014 - 04:20 PM

I am still having issues with Bad Image errors.  In particular I get:

 

LoginUI.exe - Bad Image

C:\windows\system32\LMIinit.dll is either not designed to run on Windows or it contains an error.  Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

 

The file name can change. Most of them seem to be related to LogMeIn.

 

 

HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : M645
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : MEDICALTELECOMM\caseydavis
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-11-17 13:45:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1h 1m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 61

   Objects scanned . . . : 3,299,496
   Files scanned . . . . : 207,979
   Remnants scanned  . . : 1,266,781 files / 1,824,736 keys

Suspicious files ____________________________________________________________

   C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,116,608 bytes
      Age  . . . . . . . : 4.0 days (2014-11-13 13:46:53)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7F5AA1B307A235B4D709F14961D7EF72EE8D74EA23B97864C3B95F2907459567
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FRST-OlderVersion\FRST64.exe

   C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FRST64.exe
      Size . . . . . . . : 2,117,120 bytes
      Age  . . . . . . . : 0.0 days (2014-11-17 12:54:47)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 7D55B30D8568092310909B5B8E0630C67AB498D4A9ABA88B730301C0E91F39D4
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 10.9 days (2014-11-06 15:47:57)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FSS.exe
      Forensic Cluster
         -24.2s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\checkup.txt
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FSS.exe
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FSS.exe

   C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 10.9 days (2014-11-06 15:49:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -26.4s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\FSS.txt
          0.0s C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\MiniToolBox.exe

   C:\windows\system32\DRIVERS\lmimirr.sys
      Size . . . . . . . : 11,552 bytes
      Age  . . . . . . . : 282.9 days (2014-02-07 15:29:20)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1
      Product  . . . . . : LogMeIn
      Publisher  . . . . : LogMeIn, Inc.
      Description  . . . : LogMeIn Mirror Miniport Driver
      Version  . . . . . : 2.50.596
      Copyright  . . . . : Copyright © 2003-2007 LogMeIn, Inc. US patents pending.
      Service  . . . . . : lmimirr
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 45.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Starts automatically as a service during system bootup.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\lmimirr\

   C:\windows\system32\drivers\LMIRfsDriver.sys
      Size . . . . . . . : 72,216 bytes
      Age  . . . . . . . : 105.1 days (2014-08-04 11:53:01)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499
      Product  . . . . . : LogMeIn
      Publisher  . . . . : LogMeIn, Inc.
      Description  . . . : LogMeIn Rfs Drivemap Driver
      Version  . . . . . : 2.5.3.0
      Copyright  . . . . : Copyright © 2003-2008 LogMeIn, Inc. US patents pending.
      Service  . . . . . : LMIRfsDriver
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 47.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Starts automatically as a service during system bootup.
         Program starts automatically without user intervention.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\LMIRfsDriver\

   C:\windows\system32\DRIVERS\radpms.sys
      Size . . . . . . . : 14,944 bytes
      Age  . . . . . . . : 282.9 days (2014-02-07 15:29:20)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : BF8FA094A9DE0742673A6CF9A768FC61A570F39B78DBC134D8B93D55EB5D4C7C
      Product  . . . . . : RemotelyAnywhere
      Publisher  . . . . : LogMeIn, Inc.
      Description  . . . : RemotelyAnywhereDpmsSecure Device Driver
      Version  . . . . . : 9.0.1023
      Copyright  . . . . : Copyright © 1998-2010 LogMeIn, Inc. All rights reserved.
      Service  . . . . . : radpms
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 45.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Starts automatically as a service during system bootup.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\radpms\

   C:\windows\system32\lmimirr.dll
      Size . . . . . . . : 35,616 bytes
      Age  . . . . . . . : 282.9 days (2014-02-07 15:29:20)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 2D34E12B801499E559589E5C87D05B486BA235ACEC2297014DD5743184371FDF
      Product  . . . . . : LogMeIn
      Publisher  . . . . : LogMeIn, Inc.
      Description  . . . : LogMeIn Mirror Driver
      Version  . . . . . : 2.50.596
      Copyright  . . . . : Copyright © 2003-2007 LogMeIn, Inc. US patents pending.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 42.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

   C:\windows\system32\lmimirr2.dll
      Size . . . . . . . : 14,624 bytes
      Age  . . . . . . . : 282.9 days (2014-02-07 15:29:20)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 237DC2C804BE5F5433EC41D8FCB4DE942772328378D2DE5B7C8C769427E40319
      Product  . . . . . : LogMeIn
      Publisher  . . . . : LogMeIn, Inc.
      Description  . . . : LogMeIn Video Helper
      Version  . . . . . : 2.50.596
      Copyright  . . . . : Copyright © 2003-2007 LogMeIn, Inc. US patents pending.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 42.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Web Data

   HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)

Cookies _____________________________________________________________________

   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:synacortoshiba.112.2o7.net
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:t.pointroll.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Casey Davis\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:adtechus.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:advertising.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:ar.atwola.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:at.atwola.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:atdmt.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:atwola.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:casalemedia.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:doubleclick.net
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:fastclick.net
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:mediaplex.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:ru4.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:serving-sys.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\cookies.sqlite:warnerbros.112.2o7.net
 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fdb99efd4bee864abf0ad586275ea6c7
# engine=21149
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-18 08:42:11
# local_time=2014-11-18 01:42:11 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 167886781 0 0
# scanned=453840
# found=1
# cleaned=0
# scan_time=13276
sh=ADF731400B8570BFE3A002B0BF70C6E6AAF63AEC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Download3.zip"
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by caseydavis (administrator) on M645 on 18-11-2014 14:04:28
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Loaded Profiles: Casey Davis & caseydavis (Available profiles: Casey Davis & caseydavis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo) C:\Program Files\COMODO\CesmAgent\tvnserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lansweeper.com) C:\Program Files (x86)\Lansweeper\IISexpress\IISexpressSVC.exe
(Lansweeper) C:\Program Files (x86)\Lansweeper\Service\LansweeperService.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMODO) C:\Program Files\COMODO\CesmAgent\AgnService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m1522\hppfaxprintersrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(NDS Technologies) C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
() C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Telescan) C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe
() C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(PS Soft Lab) C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\SymDB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\Ignition\LMIIgnition.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\Ignition\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() \\ASSISTANT1\TBA40\TBA40.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1629400 2013-09-06] (COMODO)
HKLM\...\Run: [HP LaserJet M1522 MFP Series Fax] => C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TrayFactory] => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [466946 2009-03-16] (PS Soft Lab)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-03-03] (HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [PCShowServer] => C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-05] (Siber Systems)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Agent.lnk
ShortcutTarget: Spectrum Agent.lnk -> C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe (Telescan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Messenger (Client).lnk
ShortcutTarget: Spectrum Messenger (Client).lnk -> C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe ()
Startup: C:\Users\Casey Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2078850058-1484929980-2300844317-1133] => 127.0.0.1:4444
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1278352989-1785949783-4017258536-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
HKU\S-1-5-21-1278352989-1785949783-4017258536-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
HKU\S-1-5-21-1278352989-1785949783-4017258536-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\Software\Microsoft\Internet Explorer\Main,Start Page = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> DefaultScope {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL =
SearchScopes: HKU\S-1-5-21-1278352989-1785949783-4017258536-1005 -> DefaultScope {ED3C120D-5172-4C11-9438-DEDD5FFBA19D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-1278352989-1785949783-4017258536-1005 -> {ED3C120D-5172-4C11-9438-DEDD5FFBA19D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> DefaultScope {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {18DD85CA-5453-4E61-978F-E4EDF0D9E91B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1278352989-1785949783-4017258536-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://vc.adp.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {9801309D-65C0-4F3B-91BB-25CA998254BE} http://192.168.0.91:3391/INetViewProj1_01020715.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP8EP1-15699/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.201
Tcpip\..\Interfaces\{0DF69E78-131D-4C5D-871D-4B01953452D9}: [NameServer] 192.168.0.201,192.168.0.1
Tcpip\..\Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F}: [NameServer] 192.168.0.201,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default
FF NewTab: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Homepage: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @citrixonline.com/appdetectorplugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @nds.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: NDS.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCentraUpdater.dll (Saba Software, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplansweepershellexec.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: Garmin Communicator - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Default Full Zoom Level - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-12]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-04-27]
FF Extension: IDM CC - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM\idmmzcc5 [2014-08-01]

Chrome:
=======
CHR Profile: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (IE Tab) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2012-10-02]
CHR Extension: (New Tab Redirect) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2013-01-22]
CHR Extension: (RealDownloader) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-01]
CHR Extension: (IDM Integration Module) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-09-09]
CHR Extension: (Google Wallet) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (RoboForm) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-24]
CHR Extension: (Scripting Dictionary) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\ScriptingDictionary\1.0 [2012-09-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CesmAgentService; C:\Program Files\COMODO\CesmAgent\AgnService.exe [155368 2013-09-16] (COMODO)
R2 CesmVncServer; C:\Program Files\COMODO\CesmAgent\tvnserver.exe [1481592 2013-08-19] (Comodo)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6246912 2013-09-06] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-09-06] (COMODO)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
U2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISExpressSVC; C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [106496 2012-10-17] (Lansweeper.com) [File not signed]
R2 lansweeperservice; C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe [8115200 2013-12-12] (Lansweeper) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-11-03] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-11-03] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\windows\SysWOW64\NMSAccessU.exe [71096 2008-05-03] ()
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rcp_service; C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [329080 2011-02-14] (SupportSoft, Inc.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S4 Virtual TimeClock Server; C:\Program Files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe [6511032 2014-03-19] (Redcort Software)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [138672 2012-04-19] (Symantec Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-14] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-14] (Emsisoft GmbH)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-11] ()
R3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2014-02-07] () [File not signed]
S4 LMIRfsClientNP; No ImagePath
S2 LMIRfsDriver; C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2014-02-07] () [File not signed]
S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [54784 2009-09-17] (--)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2014-02-07] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SymDSMon; C:\windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 SYMSpeedDisk; C:\windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dlcdcecm; system32\DRIVERS\dlcdcecm.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 14:59 - 2014-11-17 14:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-17 13:44 - 2014-11-17 14:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-14 16:35 - 2014-11-14 16:35 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DESI
2014-11-14 16:34 - 2014-11-14 16:44 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DESI
2014-11-14 16:33 - 2014-11-14 16:33 - 00002567 _____ () C:\Users\Public\Desktop\DESI Labeling System.lnk
2014-11-14 16:32 - 2014-11-14 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESI Labeling System (64-bit)
2014-11-14 16:32 - 2014-11-14 16:33 - 00000000 ____D () C:\ProgramData\DESI
2014-11-14 16:32 - 2014-11-14 16:32 - 00000000 ____D () C:\Program Files\DESI
2014-11-14 10:58 - 2014-11-14 10:58 - 00002925 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\20141114105844.html
2014-11-14 10:58 - 2014-11-14 10:58 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-27
2014-11-14 10:54 - 2014-11-14 10:58 - 00001142 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Index.html
2014-11-14 10:54 - 2014-11-14 10:54 - 00002732 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\20141114105428.html
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-31
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-09
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-08
2014-11-14 08:26 - 2014-11-14 08:26 - 00000749 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-14 08:25 - 2014-11-15 19:04 - 00000000 ____D () C:\EEK
2014-11-14 08:23 - 2014-11-14 08:25 - 157489768 _____ () C:\EmsisoftEmergencyKit.exe
2014-11-13 16:40 - 2014-11-13 16:40 - 00035635 _____ () C:\ComboFix.txt
2014-11-13 15:07 - 2014-11-13 16:40 - 00000000 ____D () C:\Qoobox
2014-11-13 15:07 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-13 15:07 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-13 15:07 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-13 15:05 - 2014-11-13 16:39 - 00000000 ____D () C:\windows\erdnt
2014-11-13 13:47 - 2014-11-18 14:04 - 00000000 ____D () C:\FRST
2014-11-10 17:13 - 2014-11-10 17:13 - 00038849 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\dds.txt
2014-11-10 17:13 - 2014-11-10 17:13 - 00026668 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\attach.txt
2014-11-06 22:29 - 2014-11-06 22:32 - 00002280 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Rkill.txt
2014-11-06 17:22 - 2014-11-06 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 15:49 - 2014-11-06 15:49 - 00002664 _____ () C:\windows\SysWOW64\FSS.txt
2014-11-06 15:40 - 2014-11-18 14:04 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
2014-11-04 12:03 - 2014-11-06 17:22 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 12:03 - 2014-11-06 17:21 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-04 12:03 - 2014-11-04 12:03 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-04 11:12 - 2014-11-04 11:12 - 00003240 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 11:11 - 2014-11-04 11:11 - 00003364 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 09:10 - 2014-11-04 09:10 - 00021775 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\CisReport_v6.3.292438.2917_20141104-091035.zip
2014-11-03 17:07 - 2014-11-03 17:08 - 00279320 _____ () C:\windows\Minidump\110314-39842-01.dmp
2014-10-29 09:57 - 2014-10-29 06:56 - 00279820 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\100-07-10292014075347.WAV
2014-10-19 15:10 - 2014-10-20 13:58 - 00000000 ____D () C:\ProgramData\Redcort

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 13:39 - 2011-05-05 20:52 - 00000176 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-18 13:22 - 2014-05-13 13:01 - 00000548 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job
2014-11-18 13:19 - 2010-12-15 20:04 - 01943875 _____ () C:\windows\WindowsUpdate.log
2014-11-18 13:13 - 2010-10-28 21:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 13:09 - 2012-12-26 16:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-18 12:44 - 2012-11-05 15:38 - 00001640 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Appointment Reminders.lnk
2014-11-18 11:53 - 2012-05-23 14:44 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-18 11:51 - 2011-05-12 10:51 - 00000412 _____ () C:\windows\Tasks\Free File Viewer Update Checker.job
2014-11-18 00:03 - 2014-08-04 11:53 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\LogMeInIgnition
2014-11-17 19:00 - 2011-11-16 10:59 - 00000270 _____ () C:\windows\Tasks\NUSchedule.job
2014-11-17 19:00 - 2011-11-16 10:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-17 13:25 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 13:25 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 13:09 - 2012-05-31 15:46 - 00000000 ____D () C:\TEMP
2014-11-17 13:07 - 2014-08-04 11:53 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-17 13:07 - 2014-08-04 11:53 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-17 13:07 - 2010-12-15 20:33 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2014-11-17 13:07 - 2009-07-13 21:45 - 00530008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-17 13:06 - 2010-10-28 21:10 - 00321892 _____ () C:\windows\PFRO.log
2014-11-17 13:06 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-17 13:06 - 2009-07-13 21:51 - 00007519 _____ () C:\windows\setupact.log
2014-11-17 12:56 - 2011-05-06 00:57 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\CrashDumps
2014-11-17 12:14 - 2014-02-26 10:38 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\TAS Scheduler Data
2014-11-17 09:41 - 2012-05-24 23:19 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Symantec
2014-11-16 19:06 - 2011-11-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 15
2014-11-15 21:23 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-14 17:02 - 2011-05-05 21:13 - 00133192 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 16:28 - 2012-04-17 10:50 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Applian FLV and Media Player
2014-11-14 16:27 - 2013-03-26 08:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-14 14:40 - 2009-07-13 22:13 - 00796250 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-14 13:08 - 2010-10-28 21:08 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 13:08 - 2010-10-28 21:08 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:08 - 2010-10-28 21:08 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 16:40 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-11-13 16:38 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DMCache
2014-11-13 16:38 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-11-13 16:36 - 2014-02-27 17:35 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-13 16:36 - 2011-05-05 20:55 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM
2014-11-11 22:54 - 2014-05-13 13:01 - 00003602 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-11 18:08 - 2012-12-26 16:02 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:08 - 2012-12-26 16:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:08 - 2012-12-26 16:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-07 12:34 - 2011-05-06 13:47 - 00000000 ____D () C:\Shared
2014-11-07 12:30 - 2011-05-06 15:13 - 00002324 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\My Documents - Shortcut.lnk
2014-11-07 08:14 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-07 08:09 - 2011-05-06 10:34 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Sidebar7
2014-11-07 08:00 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Resources
2014-11-06 22:28 - 2012-08-23 13:49 - 00003974 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9179F1-EA8F-4343-8435-DC33117DF46D}
2014-11-06 17:17 - 2012-05-10 20:03 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Audacity
2014-11-06 15:48 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM
2014-11-04 12:03 - 2012-10-18 09:30 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-04 08:47 - 2013-10-11 14:13 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-11-03 17:07 - 2012-08-15 13:42 - 1180372470 _____ () C:\windows\MEMORY.DMP
2014-11-03 17:07 - 2012-08-15 13:42 - 00000000 ____D () C:\windows\Minidump
2014-11-03 17:05 - 2014-08-04 11:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-11-03 17:04 - 2014-08-04 11:53 - 00107392 _____ () C:\windows\system32\LMIRfsClientNP.dll
2014-11-03 17:04 - 2014-08-04 11:53 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2014-11-03 17:04 - 2014-08-04 11:52 - 00092520 _____ () C:\windows\system32\LMIinit.dll
2014-11-03 10:30 - 2011-05-16 12:57 - 00010136 _____ () C:\windows\tba40.INI
2014-10-22 08:18 - 2014-08-04 11:53 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-22 08:18 - 2014-08-04 11:52 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll.000.bak

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:47

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by caseydavis at 2014-11-18 14:05:36
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

#1 Sound Recorder 4.7.3 (HKLM-x32\...\#1 Sound Recorder_is1) (Version:  - Aonesoft.com,Inc.)
3D Photo Browser 9.2 (HKLM\...\3D Photo Browser (x64 bits)) (Version: 9.2 - Mootools)
4TOPS Compare Spreadsheets using Excel 3.0 (HKLM-x32\...\xlcompare_is1) (Version: 3.0 - AGORA Software BV)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Standard (HKLM-x32\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Advanced Batch Converter (HKLM-x32\...\Advanced Batch Converter) (Version: 5.5 - BatchConverter.com)
Advanced IP Scanner (HKLM-x32\...\{6A30BC34-090D-4A77-A184-58B44ACE9B34}) (Version: 2.0.106 - Famatech)
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version:  - )
AI RoboForm (HKU\S-1-5-21-1278352989-1785949783-4017258536-1000\...\AI RoboForm) (Version:  - )
All Media Fixer 9.03 (HKLM-x32\...\All Media Fixer_is1) (Version:  - New Live Software, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.14 - Google Inc.)
Angry Birds (HKLM-x32\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
BackStreet Browser 3.1 (HKLM-x32\...\BackStreet Browser_is1) (Version:  - )
Best Buy pc app (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bing Bar Platform (x32 Version: 5.0.1449.0 - Microsoft Corporation) Hidden
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
BlackVox Playback (HKLM-x32\...\BlackVox Playback) (Version:  - )
Boilsoft ASF Converter 2.68 (HKLM-x32\...\Boilsoft ASF Converter_is1) (Version:  - Boilsoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
COMODO Endpoint Security (HKLM\...\{093F13A3-177C-493E-8958-912A0C690B64}) (Version: 6.3.30294.2917 - COMODO Security Solutions Inc.)
COMODO ESM Agent (HKLM\...\{ED7608DB-B426-4A61-9E1F-120A9810B291}) (Version: 3.0.60913.7 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Cool Edit 96 (HKLM-x32\...\Cool Edit 96) (Version:  - )
CopyTrans Suite Remove Only (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CSV2TAB (HKLM-x32\...\CSV2TAB) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DESI Labeling System (HKLM-x32\...\DESI Labeling System 3.6.7.0) (Version: 3.1.10.1 - DESI Telephone Labels, Inc.)
DESI Labeling System (HKLM-x32\...\DESI Labeling System) (Version: 2.5 - DESI Telephone Labels, Inc.)
DESI Labeling System (Version: 3.6.7.0 - DESI Telephone Labels, Inc.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}) (Version: 8.0 - DIRECTV)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DisplayLink Core Software (HKLM\...\{61A641A9-9CC7-421F-85CD-A8CDDEE4E3F2}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{C790E802-DB1C-402A-92FB-858AB2925BF6}) (Version: 7.4.51587.0 - DisplayLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Duplicate Email Remover (HKLM-x32\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 3.0.0 - MAPILab Ltd.)
EASEUS Data Recovery Wizard Free Edition 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Free Edition 5.5.1_is1) (Version:  - EASEUS)
EIPARSE2K3 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Elevated Installer (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Email Decryption 13.1.1.3 (HKLM-x32\...\Email Decryption 13.1.1.3) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ffdshow x64 v1.1.4257 [2012-01-15] (HKLM\...\ffdshow64_is1) (Version: 1.1.4257.0 - )
File And MP3 Tag Renamer 2.2 (HKLM-x32\...\File And MP3 Tag Renamer_is1) (Version:  - 123Renamer.com)
FileLocator Pro x64 (HKLM\...\{2C4DF8C4-9BCF-4D29-895C-CD108AC1BE3F}) (Version: 7.2.2038.1 - Mythicsoft Ltd)
Flash Renamer 6.2 (HKLM-x32\...\Flash Renamer_is1) (Version:  - RL Vision)
FlowBreeze3 (HKLM-x32\...\{63A7070F-4C77-4C59-91CC-B155D4F2076F}) (Version: 3.0.0 - BreezeTree)
Folder Maker Personal Edition (HKLM-x32\...\{D58DC0AC-3532-4902-990A-B07B32F00136}) (Version: 1.1.0 - Lim, Chooi Guan)
Free File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Freenet version 0.7.5 build 1465 (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\{3196C62F-9C7B-4392-88B4-05C037D05518}_is1) (Version: 0.7.5 build 1465 - freenetproject.org)
Garmin Communicator Plugin (HKLM-x32\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{447c27b7-3a63-4cb2-a49c-864050f9a50f}) (Version: 3.2.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.25.000 - Runtime Software)
GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
GoldWave v5.67 (HKLM-x32\...\GoldWave v5.67) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.3.1963 (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Heatsoft ADCS (HKLM-x32\...\Heatsoft ADCS) (Version:  - )
Heatsoft ADCS 2.01 (HKLM-x32\...\Heatsoft ADCS_is1) (Version: 2.01 build 1 - Heatsoft Corporation)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet M1522 MFP Series 4.2 (HKLM\...\{C8A37F1F-E13B-48ae-93F8-4669264969F9}) (Version: 4.2 - HP)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB67}) (Version: 1.0.3.0 - Hewlett Packard)
hppFaxDrvM1522 (x32 Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (x32 Version: 000.105.00107 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.300.00005 - Hewlett-Packard) Hidden
hppLJM1522 (x32 Version: 002.101.00002 - Hewlett-Packard) Hidden
hppManualsM1522 (x32 Version: 002.103.00002 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
hppScanTo (x32 Version: 002.102.00003 - Hewlett-Packard) Hidden
hppSendFaxM1522 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1522 (x32 Version: 001.005.00009 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 005.013.00185 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Information Tables Editor 11.1.0.0 (HKLM-x32\...\Information Tables Editor 11.1.0.0) (Version:  - )
Information Tables Editor 12.2.0.0 (HKLM-x32\...\Information Tables Editor 12.2.0.0) (Version:  - )
Information Tables Editor 13.2.0.0 (HKLM-x32\...\Information Tables Editor 13.2.0.0) (Version:  - )
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java™ SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LANguard Network Scanner (HKLM-x32\...\{56FBF401-0D15-4BA7-B7EE-2BECD86FC8DA}) (Version:  - )
Lansweeper (HKLM-x32\...\Lansweeper_is1) (Version: 5.1 - Lansweeper.com)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LogMeIn (HKLM-x32\...\{9905E4C1-14D8-4522-88FE-FD00B51A20DC}) (Version: 4.1.4408 - LogMeIn, Inc.)
Lorex Client 12 (HKLM-x32\...\Lorex Client 12) (Version: Ver:3.1.32 - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Media Player Classic fr (HKLM-x32\...\Media Player Classic) (Version: 6.4.9.0 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MessageStudio 2.5 (HKLM-x32\...\MessageStudio_2.1.1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook 2013 (HKLM-x32\...\Office15.OUTLOOK) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
nLite 1.4.9.1 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.1 - Dino Nuhagic (nuhi))
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Utilities 15 (HKLM-x32\...\Norton Utilities 15_is1) (Version: 15.0 - Symantec Corporation)
NotePager 32 v3.0 (HKLM-x32\...\NotePager 32 v3.0) (Version: NotePager 32 v3.0 - NotePage, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
On-Call Editor (HKLM-x32\...\{7C8F060A-C8D8-4BB5-B448-21C4FB769198}) (Version: 11.1.0.0 - Telescan LLC)
OnCall Editor 12.2.0.0 (HKLM-x32\...\OnCall Editor 12.2.0.0) (Version:  - )
OnCall Editor 13.2.0.0 (HKLM-x32\...\OnCall Editor 13.2.0.0) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PdaNet for Android 3.00 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
PS Tray Factory 3.0 (HKLM-x32\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Qwest QuickAssist Desktop Tools (HKLM-x32\...\{95DD6A08-2313-4D5B-8BEB-37968D0D799C}) (Version: 21 - SupportSoft)
ReaConverter 5.5 Pro (HKLM-x32\...\ReaConverter 5.5 Pro_is1) (Version:  - ReaSoft)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Toolbox for Outlook 1.0 (HKLM-x32\...\Recovery Toolbox for Outlook_is1) (Version:  - Recovery ToolBox)
Registrar Registry Manager 6.02 (HKLM\...\Registrar_is1) (Version:  - Resplendence Software Projects Sp.)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Saba Client (HKLM-x32\...\CentraClient) (Version:  - )
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Script Designer 12.2.0.0 (HKLM-x32\...\Script Designer 12.2.0.0) (Version:  - )
Script Designer 13.2.0.0 (HKLM-x32\...\Script Designer 13.2.0.0) (Version:  - )
Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
Seagate Drive Settings Installer (x32 Version: 1.00.0000 - Seagate Technologies LLC) Hidden
Shareaza 2.5.5.0 (HKLM-x32\...\Shareaza_is1) (Version: 2.5.5.0 - Shareaza Development Team)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartFTP Client (HKLM\...\{9364B867-D5EA-427B-A5FD-F2C42333130A}) (Version: 4.1.1314.0 - SmartSoft Ltd.)
SmartFTP Client 3.0 Setup Files (remove only) (HKLM-x32\...\SmartFTP Client 3.0 Setup Files) (Version: 3.0 - SmartSoft)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spectrum Messenger (Client) (HKLM-x32\...\Spectrum Messenger (Client)) (Version: 12.02.00.00 - Telescan, LLC)
Spectrum Script Designer (HKLM-x32\...\{0222A3C4-C66E-41F5-8C30-0DC772A87497}) (Version: 11.1.0.0 - Telescan)
Spectrum Spell Check & Thesaurus (HKLM-x32\...\Spectrum Spell Check & Thesaurus) (Version:  - )
Spectrum Spell Check and Thesaurus (HKLM-x32\...\Spectrum Spell Check and Thesaurus) (Version: 12.02.00.00 - Telescan, LLC)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 10.5.2.2570 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Outlook 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 2000-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2010) (Version:  - Stamps.com, Inc.)
Stat/Transfer 11 (64-Bit) (HKLM\...\StatTransfer11-64) (Version: 11 (64-Bit) - Circle Systems)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
stunnel (HKLM-x32\...\stunnel) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version:  - 2BrightSparks)
SysTools Outlook PST Viewer v4.0 version SysTools Outlook PST Viewer v4.0 (HKLM-x32\...\{6D4F8DDE-707B-468F-A4FA-502A2A5FC3CE}_is1) (Version: SysTools Outlook PST Viewer v4.0 - SysTools Software)
TAB2CSV (HKLM-x32\...\TAB2CSV) (Version:  - )
TASScheduler (HKLM-x32\...\{A6674D18-CB15-49E4-9123-6E408FDE162F}) (Version: 3.2.0 - Creative Wizard)
Telescan Email Decryption (HKLM-x32\...\Telescan Email Decryption) (Version:  - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TreeSize Professional 5.3.1 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.1 - JAM Software)
Trim Spaces for Microsoft Excel 1.1 (HKLM-x32\...\Trim Spaces for Microsoft Excel_is1) (Version: 1.1 - Add-in Express Ltd.)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 1.9.1 - Tweaking.com)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 17.30.1002 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 17.30.1002 - IDM Computer Solutions, Inc.) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )
USB-Ethernet Adapter Device (HKLM-x32\...\USB-Ethernet Adapter Device) (Version:  - )
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual TimeClock Pro Client (HKLM-x32\...\{4D63D226-9FAA-4190-A008-238B93BF434D}_is1) (Version: 14.1 - Redcort Software Inc.)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.1 - WebM Project)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{302A1E2E-DD58-4673-BC99-9CC10EC2637A}) (Version: 24.6.2012 - BillP Studios)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
X-Lite (HKLM-x32\...\{426E4F54-EFFE-4C5B-A02A-23CFE8C3C679}) (Version: 50.6.7284 - CounterPath Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XXConsole: Super Console Generator  ver 0.96 (HKLM-x32\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0812C763-C73E-3633-BC20-DF7C8BF52BC3}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0B11DA33-53A5-3A4D-A49F-7DEE43C7AD95}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7[1].gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{116E35BE-87EA-38D7-9F18-2B688DC946AF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{17B3774F-0F76-3263-8E6C-FAF221DC9285}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{1CB0AF6C-28DB-312F-B473-15B1D07F5AF7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{1EC5A567-A745-3F53-B7FB-ED733072564C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{22C88A52-59DD-3A25-A612-AE880F7E204A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{24CC2B9E-781E-37E3-A5FF-C1DAE029F839}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{2BF92F7B-1E1F-315D-981F-5DE3555064B0}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{2F6941DA-56A6-357E-B7BA-FF835AB8A4E2}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{34668BB5-E36F-3061-8AD8-F41A82147A76}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{39930B0E-5665-3B37-8B55-B509F1470352}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{3FE65992-0D1A-3472-8F08-FC40FEC834CE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{48CB6129-BB54-3A61-873E-25F85EA71399}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{4A0AEFA7-5E2D-38CE-8238-2DC36F4EB0C1}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{526D752F-B8BB-30D6-9740-DC153A374B0D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{52B38025-1F77-39E1-A37E-CAF8B9D7C86D}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{52EB2548-80F0-3091-9AD7-9093760A80C7}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{5471E1AB-1A86-3CDF-B8FB-21A44DC0B9AD}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{54DE564C-6FEB-321A-B523-ECC713CD28DC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{568F06CC-F0F0-36C5-84AA-634D48DCAFAA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{59243C39-A255-316C-92F6-F5DCDC116FEA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{663E7799-B0C9-352C-84EB-70661ECC740A}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{66B5FAF1-135B-3E9A-A058-C9C82ADE6A50}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{6EF0A29F-51E2-3D04-929B-8CE2D3049CC4}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{713656AF-4B2F-3C0C-BB79-27236AF8D0BF}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{82B3F799-7943-322A-86CA-0B7DC2E6E08B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{88F08235-E32C-3F6C-9994-DF3B3CD5F9E6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{8A4B09CA-841D-3C8C-9F7C-94E39EB949A6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{8DF05FC5-F0DE-3B96-A738-E0DB34E606FB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9133B5FA-74DC-3B6D-B88E-D06AFB445C5B}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{93C81FEB-3CE0-32C0-8766-68A245045656}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9BE4C1EF-2BAA-32C6-84EF-4CB66E16F9D8}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{9C30F31A-7AAC-3B27-99F0-C793D384681F}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{A7AB17B5-2566-3249-A715-6A64451DF7FB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{AF743B9E-0CBA-3F10-AEDD-D0668DF19518}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{B4C3B773-BAB0-3BF1-8486-C82398C144EB}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{B745F928-6581-3869-8C25-E91717F38558}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{BD059A52-32D5-32DB-A650-242D819F75F6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{C0308E93-8EF5-4F08-8511-6D19A06EBDCD}\InprocServer32 -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\BreezeTree\FlowBreeze3\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{C99CE0B8-7C00-3C5B-B7B9-7E551D753938}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CA22E8DA-AF8F-311F-B765-699538794C14}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CA2D99B2-E9DA-3132-A47C-59FA2478D6BA}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{CD1032C7-ABB1-3C73-B2A9-398C058029B6}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{D75DBE73-8F45-3624-A7A6-11A1E4B39F07}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DC06F929-072A-3856-8AB4-FD91871C5ECE}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DE32423D-F8F9-39BA-9445-BEC6A66A0E39}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{DFAB2AEB-59D8-3E25-B85C-BF4E5B7AC631}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{E1FDE918-F0F5-3188-AC3B-1EDA60FF3A03}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{E2718554-5373-3CE4-B8FB-D8ECEEBFB6BC}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{EA6AE3EA-3B3B-3232-B16D-35871968534C}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133_Classes\CLSID\{ECB036FA-25A9-3AFE-BA88-213B5C28D8ED}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-11-2014 02:01:12 Made by Norton Utilities                                        ì
14-11-2014 23:27:22 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
14-11-2014 23:31:04 Installed DESI Labeling System
15-11-2014 02:03:53 Made by Norton Utilities                                        ì
17-11-2014 02:05:00 Made by Norton Utilities                                        ì
17-11-2014 21:56:49 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-11-13 16:38 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0030B1DD-A21C-4619-95CF-29A762807DB0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {01FD2247-64A8-4B83-9002-2F016D0A4715} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0C9E951E-15D6-4383-B4A9-1B7A8944D5F4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {1388B1C0-81ED-421F-AF72-957320C7D26C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {1416A722-7573-4CFA-A574-C2EC4DCBD5E7} - System32\Tasks\{BE4B434F-299D-42C3-A286-E7ECCF092B72} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {217C1E12-C167-4CBF-BB3D-A6445A38B156} - System32\Tasks\{8E425697-ED08-4FA7-8E7A-559BE3D9B38A} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {2C68CB39-D62B-4E26-AF03-564898351314} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2FDBF1FA-61A1-43A8-A6B3-D293DACACDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {323CB878-198F-4A01-B116-0488BFF45C10} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {35FFF20D-4772-42A2-BFFB-F25A4CCC3EF3} - System32\Tasks\Microsoft\Windows\SyncCenter\S-1-5-21-2078850058-1484929980-2300844317-1133\{750FDF10-2A26-11D1-A3EA-080036587F03}\Offline Files Sync Schedule 1 => C:\Windows\system32\mobsync.exe [2010-11-20] (Microsoft Corporation)
Task: {36A8F72C-96B9-4CC7-A1D9-6EFC5493DCC2} - System32\Tasks\{B3B7985A-5437-403A-9250-44BE89CB12CC} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {428EF927-6B83-4EBA-AC2E-CFFB958A4D0D} - System32\Tasks\{67B1FB5D-3216-4289-8D5F-C8D9FF935C90} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {42D2816A-3F6B-4295-B7F4-97F6D61F7C43} - System32\Tasks\{1A22BC20-08F0-448B-8CA4-06AB2B23E3D0} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {495BA680-B0E6-47BF-8D70-09E977A53A23} - System32\Tasks\Free File Viewer Update Checker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-05] (Bitberry Software)
Task: {4B4EDEDA-43E9-457F-8B5F-43ACC5A4F56F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {595DD852-4B5A-4C5D-9BF7-7C02A2490DA8} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [2009-03-16] (PS Soft Lab)
Task: {5D223C8C-A9B9-436F-A383-18DE789FD37B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5E022B76-DA55-4EF6-8B4F-CC4B927977A3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5F60A84F-BA3D-4DE8-B811-63595D26D7E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {61D05468-9AFA-4528-83C1-40D9ABEFDBED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {62959128-EACB-40AC-80BE-43392E034355} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Norton Utilities 15\nu.exe [2012-04-19] (Symantec Corporation)
Task: {6A78132C-3BB9-479C-B949-651A025797EF} - System32\Tasks\{4C08D109-4CC2-4A8E-8F4A-BBFFFA02B630} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {7856CCED-7441-4431-9154-18877BBDA6E3} - System32\Tasks\{E8E3F252-CA8E-4D12-9394-9C981841336C} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {7E9652AB-17E7-4F88-9D6F-99729BF5B904} - System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8CF67F33-83D2-4B98-9ECD-E16EF2C635DE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9FBDE7B0-1105-434B-A80C-63A74DFD74F3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A9A1370A-4354-419D-AFD9-84891A0774AB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-09-18] ()
Task: {B0BEDFB6-2F67-4DF5-B9F9-69C1BB63886B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {C772AE47-763E-4568-93C6-1216055AC57B} - System32\Tasks\{21A1B553-60A3-49CA-BD99-2E09A00E283C} => \\ASSISTANT1\tba40\TOPSCAN.EXE [1999-06-02] (TopSpeed Corporation)
Task: {CB1870C5-202F-4A62-BA76-C025888067C1} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E7980A99-B78B-45AB-8CCC-02DC26DA4DC7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {EE410212-6B1D-4B9B-834F-00E3D9629F00} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: {F28731AD-2665-4704-8034-C4E069B18F49} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F47205BA-A3C7-4CB6-BEAE-F523CB0C20E0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FBE20F5C-12A6-47E9-AE66-CC0F38292825} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-06] (COMODO)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Free File Viewer Update Checker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job => C:\Program Files (x86)\Citrix\GoToMeeting\1963\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Norton Utilities 15\nu.exe

==================== Loaded Modules (whitelisted) =============

2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-05-12 11:05 - 2008-05-03 11:31 - 00071096 ____N () C:\windows\SysWOW64\NMSAccessU.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-10-01 19:34 - 2012-10-01 19:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-05-12 11:11 - 2006-12-11 01:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-10-11 17:30 - 2011-10-11 17:30 - 00115200 _____ () C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 06442920 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-10-25 05:55 - 2012-10-24 04:48 - 07088640 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-05-12 11:01 - 2009-03-16 15:05 - 00053248 _____ () C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2003-03-31 00:00 - 2009-12-23 09:54 - 02120704 _____ () \\ASSISTANT1\tba40\tba40.EXE
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2011-05-12 11:01 - 2009-01-28 11:42 - 00053248 _____ () C:\Program Files (x86)\PS Tray Factory\HKDll.dll
2012-10-25 05:55 - 2002-08-27 17:26 - 00016896 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\TS_HM.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 00273824 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\ndsLogStore.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 02203048 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\DrmSingleton.dll
2012-10-15 14:37 - 2012-10-15 14:37 - 07123880 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\gsttspplugin.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 00688560 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2012-10-15 14:38 - 2012-10-15 14:38 - 01402784 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\libxml2-2.dll
2012-10-15 14:39 - 2012-10-15 14:39 - 00091536 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\z.dll
2012-10-25 05:55 - 2002-08-27 17:35 - 00016896 _____ () C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\TS_HK.dll
2012-04-17 10:15 - 2011-04-14 18:01 - 00548854 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00061440 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00516096 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00069632 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00840192 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll
2010-03-03 09:40 - 2010-03-03 09:40 - 00130560 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll
2010-03-03 09:41 - 2010-03-03 09:41 - 00086016 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll
2010-03-03 09:41 - 2010-03-03 09:41 - 00835584 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll
2009-10-15 07:25 - 2009-10-15 07:25 - 00364544 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 00125056 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL
2012-10-01 19:32 - 2012-10-01 19:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-09-22 08:06 - 2014-09-22 08:07 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-11 18:08 - 2014-11-11 18:08 - 16840880 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
1999-02-03 16:09 - 1999-02-03 16:09 - 00101376 _____ () \\ASSISTANT1\tba40\afe5ac2.dll
1999-02-03 16:09 - 1999-02-03 16:09 - 00043520 _____ () \\ASSISTANT1\tba40\afe5ac2b.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\õL:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\Downloads:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: scheduler_monitor => C:\Program Files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: X-Lite => "C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe" -bootload

========================= Accounts: ==========================

Administrator (S-1-5-21-1278352989-1785949783-4017258536-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1278352989-1785949783-4017258536-1003 - Limited - Enabled)
Casey Davis (S-1-5-21-1278352989-1785949783-4017258536-1000 - Administrator - Enabled) => C:\Users\Casey Davis
Guest (S-1-5-21-1278352989-1785949783-4017258536-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® WiMAX 6250
Description: Intel® Centrino® WiMAX 6250
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: bpmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor (DPMS)
Description: Generic PnP Monitor (DPMS)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: radpms
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Generic PnP Monitor (DPMS)
Description: Generic PnP Monitor (DPMS)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: radpms
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 01:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/18/2014 09:55:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2014 09:55:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2014 09:55:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2014 09:54:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2014 09:54:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2014 09:41:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/18/2014 09:41:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/18/2014 07:12:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/18/2014 01:11:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (11/17/2014 01:17:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (11/17/2014 01:15:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management & Security Application User Notification Service service hung on starting.

Error: (11/17/2014 01:09:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.

Error: (11/17/2014 01:07:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Remote File System Driver service failed to start due to the following error:
%%193

Error: (11/17/2014 01:07:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (11/17/2014 01:07:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.

Error: (11/17/2014 01:06:58 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (11/17/2014 01:06:54 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MEDICALTELECOMM due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/17/2014 01:05:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

Error: (11/17/2014 01:05:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll


Microsoft Office Sessions:
=========================
Error: (11/18/2014 01:13:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2014 09:55:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\esetsmartinstaller_enu.exe

Error: (11/18/2014 09:55:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\esetsmartinstaller_enu.exe

Error: (11/18/2014 09:55:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\esetsmartinstaller_enu.exe

Error: (11/18/2014 09:54:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\esetsmartinstaller_enu.exe

Error: (11/18/2014 09:54:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer\esetsmartinstaller_enu.exe

Error: (11/18/2014 09:41:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2014 09:41:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2014 07:12:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/18/2014 01:11:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


CodeIntegrity Errors:
===================================
  Date: 2014-11-13 16:36:26.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 16:36:26.269
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-04 15:49:38.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-04 15:25:29.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-04 15:12:07.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-28 17:04:46.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 23:06:56.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 23:00:00.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 22:46:11.191
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-16 22:38:38.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 60%
Total physical RAM: 7986.67 MB
Available physical RAM: 3129.77 MB
Total Pagefile: 15971.54 MB
Available Pagefile: 10953.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Main_1) (Fixed) (Total:582.67 GB) (Free:246.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Main_2) (Fixed) (Total:335.34 GB) (Free:333.73 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:931.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 62FD86AC)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=582.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
Partition 4: (Not Active) - (Size=335.3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00070815)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Farbar Service Scanner Version: 21-07-2014
Ran by caseydavis (administrator) on 06-11-2014 at 15:49:22
Running from "C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 19 November 2014 - 12:56 PM

Step 1

Please uninstall some programs:
  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:
                                     Free File Viewer 2011
                                                LogMeIn



Step 2

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1002bytes   4 downloads


After the Reboot:

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Step 4

secheck.png
Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 19 November 2014 - 02:53 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by caseydavis (administrator) on M645 on 19-11-2014 12:27:07
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Loaded Profile: caseydavis (Available profiles: Casey Davis & caseydavis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo) C:\Program Files\COMODO\CesmAgent\tvnserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lansweeper.com) C:\Program Files (x86)\Lansweeper\IISexpress\IISexpressSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(Lansweeper) C:\Program Files (x86)\Lansweeper\Service\LansweeperService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMODO) C:\Program Files\COMODO\CesmAgent\AgnService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\hp laserjet m1522\hppfaxprintersrv.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(NDS Technologies) C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Telescan) C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe
() C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(PS Soft Lab) C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\PS Tray Factory\pstf_x64_stub.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1629400 2013-09-06] (COMODO)
HKLM\...\Run: [HP LaserJet M1522 MFP Series Fax] => C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TrayFactory] => C:\Program Files (x86)\PS Tray Factory\PSTrayFactory.exe [466946 2009-03-16] (PS Soft Lab)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-03-03] (HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-09-18] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [PCShowServer] => C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [525240 2012-10-15] (NDS Technologies)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-05] (Siber Systems)
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\...\Run: [HP Officejet Pro 8600 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Agent.lnk
ShortcutTarget: Spectrum Agent.lnk -> C:\Program Files (x86)\Telescan\Spectrum\Agent\Agent.exe (Telescan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spectrum Messenger (Client).lnk
ShortcutTarget: Spectrum Messenger (Client).lnk -> C:\Program Files (x86)\Telescan\Spectrum\Messenger\Client\SM_Client.exe ()
Startup: C:\Users\Casey Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 - Casey.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\__sbs_netsetup__\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2078850058-1484929980-2300844317-1133] => 127.0.0.1:4444
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2078850058-1484929980-2300844317-1133\Software\Microsoft\Internet Explorer\Main,Start Page = file://monster/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> DefaultScope {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {18DD85CA-5453-4E61-978F-E4EDF0D9E91B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {47AF98EC-87CF-4167-A1B3-DEA178C7674B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {4BF2411E-BA79-4C4A-979B-3FEB0C50DAA6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> {B571A1A5-6CE6-4886-9BCF-253363EEE426} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2078850058-1484929980-2300844317-1133 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://vc.adp.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {9801309D-65C0-4F3B-91BB-25CA998254BE} http://192.168.0.91:3391/INetViewProj1_01020715.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP8EP1-15699/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.201
Tcpip\..\Interfaces\{0DF69E78-131D-4C5D-871D-4B01953452D9}: [NameServer] 192.168.0.201,192.168.0.1
Tcpip\..\Interfaces\{504455C1-DF5C-4767-BAC7-71621267C37F}: [NameServer] 192.168.0.201,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default
FF NewTab: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Homepage: file://///MONSTER/Users/CaseyDavis/My%20Documents/bookmark%202013-05-29.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @citrixonline.com/appdetectorplugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: @nds.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKU\S-1-5-21-2078850058-1484929980-2300844317-1133: NDS.com/PlayerPlugin -> C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCentraUpdater.dll (Saba Software, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplansweepershellexec.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: Garmin Communicator - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: Default Full Zoom Level - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Mozilla\Firefox\Profiles\l6twvrep.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-12]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-10-23]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2013-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-04-27]
FF Extension: IDM CC - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM\idmmzcc5 [2014-08-01]

Chrome:
=======
CHR Profile: C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (IE Tab) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2012-10-02]
CHR Extension: (New Tab Redirect) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2013-01-22]
CHR Extension: (RealDownloader) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-01]
CHR Extension: (IDM Integration Module) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-09-09]
CHR Extension: (Google Wallet) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (RoboForm) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-24]
CHR Extension: (Scripting Dictionary) - C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Google\Chrome\User Data\Default\ScriptingDictionary\1.0 [2012-09-21]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CesmAgentService; C:\Program Files\COMODO\CesmAgent\AgnService.exe [155368 2013-09-16] (COMODO)
R2 CesmVncServer; C:\Program Files\COMODO\CesmAgent\tvnserver.exe [1481592 2013-08-19] (Comodo)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6246912 2013-09-06] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-09-06] (COMODO)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
U2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
R2 FreeAgentGoFlex Service; C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [91432 2011-02-10] (Seagate Technology LLC)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [450904 2014-09-18] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISExpressSVC; C:\Program Files (x86)\Lansweeper\IISExpress\IISexpressSVC.exe [106496 2012-10-17] (Lansweeper.com) [File not signed]
R2 lansweeperservice; C:\Program Files (x86)\Lansweeper\Service\Lansweeperservice.exe [8115200 2013-12-12] (Lansweeper) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NMSAccessU; C:\windows\SysWOW64\NMSAccessU.exe [71096 2008-05-03] ()
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 rcp_service; C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [329080 2011-02-14] (SupportSoft, Inc.)
S3 Symantec SymSnap VSS Provider; C:\windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S4 Virtual TimeClock Server; C:\Program Files (x86)\Virtual TimeClock Server 14\TimeClock Server 1410089\Virtual TimeClock Service.exe [6511032 2014-03-19] (Redcort Software)
S3 VPREMOTE; C:\TEMP\Clt-Inst\vpremote.exe [138672 2012-04-19] (Symantec Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]
S2 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-14] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-14] (Emsisoft GmbH)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-11-11] ()
R3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.)
R3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [202128 2013-10-07] (DisplayLink Corp.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2014-02-07] () [File not signed]
S4 LMIRfsClientNP; No ImagePath
S2 LMIRfsDriver; C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2014-02-07] () [File not signed]
S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [54784 2009-09-17] (--)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2014-02-07] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SymDSMon; C:\windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 SYMSpeedDisk; C:\windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) [File not signed]
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dlcdcecm; system32\DRIVERS\dlcdcecm.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 14:59 - 2014-11-17 14:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-17 13:44 - 2014-11-17 14:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-14 16:35 - 2014-11-14 16:35 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DESI
2014-11-14 16:34 - 2014-11-14 16:44 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\DESI
2014-11-14 16:33 - 2014-11-14 16:33 - 00002567 _____ () C:\Users\Public\Desktop\DESI Labeling System.lnk
2014-11-14 16:32 - 2014-11-14 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESI Labeling System (64-bit)
2014-11-14 16:32 - 2014-11-14 16:33 - 00000000 ____D () C:\ProgramData\DESI
2014-11-14 16:32 - 2014-11-14 16:32 - 00000000 ____D () C:\Program Files\DESI
2014-11-14 10:58 - 2014-11-14 10:58 - 00002925 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\20141114105844.html
2014-11-14 10:58 - 2014-11-14 10:58 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-27
2014-11-14 10:54 - 2014-11-14 10:58 - 00001142 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Index.html
2014-11-14 10:54 - 2014-11-14 10:54 - 00002732 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\20141114105428.html
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-31
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-09
2014-11-14 10:54 - 2014-11-14 10:54 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\2014-10-08
2014-11-14 08:26 - 2014-11-14 08:26 - 00000749 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-14 08:25 - 2014-11-15 19:04 - 00000000 ____D () C:\EEK
2014-11-14 08:23 - 2014-11-14 08:25 - 157489768 _____ () C:\EmsisoftEmergencyKit.exe
2014-11-13 16:40 - 2014-11-13 16:40 - 00035635 _____ () C:\ComboFix.txt
2014-11-13 15:07 - 2014-11-13 16:40 - 00000000 ____D () C:\Qoobox
2014-11-13 15:07 - 2011-06-25 23:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-13 15:07 - 2010-11-07 10:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-13 15:07 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-13 15:07 - 2000-08-30 17:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-13 15:05 - 2014-11-13 16:39 - 00000000 ____D () C:\windows\erdnt
2014-11-13 13:47 - 2014-11-19 12:27 - 00000000 ____D () C:\FRST
2014-11-10 17:13 - 2014-11-10 17:13 - 00038849 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\dds.txt
2014-11-10 17:13 - 2014-11-10 17:13 - 00026668 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\attach.txt
2014-11-06 22:29 - 2014-11-06 22:32 - 00002280 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Rkill.txt
2014-11-06 17:22 - 2014-11-06 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-06 15:49 - 2014-11-18 14:11 - 00002278 _____ () C:\windows\SysWOW64\FSS.txt
2014-11-06 15:40 - 2014-11-19 12:27 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
2014-11-04 12:03 - 2014-11-06 17:22 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-04 12:03 - 2014-11-06 17:21 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-04 12:03 - 2014-11-04 12:03 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-11-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 12:03 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-04 11:12 - 2014-11-04 11:12 - 00003240 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 11:11 - 2014-11-04 11:11 - 00003364 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-04 09:10 - 2014-11-04 09:10 - 00021775 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\CisReport_v6.3.292438.2917_20141104-091035.zip
2014-11-03 17:07 - 2014-11-03 17:08 - 00279320 _____ () C:\windows\Minidump\110314-39842-01.dmp
2014-10-29 09:57 - 2014-10-29 06:56 - 00279820 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\100-07-10292014075347.WAV

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 12:22 - 2014-05-13 13:01 - 00000548 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133.job
2014-11-19 12:18 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 12:18 - 2009-07-13 21:45 - 00020368 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 12:10 - 2012-12-26 16:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 12:04 - 2012-05-31 15:46 - 00000000 ____D () C:\TEMP
2014-11-19 12:04 - 2010-10-28 21:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-19 12:03 - 2011-05-05 20:53 - 00058206 __RSH () C:\ProgramData\ntuser.pol
2014-11-19 12:03 - 2011-05-05 20:52 - 00000176 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-19 12:02 - 2010-12-15 20:33 - 00000050 _____ () C:\windows\system32\SupplicantTest.log
2014-11-19 12:02 - 2010-10-28 21:10 - 00327816 _____ () C:\windows\PFRO.log
2014-11-19 12:02 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-19 12:02 - 2009-07-13 21:51 - 00007575 _____ () C:\windows\setupact.log
2014-11-19 12:00 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\DMCache
2014-11-19 12:00 - 2010-12-15 20:04 - 01064677 _____ () C:\windows\WindowsUpdate.log
2014-11-19 11:59 - 2011-11-16 10:59 - 00000270 _____ () C:\windows\Tasks\NUSchedule.job
2014-11-19 11:59 - 2011-11-16 10:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-19 11:59 - 2011-05-06 00:57 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\CrashDumps
2014-11-19 11:58 - 2012-05-23 14:44 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-19 00:03 - 2014-08-04 11:53 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\LogMeInIgnition
2014-11-18 19:04 - 2011-11-16 10:58 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 15
2014-11-18 16:07 - 2014-02-26 10:38 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\TAS Scheduler Data
2014-11-18 14:07 - 2011-04-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-18 12:44 - 2012-11-05 15:38 - 00001640 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Appointment Reminders.lnk
2014-11-17 13:07 - 2014-08-04 11:53 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-17 13:07 - 2014-08-04 11:53 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-17 13:07 - 2009-07-13 21:45 - 00530008 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-17 09:41 - 2012-05-24 23:19 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Symantec
2014-11-15 21:23 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-14 17:02 - 2011-05-05 21:13 - 00133192 _____ () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 16:28 - 2012-04-17 10:50 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Applian FLV and Media Player
2014-11-14 16:27 - 2013-03-26 08:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-14 14:40 - 2009-07-13 22:13 - 00796250 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-14 13:08 - 2010-10-28 21:08 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 13:08 - 2010-10-28 21:08 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:08 - 2010-10-28 21:08 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 16:40 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-11-13 16:38 - 2009-07-13 19:34 - 00000215 _____ () C:\windows\system.ini
2014-11-13 16:36 - 2014-02-27 17:35 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-13 16:36 - 2011-05-05 20:55 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM
2014-11-11 22:54 - 2014-05-13 13:01 - 00003602 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2078850058-1484929980-2300844317-1133
2014-11-11 18:08 - 2012-12-26 16:02 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 18:08 - 2012-12-26 16:02 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 18:08 - 2012-12-26 16:02 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-07 12:34 - 2011-05-06 13:47 - 00000000 ____D () C:\Shared
2014-11-07 12:30 - 2011-05-06 15:13 - 00002324 _____ () C:\Users\caseydavis.MEDICALTELECOMM\Desktop\My Documents - Shortcut.lnk
2014-11-07 08:14 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-07 08:09 - 2011-05-06 10:34 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Local\Sidebar7
2014-11-07 08:00 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Resources
2014-11-06 22:28 - 2012-08-23 13:49 - 00003974 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6A9179F1-EA8F-4343-8435-DC33117DF46D}
2014-11-06 17:17 - 2012-05-10 20:03 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Audacity
2014-11-06 15:48 - 2011-05-12 10:59 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\IDM
2014-11-04 12:03 - 2012-10-18 09:30 - 00000000 ____D () C:\Users\caseydavis.MEDICALTELECOMM\AppData\Roaming\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-04 12:03 - 2012-10-18 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-04 08:47 - 2013-10-11 14:13 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-11-03 17:07 - 2012-08-15 13:42 - 1180372470 _____ () C:\windows\MEMORY.DMP
2014-11-03 17:07 - 2012-08-15 13:42 - 00000000 ____D () C:\windows\Minidump
2014-11-03 17:04 - 2014-08-04 11:53 - 00107392 _____ () C:\windows\system32\LMIRfsClientNP.dll
2014-11-03 17:04 - 2014-08-04 11:53 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2014-11-03 17:04 - 2014-08-04 11:52 - 00092520 _____ () C:\windows\system32\LMIinit.dll
2014-11-03 10:30 - 2011-05-16 12:57 - 00010136 _____ () C:\windows\tba40.INI
2014-10-22 08:18 - 2014-08-04 11:53 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-22 08:18 - 2014-08-04 11:52 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll.000.bak
2014-10-20 13:58 - 2014-10-19 15:10 - 00000000 ____D () C:\ProgramData\Redcort

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:47

==================== End Of Log ============================

 

 

Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Norton Ghost    
 JavaFX 2.1.0    
 Java™ 6 Update 20  
 Java 7 Update 60  
 Java version out of Date!
 Adobe Flash Player 15.0.0.223  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 32.0.2 Firefox out of Date!  
 Google Chrome (38.0.2125.104)
 Google Chrome (38.0.2125.111)
 Google Chrome (chrome.exe..)
 Google Chrome (debug.log..)
 Google Chrome (Dictionaries...)
 Google Chrome (master_preferences...)
 Google Chrome (wow_helper.exe..)
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 Comodo Firewall cmdagent.exe
 Seagate DriveSettings Sync SeagateDriveSettingsService.exe
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:39 AM

Posted 19 November 2014 - 03:08 PM

Please post the Fixlog.txt as well. :)


lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 cdavis82

cdavis82
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 19 November 2014 - 03:11 PM

Oops.  Here you go.  Still having the same Bad Image error on LoginUI.exe, particularly when pressing Ctrl-Alt-Delete and initial login.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by caseydavis at 2014-11-19 11:59:12 Run:2
Running from C:\Users\caseydavis.MEDICALTELECOMM\Desktop\Bleeping Computer
Loaded Profiles: Casey Davis & caseydavis (Available profiles: Casey Davis & caseydavis)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\windows\õL:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D3A96964
AlternateDataStreams: C:\Users\caseydavis.MEDICALTELECOMM\Downloads:Shareaza.GUID
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}"
REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart
EmptyTemp:


*****************

"C:\windows\õL" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\ProgramData\TEMP => ":D3A96964" ADS removed successfully.
"C:\Users\caseydavis.MEDICALTELECOMM\Downloads" => ":Shareaza.GUID" ADS not found.

========= reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" =========

The operation completed successfully.



========= End of Reg: =========


========= reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}" /v AutoStart =========

Value AutoStart exists, overwrite(Yes/No)? The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => Removed 369.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users