Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installation of Zip Extractor Packages resulted in much malware


  • This topic is locked This topic is locked
9 replies to this topic

#1 MadJohnFinn

MadJohnFinn

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 13 November 2014 - 05:57 AM

Mod edit: Moved to proper forum ~~ boopme

Hello.
 
You guys very kindly & successfully cured my malware problem, & now a friend of mine has turned to me (you) for help with their computer.
 
They have a Windows 7 64 bit laptop & accidentally downloaded a program called "Zip Extractor Packages" whilst trying to download some freeware gif maker or something. It's (Zip extractor packages) some sort of hideous wrapper for all sorts of terrible stuff, & now their browsers are full of pop-ups & pop-unders.
But it gets worse...
 
They decided (& excuse me for feeling smug here, because for once someone else has done something wrong, instead of me!) to try to resolve the various problems on their own, with zero success.
 
I think they've downloaded a few tools from this site & had a go at fixing things, though to my knowledge nothing has been successful. They mentioned that one of the tools they'd downloaded had detected that not only was their computer riddled with hideous adware & weird, weird browser hijackers/redirecters, they now had a proxy server (!!!!?!?!?!?!!!) running in the background every time they turned their PC on.
I have been able to ascertain to the best of my knowledge that they haven't done much lasting damage with their bungling attempts to fix it (well, it turns on & all their important documents seem to be working. They did fortunately have everything backed up to a G-drive & dropbox online, so fingers crossed...).
 
I had a look & they've dowloaded/run (deep breath):
 
adwcleaner,
combofix (!!!???!!?!?),
avast browser cleaner,
JRT,
roguekiller &
dds.
 
Having bungled myself on my own PC, I am aware that they shouldn't have done any of this, but there you go.  However, they've turned the problem over to me & the PC is now in my possession & I thought it best to turn to you guys to help.
 
I am not going to download/install/uninstall/run anything without your say-so.
 
They have Sophos antivirus installed & up to date, but despite the various (thrashing) attempts they have made to fix the problems the PC is still definitely riddled with malware (pop-ups, slow-running, browser redirects, strange ads, all manner of hideous fake search pages coming up in all of their three browsers).
 
I am attaching all the log files that I can find. Apologies for bringing this to your door. They are a very sweet friend & I know they've messed up but your help in this matter would be very much appreciated.

Thank you in advance.

**

RKILL Log:

"Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2014 09:38:27 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Users\Lolly\Desktop\rkill\rkill-11-12-2014-09-38-31.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/12/2014 09:39:10 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)"
 
**
 
JRT Log:

"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lolly on 12/11/2014 at 21:49:37.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Lolly\appdata\local\google\chrome\user data\default\local storage\http_start.iminent.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lolly\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{03436406-243C-4580-B91E-12C70DA61384}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{0600C823-A53B-4C42-8877-C21475D36B37}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{08198D77-B7A2-4B4B-AA98-4833ACCA9F09}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{11386F69-6FD2-4723-BAA1-2116E8B79556}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{1ADC3859-1930-464C-853B-32D0C0302FA0}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{1CFE88CD-BCA3-4327-B353-A4BF0B0B82F4}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{1E2F4C7F-4754-4270-81A1-8906F52D8BD4}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{221284C0-9B77-4B80-87BF-13456DB87965}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{36CCC589-4F72-4F73-900C-C52B7EF25B71}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{3B5AD8E3-2140-4C50-951A-6B2392B7EDF9}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{3E3535D1-7F25-4082-B9F3-F7405D881AA2}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{3F518266-028E-4C7C-92F3-6A7D10FA9758}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{4048EF60-705E-47EC-B82C-165901AF214A}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{4E97971B-64F2-4F36-8C60-805CEF1CAC8D}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{596C60E8-794F-440E-90F2-928149F81E19}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{5C6653B6-28AA-45A4-B18C-39088A41B999}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{5D5F1431-8716-4582-A273-7DEC3AC8441C}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{61E6687A-4840-420E-B4A4-80472A4463F2}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{67EA498E-78BE-4A94-8205-A7C4CBC5A165}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{6EA8AB3D-F431-4EE3-A504-E810B49039E4}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{786BD436-FC34-415C-8A91-3C2DBD46E08B}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{7ACE70E2-7F3D-4B3C-A9C1-1622DA44B7C9}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{7C0F2689-6B92-4BB3-BB2E-FD79B678F839}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{92051CB9-D8C1-43C9-82CD-7AF0CAA69E7C}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{921B6A9C-366B-4123-B96F-54DB12450DF3}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{A7E788AF-C55A-4A2B-899E-A328BFB25DE4}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{A829B26B-D9B2-4976-B493-F7B67114C939}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{AB1EE3ED-8E3E-48D9-9583-A656849F439E}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{ADB9603C-E8AF-4D8D-86EB-633537C6167B}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{BC29C7FB-6AB2-470F-AA28-80363E160314}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{BCCC5771-F636-4F48-AE67-FC6448CE3890}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{BF6B455A-C7B9-461E-B252-BABAE8F60064}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{C01CF192-CE5A-4D6F-A3AC-FA5E2F6696E1}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{C3EA5F68-72A3-428D-9091-F23BB844F4A9}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{CA62259B-3926-4E41-B2D7-8E8E98AD6ECE}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{D6D4E488-0F5B-4AA5-AF52-541BB0F68FDA}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{D7D22D36-5310-4C29-A881-AC7CAAC8C3E7}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{DA7F63A0-1F58-48A8-A27F-1BC06D788A18}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{DB96EEE4-355D-43BD-AEC3-0315082C2D7F}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{DEC08BD7-0971-4FB9-9328-A0D24CC65CF1}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{E3B2E3FC-F70F-4F80-B729-81A92F16453B}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{E8FE3016-3C85-4858-B21C-30882027495F}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{E91E6684-673E-46E6-AA3C-2C2F239FEB5C}
Successfully deleted: [Empty Folder] C:\Users\Lolly\appdata\local\{F3846FE3-B0EC-41D6-99EA-7FAFE4893FA7}



~~~ FireFox

Emptied folder: C:\Users\Lolly\AppData\Roaming\mozilla\firefox\profiles\8d29xbsi.default\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2014 at 21:53:32.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"

***
 
DDS log:

"DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.65.2
Run by Lolly at 21:25:26 on 2014-11-12
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8104.4007 [GMT 0:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationadorHelper.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://samsung.msn.com
uProxyServer = hxxp=127.0.0.1:9880;https=127.0.0.1:9880
uProxyOverride = <local>
uURLSearchHooks: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [GoogleChromeAutoLaunch_FB5B18E432725F2E1902CB4A6B4F76F9] "C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify Web Helper] "C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Lolly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: NCapture for NVivo - C:\Program Files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll/101
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} -
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\160707A6F637 : DHCPNameServer = 195.34.133.21
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\271646C616E646375707374716962737 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\4557E626279646765602D496C6C6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\6796277696E6D65646961693639313136313 : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll,c:\progra~2\sophos\sophos~1\sophos~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} -
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-9-7 25960]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-7 13824]
R1 SAVOnAccess;SAVOnAccess;C:\windows\System32\drivers\savonaccess.sys [2013-2-21 154952]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-7-24 2436280]
R2 IwberinMnemationador;IwberinMnemationador;C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe [2014-11-12 4377560]
R2 MSSQL$QSRNVIVO10;SQL Server (QSRNVIVO10);C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2013-9-16 290296]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2013-9-16 206328]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [2013-2-21 289856]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2013-5-2 237048]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [2013-2-21 818240]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2013-2-21 357400]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2013-9-16 3109880]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-7 2655768]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-23 296312]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-7 138024]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-7 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-3 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-3 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2013-2-21 2012152]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-5 348712]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-5 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-23 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-7 166704]
S3 sdcfilter;sdcfilter;C:\windows\System32\drivers\sdcfilter.sys [2013-2-21 36640]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 SophosBootDriver;SophosBootDriver;C:\windows\System32\drivers\SophosBootDriver.sys [2013-2-21 25608]
S4 SQLAgent$QSRNVIVO10;SQL Server Agent (QSRNVIVO10);C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-11-12 21:07:25    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6F1657D-6F7D-4C03-AD18-AF983B303339}\offreg.dll
2014-11-12 20:57:28    37624    ----a-w-    C:\windows\System32\drivers\TrueSight.sys
2014-11-12 20:57:27    --------    d-----w-    C:\ProgramData\RogueKiller
2014-11-12 20:04:11    --------    d-----w-    C:\AdwCleaner
2014-11-12 16:27:56    --------    d-----w-    C:\ProgramData\2355320829
2014-11-12 16:20:04    --------    d-sh--w-    C:\Program Files (x86)\IwberinMnemationador
2014-11-12 14:21:43    --------    d-----w-    C:\Program Files (x86)\LICEcap
2014-11-12 10:06:58    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-11-11 07:18:06    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6F1657D-6F7D-4C03-AD18-AF983B303339}\mpengine.dll
2014-10-29 15:28:57    --------    d-----w-    C:\Users\Lolly\AppData\Local\{11386F69-6FD2-4723-BAA1-2116E8B79556}
2014-10-15 22:08:40    424448    ----a-w-    C:\windows\System32\rastls.dll
2014-10-15 22:08:40    372736    ----a-w-    C:\windows\SysWow64\rastls.dll
2014-10-15 14:36:51    --------    d-----w-    C:\Users\Lolly\AppData\Roaming\Anvsoft
2014-10-15 14:36:48    --------    d-----w-    C:\Program Files (x86)\AnvSoft
2014-10-15 10:45:05    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-10-02 14:23:20    94208    ----a-w-    C:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 14:23:20    69632    ----a-w-    C:\windows\SysWow64\QuickTime.qts
2014-10-01 15:22:34    --------    d-----w-    C:\Analytics
2014-10-01 15:06:09    --------    d-----w-    C:\windows\pss
2014-10-01 14:36:39    --------    d-----w-    C:\Users\Lolly\AppData\Local\Western Digital
2014-10-01 14:36:21    --------    d-----w-    C:\Users\Lolly\AppData\Local\Western_Digital_Technolog
2014-10-01 14:35:11    --------    d-----w-    C:\Program Files\Common Files\Western Digital
2014-10-01 14:34:36    --------    d-----w-    C:\Program Files (x86)\Western Digital
2014-10-01 14:34:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Western Digital
2014-10-01 14:33:53    --------    d-----w-    C:\ProgramData\Western Digital
2014-09-30 17:57:31    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-30 17:57:31    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-29 14:46:50    --------    d-----w-    C:\Users\Lolly\AppData\Roaming\QSR_International
2014-09-29 14:43:40    77152    ----a-w-    C:\windows\System32\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll
2014-09-29 14:43:40    47456    ----a-w-    C:\windows\SysWow64\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll
2014-09-29 14:43:23    79200    ----a-w-    C:\windows\System32\perf-MSSQL$QSRNVIVO10-sqlctr10.51.2500.0.dll
2014-09-29 14:43:23    73568    ----a-w-    C:\windows\SysWow64\perf-MSSQL$QSRNVIVO10-sqlctr10.51.2500.0.dll
2014-09-29 14:42:32    --------    d-----w-    C:\windows\System32\RsFx
2014-09-29 14:40:09    --------    d-----w-    C:\windows\SysWow64\1033
2014-09-29 14:40:09    --------    d-----w-    C:\windows\System32\1033
2014-09-29 14:37:53    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2014-09-29 14:36:29    --------    d-----w-    C:\ProgramData\QSR
2014-09-29 14:36:29    --------    d-----w-    C:\Program Files\QSR
2014-09-29 14:34:47    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2014-09-29 14:34:40    --------    d-----w-    C:\Program Files (x86)\QSR
2014-09-24 15:58:02    --------    d-----w-    C:\Users\Lolly\AppData\Local\Microsoft Help
2014-09-23 18:10:57    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-09-23 18:10:57    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-09-15 17:22:40    --------    d-----w-    C:\Users\Lolly\AppData\Local\{7ACE70E2-7F3D-4B3C-A9C1-1622DA44B7C9}
.
==================== Find6M  ====================
.
2014-11-12 17:22:17    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 17:22:17    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-05 17:56:54    304640    ----a-w-    C:\windows\System32\generaltel.dll
2014-11-05 17:56:36    228864    ----a-w-    C:\windows\System32\aepdu.dll
2014-11-05 17:52:22    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-10-28 06:34:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:44    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2014-08-21 06:43:26    1882624    ----a-w-    C:\windows\System32\msxml3.dll
2014-08-21 06:40:32    2048    ----a-w-    C:\windows\System32\msxml3r.dll
2014-08-21 06:26:21    1237504    ----a-w-    C:\windows\SysWow64\msxml3.dll
2014-08-21 06:23:10    2048    ----a-w-    C:\windows\SysWow64\msxml3r.dll
2014-08-19 03:11:28    693176    ----a-w-    C:\windows\System32\winload.efi
2014-08-19 03:10:10    616352    ----a-w-    C:\windows\System32\winresume.efi
2014-08-19 03:08:04    503808    ----a-w-    C:\windows\System32\srcore.dll
2014-08-19 03:08:04    50176    ----a-w-    C:\windows\System32\srclient.dll
2014-08-19 03:08:03    63488    ----a-w-    C:\windows\System32\setbcdlocale.dll
2014-08-19 03:07:51    58880    ----a-w-    C:\windows\System32\appidapi.dll
2014-08-19 03:07:51    32256    ----a-w-    C:\windows\System32\appidsvc.dll
2014-08-19 03:07:33    296960    ----a-w-    C:\windows\System32\rstrui.exe
2014-08-19 03:07:11    17920    ----a-w-    C:\windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11    146944    ----a-w-    C:\windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39    43008    ----a-w-    C:\windows\SysWow64\srclient.dll
2014-08-19 02:41:22    50688    ----a-w-    C:\windows\SysWow64\appidapi.dll
2014-08-19 02:06:56    61440    ----a-w-    C:\windows\System32\drivers\appid.sys
2014-08-12 02:02:49    878080    ----a-w-    C:\windows\System32\IMJP10K.DLL
2014-08-12 01:36:37    701440    ----a-w-    C:\windows\SysWow64\IMJP10K.DLL
2014-08-01 11:53:22    1031168    ----a-w-    C:\windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\windows\SysWow64\TSWorkspace.dll
2014-07-25 01:35:46    875688    ----a-w-    C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06    869544    ----a-w-    C:\windows\System32\msvcr120_clr0400.dll
2014-07-17 02:07:58    235520    ----a-w-    C:\windows\System32\winsta.dll
2014-07-17 02:07:39    150528    ----a-w-    C:\windows\System32\rdpcorekmts.dll
2014-07-17 02:07:37    3722240    ----a-w-    C:\windows\System32\mstscax.dll
2014-07-17 02:07:24    455168    ----a-w-    C:\windows\System32\winlogon.exe
2014-07-17 02:07:08    1118720    ----a-w-    C:\windows\System32\mstsc.exe
.
============= FINISH: 21:26:40.04 ==============="

***
 
Adware cleaner log:

"# AdwCleaner v4.101 - Report created 12/11/2014 at 21:41:20
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lolly - LOLLY-PC
# Running from : C:\Users\Lolly\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
File Deleted : C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.0 (x86 en-GB)


-\\ Google Chrome v


-\\ Opera v25.0.1614.68


*************************

AdwCleaner[R0].txt - [7446 octets] - [12/11/2014 20:04:17]
AdwCleaner[R1].txt - [1581 octets] - [12/11/2014 21:39:33]
AdwCleaner[S0].txt - [7376 octets] - [12/11/2014 20:08:46]
AdwCleaner[S1].txt - [1512 octets] - [12/11/2014 21:41:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1572 octets] ##########"

***
 
Adware Cleaner Quarantine report:

"C:\ProgramData\NCH Software\Scribe\Status\Template.doc->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\Scribe\Status\Template.doc.vir
C:\ProgramData\NCH Software\Scribe\Current\Welcome.dat->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\Scribe\Current\Welcome.dat.vir
C:\ProgramData\NCH Software\Scribe\Current\Welcome.wav->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\Scribe\Current\Welcome.wav.vir
C:\ProgramData\NCH Software\FastFox\acdata.txt->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\FastFox\acdata.txt.vir
C:\ProgramData\NCH Software\FastFox\acdataTEMP.txt->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\FastFox\acdataTEMP.txt.vir
C:\ProgramData\NCH Software\FastFox\demo.rtf->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\FastFox\demo.rtf.vir
C:\ProgramData\NCH Software\FastFox\shared_abbrev.dat->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\FastFox\shared_abbrev.dat.vir
C:\ProgramData\NCH Software\FastFox\ShortcutSuggestions.txt->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\FastFox\ShortcutSuggestions.txt.vir
C:\ProgramData\NCH Software\FastFox\local\abbrev.dat->C:\AdwCleaner\Quarantine\C\ProgramData\NCH Software\FastFox\local\abbrev.dat.vir
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir
C:\Program Files (x86)\NCH Software\Scribe\hookappcommand.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\hookappcommand.dll.vir
C:\Program Files (x86)\NCH Software\Scribe\scribe.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribe.exe.vir
C:\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.69.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.69.exe.vir
C:\Program Files (x86)\NCH Software\FastFox\fastfox.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\fastfox.exe.vir
C:\Program Files (x86)\NCH Software\FastFox\fastfox64.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\fastfox64.exe.vir
C:\Program Files (x86)\NCH Software\FastFox\fastfoxsetup_v2.32.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\fastfoxsetup_v2.32.exe.vir
C:\Program Files (x86)\NCH Software\FastFox\ffhook.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\ffhook.dll.vir
C:\Program Files (x86)\NCH Software\FastFox\ffhook64.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\ffhook64.dll.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\902.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\902.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\addshortcut.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\addshortcut.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\adminpassworddlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\adminpassworddlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\arrowlist.gif->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\arrowlist.gif.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\autocase.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\autocase.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\autocompleteoptions.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\autocompleteoptions.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\autocompletesetup.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\autocompletesetup.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\backupdatadlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\backupdatadlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\deletegroupdlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\deletegroupdlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\editkeystroke.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\editkeystroke.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\editpicture.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\editpicture.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\editrich.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\editrich.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\editsimple.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\editsimple.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\editsuggestiondlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\editsuggestiondlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\fastfinishcontent.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\fastfinishcontent.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\generaldlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\generaldlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\generalsetup.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\generalsetup.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\groupprop.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\groupprop.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\groups.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\groups.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\help.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\help.js.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\hlp.css->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\hlp.css.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\hotkeys.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\hotkeys.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\index.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\index.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\introduction.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\introduction.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\licenceterms.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\licenceterms.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\quickstart.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\quickstart.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\restoredatadlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\restoredatadlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\selstoragedlg.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\selstoragedlg.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\sharedabbreviation.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\sharedabbreviation.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\shortcuts.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\shortcuts.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\sysdate.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\sysdate.html.vir
C:\Program Files (x86)\NCH Software\FastFox\Help\using.html->C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\FastFox\Help\using.html.vir
C:\Users\Lolly\AppData\Local\Obrona Block Ads\ExternalUninstaller.exe->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Obrona Block Ads\ExternalUninstaller.exe.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.currentList.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.currentList.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.localStations.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.localStations.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.nowPlaying.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.nowPlaying.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.publisherStations.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.1000082.publisherStations.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.129199665576658841.search.selectedEngineId.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.129199665576658841.search.selectedEngineId.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.129199665576658841.search.settings.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.129199665576658841.search.settings.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.AlertService.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.AlertService.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.AlertsInfoData.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.AlertsInfoData.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.appOptions.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.appOptions.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.NotificationSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.NotificationSettings.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.NOTIFICATION_ID.alert_login_service.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.NOTIFICATION_ID.alert_login_service.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.NOTIFICATION_ID.notifications_serviceMap.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.NOTIFICATION_ID.notifications_serviceMap.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.pg_conf_global.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.pg_conf_global.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.savedPositions.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.savedPositions.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.searchProtectorData.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012.searchProtectorData.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_appsMetadata.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_appsMetadata.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_appTrackingFirstTime.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_appTrackingFirstTime.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_gottenAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_gottenAppsContextMenu.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_login.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_login.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_optimizer.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_optimizer.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_otherAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_otherAppsContextMenu.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_searchAPI.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_searchAPI.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_serviceMap.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_serviceMap.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_toolbarContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_toolbarContextMenu.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_toolbarSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_toolbarSettings.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_translation.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_10.11.6.8.serviceLayer_services_translation.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_appsMetadata.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_appsMetadata.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_appTrackingFirstTime.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_appTrackingFirstTime.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_gottenAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_gottenAppsContextMenu.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_login.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_login.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_optimizer.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_optimizer.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_otherAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_otherAppsContextMenu.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_searchAPI.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_searchAPI.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_serviceMap.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_serviceMap.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_toolbarContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_toolbarContextMenu.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_toolbarSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_toolbarSettings.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_translation.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\CT2653012_RAW.serviceLayer_services_translation.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\toolbar_initializing_logger.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\toolbar_initializing_logger.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\uninstallData.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\uninstallData.txt.vir
C:\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\uninstallUrl.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\LocalLow\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository\uninstallUrl.txt.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Status\s0000000.sta->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Status\s0000000.sta.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000001.dat->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000001.dat.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000001.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000001.txt.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000001.wav->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000001.wav.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000002.dat->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000002.dat.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000002.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000002.txt.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000002.wav->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000002.wav.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000003.dat->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000003.dat.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000003.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000003.txt.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000003.wav->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000003.wav.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000004.dat->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000004.dat.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000004.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000004.txt.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000004.wav->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\00000004.wav.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\Welcome.dat->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\Welcome.dat.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\Welcome.txt->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\Welcome.txt.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\Welcome.wav->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Scribe\Current\Welcome.wav.vir
C:\Users\Lolly\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\icon.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\icon.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\manifest.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\manifest.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\version.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\version.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_metadata\verified_contents.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_metadata\verified_contents.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ru\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ru\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ro\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ro\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\pt_BR\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\pt_BR\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\nl\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\nl\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ms\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ms\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\it\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\it\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\id\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\id\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\hu\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\hu\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\he\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\he\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\gu\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\gu\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\fr\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\fr\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\fa\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\fa\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\es_419\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\es_419\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\es\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\es\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\en\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\en\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\de\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\de\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\da\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\da\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ca\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ca\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ar\messages.json->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\_locales\ar\messages.json.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\ajax.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\ajax.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\array.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\array.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\backbone.min.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\backbone.min.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_about.html->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_about.html.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_about.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_about.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_about_main.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_about_main.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_backbone.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_backbone.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_base.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_base.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_bg.html->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_bg.html.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_bg.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_bg.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_bg_main.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_bg_main.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_browser.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_browser.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_chrome.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_chrome.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_config.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_config.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_lib.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_lib.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_locale.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_locale.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_msg.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_msg.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup.html->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup.html.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup_lib.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup_lib.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup_main.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_popup_main.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_transport.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_transport.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_ui_obj.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_ui_obj.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_user_nav.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_user_nav.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_util.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_util.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_ver.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\be_ver.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\bootstrap.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\bootstrap.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\conf.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\conf.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\cs_hola.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\cs_hola.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\date.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\date.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\escape.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\escape.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\etask.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\etask.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\events.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\events.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\jquery.cookie.min.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\jquery.cookie.min.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\jquery.min.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\jquery.min.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\purl.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\purl.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\rate_limit.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\rate_limit.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\require.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\require.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\require.min.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\require.min.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\spin.min.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\spin.min.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\sprintf.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\sprintf.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\storage.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\storage.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\string.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\string.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\svc_util.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\svc_util.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\underscore.min.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\underscore.min.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\user_agent.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\user_agent.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\util.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\util.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\version_util.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\version_util.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\zerr.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\zerr.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\zon_config.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\zon_config.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_af.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_af.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ar.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ar.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_az.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_az.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_be.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_be.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_bg.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_bg.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_bn.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_bn.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_bs.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_bs.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ca.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ca.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_cs.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_cs.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_cy.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_cy.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_da.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_da.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_de.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_de.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_el.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_el.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_en.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_en.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_es.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_es.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_et.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_et.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_eu.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_eu.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_fa.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_fa.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_fi.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_fi.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_fr.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_fr.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ga.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ga.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_gl.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_gl.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_gu.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_gu.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_he.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_he.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hi.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hi.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hr.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hr.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ht.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ht.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hu.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hu.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hy.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_hy.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_id.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_id.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_is.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_is.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_it.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_it.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ja.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ja.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ka.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ka.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_km.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_km.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_kn.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_kn.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ko.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ko.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_lt.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_lt.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_lv.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_lv.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_mk.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_mk.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_mr.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_mr.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ms.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ms.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_mt.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_mt.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_nl.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_nl.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_no.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_no.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_pl.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_pl.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_pt.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_pt.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_pt_BR.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_pt_BR.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ro.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ro.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ru.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ru.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sk.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sk.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sl.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sl.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sq.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sq.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sr.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sr.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sv.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sv.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sw.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_sw.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ta.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ta.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_te.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_te.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_th.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_th.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_tl.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_tl.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_tr.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_tr.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_uk.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_uk.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ur.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_ur.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_vi.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_vi.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_zh_CN.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_zh_CN.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_zh_TW.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\locale\be_zh_TW.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\be_refresh.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\be_refresh.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\btn_off.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\btn_off.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\btn_on.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\btn_on.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon19.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon19.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon19_blank.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon19_blank.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon19_gray.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon19_gray.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon38.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon38.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon38_blank.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon38_blank.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon38_gray.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon38_gray.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_accel_off.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_accel_off.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_accel_on.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_accel_on.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_settings.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_settings.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_vpn_off.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_vpn_off.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_vpn_on.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\icon_vpn_on.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\logo.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\logo.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_arrow.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_arrow.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_arrows.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_arrows.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_error_logo.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_error_logo.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_header_buttons.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_header_buttons.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_lock_icon.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_lock_icon.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_logo.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_logo.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_logo_torch.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_logo_torch.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_more_buttons.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_more_buttons.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_off_image.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_off_image.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_popular_logos.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_popular_logos.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_radio_buttons.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_radio_buttons.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_ratings.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_ratings.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_searchbox.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_searchbox.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_social_logos.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\newskin_social_logos.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\popup_bg.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\img\popup_bg.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\be_popup.css->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\be_popup.css.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\be_popup.less->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\be_popup.less.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\be_popup.less.tmp->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\be_popup.less.tmp.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\bootstrap.css->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\js\css\bootstrap.css.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\img\icon128.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\img\icon128.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\img\icon16.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\img\icon16.png.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\img\icon48.png->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.332_0\img\icon48.png.vir
C:\END->C:\AdwCleaner\Quarantine\C\END.vir
C:\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default\user.js->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default\user.js.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.plyrics.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.plyrics.com_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.plyrics.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.plyrics.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.azlyrics.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.azlyrics.com_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.azlyrics.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.azlyrics.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.plyrics.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.plyrics.com_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.plyrics.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.plyrics.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage-journal.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage.vir
C:\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\Lolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage-journal.vir"
 
***
 
&, last but not least here is a screenshot of the thing their antivirus keeps catching (to no real avail that I can see; I suspect it's giving a false-positive off some bit of one of the tools they've downloaded but I thought I'd include it here for completeness' sake:

vnp07p.jpg





Again, sincere apologies about all of this, & like I said I am completely throwing myself upon your mercy.
PS: I have already severely reprimanded my friend for their attempts to get themselves out of this. I am willing to do so again at your discretion.

Edited by boopme, 13 November 2014 - 10:23 AM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 18 November 2014 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555937 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MadJohnFinn

MadJohnFinn
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 18 November 2014 - 12:56 PM

Hello!

 

I still need help, please.

 

My friend's laptop (Win7 64) has been hijacked following the installation of some (I assume bundled) software that came with a few, ah, optional extras she did not bargain for!

She suffers from multiple instances (in all four of her installed browsers) of unwanted pop-ups, search redirects & intrusive ads on every single page. Three of the browsers no longer connect to the Internet, though Firefox still works via the LAN cable.

She ran a few things to try to get rid of the various nasties & nothing worked.

A fresh DDS log is posted below. Thank you for your help.

 

***

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.65.2
Run by Lolly at 17:43:25 on 2014-11-18
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8103.5174 [GMT 0:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
C:\windows\system32\wuauclt.exe
C:\windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe
d:\415b349c2d422e5bb8b3\MpSigStub.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:9880;https=127.0.0.1:9880
uProxyOverride = <local>
uURLSearchHooks: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [GoogleChromeAutoLaunch_FB5B18E432725F2E1902CB4A6B4F76F9] "C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify Web Helper] "C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Lolly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: NCapture for NVivo - C:\Program Files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll/101
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} -
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30D76EC0-A62F-4256-A614-FD735B130451} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\160707A6F637 : DHCPNameServer = 195.34.133.21
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\271646C616E646375707374716962737 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\4557E626279646765602D496C6C6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9795916C-B876-47A3-BB1A-4482B8AEFDBB}\6796277696E6D65646961693639313136313 : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll c:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} -
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-9-7 25960]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-7 13824]
R1 SAVOnAccess;SAVOnAccess;C:\windows\System32\drivers\savonaccess.sys [2013-2-21 154952]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-7-24 2443960]
R2 MSSQL$QSRNVIVO10;SQL Server (QSRNVIVO10);C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2013-9-16 290296]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2013-9-16 206328]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [2013-2-21 289856]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2013-5-2 237048]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [2013-2-21 818240]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2013-2-21 357400]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2013-9-16 3109880]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-7 2655768]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-23 296312]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-7 138024]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-7 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-3 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-3 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-7 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 IwberinMnemationador;IwberinMnemationador;C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe --> C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2013-2-21 2012152]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-5 348712]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-5 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-23 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-7 166704]
S3 sdcfilter;sdcfilter;C:\windows\System32\drivers\sdcfilter.sys [2013-2-21 36640]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 SophosBootDriver;SophosBootDriver;C:\windows\System32\drivers\SophosBootDriver.sys [2013-2-21 25608]
S4 SQLAgent$QSRNVIVO10;SQL Server Agent (QSRNVIVO10);C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 60 ================
.
2014-11-18 17:43:22    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FE93679-2D4B-49BB-A4B6-C8B27A17D986}\offreg.dll
2014-11-15 21:36:57    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FE93679-2D4B-49BB-A4B6-C8B27A17D986}\mpengine.dll
2014-11-15 17:37:54    --------    d-----w-    C:\Program Files (x86)\ESET
2014-11-15 16:58:23    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-15 16:58:12    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-11-15 16:58:12    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-11-15 16:58:11    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-11-15 16:58:11    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-11-15 16:58:11    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 22:21:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-11-12 22:03:53    208896    ----a-w-    C:\windows\MBR.exe
2014-11-12 22:03:52    98816    ----a-w-    C:\windows\sed.exe
2014-11-12 22:03:52    256000    ----a-w-    C:\windows\PEV.exe
2014-11-12 22:03:45    --------    d-----w-    C:\ComboFix
2014-11-12 21:49:29    --------    d-----w-    C:\windows\ERUNT
2014-11-12 20:57:28    37624    ----a-w-    C:\windows\System32\drivers\TrueSight.sys
2014-11-12 20:57:27    --------    d-----w-    C:\ProgramData\RogueKiller
2014-11-12 20:04:11    --------    d-----w-    C:\AdwCleaner
2014-11-12 16:20:04    --------    d-sh--w-    C:\Program Files (x86)\IwberinMnemationador
2014-11-12 14:21:43    --------    d-----w-    C:\Program Files (x86)\LICEcap
2014-11-12 10:06:58    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-11-12 10:01:21    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-10-15 22:08:40    424448    ----a-w-    C:\windows\System32\rastls.dll
2014-10-15 22:08:40    372736    ----a-w-    C:\windows\SysWow64\rastls.dll
2014-10-15 14:36:51    --------    d-----w-    C:\Users\Lolly\AppData\Roaming\Anvsoft
2014-10-15 14:36:48    --------    d-----w-    C:\Program Files (x86)\AnvSoft
2014-10-15 10:45:05    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-10-02 14:23:20    94208    ----a-w-    C:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 14:23:20    69632    ----a-w-    C:\windows\SysWow64\QuickTime.qts
2014-10-01 15:22:34    --------    d-----w-    C:\Analytics
2014-10-01 15:06:09    --------    d-----w-    C:\windows\pss
2014-10-01 14:36:39    --------    d-----w-    C:\Users\Lolly\AppData\Local\Western Digital
2014-10-01 14:36:21    --------    d-----w-    C:\Users\Lolly\AppData\Local\Western_Digital_Technolog
2014-10-01 14:35:11    --------    d-----w-    C:\Program Files\Common Files\Western Digital
2014-10-01 14:34:36    --------    d-----w-    C:\Program Files (x86)\Western Digital
2014-10-01 14:34:36    --------    d-----w-    C:\Program Files (x86)\Common Files\Western Digital
2014-10-01 14:33:53    --------    d-----w-    C:\ProgramData\Western Digital
2014-09-30 17:57:31    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-30 17:57:31    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-29 14:46:50    --------    d-----w-    C:\Users\Lolly\AppData\Roaming\QSR_International
2014-09-29 14:43:40    77152    ----a-w-    C:\windows\System32\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll
2014-09-29 14:43:40    47456    ----a-w-    C:\windows\SysWow64\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll
2014-09-29 14:43:23    79200    ----a-w-    C:\windows\System32\perf-MSSQL$QSRNVIVO10-sqlctr10.51.2500.0.dll
2014-09-29 14:43:23    73568    ----a-w-    C:\windows\SysWow64\perf-MSSQL$QSRNVIVO10-sqlctr10.51.2500.0.dll
2014-09-29 14:42:32    --------    d-----w-    C:\windows\System32\RsFx
2014-09-29 14:40:09    --------    d-----w-    C:\windows\SysWow64\1033
2014-09-29 14:40:09    --------    d-----w-    C:\windows\System32\1033
2014-09-29 14:37:53    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server
2014-09-29 14:36:29    --------    d-----w-    C:\ProgramData\QSR
2014-09-29 14:36:29    --------    d-----w-    C:\Program Files\QSR
2014-09-29 14:34:47    --------    d-----w-    C:\Program Files\Microsoft SQL Server
2014-09-29 14:34:40    --------    d-----w-    C:\Program Files (x86)\QSR
2014-09-24 15:58:02    --------    d-----w-    C:\Users\Lolly\AppData\Local\Microsoft Help
2014-09-23 18:10:57    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-09-23 18:10:57    2048    ----a-w-    C:\windows\System32\tzres.dll
.
==================== Find6M  ====================
.
2014-11-12 17:22:17    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 17:22:17    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-11-05 17:56:54    304640    ----a-w-    C:\windows\System32\generaltel.dll
2014-11-05 17:56:36    228864    ----a-w-    C:\windows\System32\aepdu.dll
2014-11-05 17:52:22    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-11-04 14:30:58    275080    ------w-    C:\windows\System32\MpSigStub.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:44    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2014-08-21 06:43:26    1882624    ----a-w-    C:\windows\System32\msxml3.dll
2014-08-21 06:40:32    2048    ----a-w-    C:\windows\System32\msxml3r.dll
2014-08-21 06:26:21    1237504    ----a-w-    C:\windows\SysWow64\msxml3.dll
2014-08-21 06:23:10    2048    ----a-w-    C:\windows\SysWow64\msxml3r.dll
2014-08-19 03:11:28    693176    ----a-w-    C:\windows\System32\winload.efi
2014-08-19 03:10:10    616352    ----a-w-    C:\windows\System32\winresume.efi
2014-08-19 03:08:04    503808    ----a-w-    C:\windows\System32\srcore.dll
2014-08-19 03:08:04    50176    ----a-w-    C:\windows\System32\srclient.dll
2014-08-19 03:08:03    63488    ----a-w-    C:\windows\System32\setbcdlocale.dll
2014-08-19 03:07:51    58880    ----a-w-    C:\windows\System32\appidapi.dll
2014-08-19 03:07:51    32256    ----a-w-    C:\windows\System32\appidsvc.dll
2014-08-19 03:07:33    296960    ----a-w-    C:\windows\System32\rstrui.exe
2014-08-19 03:07:11    17920    ----a-w-    C:\windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11    146944    ----a-w-    C:\windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39    43008    ----a-w-    C:\windows\SysWow64\srclient.dll
2014-08-19 02:41:22    50688    ----a-w-    C:\windows\SysWow64\appidapi.dll
2014-08-19 02:06:56    61440    ----a-w-    C:\windows\System32\drivers\appid.sys
2014-08-12 02:02:49    878080    ----a-w-    C:\windows\System32\IMJP10K.DLL
2014-08-12 01:36:37    701440    ----a-w-    C:\windows\SysWow64\IMJP10K.DLL
2014-08-01 11:53:22    1031168    ----a-w-    C:\windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\windows\SysWow64\TSWorkspace.dll
2014-07-25 01:35:46    875688    ----a-w-    C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 22:47:06    869544    ----a-w-    C:\windows\System32\msvcr120_clr0400.dll
2014-07-17 02:07:58    235520    ----a-w-    C:\windows\System32\winsta.dll
2014-07-17 02:07:39    150528    ----a-w-    C:\windows\System32\rdpcorekmts.dll
2014-07-17 02:07:37    3722240    ----a-w-    C:\windows\System32\mstscax.dll
2014-07-17 02:07:24    455168    ----a-w-    C:\windows\System32\winlogon.exe
2014-07-17 02:07:08    1118720    ----a-w-    C:\windows\System32\mstsc.exe
.
============= FINISH: 17:46:31.62 ===============



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 21 November 2014 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • POST THE LOG FOR MY REVIEW.
     
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
    ===
     
    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #5 MadJohnFinn

    MadJohnFinn
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:02:19 AM

    Posted 21 November 2014 - 12:04 PM

    Hello.

    Thank you for your help.

     

    Here is the MBAM report:
     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 21/11/2014
    Scan Time: 15:24:52
    Logfile: laura.txt
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.11.21.07
    Rootkit Database: v2014.11.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Lolly
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 381723
    Time Elapsed: 34 min, 35 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 1
    PUM.Bad.Proxy, HKU\S-1-5-21-1867582200-139094598-4032816429-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880;https=127.0.0.1:9880, , [fc6f47f70874ec4a7b209fa7bc4701ff]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 2
    PUP.Optional.Iminent.A, C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage, , [412a2717b9c31026b6b3713b6f95fb05], 
    PUP.Optional.Iminent.A, C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal, , [650651edf08cd3639fca1498fa0a16ea], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
    ****
    ADWCleaner:

    # AdwCleaner v4.101 - Report created 21/11/2014 at 16:30:44
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-16.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Lolly - LOLLY-PC
    # Running from : C:\Users\Lolly\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    File Deleted : C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17420
     
     
    -\\ Mozilla Firefox v33.0 (x86 en-GB)
     
     
    -\\ Google Chrome v
     
     
    -\\ Opera v25.0.1614.71
     
     
    *************************
     
    FRST: 

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
    Ran by Lolly (administrator) on LOLLY-PC on 21-11-2014 16:42:06
    Running from C:\Users\Lolly\Desktop
    Loaded Profiles: UpdatusUser & Lolly (Available profiles: UpdatusUser & Lolly)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (Spotify Ltd) C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
    (RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (Dropbox, Inc.) C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
    (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
    HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-05-02] (Sophos Limited)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Run: [GoogleChromeAutoLaunch_FB5B18E432725F2E1902CB4A6B4F76F9] => C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-11-05] (Google Inc.)
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Run: [Spotify Web Helper] => C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-01] (Spotify Ltd)
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Run: [Google Update] => C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
    AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [192616 2011-01-17] (NVIDIA Corporation)
    AppInit_DLLs-x32:  c:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => c:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-02-25] (Sophos Limited)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
    ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
    Startup: C:\Users\Lolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    ProxyEnable: [S-1-5-21-1867582200-139094598-4032816429-1001] => Internet Explorer proxy is enabled.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKU\S-1-5-21-1867582200-139094598-4032816429-1001 - (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
    Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [134136] (Sophos Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default
    FF DefaultSearchEngine: 
    FF SelectedSearchEngine: 
    FF NetworkProxy: "autoconfig_url", "http://clientconfig.immunicity.org/pacs/all.pac"
    FF NetworkProxy: "type", 2
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1867582200-139094598-4032816429-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1867582200-139094598-4032816429-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1867582200-139094598-4032816429-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: RescueTime for Firefox - C:\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2014-04-16]
    FF Extension: Zotero - C:\Users\Lolly\AppData\Roaming\Mozilla\Firefox\Profiles\8d29xbsi.default\Extensions\[email protected][2014-03-10]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://start.iminent.com/?appId=AE7A4A8C-7C27-4DCA-8AED-2413EBB001A1"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Angry Birds) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-04-20]
    CHR Extension: (Google Drive) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-06]
    CHR Extension: (Week Plan extension) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apojhfcioioaohnpaaojkdimfcijmgmo [2014-01-24]
    CHR Extension: (RescueTime for Chrome™ & ChromeOS™) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap [2014-01-29]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (YouTube) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-06]
    CHR Extension: (WEEK PLAN) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\caggnmlckgjpgpgpgjeobdcfgbkefioo [2013-11-08]
    CHR Extension: (Google Search) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-06]
    CHR Extension: (Zotero Connector) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2013-01-29]
    CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2012-06-20]
    CHR Extension: (AdBlock) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-14]
    CHR Extension: (Google Calendar (by Google)) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-01-24]
    CHR Extension: (Clouds) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmaldjdljlaifjdlbjbgepgbccnmdhh [2012-02-06]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
    CHR Extension: (Word CaptureX Extension) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2012-02-06]
    CHR Extension: (Plants vs Zombies) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2012-04-20]
    CHR Extension: (Google Wallet) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
    CHR Extension: (Gmail) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-06]
    CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Lolly\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx []
    CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
    CHR StartMenuInternet: Google Chrome - C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 MSSQL$QSRNVIVO10; C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
    R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-09-16] (Sophos Limited)
    R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-09-16] (Sophos Limited)
    R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-02-21] (Sophos Limited)
    R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-05-02] (Sophos Limited)
    R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2013-02-21] (Sophos Limited)
    R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-02-21] (Sophos Limited)
    S4 SQLAgent$QSRNVIVO10; C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
    R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-09-16] (Sophos Limited)
    S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-09-16] (Sophos Limited)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
    S2 IwberinMnemationador; C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
    S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
    R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2012-06-08] (GEAR Software Inc.)
    S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-09] (Windows ® 2003 DDK 3790 provider)
    R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-02-21] (Sophos Limited)
    S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-02-21] (Sophos Limited)
    S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-02-21] (Sophos Plc)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-21 16:42 - 2014-11-21 16:42 - 00023919 _____ () C:\Users\Lolly\Desktop\FRST.txt
    2014-11-21 16:38 - 2014-11-21 16:42 - 00000000 ____D () C:\FRST
    2014-11-21 16:35 - 2014-11-21 16:36 - 02117632 _____ (Farbar) C:\Users\Lolly\Desktop\FRST64.exe
    2014-11-21 16:07 - 2014-11-21 16:07 - 00001617 _____ () C:\Users\Lolly\Desktop\laura.txt
    2014-11-18 17:46 - 2014-11-18 17:51 - 00009763 _____ () C:\Users\Lolly\Desktop\attach.txt
    2014-11-18 17:46 - 2014-11-18 17:46 - 00031756 _____ () C:\Users\Lolly\Desktop\dds.txt
    2014-11-15 20:45 - 2014-11-15 20:45 - 00003581 _____ () C:\Users\Lolly\Desktop\nerd.txt
    2014-11-15 17:37 - 2014-11-15 17:37 - 02347384 _____ (ESET) C:\Users\Lolly\Downloads\esetsmartinstaller_enu.exe
    2014-11-15 17:37 - 2014-11-15 17:37 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-11-15 16:58 - 2014-11-21 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-15 16:58 - 2014-11-15 16:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-15 16:58 - 2014-11-15 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-15 16:58 - 2014-11-15 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-15 16:58 - 2014-11-15 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-15 16:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-11-15 16:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-11-15 16:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-11-15 16:54 - 2014-11-15 16:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Lolly\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-15 16:52 - 2014-11-15 16:52 - 00000925 _____ () C:\Users\Lolly\Desktop\JRT.txt
    2014-11-12 22:03 - 2014-11-12 22:26 - 00000000 ____D () C:\ComboFix
    2014-11-12 22:03 - 2014-11-12 22:25 - 00000000 ____D () C:\windows\erdnt
    2014-11-12 22:03 - 2014-11-12 22:03 - 00000000 ____D () C:\Qoobox
    2014-11-12 22:03 - 2011-06-26 06:45 - 00256000 _____ () C:\windows\PEV.exe
    2014-11-12 22:03 - 2010-11-07 17:20 - 00208896 _____ () C:\windows\MBR.exe
    2014-11-12 22:03 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2014-11-12 22:03 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2014-11-12 22:03 - 2000-08-31 00:00 - 00098816 _____ () C:\windows\sed.exe
    2014-11-12 22:03 - 2000-08-31 00:00 - 00080412 _____ () C:\windows\grep.exe
    2014-11-12 22:03 - 2000-08-31 00:00 - 00068096 _____ () C:\windows\zip.exe
    2014-11-12 21:49 - 2014-11-12 21:49 - 00000000 ____D () C:\windows\ERUNT
    2014-11-12 21:38 - 2014-11-12 21:38 - 05597734 ____R (Swearware) C:\Users\Lolly\Desktop\ComboFix.exe
    2014-11-12 21:37 - 2014-11-12 21:37 - 01706808 _____ (Thisisu) C:\Users\Lolly\Downloads\JRT.exe
    2014-11-12 21:22 - 2014-11-12 21:22 - 00688992 ____R (Swearware) C:\Users\Lolly\Downloads\dds.com
    2014-11-12 20:57 - 2014-11-12 20:57 - 17528920 _____ () C:\Users\Lolly\Downloads\RogueKillerX64.exe
    2014-11-12 20:57 - 2014-11-12 20:57 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
    2014-11-12 20:57 - 2014-11-12 20:57 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-12 20:04 - 2014-11-21 16:30 - 00000000 ____D () C:\AdwCleaner
    2014-11-12 20:03 - 2014-11-12 21:38 - 00000000 ____D () C:\Users\Lolly\Desktop\rkill
    2014-11-12 20:02 - 2014-11-12 20:02 - 02953520 _____ (AVAST Software) C:\Users\Lolly\Downloads\avast-browser-cleanup.exe
    2014-11-12 19:59 - 2014-11-12 19:59 - 02140160 _____ () C:\Users\Lolly\Downloads\AdwCleaner.exe
    2014-11-12 19:58 - 2014-11-12 19:58 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Lolly\Downloads\rkill(1).exe
    2014-11-12 19:57 - 2014-11-12 19:57 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Lolly\Downloads\rkill.exe
    2014-11-12 16:20 - 2014-11-15 20:41 - 00000000 __SHD () C:\Program Files (x86)\IwberinMnemationador
    2014-11-12 14:34 - 2014-11-12 14:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
    2014-11-12 14:29 - 2014-11-12 14:29 - 00000000 ____D () C:\Users\Lolly\Documents\My Weblog Posts
    2014-11-12 14:24 - 2014-11-12 14:31 - 00000131 _____ () C:\Users\Lolly\AppData\Roaming\licecap.ini
    2014-11-12 14:21 - 2014-11-12 14:21 - 00000000 ____D () C:\Users\Lolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LICEcap
    2014-11-12 14:21 - 2014-11-12 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LICEcap
    2014-11-12 14:21 - 2014-11-12 14:21 - 00000000 ____D () C:\Program Files (x86)\LICEcap
    2014-11-12 10:07 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2014-11-12 10:07 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2014-11-12 10:07 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-11-12 10:07 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-11-12 10:07 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-11-12 10:07 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-11-12 10:07 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-11-12 10:07 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-11-12 10:07 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2014-11-12 10:07 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-11-12 10:07 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-11-12 10:07 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-11-12 10:07 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-11-12 10:07 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-11-12 10:07 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-11-12 10:07 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-11-12 10:07 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-11-12 10:07 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-11-12 10:07 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 10:07 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-11-12 10:07 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-11-12 10:07 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-11-12 10:07 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-11-12 10:07 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-11-12 10:07 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2014-11-12 10:07 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 10:07 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-11-12 10:07 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-11-12 10:07 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-11-12 10:07 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-11-12 10:07 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-11-12 10:07 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-11-12 10:07 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-11-12 10:07 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-11-12 10:07 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-11-12 10:07 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-11-12 10:07 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-12 10:07 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-11-12 10:07 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-11-12 10:07 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-11-12 10:07 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-11-12 10:07 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-11-12 10:07 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-11-12 10:07 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-11-12 10:07 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-11-12 10:07 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-11-12 10:07 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-11-12 10:07 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-11-12 10:07 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-11-12 10:07 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-11-12 10:07 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-11-12 10:07 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-11-12 10:07 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-11-12 10:07 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-11-12 10:07 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-11-12 10:07 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-11-12 10:07 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2014-11-12 10:07 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-11-12 10:07 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-11-12 10:07 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
    2014-11-12 10:07 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
    2014-11-12 10:07 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2014-11-12 10:07 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
    2014-11-12 10:07 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2014-11-12 10:07 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2014-11-12 10:07 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2014-11-12 10:07 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2014-11-12 10:07 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2014-11-12 10:07 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2014-11-12 10:07 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2014-11-12 10:07 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2014-11-12 10:07 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2014-11-12 10:07 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2014-11-12 10:07 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2014-11-12 10:07 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2014-11-12 10:07 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2014-11-12 10:07 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2014-11-12 10:07 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2014-11-12 10:07 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-11-12 10:07 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-11-12 10:07 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-11-12 10:07 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-11-12 10:07 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
    2014-11-12 10:07 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
    2014-11-12 10:06 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
    2014-11-12 10:06 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
    2014-11-12 10:06 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
    2014-11-12 10:06 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
    2014-11-12 10:06 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2014-11-12 10:06 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2014-11-12 10:06 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2014-11-12 10:06 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2014-11-12 10:06 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2014-11-12 10:06 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2014-11-12 10:06 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2014-11-12 10:06 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2014-11-12 10:06 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2014-11-12 10:01 - 2014-11-12 10:01 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-11-12 10:01 - 2014-11-12 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-11-12 10:01 - 2014-11-12 10:01 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-11-11 08:28 - 2014-11-11 08:41 - 04194304 _____ () C:\Users\Lolly\Documents\Sensible Food.nvp
    2014-11-11 08:28 - 2014-11-11 08:30 - 211839272 _____ () C:\Users\Lolly\Downloads\NVivo10SP6.x64 (1).exe
    2014-11-04 10:47 - 2014-11-04 10:47 - 00013460 _____ () C:\Users\Lolly\Desktop\CAVES - LEAVING - Shortcut.lnk
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-21 16:42 - 2009-07-14 04:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 16:42 - 2009-07-14 04:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-21 16:39 - 2011-09-08 04:18 - 01206566 _____ () C:\windows\WindowsUpdate.log
    2014-11-21 16:34 - 2014-07-29 19:36 - 00000000 ___RD () C:\Users\Lolly\Dropbox
    2014-11-21 16:34 - 2012-08-03 08:23 - 00000000 ____D () C:\Users\Lolly\AppData\Roaming\Dropbox
    2014-11-21 16:33 - 2013-01-23 10:52 - 00000000 ___RD () C:\Users\Lolly\Google Drive
    2014-11-21 16:32 - 2013-01-23 10:50 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-21 16:31 - 2010-11-21 03:47 - 00341190 _____ () C:\windows\PFRO.log
    2014-11-21 16:31 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-11-21 16:31 - 2009-07-14 04:51 - 00105269 _____ () C:\windows\setupact.log
    2014-11-21 16:22 - 2012-09-10 10:37 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-11-21 16:18 - 2013-01-23 10:50 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-21 15:51 - 2012-02-06 00:59 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001UA.job
    2014-11-18 17:51 - 2012-02-06 00:59 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001Core.job
    2014-11-18 17:46 - 2012-02-06 00:59 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001UA
    2014-11-18 17:46 - 2012-02-06 00:59 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001Core
    2014-11-18 17:42 - 2014-07-10 08:07 - 00003830 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1404979619
    2014-11-18 17:42 - 2014-07-10 08:06 - 00000000 ____D () C:\Program Files (x86)\Opera
    2014-11-18 17:33 - 2009-07-14 05:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
    2014-11-15 20:40 - 2012-10-22 09:16 - 00000000 ____D () C:\Program Files (x86)\Songbird
    2014-11-15 17:24 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\tracing
    2014-11-15 17:13 - 2013-01-23 10:50 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-15 17:13 - 2013-01-23 10:50 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-15 17:09 - 2013-03-19 21:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-15 16:48 - 2013-03-16 13:20 - 01641984 ___SH () C:\Users\Lolly\Downloads\Thumbs.db
    2014-11-15 16:34 - 2014-07-29 19:36 - 00001017 _____ () C:\Users\Lolly\Desktop\Dropbox.lnk
    2014-11-15 16:34 - 2012-08-03 08:24 - 00000000 ____D () C:\Users\Lolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-11-13 10:36 - 2013-02-22 13:55 - 01235968 ___SH () C:\Users\Lolly\Desktop\Thumbs.db
    2014-11-12 22:20 - 2009-07-14 02:34 - 00000215 _____ () C:\windows\system.ini
    2014-11-12 20:13 - 2014-08-08 08:03 - 00043008 ___SH () C:\Users\Lolly\Thumbs.db
    2014-11-12 19:15 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\rescache
    2014-11-12 17:22 - 2012-09-10 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2014-11-12 17:22 - 2012-09-10 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-12 17:22 - 2012-09-10 10:37 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-12 16:33 - 2013-08-28 14:28 - 00000000 _____ () C:\windows\system32\vireng.log
    2014-11-12 15:52 - 2009-07-14 04:45 - 00480288 _____ () C:\windows\system32\FNTCACHE.DAT
    2014-11-12 15:50 - 2014-05-06 11:50 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-11-12 15:00 - 2013-08-17 11:02 - 00000000 ____D () C:\windows\system32\MRT
    2014-11-12 14:47 - 2012-03-23 17:46 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-11-12 14:32 - 2012-09-14 17:39 - 00000000 ____D () C:\Users\Lolly\AppData\Roaming\Skype
    2014-11-12 14:32 - 2012-02-08 18:43 - 00000000 ____D () C:\Users\Lolly\AppData\Roaming\Spotify
    2014-11-12 14:31 - 2012-02-06 00:59 - 00002364 _____ () C:\Users\Lolly\Desktop\Google Chrome.lnk
    2014-11-12 14:29 - 2012-02-17 09:23 - 00000000 ____D () C:\Users\Lolly\AppData\Local\Windows Live Writer
    2014-11-12 10:19 - 2012-02-08 18:43 - 00000000 ____D () C:\Users\Lolly\AppData\Local\Spotify
    2014-11-12 10:01 - 2013-07-08 10:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-11-11 08:54 - 2014-09-29 14:36 - 00001924 _____ () C:\Users\Public\Desktop\QSR NVivo 10.lnk
    2014-11-11 08:53 - 2014-09-29 14:36 - 00000000 ____D () C:\Users\Public\Documents\NVivo 10 Samples
    2014-11-08 14:16 - 2012-04-20 15:44 - 00000000 ____D () C:\Users\Lolly\AppData\Local\CrashDumps
    2014-11-08 11:29 - 2009-07-14 05:13 - 00876082 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-11-06 15:13 - 2013-01-23 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2014-11-04 14:30 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
    2014-11-03 13:42 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
    2014-10-29 15:42 - 2011-09-07 12:42 - 00000000 ____D () C:\ProgramData\Temp
    2014-10-23 06:38 - 2013-01-29 10:50 - 00000000 ____D () C:\Program Files (x86)\Zotero Standalone
     
    Some content of TEMP:
    ====================
    C:\Users\Lolly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprnsmi3.dll
    C:\Users\Lolly\AppData\Local\Temp\Quarantine.exe
    C:\Users\Lolly\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-15 22:00
     
    ==================== End Of Log ============================


    Addition. txt is too big for the uploader, so I am pasting the contents below:

    addition.txt

     

    "Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014

    Ran by Lolly at 2014-11-21 16:43:22
    Running from C:\Users\Lolly\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Sophos Anti-Virus (Disabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Sophos Anti-Virus (Disabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
    „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
    Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
    ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
    Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
    CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
    CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
    DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
    Dropbox (HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
    Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
    Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
    Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
    Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
    EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
    EasyFileShare (HKLM-x32\...\{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}) (Version: 1.0.13 - Samsung)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
    Evernote v. 4.6 (HKLM-x32\...\{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}) (Version: 4.6.0.7670 - Evernote Corp.)
    Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 5.69 - NCH Software)
    Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
    FastFox (HKLM-x32\...\FastFox) (Version: 2.32 - NCH Software)
    Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
    Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KNOWHOW™ APP CENTRE (HKLM-x32\...\KNOWHOW™ APP CENTRE 22447) (Version: 22447 - KNOWHOW)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Mendeley Desktop 1.6 (HKLM-x32\...\Mendeley Desktop) (Version: 1.6 - Mendeley Ltd.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Miro (HKLM-x32\...\Miro) (Version: 4.0.6 - Participatory Culture Foundation)
    Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
    Mozilla Firefox 33.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-GB)) (Version: 33.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mozilla Thunderbird 11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 11.0 (x86 en-US)) (Version: 11.0 - Mozilla)
    Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
    Music Manager (HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\MusicManager) (Version:  - Google, Inc.)
    MyFreeCodec (HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\MyFreeCodec) (Version:  - )
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    NVIDIA Graphics Driver 266.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.72 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
    Opera Stable 25.0.1614.71 (HKLM-x32\...\Opera 25.0.1614.71) (Version: 25.0.1614.71 - Opera Software ASA)
    Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung)
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    QSR NCapture 1.0 (HKLM-x32\...\{B32CD9BC-7C16-4152-A579-2AA32730E24E}) (Version: 1.0.93.0 - QSR International Pty Ltd)
    QSR NVivo 10 (HKLM\...\{49BFDB10-A9AC-4368-9BF1-236D569DD8F0}) (Version: 10.0.638.0 - QSR International Pty Ltd)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
    RescueTime 2.9.5.1165 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
    Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.1.12044_18 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.3.1.12044_18 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
    Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
    Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
    Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
    Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
    Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
    Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
    SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
    Scapple (HKLM-x32\...\Scapple 1000) (Version: 1000 - Literature and Latte)
    Scrivener Update (HKLM-x32\...\Scrivener 1570) (Version: 1710 - Literature and Latte)
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    SISShortcut (HKLM-x32\...\{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}) (Version: 1.00.000 - Samsung)
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Songbird 2.0.0 (Build 2311) (HKLM-x32\...\Songbird-release-2311) (Version:  - )
    Sophos Anti-Virus (HKLM-x32\...\{4320988A-7DE0-478D-A38B-CE9509BCE320}) (Version: 10.3.1 - Sophos Limited)
    Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)
    Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
    Spotify (HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    Typing Trainer 8.0 (HKLM-x32\...\{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1) (Version:  - Typing Innovation Group Ltd)
    UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
    User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - )
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
    WD SES Driver Setup (x32 Version: 1.0.6.3 - Western Digital) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7000 - Broadcom Corporation)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
    Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
    Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
    XMind 2012 (v3.3.1) (HKLM-x32\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
    Zotero Standalone 4.0.23 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.23 (x86 en-US)) (Version: 4.0.23 - Zotero)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
     
    ==================== Restore Points  =========================
     
    04-11-2014 09:39:04 Windows Update
    11-11-2014 07:17:07 Windows Update
    12-11-2014 14:45:15 Windows Update
    15-11-2014 21:36:19 Windows Update
    21-11-2014 15:37:44 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-14 02:34 - 2014-11-12 22:20 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {020F8F93-4C5D-431B-A4D0-3581A0640A85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {0987D122-3325-4A45-A765-9D5C0D559FA5} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
    Task: {11E70F69-92A3-4972-999A-E8DE0954162B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
    Task: {14E582F9-724D-4170-B547-CBB581826261} - System32\Tasks\Western Digital\SmartWare\____Volume_2fd511c6_d9d1_11e0_9e8e_806e6f6e6963______Volume_6f3ec146_48c8_11e4_b1b8_90a4dea4fe11__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe
    Task: {4646F7E4-A69D-45C9-8D6E-056754026606} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
    Task: {5A9922A8-1EED-4FCF-88A4-307CC1EC8285} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics)
    Task: {6FC68436-189C-47DB-BBA9-CB9C3EF37D15} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
    Task: {7A03063E-2D4E-440F-B1A6-AA3131F1957B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
    Task: {7E7E61FF-98D6-40CA-94FB-933EFA680253} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
    Task: {84C25528-52A7-49E8-856B-B5E2741FBD60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23] (Google Inc.)
    Task: {84C5C44D-BCF9-4E2B-8727-DA38A7513A2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001UA => C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {8C61D5EB-0EAB-470E-8F2E-FA6DDA145CD9} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-17] (Samsung Electronics. Co. Ltd.)
    Task: {8EFB889B-EC7C-4D8C-B83E-4AF15B281933} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
    Task: {9C5AFEAF-2902-453B-88C6-DF853F2026E3} - System32\Tasks\Opera scheduled Autoupdate 1404979619 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-14] (Opera Software)
    Task: {A3F5EFAD-62C7-4C72-8B79-DCDCA1EC8EFC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {A7277B8B-7816-46DC-A92F-FC60605A9767} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
    Task: {A84002BC-993A-49DD-A999-A89F369C763B} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
    Task: {C14DEB8F-D3B0-48FF-BE3B-17E4CEEF91A6} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
    Task: {C2274D1F-21AB-45A1-B1C1-792B83C6B8DA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
    Task: {D2ED6A8A-373B-4B57-9FAA-D0952FD7F992} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    Task: {D814A905-9560-4265-A0F6-45EBD364D88F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23] (Google Inc.)
    Task: {DE963163-D23B-4E0C-A85E-070ACCFB6B74} - System32\Tasks\{9C623F10-2C57-46CA-B53E-8D4AF8AEA817} => C:\Program Files (x86)\Tomahawk\tomahawk.exe
    Task: {E8FC3D81-7930-4A95-A2F7-4D7EEBABC2AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001Core => C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {F0680B29-CE7C-48E8-BEE1-32D9B63D1D10} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {F3B357C5-1F6C-4229-8B6D-0915B1692766} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001Core.job => C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1867582200-139094598-4032816429-1001UA.job => C:\Users\Lolly\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2011-09-07 10:03 - 2008-06-04 23:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
    2014-07-24 15:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2011-09-07 12:46 - 2009-12-01 07:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2014-11-15 17:07 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2011-09-07 10:02 - 2010-10-21 18:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
    2013-02-21 22:03 - 2013-02-21 22:03 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
    2013-02-21 22:03 - 2013-02-21 22:03 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
    2011-09-07 12:41 - 2010-07-05 10:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
    2014-11-12 14:31 - 2014-11-05 23:56 - 01042760 _____ () C:\Users\Lolly\AppData\Local\Google\Chrome\Application\38.0.2125.122\libglesv2.dll
    2014-11-12 14:31 - 2014-11-05 23:56 - 00211272 _____ () C:\Users\Lolly\AppData\Local\Google\Chrome\Application\38.0.2125.122\libegl.dll
    2014-11-21 16:33 - 2014-11-21 16:33 - 00043008 _____ () c:\users\lolly\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprnsmi3.dll
    2013-08-23 19:01 - 2013-08-23 19:01 - 25100288 _____ () C:\Users\Lolly\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-11-12 14:31 - 2014-11-05 23:57 - 08911176 _____ () C:\Users\Lolly\AppData\Local\Google\Chrome\Application\38.0.2125.122\pdf.dll
    2014-11-12 14:31 - 2014-11-05 23:56 - 01681224 _____ () C:\Users\Lolly\AppData\Local\Google\Chrome\Application\38.0.2125.122\ffmpegsumo.dll
    2011-09-07 13:49 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
    2014-11-21 16:32 - 2014-11-21 16:32 - 00098816 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32api.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00110080 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\pywintypes27.dll
    2014-11-21 16:32 - 2014-11-21 16:32 - 00364544 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\pythoncom27.dll
    2014-11-21 16:32 - 2014-11-21 16:32 - 00045568 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\_socket.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 01160704 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\_ssl.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00320512 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32com.shell.shell.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00713216 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\_hashlib.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 01175040 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._core_.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00805888 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._gdi_.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00811008 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._windows_.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 01062400 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._controls_.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00735232 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._misc_.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00128512 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\_elementtree.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00127488 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\pyexpat.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00557056 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\pysqlite2._sqlite.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00087552 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\_ctypes.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00119808 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32file.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00108544 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32security.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00007168 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\hashobjs_ext.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00167936 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32gui.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00018432 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32event.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00038912 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32inet.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00011264 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32crypt.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00070656 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._html2.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00027136 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\_multiprocessing.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00035840 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32process.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00686080 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\unicodedata.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00122368 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._wizard.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00024064 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32pipe.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00025600 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32pdh.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00525640 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\windows._lib_cacheinvalidation.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00010240 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\select.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00017408 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32profile.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00022528 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\win32ts.pyd
    2014-11-21 16:32 - 2014-11-21 16:32 - 00078336 _____ () C:\Users\Lolly\AppData\Local\Temp\_MEI27162\wx._animate.pyd
    2011-09-07 12:56 - 2010-05-07 14:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\Temp:054203E4
    AlternateDataStreams: C:\Users\Lolly\Downloads\noname.eml:OECustomProperty
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\windows\pss\CineForm Status.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Lolly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lolly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1867582200-139094598-4032816429-500 - Administrator - Disabled)
    Guest (S-1-5-21-1867582200-139094598-4032816429-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1867582200-139094598-4032816429-1008 - Limited - Enabled)
    Lolly (S-1-5-21-1867582200-139094598-4032816429-1001 - Administrator - Enabled) => C:\Users\Lolly
    SophosSAULOLLY-PC0 (S-1-5-21-1867582200-139094598-4032816429-1002 - Limited - Enabled)
    UpdatusUser (S-1-5-21-1867582200-139094598-4032816429-1000 - Limited - Enabled) => C:\Users\UpdatusUser
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
    Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Broadcom
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (11/21/2014 04:33:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/21/2014 04:31:56 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: DNS lookup failure trying to resolve the following addresses: WINUPDATE4,WINUPDATE4.INSRV.cf.ac.uk.%%3
     
    Error: (11/21/2014 04:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/21/2014 04:08:49 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: DNS lookup failure trying to resolve the following addresses: WINUPDATE4,WINUPDATE4.INSRV.cf.ac.uk.%%3
     
    Error: (11/21/2014 03:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/21/2014 03:20:09 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: DNS lookup failure trying to resolve the following addresses: WINUPDATE4.%%3
     
    Error: (11/18/2014 05:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/18/2014 05:33:24 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: DNS lookup failure trying to resolve the following addresses: WINUPDATE4.%%3
     
    Error: (11/15/2014 09:19:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/15/2014 09:19:15 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: DNS lookup failure trying to resolve the following addresses: WINUPDATE4.%%3
     
     
    System errors:
    =============
    Error: (11/21/2014 04:35:21 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer USER-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30D76EC0-A62F-4256-A614-FD735B130451}.
    The master browser is stopping or an election is being forced.
     
    Error: (11/21/2014 04:32:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (11/21/2014 04:31:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IwberinMnemationador service failed to start due to the following error: 
    %%2
     
    Error: (11/21/2014 04:11:21 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer USER-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30D76EC0-A62F-4256-A614-FD735B130451}.
    The master browser is stopping or an election is being forced.
     
    Error: (11/21/2014 04:09:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
     
    Error: (11/21/2014 04:08:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The IwberinMnemationador service failed to start due to the following error: 
    %%2
     
    Error: (11/21/2014 04:07:28 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
     
    Error: (11/21/2014 03:59:19 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer USER-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30D76EC0-A62F-4256-A614-FD735B130451}.
    The master browser is stopping or an election is being forced.
     
    Error: (11/21/2014 03:27:16 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer USER-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30D76EC0-A62F-4256-A614-FD735B130451}.
    The master browser is stopping or an election is being forced.
     
    Error: (11/21/2014 03:26:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The NVIDIA Update Service Daemon service hung on starting.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (11/21/2014 04:33:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/21/2014 04:31:56 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: WINUPDATE4,WINUPDATE4.INSRV.cf.ac.uk
     
    Error: (11/21/2014 04:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/21/2014 04:08:49 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: WINUPDATE4,WINUPDATE4.INSRV.cf.ac.uk
     
    Error: (11/21/2014 03:20:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/21/2014 03:20:09 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: WINUPDATE4
     
    Error: (11/18/2014 05:34:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/18/2014 05:33:24 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: WINUPDATE4
     
    Error: (11/15/2014 09:19:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (11/15/2014 09:19:15 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: WINUPDATE4
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-11-12 22:17:09.419
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2014-11-12 22:17:09.388
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:07.460
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:07.384
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:05.215
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:05.141
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:02.993
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:02.922
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:00.734
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2013-02-23 13:44:00.666
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 29%
    Total physical RAM: 8104.37 MB
    Available physical RAM: 5689.62 MB
    Total Pagefile: 16206.91 MB
    Available Pagefile: 13561.53 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:365 GB) (Free:157.93 GB) NTFS
    Drive d: () (Fixed) (Total:546.27 GB) (Free:542.96 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: CF70F325)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=365 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=546.3 GB) - (Type=OF Extended)
    Partition 4: (Not Active) - (Size=20.1 GB) - (Type=27)
     
    ==================== End Of Log ============================"

    The computer is still running very slowly. Firefox won't open upon first clicking (seems to hang), then eventually opens a couple of empty browser windows. Google chrome starts okay, but immediately tries to redirect to some sort of weird search page.Internet Explorer loads okay but is very clunky (slow to load pages/video, suddenly kicks in a couple of seconds later).

    The multiplicity of pop-ups, pop-unders & flashing ads has, however, ceased! 
     
    Thank you again for your efforts & apologies if I've done something wrong.


    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 38,223 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:19 PM

    Posted 21 November 2014 - 02:17 PM

     
    Run this tool to clean your Temporary files/Folders.
     
    Download TFC to your desktop
    •  
    • Close any open windows.
    • Double click the TFC icon to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted, it should not take long to finish.
    • Once it's finished, click OK to reboot.
    • If it does not reboot, reboot your system manually.
    •  
    ===
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
     
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Run: [GoogleChromeAutoLaunch_FB5B18E432725F2E1902CB4A6B4F76F9] => C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-11-05] (Google Inc.)
    ProxyEnable: [S-1-5-21-1867582200-139094598-4032816429-1001] => Internet Explorer proxy is enabled.
    URLSearchHook: HKU\S-1-5-21-1867582200-139094598-4032816429-1001 - (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://start.iminent.com/?appId=AE7A4A8C-7C27-4DCA-8AED-2413EBB001A1"
    CHR Extension: (Google Wallet) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
    CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Lolly\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx []
    S2 IwberinMnemationador; C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\ProgramData\Temp:054203E4
    AlternateDataStreams: C:\Users\Lolly\Downloads\noname.eml:OECustomProperty
     
    End
    
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log Fixlog.txt please post it to your reply.
    ===
     
    Reset  your  browsers that have been compromised.
     
    Reset Chrome...
    Click on "Customize and control Google Chrome":
     
    p22003758.gif
     
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
     
    Click "Reset browser settings" button.
     
    Restart Chrome.
    ====
     
    Firefox:
    Reset Default Browsing settings:
    ===
     
    Download Security Check by screen317 from here
    •  
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     
    ======
     


    #7 MadJohnFinn

    MadJohnFinn
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:02:19 AM

    Posted 22 November 2014 - 07:04 AM

    Thank you.
     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
    Ran by Lolly at 2014-11-22 10:49:39 Run:1
    Running from C:\Users\Lolly\Desktop\FIXY
    Loaded Profiles: UpdatusUser & Lolly (Available profiles: UpdatusUser & Lolly)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\...\Run: [GoogleChromeAutoLaunch_FB5B18E432725F2E1902CB4A6B4F76F9] => C:\Users\Lolly\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-11-05] (Google Inc.)
    ProxyEnable: [S-1-5-21-1867582200-139094598-4032816429-1001] => Internet Explorer proxy is enabled.
    URLSearchHook: HKU\S-1-5-21-1867582200-139094598-4032816429-1001 - (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://start.iminent.com/?appId=AE7A4A8C-7C27-4DCA-8AED-2413EBB001A1"
    CHR Extension: (Google Wallet) - C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
    CHR HKLM-x32\...\Chrome\Extension: [fealnpfjifonchkodiffbdkfaipmpkhe] - C:\Users\Lolly\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx []
    S2 IwberinMnemationador; C:\Program Files (x86)\IwberinMnemationador\IwberinMnemationador.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lolly\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\ProgramData\Temp:054203E4
    AlternateDataStreams: C:\Users\Lolly\Downloads\noname.eml:OECustomProperty
     
    End
    *****************
     
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_FB5B18E432725F2E1902CB4A6B4F76F9 => value deleted successfully.
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\S-1-5-21-1867582200-139094598-4032816429-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} => value deleted successfully.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    Chrome StartupUrls deleted successfully.
    C:\Users\Lolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe" => Key deleted successfully.
    "C:\Users\Lolly\AppData\Local\CRE\fealnpfjifonchkodiffbdkfaipmpkhe.crx" => File/Directory not found.
    IwberinMnemationador => Service deleted successfully.
    catchme => Service deleted successfully.
    "HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-1867582200-139094598-4032816429-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
    C:\Users\Lolly\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
     
    ==== End of Fixlog ====

    ***

     Results of screen317's Security Check version 0.99.90  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Firewall Enabled!  
    Sophos Anti-Virus   
     WMI entry may not exist for antivirus; attempting automatic update. 
    `````````Anti-malware/Other Utilities Check:````````` 
     JavaFX 2.1.1    
     Java 7 Update 65  
     Java version out of Date! 
     Adobe Flash Player 15.0.0.223  
     Adobe Reader XI  
     Mozilla Firefox (33.0) 
     Mozilla Thunderbird 11.0. Thunderbird out of Date!  
     Google Chrome (38.0.2125.111) 
     Google Chrome (38.0.2125.122) 
     Google Chrome (chrome.exe..) 
     Google Chrome (debug.log..) 
     Google Chrome (Dictionaries...) 
     Google Chrome (First Run...) 
     Google Chrome (master_preferences...) 
     Google Chrome (old_chrome.exe..) 
     Google Chrome (wow_helper.exe..) 
    ````````Process Check: objlist.exe by Laurent````````  
     Sophos Sophos Anti-Virus SavService.exe  
     Sophos Sophos Anti-Virus SAVAdminService.exe  
     Sophos Sophos Anti-Virus Web Control swc_service.exe 
     Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
     Symantec Norton Online Backup NOBuAgent.exe  
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C: 5% 
    ````````````````````End of Log`````````````````````` 

    ***

    Going to have a browse/fiddle & see how it's running now, will report back ASAP. 

    Thank you very much for all your help!


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 38,223 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:19 PM

    Posted 22 November 2014 - 01:26 PM

    Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
    The latest version is Java 8 Update 25.
     
    You can manually check your present version and update as recommended.
     
    Be careful not to install malware posing as Java update!
    Important read this blog.
     
    Quoted from the page.
    "In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
     
    How to disable Java in your browsers
     
     
    If present remove the old version(s) of Java using the Add/Remove Programs applet.
     
    JavaFX 2.1.1    
     Java 7 Update 65 
     
    ===
     
    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    ===


    #9 MadJohnFinn

    MadJohnFinn
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:02:19 AM

    Posted 26 November 2014 - 02:02 PM

    Hello!

    Apologies for the delay in replying. The PC is now running beautifully & has been returned along with a stern note concerning not downloading dodgy gif-making programs!

     

    Thank you so much for all your help & patience, really sincerely appreciated.



    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,223 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:09:19 PM

    Posted 26 November 2014 - 02:26 PM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users