Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CouponDropDown Adware - unsuccessful in attempts to remove it - help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 fsuadrienne

fsuadrienne

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 23 October 2014 - 08:56 PM

Hi everyone!

 

First -- hello to you all for the first time!  :) And thanks for your time and help!

 

Second -- I sure hope that someone can help me remove the Coupon Drop Down adware that keeps popping up.  So far, I have tried the standard steps with no success...  Here are the details of my issue:

 

I have tried to disable and remove all add-ons and extensions on Chrome, Firefox, and Internet Explorer.  I have uninstalled any program from my harddrive that was something I have downloaded that seemed even possibly suspicious.  The issue only appears to occur on my website that I have created using Wordpress, with the Ultimatum program (see image below of a screenshot of how it appears).  I have disabled as many plug ins on Wordpress as possible, while still allowing the website to function.

 

None of this has helped.  :/

 

Thank you for any assistance in removing this issue!  

:)

 

The DDS.txt log is below and the Attach.txt log is attached.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Beacon Pediatric at 15:02:01 on 2014-10-23
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3819.645 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GoogleChromeAutoLaunch_07DBD5A56A2433375636EFE6DF1689F9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
StartupFolder: C:\Users\BEACON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BEACON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Converter 8\cnvres_eng.dll /100
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{569D9AAE-46B4-4FBA-A4E8-43E22C51CDF7} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{569D9AAE-46B4-4FBA-A4E8-43E22C51CDF7}\2456C6B696E6E253233483 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{569D9AAE-46B4-4FBA-A4E8-43E22C51CDF7}\74054534 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{569D9AAE-46B4-4FBA-A4E8-43E22C51CDF7}\B496E676 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\Firefox\Profiles\hiahqcv9.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=B111US0D20140709&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Beacon Pediatric\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Beacon Pediatric\AppData\Local\Roblox\Versions\version-1112937d32504d8c\NPRobloxProxy.dll
FF - plugin: C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\BEACON~1\AppData\Roaming\CATALI~1\npBcsKtTcHW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-8-20 29512]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-20 19224]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-8-7 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-8-7 348552]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2013-9-28 66040]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-7-14 2436280]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-8-20 169776]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-28 328928]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-20 161560]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-8-20 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-8-20 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-8-20 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-28 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-9-28 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-28 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-28 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-28 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-9-28 328928]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2013-9-28 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-9-28 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-9-28 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-9-28 189912]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-2-20 70152]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-8-20 101888]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-20 363800]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-11-11 216704]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-8-7 72128]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-20 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-20 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-20 789272]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-8-7 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-8-7 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-7-24 444720]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-8-20 876136]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-8-20 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2014-6-4 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2014-6-4 21872]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-9-4 266240]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-8-20 320576]
S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-8-20 70416]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-23 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-5-6 1663880]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-7-24 96592]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-8-20 1662560]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-8-20 1665120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-22 02:31:57 -------- d-----w- C:\Windows\ERUNT
2014-10-18 01:13:22 -------- d-----w- C:\AdwCleaner
2014-10-17 17:53:23 -------- d-----w- C:\ProgramData\Oracle
2014-10-17 17:48:39 48240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-17 17:48:34 220784 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-10-17 17:48:31 3231832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-10-16 01:19:59 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-10-16 01:18:31 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-10-16 01:18:31 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-10-16 01:18:30 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-10-16 01:18:30 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-10-16 01:18:19 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-16 01:18:18 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-16 01:18:17 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-16 01:17:58 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-16 01:17:57 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-16 01:17:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-16 01:17:20 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-16 01:14:20 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 01:14:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-04 01:57:39 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-04 01:56:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-04 01:56:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-04 01:56:51 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-04 01:56:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 22:42:29 -------- d-----w- C:\Users\Beacon Pediatric\AppData\Local\CrashDumps
2014-10-03 21:14:47 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-03 21:14:36 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-01 15:07:28 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-01 15:07:28 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 18:39:21 -------- d-----r- C:\Program Files (x86)\Skype
2014-09-24 12:09:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 12:09:04 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-17 17:55:24 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 15:03:50.60 ===============
 

 

 

 

webproblem_zps6f1e32f8.png

Attached Files



BC AdBot (Login to Remove)

 


#2 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 23 October 2014 - 08:59 PM

Oh, and I forgot to mention, I ran a few of the recommended malware search and destroy programs too...



#3 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 27 October 2014 - 03:35 PM

Hello fsuadrienne, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • FRST.txt
  • Addition.txt

Posted Image

#4 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 October 2014 - 08:43 PM

# AdwCleaner v4.002 - Report created 28/10/2014 at 21:31:51
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Beacon Pediatric - BEACONPEDIATRIC
# Running from : C:\Users\Beacon Pediatric\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v33.0 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [4490 octets] - [17/10/2014 21:13:26]
AdwCleaner[R1].txt - [1218 octets] - [17/10/2014 21:24:43]
AdwCleaner[R2].txt - [1338 octets] - [17/10/2014 21:31:24]
AdwCleaner[R3].txt - [1398 octets] - [17/10/2014 21:35:10]
AdwCleaner[R4].txt - [1800 octets] - [21/10/2014 22:13:05]
AdwCleaner[R5].txt - [1860 octets] - [21/10/2014 22:17:43]
AdwCleaner[R6].txt - [1993 octets] - [28/10/2014 21:27:52]
AdwCleaner[S0].txt - [4636 octets] - [17/10/2014 21:17:48]
AdwCleaner[S1].txt - [1344 octets] - [17/10/2014 21:27:33]
AdwCleaner[S2].txt - [1534 octets] - [17/10/2014 21:56:33]
AdwCleaner[S3].txt - [1922 octets] - [21/10/2014 22:20:02]
AdwCleaner[S4].txt - [1917 octets] - [28/10/2014 21:31:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1977 octets] ##########


#5 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 October 2014 - 08:50 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Beacon Pediatric (administrator) on BEACONPEDIATRIC on 28-10-2014 21:47:05
Running from C:\Users\Beacon Pediatric\Desktop
Loaded Profile: Beacon Pediatric (Available profiles: Beacon Pediatric & Beacon)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\Run: [GoogleChromeAutoLaunch_07DBD5A56A2433375636EFE6DF1689F9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-20] (Google Inc.)
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\Run: [Google Update] => C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-15] (Google Inc.)
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {0969f8c9-fe78-11e1-bebf-3c970e21e7d4} - D:\LaunchU3.exe -a
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {180fbad1-8447-11e2-98c5-3c970e21e7d4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {4d9d6d66-cad8-11e3-9b9d-3c970e21e7d4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {742bd4aa-7449-11e2-a49b-3c970e21e7d4} - D:\Bolt.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {990e357f-3515-11e4-8233-3c970e21e7d4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {f42342c6-ea8f-11e1-a41a-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\Users\Beacon Pediatric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Beacon Pediatric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {FD0A2905-DA3F-44D3-AA55-457019CCBBE2} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140709&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\Firefox\Profiles\hiahqcv9.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Beacon Pediatric\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Beacon Pediatric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Beacon Pediatric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Lightbeam - C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla\Firefox\Profiles\hiahqcv9.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-08-20]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-09-28]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.cnn.com/
CHR StartupUrls: Default -> "hxxp://www.cnn.com/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB", "https://isearch.avg.com/?cid={276FC9EB-2842-4D3A-8130-24F888B3663E}&mid=075f91e526cc47d0a636edde48c50e27-8e332fa8880c692658af166defe79b23badde26c&lang=en&ds=bm011&pr=sa&d=2012-09-09 13:44:55&v=12.2.0.5&sap=hp", "hxxp://isearch.avg.com/?cid={276FC9EB-2842-4D3A-8130-24F888B3663E}&mid=075f91e526cc47d0a636edde48c50e27-8e332fa8880c692658af166defe79b23badde26c&lang=en&ds=bm011&pr=sa&d=2012-09-09 13:44:55&v=14.1.0.10&pid=avg&sg=&sap=hp", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN37887580998699129&UM=2", "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Listhings) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf [2012-08-27]
CHR Extension: (Google Drive) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-27]
CHR Extension: (Facebook) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2012-08-27]
CHR Extension: (Presentme) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2013-03-31]
CHR Extension: (Google Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-27]
CHR Extension: (Invoice2go) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmjkikjpbpaehaclfdkmjdofdgodaakp [2013-03-31]
CHR Extension: (Google Calendar) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-08-27]
CHR Extension: (Pandora) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2012-08-29]
CHR Extension: (Web Lab) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2012-08-27]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2012-12-20]
CHR Extension: (Springpad) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2013-03-31]
CHR Extension: (PDF Mergy) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2012-11-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2012-12-25]
CHR Extension: (Google Play Music) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2012-08-27]
CHR Extension: (Dropbox) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2012-11-09]
CHR Extension: (Conceptboard) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio [2012-08-27]
CHR Extension: (WordPress.com) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2012-08-27]
CHR Extension: (Yesware Reports) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2013-03-31]
CHR Extension: (Wave Accounting) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2013-03-31]
CHR Extension: (Google Play) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2012-08-27]
CHR Extension: (Finance41 Personal Finance) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdbhpnagbkfbkbbhgaccclpjmflmfhf [2013-03-31]
CHR Extension: (Download Fonts) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgmjfmdomlhhodhmmfaomfbbdadpeefk [2012-08-27]
CHR Extension: (McAfee SECURE Safe Browsing) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdiimaiohgpacfbgedcipmgigppaofn [2014-10-28]
CHR Extension: (Google Maps) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-08-27]
CHR Extension: (CashControl) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioaopmpfgkncgbbfnmpoegppfcgmoek [2013-03-31]
CHR Extension: (RingCentral FaxOut) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnopcjofghmnhegmbjhmgbfclcgnpne [2012-11-09]
CHR Extension: (Kashoo Accounting Software) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\neiopiflolnemhanncaicdpgbehnihke [2013-03-31]
CHR Extension: (Zoho Reports) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhkiaiikklhjkbgopajnacalammmkbi [2013-03-31]
CHR Extension: (Google Wallet) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Keywords Toaster) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogppjpooagbgekafnpijhiiopgcgdalp [2013-03-31]
CHR Extension: (cronsync) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2013-03-31]
CHR Extension: (Thesaurus) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem [2012-08-27]
CHR Extension: (Gmail) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-27]
CHR Profile: C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-31]
CHR Extension: (Google Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-31]
CHR Extension: (SiteAdvisor) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-09-28]
CHR Extension: (SelectionLinks) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-07-09]
CHR Extension: (Google Wallet) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-31]
CHR Profile: C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-18]
CHR Extension: (YouTube) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-18]
CHR Extension: (Google Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-18]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2012-12-18]
CHR Extension: (AVG Safe Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-12-18]
CHR Extension: (AVG Secure Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-18]
CHR Extension: (No Name) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-06-22]
CHR Extension: (Gmail) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-18]
CHR Profile: C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Docs) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-21]
CHR Extension: (Listhings) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf [2013-11-21]
CHR Extension: (Google Drive) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21]
CHR Extension: (YouTube) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21]
CHR Extension: (Facebook) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-11-21]
CHR Extension: (PresentMe) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2013-11-21]
CHR Extension: (Google Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21]
CHR Extension: (Read Later Fast) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2013-11-21]
CHR Extension: (MightyText - SMS Text Messaging from Computer) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-01-01]
CHR Extension: (Invoice2go) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dmjkikjpbpaehaclfdkmjdofdgodaakp [2013-11-21]
CHR Extension: (Google Calendar) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-21]
CHR Extension: (Pandora) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-11-21]
CHR Extension: (Web Lab) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2013-11-21]
CHR Extension: (SiteAdvisor) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-21]
CHR Extension: (Wunderlist - To-do & Task List) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2013-11-21]
CHR Extension: (Springpad) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2013-11-21]
CHR Extension: (AdBlock) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-21]
CHR Extension: (Pin It Button) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-11-21]
CHR Extension: (PDF Mergy) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2013-11-21]
CHR Extension: (Cloud Reader) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-11-21]
CHR Extension: (Google Play Music) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-11-21]
CHR Extension: (GText from MightyText - SMS from Gmail™) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iffdacemhfpnchinokehhnppllonacfj [2014-01-07]
CHR Extension: (Dropbox) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-11-21]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2013-11-21]
CHR Extension: (Conceptboard) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio [2013-11-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-11-21]
CHR Extension: (SelectionLinks) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-11-29]
CHR Extension: (WordPress.com) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2013-11-21]
CHR Extension: (Yesware Reports) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kiciehannidbjakcefendokamkjnolhg [2013-11-21]
CHR Extension: (Wave Accounting) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2013-11-21]
CHR Extension: (Google Play) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-11-21]
CHR Extension: (Finance41 Personal Finance) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kpdbhpnagbkfbkbbhgaccclpjmflmfhf [2013-11-21]
CHR Extension: (Download Fonts) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lgmjfmdomlhhodhmmfaomfbbdadpeefk [2013-11-21]
CHR Extension: (Google Maps) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-21]
CHR Extension: (Google Mail Checker) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-11-21]
CHR Extension: (CashControl) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mioaopmpfgkncgbbfnmpoegppfcgmoek [2013-11-21]
CHR Extension: (Ghostery) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-11-21]
CHR Extension: (RingCentral CloudFax) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mpnopcjofghmnhegmbjhmgbfclcgnpne [2013-11-21]
CHR Extension: (Kashoo Accounting Software) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\neiopiflolnemhanncaicdpgbehnihke [2013-11-21]
CHR Extension: (Zoho Reports) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmhkiaiikklhjkbgopajnacalammmkbi [2013-11-21]
CHR Extension: (Google Wallet) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Keywords Toaster) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ogppjpooagbgekafnpijhiiopgcgdalp [2013-11-21]
CHR Extension: (Palette for Chrome) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2013-11-21]
CHR Extension: (Instagram for Chrome) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-02-01]
CHR Extension: (cronsync) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2013-11-21]
CHR Extension: (Thesaurus) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pddaeeclcbikcegjhhgocgkakehngcem [2013-11-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-11-21]
CHR Extension: (Gmail) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-03] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 21:47 - 2014-10-28 21:47 - 00045394 _____ () C:\Users\Beacon Pediatric\Desktop\FRST.txt
2014-10-28 21:45 - 2014-10-28 21:47 - 00000000 ____D () C:\FRST
2014-10-28 21:44 - 2014-10-28 21:44 - 02113024 _____ (Farbar) C:\Users\Beacon Pediatric\Desktop\FRST64.exe
2014-10-28 21:23 - 2014-10-28 21:23 - 01998336 _____ () C:\Users\Beacon Pediatric\Desktop\AdwCleaner.exe
2014-10-26 20:50 - 2014-10-28 09:21 - 00000532 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b1abdea3-1e9c-4f0a-ba62-52396e2cd6dc.job
2014-10-26 20:50 - 2014-10-26 20:50 - 00003642 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b1abdea3-1e9c-4f0a-ba62-52396e2cd6dc
2014-10-24 09:12 - 2014-10-24 09:20 - 01591284 _____ () C:\Users\Beacon Pediatric\Desktop\--- ADRIENNE AND PARAS master billing (Autosaved).xlsx
2014-10-24 01:01 - 2014-10-24 01:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Beacon Pediatric\Downloads\tdsskiller.exe
2014-10-24 00:48 - 2014-10-24 00:50 - 120074496 _____ (Microsoft Corporation) C:\Users\Beacon Pediatric\Downloads\msert.exe
2014-10-24 00:08 - 2014-10-28 21:41 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-24 00:08 - 2014-10-28 16:45 - 00000532 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ec2347b3-e7c6-4ccd-bae8-96b1174425da.job
2014-10-24 00:08 - 2014-10-24 00:08 - 00003568 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ec2347b3-e7c6-4ccd-bae8-96b1174425da
2014-10-24 00:08 - 2014-10-24 00:08 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-24 00:08 - 2014-10-24 00:08 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Roaming\SUPERAntiSpyware.com
2014-10-24 00:08 - 2014-10-24 00:08 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-24 00:08 - 2014-10-24 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-24 00:07 - 2014-10-24 00:07 - 20011496 _____ (SUPERAntiSpyware) C:\Users\Beacon Pediatric\Downloads\SUPERAntiSpywarePro.exe
2014-10-23 15:03 - 2014-10-23 21:54 - 00008254 _____ () C:\Users\Beacon Pediatric\Desktop\attach.txt
2014-10-23 15:03 - 2014-10-23 15:03 - 00028638 _____ () C:\Users\Beacon Pediatric\Desktop\dds.txt
2014-10-23 14:59 - 2014-10-23 14:59 - 00688992 ____R (Swearware) C:\Users\Beacon Pediatric\Downloads\dds.com
2014-10-23 13:03 - 2014-10-23 13:03 - 00418959 _____ () C:\Users\Beacon Pediatric\Desktop\--- ANGELA Mann Master billing 10.23.14.xlsx
2014-10-22 11:39 - 2014-10-22 11:39 - 01215246 _____ () C:\Users\Beacon Pediatric\Downloads\Fax551E.TIF
2014-10-21 22:37 - 2014-10-21 22:37 - 00005236 _____ () C:\Users\Beacon Pediatric\Desktop\JRT.txt
2014-10-21 22:31 - 2014-10-21 22:31 - 00000000 ____D () C:\Windows\ERUNT
2014-10-21 22:29 - 2014-10-21 22:29 - 00303389 _____ (Thisisu) C:\Users\Beacon Pediatric\Downloads\A563.tmp
2014-10-21 22:26 - 2014-10-21 22:26 - 01706144 _____ (Thisisu) C:\Users\Beacon Pediatric\Downloads\JRT.exe
2014-10-21 22:12 - 2014-10-21 22:12 - 01962496 _____ () C:\Users\Beacon Pediatric\Downloads\adwcleaner_4.001.exe
2014-10-20 21:36 - 2014-10-20 21:36 - 00112238 _____ () C:\Users\Beacon Pediatric\Downloads\New Tricare codes grid
2014-10-17 21:13 - 2014-10-28 21:32 - 00000000 ____D () C:\AdwCleaner
2014-10-17 14:03 - 2014-10-28 21:39 - 00003745 _____ () C:\Windows\setupact.log
2014-10-17 14:03 - 2014-10-17 14:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-17 13:53 - 2014-10-17 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 21:20 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 21:20 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 21:20 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 21:20 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 21:20 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 21:20 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 21:20 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 21:20 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 21:20 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 21:20 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 21:20 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 21:20 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 21:20 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 21:20 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 21:20 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 21:20 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 21:20 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 21:20 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 21:20 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 21:20 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 21:20 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 21:20 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 21:20 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 21:20 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 21:20 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 21:20 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 21:20 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 21:20 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 21:20 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 21:20 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 21:20 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 21:20 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 21:20 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 21:20 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 21:20 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 21:20 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 21:20 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 21:20 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 21:20 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 21:20 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 21:20 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 21:20 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 21:20 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 21:20 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 21:20 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 21:20 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 21:20 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 21:20 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 21:20 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 21:20 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 21:19 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 21:19 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 21:19 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 21:19 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 21:19 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 21:19 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 21:19 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 21:19 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 21:19 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 21:19 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 21:19 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 21:19 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 21:19 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 21:18 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 21:18 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 21:18 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 21:18 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 21:18 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 21:18 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 21:18 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 21:18 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 21:18 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 21:18 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 21:18 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 21:18 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 21:18 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 21:18 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 21:18 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 21:17 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 21:17 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 21:17 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 21:17 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 21:15 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 21:15 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 21:15 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 21:15 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 21:15 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 21:15 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 21:15 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 21:15 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 21:15 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 21:15 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 21:15 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 21:15 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 21:15 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 21:15 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 21:15 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 21:15 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 21:14 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 21:14 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-13 15:45 - 2014-10-13 15:45 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 13:02 - 2014-10-13 13:02 - 00008097 _____ () C:\Users\Beacon Pediatric\Desktop\do 10.13.xlsx
2014-10-13 13:02 - 2014-10-13 13:02 - 00008092 _____ () C:\Users\Beacon Pediatric\Documents\Book1.xlsx
2014-10-07 16:31 - 2014-10-07 16:31 - 00000000 __RSD () C:\Users\Beacon\Documents\McAfee Vaults
2014-10-07 16:31 - 2014-10-07 16:31 - 00000000 ____D () C:\Users\Beacon\AppData\Local\McAfee File Lock
2014-10-07 16:29 - 2014-10-07 16:29 - 00143488 _____ () C:\Users\Beacon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-07 16:28 - 2014-10-07 16:29 - 00000000 ____D () C:\Users\Beacon\AppData\Roaming\ControlCenter4
2014-10-07 16:27 - 2014-10-07 16:27 - 00001420 _____ () C:\Users\Beacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-07 16:27 - 2014-10-07 16:27 - 00000000 ____D () C:\Users\Beacon\AppData\Roaming\Adobe
2014-10-07 16:27 - 2014-10-07 16:27 - 00000000 ____D () C:\Users\Beacon\AppData\Local\Google
2014-10-07 16:26 - 2014-10-07 16:26 - 00000000 ____D () C:\Users\Beacon\AppData\Local\VirtualStore
2014-10-07 16:25 - 2014-10-07 16:27 - 00000000 ____D () C:\Users\Beacon
2014-10-07 16:25 - 2014-10-07 16:25 - 00000020 ___SH () C:\Users\Beacon\ntuser.ini
2014-10-07 16:25 - 2013-01-31 12:30 - 00000000 ____D () C:\Users\Beacon\AppData\Roaming\TuneUp Software
2014-10-07 16:25 - 2012-08-28 21:57 - 00000000 ____D () C:\Users\Beacon\AppData\Local\Microsoft Help
2014-10-07 16:25 - 2012-08-20 02:40 - 00000000 ____D () C:\Users\Beacon\AppData\Roaming\Macromedia
2014-10-07 16:25 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Beacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-07 16:25 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Beacon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-05 22:55 - 2014-10-05 22:55 - 02214912 _____ () C:\Users\Beacon Pediatric\Downloads\BehaviorRecording.ppt
2014-10-03 21:57 - 2014-10-21 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 21:57 - 2014-10-13 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 21:56 - 2014-10-13 15:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 21:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 21:56 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 21:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 21:55 - 2014-10-03 21:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Beacon Pediatric\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-03 21:52 - 2014-10-03 21:52 - 00008575 _____ () C:\Users\Beacon Pediatric\Documents\Rogue Killer 10.3.14 RKreport_DEL_10032014_214819.log
2014-10-03 21:44 - 2014-10-03 21:44 - 00052942 _____ () C:\Users\Beacon Pediatric\Downloads\BXM session Note
2014-10-03 18:42 - 2014-10-28 09:23 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Local\CrashDumps
2014-10-03 17:14 - 2014-10-03 17:14 - 04893784 _____ () C:\Users\Beacon Pediatric\Downloads\RogueKiller.exe
2014-10-03 17:14 - 2014-10-03 17:14 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-03 17:14 - 2014-10-03 17:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-01 11:07 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 11:07 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-28 21:46 - 2013-09-28 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-28 21:45 - 2012-10-08 21:40 - 00000972 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA.job
2014-10-28 21:45 - 2012-10-08 21:40 - 00000950 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core.job
2014-10-28 21:45 - 2012-08-20 02:31 - 01310853 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 21:44 - 2013-09-28 00:59 - 00000000 __RSD () C:\Users\Beacon Pediatric\Documents\McAfee Vaults
2014-10-28 21:42 - 2012-10-18 15:59 - 00000000 ___RD () C:\Users\Beacon Pediatric\Dropbox
2014-10-28 21:42 - 2012-10-18 15:51 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox
2014-10-28 21:40 - 2013-09-28 00:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-28 21:40 - 2013-05-09 21:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d1ff94d77e5.job
2014-10-28 21:40 - 2013-01-24 18:05 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-10-28 21:39 - 2014-04-16 23:25 - 00114128 _____ () C:\Windows\PFRO.log
2014-10-28 21:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 21:26 - 2014-05-20 21:54 - 00271360 _____ () C:\Users\Beacon Pediatric\Documents\backup.pst
2014-10-28 21:21 - 2012-08-20 02:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 21:10 - 2014-05-09 04:39 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core1cf6b623d011a88.job
2014-10-28 21:10 - 2013-10-12 22:11 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA1cec7b97f5d030c.job
2014-10-26 21:16 - 2013-07-15 14:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce4d1ff94d77e5
2014-10-26 21:16 - 2012-08-20 02:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 20:57 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-26 20:57 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 12:05 - 2014-02-19 15:04 - 00005046 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BeaconPediatric-Beacon Pediatric BeaconPediatric
2014-10-23 20:58 - 2013-09-28 00:20 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-23 20:53 - 2014-05-09 04:39 - 00003548 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core1cf6b623d011a88
2014-10-23 20:53 - 2013-10-12 22:11 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA1cec7b97f5d030c
2014-10-22 11:47 - 2014-08-13 14:24 - 00000000 _____ () C:\Users\Beacon Pediatric\Documents\Nuance Image Printer Writer Port
2014-10-21 23:08 - 2013-01-08 22:59 - 00800056 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-21 22:23 - 2014-07-14 23:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-21 14:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-20 07:06 - 2009-07-14 01:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-20 07:06 - 2009-07-14 00:45 - 05131680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 23:09 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 21:20 - 2013-09-15 11:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 21:07 - 2013-09-15 11:56 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 15:21 - 2014-09-18 16:42 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-17 14:03 - 2013-07-12 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-17 13:55 - 2014-08-15 16:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 13:53 - 2012-12-29 23:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-17 13:52 - 2013-01-11 13:24 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Roaming\Skype
2014-10-17 13:52 - 2013-01-11 13:23 - 00000000 ____D () C:\ProgramData\Skype
2014-10-17 13:51 - 2014-09-25 14:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-17 13:49 - 2014-09-21 21:51 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Local\Backup Assistant Plus
2014-10-17 13:48 - 2013-07-12 21:16 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-17 13:48 - 2013-07-12 21:16 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-17 13:48 - 2012-09-26 11:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-17 11:07 - 2013-02-22 02:00 - 00000000 ____D () C:\Windows\pss
2014-10-14 23:29 - 2013-08-16 21:26 - 00000000 ____D () C:\Users\Beacon Pediatric\Documents\Adrienne Beacon and Personal
2014-10-13 13:20 - 2012-08-27 21:06 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Roaming\Adobe
2014-10-09 16:03 - 2013-07-11 08:11 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Roaming\Mozilla
2014-10-09 06:58 - 2012-11-11 15:13 - 00000000 ___RD () C:\Users\Beacon Pediatric\Desktop\infrequently used programs random docs
2014-10-07 21:22 - 2013-10-13 15:54 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-10-07 10:03 - 2013-10-22 11:21 - 00000000 ____D () C:\Users\Beacon Pediatric\AppData\Roaming\.minecraft
2014-10-03 22:36 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-10-03 21:56 - 2013-06-23 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
Some content of TEMP:
====================
C:\Users\Beacon Pediatric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3r1hy_.dll
C:\Users\Beacon Pediatric\AppData\Local\Temp\Quarantine.exe
C:\Users\Beacon Pediatric\AppData\Local\Temp\sqlite3.dll
C:\Users\Beacon Pediatric\AppData\Local\Temp\_is461.exe
C:\Users\Beacon Pediatric\AppData\Local\Temp\_is91B3.exe
C:\Users\Beacon Pediatric\AppData\Local\Temp\_isD55.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-27 15:14
 
==================== End Of Log ============================


#6 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 October 2014 - 08:51 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Beacon Pediatric at 2014-10-28 21:48:27
Running from C:\Users\Beacon Pediatric\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite MFC-7860DW MFC-7365DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Business Plan Pro (HKLM-x32\...\{F21369D1-DEB9-4724-8747-B56602F14F86}) (Version: 12.00.0025 - Palo Alto Software, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{59993DDF-68B7-4199-9A0C-B155DAAB21F0}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet Pro 8100 Help (HKLM-x32\...\{65038824-6DC7-4A44-828A-D7A7F04CD61B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8100 Product Improvement Study (HKLM\...\{14D29D39-F193-4FCF-B94F-CFC3457F2056}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intervention Report Upgrade for BASC-2 ASSIST (HKLM-x32\...\Intervention Report Upgrade for BASC-2 ASSIST) (Version: 1.2.0.0 - Pearson Assessments)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ 6 Update 2 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
NEPSY-II Scoring Assistant (HKLM-x32\...\InstallShield_{F8335E72-E0AF-4128-A77D-5E08F7413D84}) (Version:  - )
NEPSY-II Scoring Assistant (Version: 2.0.2 - Pearson) Hidden
Network Recording Player (HKLM-x32\...\{77A9065F-823B-4CDD-B28B-F340B69B62E3}) (Version: 28.4.0.14953 - Cisco WebEx LLC)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Converter 8 (HKLM-x32\...\{C285DA25-78D9-4C43-B4B6-A9F14C9CD551}) (Version: 8.00.1223 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDFTK Builder 3.5.3 (HKLM-x32\...\PDFTK Builder_is1) (Version:  - )
PeaZip 4.7.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
PST Walker 5.09.1 (HKLM-x32\...\PST Walker_is1) (Version:  - PST Walker Software)
PsychCorpCenter (HKLM-x32\...\InstallShield_{CEA790EA-8282-4AD8-9883-14E86DAAC2C2}) (Version:  - )
PsychCorpCenter (Version: 3.3.3 - Pearson) Hidden
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
RingCentral Call Controller (HKLM-x32\...\RingCentral) (Version:  - RingCentral, Inc.)
Scansoft PDF Converter (x32 Version:  - ) Hidden
ScanTools Plus Link Runtime (HKLM-x32\...\{265F31FE-5731-424E-8B55-E2E1F17E5F3E}) (Version: 7.0 - Pearson Assessments)
ScanTools Plus Link Runtime (x32 Version: 1.0 - Pearson NCS) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
Vineland-II ASSIST (HKLM-x32\...\Vineland-II ASSIST) (Version: 1.0.0.0 - AGS Publishing)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WJ III Normative Update Compuscore and Profiles Program (HKLM-x32\...\WJ III Normative Update Compuscore and Profiles Program) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
04-10-2014 07:02:42 Windows Update
13-10-2014 16:47:21 Scheduled Checkpoint
17-10-2014 17:46:12 McAfee Vulnerability Scanner
20-10-2014 01:05:59 Windows Update
23-10-2014 02:43:40 Message+
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {15E146DE-B877-4C77-9B08-9921BEA39E1E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {1701E4FE-462A-4F29-9BC5-18CAFD69BD59} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2250CA9F-04CA-4A45-9888-CE2C372A81A7} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {25203C53-74A8-4928-B47D-E3392C2DDC0C} - System32\Tasks\SUPERAntiSpyware Scheduled Task b1abdea3-1e9c-4f0a-ba62-52396e2cd6dc => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {25497B3A-7BD6-48F4-8C0E-D669C93A6E42} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
Task: {29AB32EE-E8A3-4B55-9DCE-45C3FC924E39} - System32\Tasks\Google Updater and Installer => C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: {31B821BD-4893-4ED7-95BD-594A7967A564} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core => C:\Users\Beacon Pediatric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-08] (Facebook Inc.)
Task: {40160684-2650-45AE-9164-89E3589CE1DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {4124BC3A-ACD0-40A6-AE8A-7E4FB4B1A1C4} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {4982C1DE-D1F9-4946-B95D-D9DC32F6A3B1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BeaconPediatric-Beacon Pediatric BeaconPediatric => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {5C70862C-D18B-45EB-B98E-E24645C1CBF1} - System32\Tasks\Sun Microsystems online update program => C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12] (Sun Microsystems, Inc.)
Task: {64B096DD-A368-4E45-8671-E539C0102A11} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {67325693-BE54-45A1-977D-A83884733EFB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {67A2E085-CA26-486F-B351-B96F15D9BA68} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {6B9017F4-67F8-488C-90F5-814BA42EBD6F} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {6F75FAD2-56A1-4443-88D1-08A515FE72CC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {8674D79A-5888-4632-BB5D-81F3ECB9251B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {87065CE8-77C9-4ECA-B905-5DEB5A00E1DD} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {9BEFEA1B-7B5A-42C0-B838-5424AA228854} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA1cec7b97f5d030c => C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: {A0EAF55A-A380-4351-9AC6-38577A9E0DBB} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A4025D35-0DA7-4BAE-9CC0-4046A17441CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {A5445649-8C86-49B9-9642-43CAFA3ED9A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core1cf6b623d011a88 => C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc.)
Task: {A899F372-9CE7-41AF-8750-E5C90A5893BD} - System32\Tasks\HPCustParticipation HP Officejet Pro 8100 => C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {AA1082DE-0135-4FA9-BCB9-02E18E6E2B7D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {AB01E3E6-C8CA-4F41-83BA-0A0C9B9F4CB3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA => C:\Users\Beacon Pediatric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-08] (Facebook Inc.)
Task: {BDDE05AA-E3B4-4302-8B5C-4B9E1EAABEED} - System32\Tasks\SUPERAntiSpyware Scheduled Task ec2347b3-e7c6-4ccd-bae8-96b1174425da => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {C3B08020-94F6-41BC-B60F-7DC1A61AC962} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {C5B0E10E-9AF5-4EE8-A745-C8CEB721C107} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {D3856615-FA40-4156-AB11-8F132D5CA316} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4d1ff94d77e5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {DC561BCF-89F2-4966-A0DD-D97756C8E087} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {DD66304D-8EAE-4146-A37F-F8B3DD1D0961} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {DE703CE7-92ED-4ABF-8A6A-B6205DC3B7BB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {EC9D5178-57EC-4913-9E0E-1AB0B3C0B8E7} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
Task: {F281B3AE-2B5F-4F83-952A-D75F6F19DCA4} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for BeaconPediatric.Beacon Pediatric => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core.job => C:\Users\Beacon Pediatric\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA.job => C:\Users\Beacon Pediatric\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d1ff94d77e5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000Core1cf6b623d011a88.job => C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-82154743-158773327-3785183388-1000UA1cec7b97f5d030c.job => C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b1abdea3-1e9c-4f0a-ba62-52396e2cd6dc.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ec2347b3-e7c6-4ccd-bae8-96b1174425da.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-24 21:25 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-07-14 23:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-22 08:12 - 2014-09-09 10:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2012-08-20 02:40 - 2011-08-02 07:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-08-20 02:40 - 2011-08-02 07:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-09-21 21:50 - 2008-12-19 18:26 - 02625536 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax
2014-10-28 21:41 - 2014-10-28 21:41 - 00043008 _____ () c:\Users\Beacon Pediatric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3r1hy_.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Beacon Pediatric\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-14 23:55 - 2014-09-25 21:18 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-11-29 17:59 - 2012-11-29 17:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-08-22 08:12 - 2014-09-09 09:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-10-27 14:45 - 2014-10-22 00:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 14:45 - 2014-10-22 00:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 14:46 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 14:45 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2012-08-20 02:34 - 2012-02-20 23:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\huxZ2RDZL8:D8ZmL3m55RYG6TNbIIZpf9eHspg
AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\k1S1TxViz7VEnJ:OE6bEPxOuM9YzMsQvcYvrl0
AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\Temporary Internet Files:3TjqxFuDg5ymT1Pz8wf5JUhz1DTuBl
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk => C:\Windows\pss\Nuance Cloud Connector.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Beacon Pediatric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Beacon Pediatric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Beacon Pediatric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Beacon Pediatric\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: Dolby Advanced Audio v2 => "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Beacon Pediatric\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Beacon Pediatric\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_07DBD5A56A2433375636EFE6DF1689F9 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: googletalk => C:\Users\Beacon Pediatric\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN3219SGR405RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Nuance PDF Converter 8-reminder => "C:\Program Files (x86)\Nuance\PDF Converter 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 8\Ereg\Ereg.ini"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files (x86)\Nuance\PDF Converter 8\RegistryController.exe"
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Pokki => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RCHotKey => "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"
MSCONFIG\startupreg: RCUI => "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe"
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-82154743-158773327-3785183388-500 - Administrator - Disabled)
Beacon (S-1-5-21-82154743-158773327-3785183388-1006 - Administrator - Enabled) => C:\Users\Beacon
Beacon Pediatric (S-1-5-21-82154743-158773327-3785183388-1000 - Administrator - Enabled) => C:\Users\Beacon Pediatric
BeaconAdministrator (S-1-5-21-82154743-158773327-3785183388-1005 - Administrator - Enabled)
Guest (S-1-5-21-82154743-158773327-3785183388-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/28/2014 09:40:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/28/2014 09:53:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/28/2014 09:23:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1158, time stamp: 0x542c608b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x38ac
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
 
Error: (10/28/2014 09:22:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1158 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ddc
 
Start Time: 01cff17fee0f55ea
 
Termination Time: 626
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id: 6947a530-5ea5-11e4-956e-3c970e21e7d4
 
Error: (10/27/2014 03:17:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/27/2014 11:45:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4659.1000, time stamp: 0x5417e940
Faulting module name: EMSMDB32.DLL, version: 15.0.4659.1000, time stamp: 0x5417eb21
Exception code: 0xc0000005
Fault offset: 0x000d51da
Faulting process id: 0x950
Faulting application start time: 0xOUTLOOK.EXE0
Faulting application path: OUTLOOK.EXE1
Faulting module path: OUTLOOK.EXE2
Report Id: OUTLOOK.EXE3
 
Error: (10/26/2014 10:43:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/26/2014 08:50:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 10:23:54 AM) (Source: Google Update) (EventID: 20) (User: BeaconPediatric)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (10/24/2014 11:59:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 15.0.4659.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 18a0
 
Start Time: 01cfefa2e290c1cb
 
Termination Time: 15
 
Application Path: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
 
Report Id: a51956e7-5b96-11e4-836d-3c970e21e7d4
 
 
System errors:
=============
Error: (10/28/2014 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (10/27/2014 04:04:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (10/26/2014 11:07:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (10/26/2014 08:49:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (10/24/2014 08:21:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ThinkVantage Virtual Camera Controller service to connect.
 
Error: (10/24/2014 08:21:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (10/23/2014 00:44:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (10/23/2014 00:43:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.
 
Error: (10/23/2014 00:43:27 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (10/23/2014 00:43:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/28/2014 09:40:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/28/2014 09:53:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
 
Error: (10/28/2014 09:23:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SUPERAntiSpyware.exe6.0.0.1158542c608bntdll.dll6.1.7601.18247521eaf24c000037400000000000c410238ac01cff2b216549026C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Windows\SYSTEM32\ntdll.dll97ac3d76-5ea5-11e4-956e-3c970e21e7d4
 
Error: (10/28/2014 09:22:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SUPERAntiSpyware.exe6.0.0.1158ddc01cff17fee0f55ea626C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe6947a530-5ea5-11e4-956e-3c970e21e7d4
 
Error: (10/27/2014 03:17:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
 
Error: (10/27/2014 11:45:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4659.10005417e940EMSMDB32.DLL15.0.4659.10005417eb21c0000005000d51da95001cff19b3def10ffC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files\Microsoft Office 15\Root\Office15\EMSMDB32.DLL4c2b117c-5df0-11e4-956e-3c970e21e7d4
 
Error: (10/26/2014 10:43:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (10/26/2014 08:50:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 10:23:54 AM) (Source: Google Update) (EventID: 20) (User: BeaconPediatric)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (10/24/2014 11:59:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE15.0.4659.100018a001cfefa2e290c1cb15C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXEa51956e7-5b96-11e4-836d-3c970e21e7d4
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-07 14:06:28.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-07 14:06:28.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-07 14:05:36.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-07 14:05:36.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-07 14:04:33.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-07 14:04:33.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-06 12:05:03.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-06 12:05:03.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-06 11:35:42.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-06 11:35:42.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 3819.11 MB
Available physical RAM: 1602.98 MB
Total Pagefile: 7636.39 MB
Available Pagefile: 4982.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:326.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:14.83 GB) (Free:2.53 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 343BC245)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#7 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 October 2014 - 08:55 PM

Hi Adam,

Thank you SO much for your help!  I believe that I have provided the information requested?

And yes, please call me Adrienne

Thanks!



#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 28 October 2014 - 08:57 PM

Hi Adrienne, 
 

Thank you SO much for your help! 

No problem at all. :)
 

I believe that I have provided the information requested?

Yes, those are the logs I needed. Thank you. 
 
I'm heading off now, but will return with instructions for you in the morning. 
 
Adam.


Posted Image

#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 29 October 2014 - 06:37 AM

Hi Adrienne, 
 
Please run the following. Let me know if there are any outstanding issues. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {0969f8c9-fe78-11e1-bebf-3c970e21e7d4} - D:\LaunchU3.exe -a
    HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {180fbad1-8447-11e2-98c5-3c970e21e7d4} - E:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {4d9d6d66-cad8-11e3-9b9d-3c970e21e7d4} - E:\VerizonSWUpgradeAssistantLauncher.exe
    HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {742bd4aa-7449-11e2-a49b-3c970e21e7d4} - D:\Bolt.exe
    HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {990e357f-3515-11e4-8233-3c970e21e7d4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
    HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {f42342c6-ea8f-11e1-a41a-806e6f6e6963} - Q:\LenovoQDrive.exe
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    SearchScopes: HKCU - {FD0A2905-DA3F-44D3-AA55-457019CCBBE2} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140709&p={SearchTerms}
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US0D20140709&p=
    FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
    CHR StartupUrls: Default -> "hxxp://www.cnn.com/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB", "https://isearch.avg.com/?cid={276FC9EB-2842-4D3A-8130-24F888B3663E}&mid=075f91e526cc47d0a636edde48c50e27-8e332fa8880c692658af166defe79b23badde26c&lang=en&ds=bm011&pr=sa&d=2012-09-09 13:44:55&v=12.2.0.5&sap=hp", "hxxp://isearch.avg.com/?cid={276FC9EB-2842-4D3A-8130-24F888B3663E}&mid=075f91e526cc47d0a636edde48c50e27-8e332fa8880c692658af166defe79b23badde26c&lang=en&ds=bm011&pr=sa&d=2012-09-09 13:44:55&v=14.1.0.10&pid=avg&sg=&sap=hp", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN37887580998699129&UM=2", "hxxp://google.com/"
    CHR Extension: (SelectionLinks) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-07-09]
    CHR Extension: (AVG Safe Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-12-18]
    CHR Extension: (AVG Secure Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-18]
    CHR Extension: (No Name) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-06-22]
    CHR Extension: (SelectionLinks) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-11-29]
    2014-10-07 16:25 - 2013-01-31 12:30 - 00000000 ____D () C:\Users\Beacon\AppData\Roaming\TuneUp Software
    2014-10-28 21:40 - 2013-01-24 18:05 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    C:\Users\Beacon Pediatric\AppData\Local\Temp\_is461.exe
    C:\Users\Beacon Pediatric\AppData\Local\Temp\_is91B3.exe
    C:\Users\Beacon Pediatric\AppData\Local\Temp\_isD55.exe
    CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {C5B0E10E-9AF5-4EE8-A745-C8CEB721C107} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    C:\Program Files (x86)\AVG Secure Search
    AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\huxZ2RDZL8:D8ZmL3m55RYG6TNbIIZpf9eHspg
    AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\k1S1TxViz7VEnJ:OE6bEPxOuM9YzMsQvcYvrl0
    AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\Temporary Internet Files:3TjqxFuDg5ymT1Pz8wf5JUhz1DTuBl
    C:\Users\Beacon Pediatric\AppData\Local\Pokki
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pokki" /f
    reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

Posted Image

#10 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 29 October 2014 - 01:51 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01
Ran by Beacon Pediatric at 2014-10-29 14:35:10 Run:1
Running from C:\Users\Beacon Pediatric\Desktop
Loaded Profile: Beacon Pediatric (Available profiles: Beacon Pediatric & Beacon)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {0969f8c9-fe78-11e1-bebf-3c970e21e7d4} - D:\LaunchU3.exe -a
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {180fbad1-8447-11e2-98c5-3c970e21e7d4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {4d9d6d66-cad8-11e3-9b9d-3c970e21e7d4} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {742bd4aa-7449-11e2-a49b-3c970e21e7d4} - D:\Bolt.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {990e357f-3515-11e4-8233-3c970e21e7d4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-82154743-158773327-3785183388-1000\...\MountPoints2: {f42342c6-ea8f-11e1-a41a-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
SearchScopes: HKCU - {FD0A2905-DA3F-44D3-AA55-457019CCBBE2} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140709&p={SearchTerms}
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
CHR StartupUrls: Default -> "hxxp://www.cnn.com/", "hxxp://www.google.com/", "hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB", "https://isearch.avg.com/?cid={276FC9EB-2842-4D3A-8130-24F888B3663E}&mid=075f91e526cc47d0a636edde48c50e27-8e332fa8880c692658af166defe79b23badde26c&lang=en&ds=bm011&pr=sa&d=2012-09-09 13:44:55&v=12.2.0.5&sap=hp", "hxxp://isearch.avg.com/?cid={276FC9EB-2842-4D3A-8130-24F888B3663E}&mid=075f91e526cc47d0a636edde48c50e27-8e332fa8880c692658af166defe79b23badde26c&lang=en&ds=bm011&pr=sa&d=2012-09-09 13:44:55&v=14.1.0.10&pid=avg&sg=&sap=hp", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN37887580998699129&UM=2", "hxxp://google.com/"
CHR Extension: (SelectionLinks) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-07-09]
CHR Extension: (AVG Safe Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-12-18]
CHR Extension: (AVG Secure Search) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-18]
CHR Extension: (No Name) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-06-22]
CHR Extension: (SelectionLinks) - C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-11-29]
2014-10-07 16:25 - 2013-01-31 12:30 - 00000000 ____D () C:\Users\Beacon\AppData\Roaming\TuneUp Software
2014-10-28 21:40 - 2013-01-24 18:05 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
C:\Users\Beacon Pediatric\AppData\Local\Temp\_is461.exe
C:\Users\Beacon Pediatric\AppData\Local\Temp\_is91B3.exe
C:\Users\Beacon Pediatric\AppData\Local\Temp\_isD55.exe
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Beacon Pediatric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {C5B0E10E-9AF5-4EE8-A745-C8CEB721C107} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
C:\Program Files (x86)\AVG Secure Search
AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\huxZ2RDZL8:D8ZmL3m55RYG6TNbIIZpf9eHspg
AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\k1S1TxViz7VEnJ:OE6bEPxOuM9YzMsQvcYvrl0
AlternateDataStreams: C:\Users\Beacon Pediatric\AppData\Local\Temporary Internet Files:3TjqxFuDg5ymT1Pz8wf5JUhz1DTuBl
C:\Users\Beacon Pediatric\AppData\Local\Pokki
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pokki" /f
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
"HKU\S-1-5-21-82154743-158773327-3785183388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0969f8c9-fe78-11e1-bebf-3c970e21e7d4}" => Key deleted successfully.
"HKCR\CLSID\{0969f8c9-fe78-11e1-bebf-3c970e21e7d4}" => Key not found.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{180fbad1-8447-11e2-98c5-3c970e21e7d4}" => Key deleted successfully.
"HKCR\CLSID\{180fbad1-8447-11e2-98c5-3c970e21e7d4}" => Key not found.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9d6d66-cad8-11e3-9b9d-3c970e21e7d4}" => Key deleted successfully.
"HKCR\CLSID\{4d9d6d66-cad8-11e3-9b9d-3c970e21e7d4}" => Key not found.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{742bd4aa-7449-11e2-a49b-3c970e21e7d4}" => Key deleted successfully.
"HKCR\CLSID\{742bd4aa-7449-11e2-a49b-3c970e21e7d4}" => Key not found.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{990e357f-3515-11e4-8233-3c970e21e7d4}" => Key deleted successfully.
"HKCR\CLSID\{990e357f-3515-11e4-8233-3c970e21e7d4}" => Key not found.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f42342c6-ea8f-11e1-a41a-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{f42342c6-ea8f-11e1-a41a-806e6f6e6963}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => Key deleted successfully.
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => Key deleted successfully.
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => Key deleted successfully.
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => Key deleted successfully.
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD0A2905-DA3F-44D3-AA55-457019CCBBE2}" => Key deleted successfully.
"HKCR\CLSID\{FD0A2905-DA3F-44D3-AA55-457019CCBBE2}" => Key not found.
"HKCR\PROTOCOLS\Handler\intu-help-qb3" => Key deleted successfully.
"HKCR\CLSID\{c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4}" => Key not found.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found] not found.
Chrome StartupUrls deleted successfully.
C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nemfjadlboooiffmcelkafilagddogim => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej => Moved successfully.
C:\Users\Beacon\AppData\Roaming\TuneUp Software => Moved successfully.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Temp\_is461.exe => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Temp\_is91B3.exe => Moved successfully.
C:\Users\Beacon Pediatric\AppData\Local\Temp\_isD55.exe => Moved successfully.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-82154743-158773327-3785183388-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5B0E10E-9AF5-4EE8-A745-C8CEB721C107}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B0E10E-9AF5-4EE8-A745-C8CEB721C107}" => Key deleted successfully.
C:\Windows\System32\Tasks\ROC_JAN2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv" => Key deleted successfully.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job not found.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
C:\Users\Beacon Pediatric\AppData\Local\huxZ2RDZL8 => ":D8ZmL3m55RYG6TNbIIZpf9eHspg" ADS removed successfully.
C:\Users\Beacon Pediatric\AppData\Local\k1S1TxViz7VEnJ => ":OE6bEPxOuM9YzMsQvcYvrl0" ADS removed successfully.
"C:\Users\Beacon Pediatric\AppData\Local\Temporary Internet Files" => ":3TjqxFuDg5ymT1Pz8wf5JUhz1DTuBl" ADS not found.
"C:\Users\Beacon Pediatric\AppData\Local\Pokki" => File/Directory not found.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pokki" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#11 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 29 October 2014 - 01:53 PM

Hello!

Thanks so much!  The log is above.  The CouponDropDown is still showing up -- still just on my website though, from what I can tell...  why could that be?

thanks!

:)



#12 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 29 October 2014 - 03:49 PM

Hi Adrienne, 

 

Does this occur on all your browsers? 

 

Using a different device (eg. Phone, different PC, etc), please browse to the website in question. Do you see the same thing? 


Posted Image

#13 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 29 October 2014 - 07:20 PM

Yes, actually!  I just pulled it up on my tablet and phone and it shows up on both!  Could there be something embedded accidentally in my website??  How would I determine that?  It is a website I made myself with wordpress.org.  Could it be something with the server the website is on?  How do I find out?

Thanks so much!!



#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 PM

Posted 29 October 2014 - 07:46 PM

Hello Adrienne,
 
As this specific issue appears to be related to WordPress, you will need to get in contact with their support. I do not have any experience with the website I'm afraid. 
 
We can continue the removal process to confirm this is indeed the case. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log

Posted Image

#15 fsuadrienne

fsuadrienne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 30 October 2014 - 08:56 PM

Thank you so much!  It IS an issue with my website-- I have been hacked somehow.  :( Thank you for your help!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users