Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Experiencing pop-ups and redirects


  • This topic is locked This topic is locked
68 replies to this topic

#1 lisa629

lisa629

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 12:30 AM

I was being helped in the "Am I Infected? What do I do?" forum and was advised to post here.  The link to the topic in the other forum is http://www.bleepingcomputer.com/forums/t/567676/browser-redirected-and-pop-ups/#entry3634511.  I am running Windows 8.1 on a Dell XPS 8700 and am experiencing pop-ups and re-directs both on the Internet and on my desktop, especially at start-up.  I am having a lot of difficulty accessing the Internet.

 

I ran the Farbar Recovery Scan Tool and was able to get both the FRST.txt and Addition.txt logs, but was unable to paste the FRST.txt log from the infected computer, so I am posting it from another computer.  I was able to attach the Addition.txt log from the infected machine, however, I am including it in this post so that everything is in one place.  Thanks in advance for your help, it is very much appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01

Ran by Lisa (administrator) on LISA-PC on 20-02-2015 23:13:50

Running from C:\Users\Lisa\Desktop

Loaded Profiles: Lisa (Available profiles: Lisa)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe

(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

() C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp

() C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp

() C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Small Island Development) C:\ProgramData\NPaxYHLMy\qYHYClnv.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(PlayMCVenture) C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-6.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(PlayMCVenture) C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-10.exe

(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

() C:\Users\Lisa\AppData\Local\gmsd_us_238\upgmsd_us_238.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Mime Ventures) C:\Users\Lisa\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe

(Dell) C:\Users\Lisa\AppData\Local\Apps\2.0\QJ8EQ181.Q48\3WZXKD8R.PA8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe

(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

() C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe

() C:\Program Files (x86)\gmsd_us_238\gmsd_us_238.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1439496 2010-10-19] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [gmsd_us_238] => C:\Program Files (x86)\gmsd_us_238\gmsd_us_238.exe [3977384 2015-02-20] ()

HKLM-x32\...\RunOnce: [upgmsd_us_238.exe] => C:\Users\Lisa\AppData\Local\gmsd_us_238\upgmsd_us_238.exe [3318440 2015-02-20] ()

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-07] (Google Inc.)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [TheAnswerFinder] => C:\Users\Lisa\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe [1786312 2015-02-20] (Mime Ventures)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [DellSystemDetect] => C:\Users\Lisa\AppData\Local\Apps\2.0\QJ8EQ181.Q48\3WZXKD8R.PA8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-28] (Dell)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2014-10-30] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk

ShortcutTarget: Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk -> C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe ()

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [S-1-5-21-2402126613-901041406-3136686689-1001] => Internet Explorer proxy is enabled.

ProxyServer: [S-1-5-21-2402126613-901041406-3136686689-1001] => http=127.0.0.1:52074;https=127.0.0.1:52074

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=2921&r=2015/02/20&hid=17095993380983276072&lg=EN&cc=US&unqvl=82

SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=2921&r=2015/02/20&hid=17095993380983276072&lg=EN&cc=US&unqvl=82

SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> DefaultScope {67CF62CB-DFEE-4C12-9F96-56B9E69D818B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {67CF62CB-DFEE-4C12-9F96-56B9E69D818B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=2921&r=2015/02/20&hid=17095993380983276072&lg=EN&cc=US&unqvl=82

SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {EEAA610A-35F7-4F61-96EB-0FB625E0C089} URL =

BHO: DeAliExopResss -> {df382cc1-1ec1-4d0e-9c0e-70769e82c953} -> C:\Program Files (x86)\DeAliExopResss\7ZihOLp0PZRoCx.x64.dll ()

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: DeAliExopResss -> {df382cc1-1ec1-4d0e-9c0e-70769e82c953} -> C:\Program Files (x86)\DeAliExopResss\7ZihOLp0PZRoCx.dll ()

Toolbar: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default

FF DefaultSearchEngine: Yahoo!

FF DefaultSearchEngine,S: WebSearch

FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=2921&r=2015/02/20&hid=17095993380983276072&lg=EN&cc=US&unqvl=82&l=1&q=

FF SearchEngineOrder.1: WebSearch

FF SearchEngineOrder.1,S: WebSearch

FF SelectedSearchEngine: Yahoo!

FF SelectedSearchEngine,S: WebSearch

FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: JoniCouepioun - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\6I8PF45B@Q.edu [2015-02-19]

FF Extension: Mediaplayersversion2.4 - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-20]

FF Extension: CeoUUpEXtensiiona - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\BUvG@Gc.com [2015-02-19]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://mysearch.avg.com?cid={47ABCD36-EC63-4A8E-B336-F4EBFA5569B1}&mid=c7219e4d54d747d3a053d16daef66cc4-e29242b5d80771a036df2e9d09d7d16ebce75dd8&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13 18:46:06&v=17.2.0.38&pid=safeguard&sg=0&sap=hp"

CHR DefaultSearchKeyword: Default -> yahoo.com search

CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei=utf-8&fr=chr-yo_gc&type=523482&ilc=12&p={searchTerms}

CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]

CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]

CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]

CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]

CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]

CHR Extension: (Google Calendar) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-01-14]

CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]

CHR Extension: (Chrome Remote Desktop) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-14]

CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]

CHR Extension: (Tumblr Shortcuts) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeaoiimgjnefgefklfijghnlngmkcgom [2015-02-19]

CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION

R2 fetikigu; C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp [229376 2015-02-20] () [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-01-25] (Macrovision Europe Ltd.) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)

S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-20] (globalUpdate) [File not signed]

S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-20] (globalUpdate) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)

R2 kuzodiku; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp [90624 2015-02-20] () [File not signed]

R2 MagnoPlayerUpdaterService; C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe [11776 2015-02-20] () [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]

R2 qYHYClnv; C:\ProgramData\NPaxYHLMy\qYHYClnv.exe [2733552 2015-02-20] (Small Island Development)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()

R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

R2 fewonize; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-08-28] ()

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-20 23:13 - 2015-02-20 23:14 - 00027733 _____ () C:\Users\Lisa\Desktop\FRST.txt

2015-02-20 23:13 - 2015-02-20 23:13 - 00000000 ____D () C:\FRST

2015-02-20 23:09 - 2015-02-20 23:09 - 02086912 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe

2015-02-20 23:03 - 2015-02-20 23:03 - 00000000 ___RD () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2015-02-20 21:36 - 2015-02-20 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-02-20 21:34 - 2015-02-20 21:34 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lisa\Downloads\mbar-1.09.1.1004.exe

2015-02-20 18:47 - 2015-02-20 18:47 - 00000000 ____D () C:\ProgramData\Uniblue

2015-02-20 18:46 - 2015-02-20 18:46 - 00000000 ___HD () C:\Users\Public\Temp

2015-02-20 18:41 - 2015-02-20 22:12 - 00001128 _____ () C:\Users\Lisa\Desktop\Continue Live Installation.lnk

2015-02-20 18:34 - 2015-02-20 18:34 - 00003456 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup

2015-02-20 18:33 - 2015-02-20 23:08 - 00000000 ____D () C:\Users\Lisa\Documents\ProPCCleaner

2015-02-20 18:33 - 2015-02-20 23:03 - 00004510 _____ () C:\WINDOWS\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-4.job

2015-02-20 18:33 - 2015-02-20 21:59 - 00000000 ____D () C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31

2015-02-20 18:33 - 2015-02-20 18:36 - 00003742 _____ () C:\Users\Lisa\Desktop\Rkill.txt

2015-02-20 18:33 - 2015-02-20 18:33 - 00007514 _____ () C:\WINDOWS\System32\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-4

2015-02-20 18:33 - 2015-02-20 18:33 - 00003192 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start

2015-02-20 18:33 - 2015-02-20 18:33 - 00001013 _____ () C:\Users\Public\Desktop\Pro PC Cleaner.lnk

2015-02-20 18:33 - 2015-02-20 18:33 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Pro_PC_Cleaner

2015-02-20 18:33 - 2015-02-20 18:33 - 00000000 ____D () C:\Users\Lisa\AppData\Local\MovieWizard

2015-02-20 18:33 - 2015-02-20 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner

2015-02-20 18:33 - 2015-02-20 18:33 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner

2015-02-20 18:32 - 2015-02-20 23:03 - 00005878 _____ () C:\WINDOWS\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-6.job

2015-02-20 18:32 - 2015-02-20 23:03 - 00005534 _____ () C:\WINDOWS\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-7.job

2015-02-20 18:32 - 2015-02-20 23:03 - 00001348 _____ () C:\WINDOWS\Tasks\JGPST.job

2015-02-20 18:32 - 2015-02-20 23:03 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job

2015-02-20 18:32 - 2015-02-20 18:37 - 00000964 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job

2015-02-20 18:32 - 2015-02-20 18:33 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31

2015-02-20 18:32 - 2015-02-20 18:33 - 00000000 ____D () C:\Program Files (x86)\2a52c132-c7f7-446a-9ba3-e7854a9815ad

2015-02-20 18:32 - 2015-02-20 18:32 - 01974224 _____ (PlayMCVenture) C:\Users\Lisa\AppData\Roaming\JGPST.exe

2015-02-20 18:32 - 2015-02-20 18:32 - 00008882 _____ () C:\WINDOWS\System32\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-6

2015-02-20 18:32 - 2015-02-20 18:32 - 00008538 _____ () C:\WINDOWS\System32\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-7

2015-02-20 18:32 - 2015-02-20 18:32 - 00004352 _____ () C:\WINDOWS\System32\Tasks\JGPST

2015-02-20 18:32 - 2015-02-20 18:32 - 00004010 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup

2015-02-20 18:32 - 2015-02-20 18:32 - 00003936 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA

2015-02-20 18:32 - 2015-02-20 18:32 - 00003700 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore

2015-02-20 18:32 - 2015-02-20 18:32 - 00001983 _____ () C:\Users\Lisa\Desktop\Sync Folder.lnk

2015-02-20 18:32 - 2015-02-20 18:32 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\VOPackage

2015-02-20 18:32 - 2015-02-20 18:32 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

2015-02-20 18:31 - 2015-02-20 23:06 - 00000000 ____D () C:\Users\Lisa\AppData\Local\gmsd_us_238

2015-02-20 18:31 - 2015-02-20 23:03 - 00002128 _____ () C:\WINDOWS\Tasks\40f1654d-f1c0-41fe-9308-7d57b535dc3c-10_user.job

2015-02-20 18:31 - 2015-02-20 23:03 - 00000354 _____ () C:\WINDOWS\Tasks\dsmonitor.job

2015-02-20 18:31 - 2015-02-20 23:03 - 00000294 _____ () C:\WINDOWS\Tasks\DriverScanner.job

2015-02-20 18:31 - 2015-02-20 23:03 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\TheAnswerFinder

2015-02-20 18:31 - 2015-02-20 21:53 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_238

2015-02-20 18:31 - 2015-02-20 18:44 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup

2015-02-20 18:31 - 2015-02-20 18:33 - 00000000 ____D () C:\ProgramData\NPaxYHLMy

2015-02-20 18:31 - 2015-02-20 18:33 - 00000000 ____D () C:\Program Files (x86)\Mediaplayersversion2.4

2015-02-20 18:31 - 2015-02-20 18:32 - 00000000 ____D () C:\ProgramData\MovieWizard

2015-02-20 18:31 - 2015-02-20 18:31 - 00002502 _____ () C:\WINDOWS\System32\Tasks\DriverScanner

2015-02-20 18:31 - 2015-02-20 18:31 - 00002494 _____ () C:\WINDOWS\System32\Tasks\dsmonitor

2015-02-20 18:31 - 2015-02-20 18:31 - 00001933 _____ () C:\Users\Lisa\Desktop\MagnoPlayer.lnk

2015-02-20 18:31 - 2015-02-20 18:31 - 00001207 _____ () C:\Users\Public\Desktop\DriverScanner.lnk

2015-02-20 18:31 - 2015-02-20 18:31 - 00001083 _____ () C:\Users\Lisa\Desktop\MyPC Backup.lnk

2015-02-20 18:31 - 2015-02-20 18:31 - 00001033 _____ () C:\Users\Lisa\Desktop\PepperZip.lnk

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Uniblue

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Pro PC Cleaner

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Local\magnoplayer

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Local\globalUpdate

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnoPlayer

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Program Files (x86)\Uniblue

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Program Files (x86)\PepperZip

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Program Files (x86)\MagnoPlayer

2015-02-20 18:31 - 2015-02-20 18:31 - 00000000 ____D () C:\Program Files (x86)\globalUpdate

2015-02-20 18:23 - 2015-02-20 21:53 - 00000000 ____D () C:\Users\Lisa\Desktop\mbar

2015-02-20 17:56 - 2015-02-20 21:36 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-20 17:56 - 2015-02-20 21:35 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-20 17:56 - 2015-02-20 17:56 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-20 17:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-20 17:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-20 17:52 - 2015-02-20 17:53 - 00046946 _____ () C:\Users\Lisa\Desktop\Result.txt

2015-02-20 17:46 - 2015-02-20 17:47 - 00002562 _____ () C:\Users\Lisa\Desktop\FSS.txt

2015-02-20 17:44 - 2015-02-20 17:44 - 00001090 _____ () C:\Users\Lisa\Desktop\checkup.txt

2015-02-20 07:45 - 2015-02-20 07:45 - 00000000 ____D () C:\Users\Lisa\Documents\Evernote

2015-02-19 22:29 - 2015-02-19 22:29 - 00000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin

2015-02-19 21:53 - 2015-02-19 21:54 - 00000000 ____D () C:\Program Files (x86)\JoniCouepioun

2015-02-19 21:53 - 2015-02-19 21:54 - 00000000 ____D () C:\Program Files (x86)\DeAliExopResss

2015-02-19 21:53 - 2015-02-19 21:53 - 00000000 ____D () C:\ProgramData\lodcabdkfddcjblgkghjjmhjfinelmdj

2015-02-19 21:53 - 2015-02-19 21:53 - 00000000 ____D () C:\Program Files (x86)\Tumblr Shortcuts

2015-02-19 21:53 - 2015-02-19 21:53 - 00000000 ____D () C:\Program Files (x86)\CeoUUpEXtensiiona

2015-02-19 21:53 - 2015-02-19 21:53 - 00000000 ____D () C:\Program Files (x86)\AllSaverr

2015-02-19 21:04 - 2015-02-19 21:04 - 00000000 ____D () C:\ProgramData\apcelplacnogfjlbgkincaplehknnenh

2015-02-19 21:04 - 2015-02-19 21:04 - 00000000 ____D () C:\Program Files (x86)\UnniDeaLs

2015-02-19 20:48 - 2015-02-19 21:04 - 00000000 ____D () C:\Program Files (x86)\TampaEdit

2015-02-19 20:47 - 2015-02-19 20:47 - 00000000 ____D () C:\ProgramData\jobecclaahmhnpllgodjknbjfeiennoj

2015-02-19 20:47 - 2015-02-19 20:47 - 00000000 ____D () C:\Program Files (x86)\UniDeAls u

2015-02-14 18:49 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-02-14 18:49 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-02-14 18:00 - 2015-02-14 18:00 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk

2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files\iTunes

2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files\iPod

2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-02-14 17:56 - 2015-02-14 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-02-14 17:54 - 2015-02-14 17:54 - 00000000 ____D () C:\ProgramData\jdjmabjmabmfmoglkmneahckcmcldiak

2015-02-14 17:53 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}

2015-02-14 17:51 - 2015-02-19 20:48 - 00000000 ____D () C:\Program Files (x86)\AppendEngine

2015-02-14 17:50 - 2015-02-19 21:53 - 00000000 ____D () C:\ProgramData\10159753648601448604

2015-02-14 17:50 - 2015-02-14 17:50 - 00000000 ____D () C:\Program Files (x86)\Whitelist for Chrome

2015-02-14 17:50 - 2015-02-14 17:50 - 00000000 ____D () C:\Program Files (x86)\UniiiDealse

2015-02-14 17:49 - 2015-02-14 17:50 - 00000000 ____D () C:\ProgramData\mdbjjlminboolomlpeepflgbkdhopeik

2015-02-14 17:49 - 2015-02-14 17:49 - 00000000 ____D () C:\ProgramData\{11734d82-fa53-88a7-1173-34d82fa5360b}

2015-02-13 08:03 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2015-02-13 08:03 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2015-02-13 08:03 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2015-02-13 08:03 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2015-02-13 08:03 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2015-02-13 08:03 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2015-02-13 08:03 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-02-13 08:03 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-02-13 08:03 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-02-13 08:03 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2015-02-13 08:03 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-02-13 08:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-02-13 08:03 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2015-02-13 08:03 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-02-13 08:03 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-02-13 08:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-02-13 08:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-02-13 08:03 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-02-13 08:03 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-02-13 08:03 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-02-13 08:03 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-02-13 08:03 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-02-13 08:03 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-02-13 08:03 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-02-13 08:03 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2015-02-13 08:03 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-02-13 08:03 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-02-13 08:03 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-02-13 08:03 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-02-13 08:03 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-02-13 08:03 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-02-13 08:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-02-13 08:03 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-02-13 08:03 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-02-13 08:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-02-13 08:03 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-02-13 08:03 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-02-13 08:03 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-02-13 08:03 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-02-13 08:03 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-02-13 08:03 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-02-13 08:03 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-02-13 08:03 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-02-13 08:03 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-02-13 08:03 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-02-13 08:03 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2015-02-13 08:03 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2015-02-13 08:03 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll

2015-02-13 08:03 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll

2015-02-13 08:03 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-02-13 08:03 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll

2015-02-13 08:03 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

2015-02-13 08:03 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll

2015-02-13 08:03 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll

2015-02-13 08:03 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll

2015-02-13 08:03 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll

2015-02-13 08:03 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll

2015-02-13 08:03 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2015-02-13 08:03 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll

2015-02-13 08:03 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll

2015-02-13 08:03 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe

2015-02-13 08:03 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe

2015-02-13 08:03 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe

2015-02-13 08:02 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-02-13 08:02 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-02-13 08:02 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-02-13 08:02 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-02-13 08:02 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-02-13 08:02 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-02-13 08:02 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2015-02-13 08:02 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-02-11 21:36 - 2015-02-20 07:36 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk

2015-02-11 21:36 - 2015-02-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

2015-02-10 19:01 - 2015-02-05 12:57 - 00621384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2015-02-10 19:00 - 2015-02-05 16:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

2015-02-10 19:00 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll

2015-02-10 19:00 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll

2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST

2015-01-24 17:41 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

2015-01-24 17:41 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\ZinioReader4

2015-01-24 17:40 - 2015-01-24 17:40 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zinio Reader 4.lnk

2015-01-24 17:40 - 2015-01-24 17:40 - 00000945 _____ () C:\Users\Public\Desktop\Zinio Reader 4.lnk

2015-01-24 17:40 - 2015-01-24 17:40 - 00000000 ____D () C:\Program Files (x86)\Zinio Reader 4

2015-01-23 17:51 - 2015-01-23 17:51 - 00000000 ____D () C:\Users\Lisa\Desktop\Candy Crush 1-23-15

2015-01-22 16:00 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll

2015-01-22 16:00 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll

2015-01-22 16:00 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-20 23:04 - 2014-01-25 15:07 - 00000000 ____D () C:\Users\Lisa\AppData\Local\F6E1BA2A-56A7-4821-A056-60D793DE864E.aplzod

2015-02-20 23:03 - 2014-03-26 12:27 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-20 23:03 - 2014-03-15 20:48 - 00000000 ____D () C:\Users\Lisa\Documents\Outlook

2015-02-20 23:03 - 2014-01-07 19:45 - 00000000 __RDO () C:\Users\Lisa\SkyDrive

2015-02-20 23:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-20 22:12 - 2014-01-25 19:27 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Adobe

2015-02-20 22:07 - 2014-01-07 19:49 - 00003768 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{280B3323-E231-4EAC-AB97-C2A03060FB8A}

2015-02-20 22:02 - 2013-11-19 13:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2015-02-20 22:01 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-02-20 22:00 - 2015-01-17 15:10 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job

2015-02-20 21:58 - 2014-03-26 12:27 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-20 21:54 - 2014-01-07 18:20 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-20 21:54 - 2013-11-14 02:20 - 00643790 _____ () C:\WINDOWS\PFRO.log

2015-02-20 21:54 - 2013-08-22 09:46 - 00319597 _____ () C:\WINDOWS\setupact.log

2015-02-20 21:54 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-20 21:53 - 2014-01-07 18:19 - 01420267 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-20 21:53 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-20 19:08 - 2014-01-07 16:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2402126613-901041406-3136686689-1001

2015-02-20 18:33 - 2014-10-23 05:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2015-02-20 18:15 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages

2015-02-20 07:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-02-20 07:47 - 2014-01-07 18:23 - 00000000 ____D () C:\Users\Lisa

2015-02-20 02:59 - 2015-01-14 08:08 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-19 20:42 - 2014-01-25 16:47 - 00000000 ____D () C:\Users\Lisa\Documents\Bookmarks

2015-02-18 23:52 - 2014-01-25 21:23 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps

2015-02-18 22:01 - 2014-01-07 19:58 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Deployment

2015-02-18 00:01 - 2014-01-25 21:04 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11

2015-02-17 15:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-14 17:59 - 2014-01-25 12:15 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-02-13 09:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-02-13 08:19 - 2013-08-22 09:44 - 00504328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-13 08:15 - 2014-01-25 15:09 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-13 08:11 - 2014-01-07 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-13 08:10 - 2014-01-07 16:52 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-02-13 08:06 - 2014-01-07 16:51 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-02-13 08:04 - 2014-12-20 08:44 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2015-02-13 08:04 - 2014-07-08 21:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-02-11 08:12 - 2014-11-08 16:38 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2015-02-11 08:12 - 2014-11-08 16:38 - 00001108 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2015-02-10 19:02 - 2014-03-23 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-02-10 19:02 - 2013-11-19 13:07 - 00000000 ____D () C:\Temp

2015-02-05 16:01 - 2014-01-07 18:19 - 00074056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2015-02-05 16:01 - 2014-01-07 18:19 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll

2015-02-05 16:01 - 2013-08-27 00:03 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll

2015-02-05 16:01 - 2013-08-27 00:03 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb

2015-02-05 16:01 - 2013-08-27 00:02 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll

2015-02-05 16:01 - 2013-08-27 00:02 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll

2015-02-05 16:01 - 2013-08-27 00:02 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2015-02-05 14:07 - 2014-01-07 18:19 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2015-02-05 14:07 - 2014-01-07 18:19 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2015-02-05 14:07 - 2014-01-07 18:19 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2015-02-05 14:07 - 2014-01-07 18:19 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe

2015-02-05 14:07 - 2014-01-07 18:19 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2015-02-05 14:06 - 2014-01-07 18:19 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2015-02-05 08:53 - 2014-01-07 19:59 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-05 08:53 - 2014-01-07 19:59 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-05 07:50 - 2014-01-07 18:19 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin

2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-23 16:56 - 2014-12-06 14:23 - 00001033 _____ () C:\Users\Public\Desktop\iExplorer.lnk

2015-01-23 16:56 - 2014-12-06 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer

2015-01-23 16:56 - 2014-12-06 14:23 - 00000000 ____D () C:\Program Files (x86)\iExplorer

 

==================== Files in the root of some directories =======

 

2015-02-19 22:29 - 2015-02-19 22:29 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin

2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST

2015-02-20 18:32 - 2015-02-20 18:32 - 1974224 _____ (PlayMCVenture) C:\Users\Lisa\AppData\Roaming\JGPST.exe

2014-03-18 16:21 - 2014-03-18 16:21 - 0000057 _____ () C:\ProgramData\Ament.ini

2013-11-19 13:05 - 2013-11-19 13:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2013-11-19 13:02 - 2013-11-19 13:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2013-11-19 13:03 - 2013-11-19 13:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2013-11-19 13:02 - 2013-11-19 13:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

2013-11-19 13:04 - 2013-11-19 13:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

 

Some content of TEMP:

====================

C:\Users\Lisa\AppData\Local\Temp\26E534.exe

C:\Users\Lisa\AppData\Local\Temp\7adD48.exe

C:\Users\Lisa\AppData\Local\Temp\8d068.exe

C:\Users\Lisa\AppData\Local\Temp\8D56.exe

C:\Users\Lisa\AppData\Local\Temp\BackupSetup.exe

C:\Users\Lisa\AppData\Local\Temp\FE73205874F.exe

C:\Users\Lisa\AppData\Local\Temp\iExplorer_Setup_3650.exe

C:\Users\Lisa\AppData\Local\Temp\install_reader11_en_chrd_awa_aih.exe

C:\Users\Lisa\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Lisa\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Lisa\AppData\Local\Temp\nvStInst.exe

C:\Users\Lisa\AppData\Local\Temp\nvstlink.exe

C:\Users\Lisa\AppData\Local\Temp\ose00000.exe

C:\Users\Lisa\AppData\Local\Temp\SearchProtectionSetup.exe

C:\Users\Lisa\AppData\Local\Temp\vcredist_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-15 18:47

 

==================== End Of Log ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 21 February 2015 - 06:22 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    DragonApp
    GamesDesktop 025.238
    MagnoPlayer
    Movie Wizard
    MyPC Backup
    PepperZip 2.0
    Remote Desktop Access
    Whitelist for Chrome
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 12:15 PM

Hi Jürgen,

 

Thanks very much for helping me. 

 

I have installed Revo Uninstaller and am in the process of deleting MagnoPlayer.  There are 2 leftover files that the program found, c:\Program Files (x86)\MagnoPlayer and c:\Program Files (x86)MagnoPlayer\MagnoPlayerUpdaterService.exe for which I am getting a message saying that the files will be deleted during the next system restart.  I just wanted to check in to see how to proceed.  Should I continue (click on Next) or do something else?  Also, should I perform a restart as soon as I am finished deleting this program, or should I wait?  Thanks again!



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 21 February 2015 - 12:31 PM

Please click next and reboot the PC.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 12:48 PM

Thanks.  I am still uninstalling the programs you listed, and wanted to let you know that there are a couple of others on my desktop that have shown up with the malware.  These are:

 

UniblueDriverScanner 2015

Pro PC Cleaner

 

Should they be uninstalled as well?  Thanks.



#6 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 01:32 PM

Hi again,

 

I am unable to locate MyPC Backup in the list of programs on Revo Uninstaller, however, I do have the icon on my desktop.  Is there another way to find it or is it listed in Revo under another name?

 

I also looked at all the programs listed in Revo Uninstaller and in addition to the 2 I mentioned in my last post (DriverScanner & Pro PC Cleaner) the following are programs that I am unfamiliar with:

 

BlockAndSurf

CinemaP-1.9V21.02

GamesDesktop 025.241

Quickref 1.10.0.9

UniDeAls u

 

I'll wait to hear back from you about how to proceed before moving on to Step 2 listed in your initial post.  Thanks again.



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 21 February 2015 - 01:53 PM

Hi,
please uninstall these programs and proceed afterwards with step 2. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 02:15 PM

Ok, will do.  What about My PCBackup?  Would it be listed in Revo under another name?



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 21 February 2015 - 02:31 PM

Ok, will do.  What about My PCBackup?  Would it be listed in Revo under another name?


No.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 03:43 PM

Hi Jürgen,

 

Detailed below are the logs you requested.  Just so you know, things are getting a little better with the infected computer.  I can now get onto the BleepingComputer site, however, I'm still not able to log on.

 

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 14:45:09
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Lisa - LISA-PC
# Running from : C:\Users\Lisa\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : BackupStack
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : MagnoPlayerUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lisa\Favorites\Links\Search
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\10159753648601448604
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\AllSaverr
Folder Deleted : C:\Program Files (x86)\CeoUUpEXtensiiona
Folder Deleted : C:\Program Files (x86)\DeAliExopResss
Folder Deleted : C:\Program Files (x86)\JoniCouepioun
Folder Deleted : C:\Program Files (x86)\UniiiDealse
Folder Deleted : C:\Program Files (x86)\UnniDeaLs
Folder Deleted : C:\Users\Lisa\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Lisa\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Lisa\AppData\Local\MovieWizard
Folder Deleted : C:\Users\Lisa\AppData\Local\Pro_PC_Cleaner
Folder Deleted : C:\Users\Lisa\AppData\Local\MagnoPlayer
Folder Deleted : C:\Users\Lisa\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Pro PC Cleaner
Folder Deleted : C:\Users\Lisa\AppData\Roaming\TheAnswerFinder
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Lisa\Documents\ProPCCleaner
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\6I8PF45B@Q.edu
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\BUvG@Gc.com
Folder Deleted : C:\ProgramData\apcelplacnogfjlbgkincaplehknnenh
Folder Deleted : C:\ProgramData\jobecclaahmhnpllgodjknbjfeiennoj
Folder Deleted : C:\ProgramData\lodcabdkfddcjblgkghjjmhjfinelmdj
Folder Deleted : C:\ProgramData\mdbjjlminboolomlpeepflgbkdhopeik
File Deleted : C:\WINDOWS\patsearch.bin
File Deleted : C:\Users\Lisa\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Lisa\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Lisa\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Lisa\Desktop\Sync Folder.lnk
File Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : ProPCCleaner_Start
Task Deleted : 40f1654d-f1c0-41fe-9308-7d57b535dc3c-10_user
Task Deleted : 40f1654d-f1c0-41fe-9308-7d57b535dc3c-4
Task Deleted : 40f1654d-f1c0-41fe-9308-7d57b535dc3c-6
Task Deleted : 40f1654d-f1c0-41fe-9308-7d57b535dc3c-7
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-1-6
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-1-7
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-10_user
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-4
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-5
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-5_user
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-6
Task Deleted : 91300834-36c6-422c-ab99-a29bbd223f5e-7

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Key Deleted : HKLM\SOFTWARE\CLASSES\APPLICATIONS\MagnoPlayer.exe
Key Deleted : HKLM\SOFTWARE\Classes\Pdf382cc1_1ec1_4d0e_9c0e_70769e82c953_.Pdf382cc1_1ec1_4d0e_9c0e_70769e82c953_
Key Deleted : HKLM\SOFTWARE\Classes\Pdf382cc1_1ec1_4d0e_9c0e_70769e82c953_.Pdf382cc1_1ec1_4d0e_9c0e_70769e82c953_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{df382cc1-1ec1-4d0e-9c0e-70769e82c953}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{df382cc1-1ec1-4d0e-9c0e-70769e82c953}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{df382cc1-1ec1-4d0e-9c0e-70769e82c953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{df382cc1-1ec1-4d0e-9c0e-70769e82c953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{df382cc1-1ec1-4d0e-9c0e-70769e82c953}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\deltafaucet.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetwater.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thesweethome.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.look-for-it.info
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.deltafaucet.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweetwater.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:50251;hxxps=127.0.0.1:50251
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v30.0 (en-US)

[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=2921&r=2015/02/20&hid=17095993380983276072&lg=EN&cc=US&unqvl=82&l=1&q=");
[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("extensions.GYhCwVPfY0WlkFYO.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjCEpjk4pjrHpda4pdrGqHgEqHs\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"warnalert11.com\"[...]
[fcv7vw7j.default\prefs.js] - Line Deleted : user_pref("extensions.ZwDwtzPLpsZpRYry.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjCEpjk4pjrHpda4pdrGqHgEqHs\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"warnalert11.com\"[...]

-\\ Google Chrome v40.0.2214.115

[C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=HH&apn_dtid=YYYYYYGEUS&apn_uid=0A218EB7-A688-41C3-A5C2-F5B0C05C6E3C&apn_sauid=AED329E7-2565-4BEF-93F3-75CED5C50562
[C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=HH&apn_dtid=YYYYYYGEUS&apn_uid=0A218EB7-A688-41C3-A5C2-F5B0C05C6E3C&apn_sauid=AED329E7-2565-4BEF-93F3-75CED5C50562
[C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=453&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=8528003371544196&q={searchTerms}
[C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=2921&r=2015/02/20&hid=17095993380983276072&lg=EN&cc=US&unqvl=82

*************************

AdwCleaner[R0].txt - [15784 bytes] - [21/02/2015 14:43:58]
AdwCleaner[S0].txt - [15655 bytes] - [21/02/2015 14:45:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15715  bytes] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Lisa (administrator) on LISA-PC on 21-02-2015 14:49:46
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available profiles: Lisa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Small Island Development) C:\ProgramData\NPaxYHLMy\qYHYClnv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell) C:\Users\Lisa\AppData\Local\Apps\2.0\QJ8EQ181.Q48\3WZXKD8R.PA8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
() C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1439496 2010-10-19] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_238] => [X]
HKLM-x32\...\Run: [gmsd_us_241] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-07] (Google Inc.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [TheAnswerFinder] => "C:\Users\Lisa\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [DellSystemDetect] => C:\Users\Lisa\AppData\Local\Apps\2.0\QJ8EQ181.Q48\3WZXKD8R.PA8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-28] (Dell)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2014-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk
ShortcutTarget: Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk -> C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {67CF62CB-DFEE-4C12-9F96-56B9E69D818B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {EEAA610A-35F7-4F61-96EB-0FB625E0C089} URL =
Toolbar: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Mediaplayersversion2.4 - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-20]
FF Extension: CinemaP-1.9cV21.02 - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\Extensions\OIBMBKA115048682@HYKFIU97176590.com [2015-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://mysearch.avg.com?cid={47ABCD36-EC63-4A8E-B336-F4EBFA5569B1}&mid=c7219e4d54d747d3a053d16daef66cc4-e29242b5d80771a036df2e9d09d7d16ebce75dd8&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13 18:46:06&v=17.2.0.38&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei=utf-8&fr=chr-yo_gc&type=523482&ilc=12&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Calendar) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Tumblr Shortcuts) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeaoiimgjnefgefklfijghnlngmkcgom [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 fetikigu; C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp [229376 2015-02-20] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-01-25] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
R2 kuzodiku; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp [90624 2015-02-20] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 qYHYClnv; C:\ProgramData\NPaxYHLMy\qYHYClnv.exe [2733552 2015-02-20] (Small Island Development)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
R2 fewonize; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-08-28] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 14:48 - 2015-02-21 14:48 - 00015816 _____ () C:\Users\Lisa\Desktop\AdwCleaner[S0].txt
2015-02-21 14:47 - 2015-02-21 14:47 - 00000000 ___RD () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-21 14:45 - 2015-02-21 14:45 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-02-21 14:43 - 2015-02-21 14:45 - 00000000 ____D () C:\AdwCleaner
2015-02-21 14:43 - 2015-02-21 14:43 - 02126848 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe
2015-02-21 12:44 - 2015-02-21 14:47 - 00001348 _____ () C:\WINDOWS\Tasks\XUGOB.job
2015-02-21 12:44 - 2015-02-21 12:44 - 01325008 _____ (Cinema PlusV21.02) C:\Users\Lisa\AppData\Roaming\XUGOB.exe
2015-02-21 12:44 - 2015-02-21 12:44 - 00004350 _____ () C:\WINDOWS\System32\Tasks\XUGOB
2015-02-21 12:44 - 2015-02-21 12:44 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-02-21 12:43 - 2015-02-21 14:47 - 00001346 _____ () C:\WINDOWS\Tasks\KGOR.job
2015-02-21 12:43 - 2015-02-21 12:44 - 00000000 ____D () C:\Program Files (x86)\24ac5c38-df28-4842-a9a5-3b5ea72b9147
2015-02-21 12:43 - 2015-02-21 12:43 - 01802192 _____ (Cinema PlusV21.02) C:\Users\Lisa\AppData\Roaming\KGOR.exe
2015-02-21 12:43 - 2015-02-21 12:43 - 00004348 _____ () C:\WINDOWS\System32\Tasks\KGOR
2015-02-21 11:46 - 2015-02-21 11:46 - 00001282 _____ () C:\Users\Lisa\Desktop\Revo Uninstaller.lnk
2015-02-21 11:46 - 2015-02-21 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-20 23:14 - 2015-02-20 23:15 - 00040292 _____ () C:\Users\Lisa\Desktop\Addition.txt
2015-02-20 23:13 - 2015-02-21 14:50 - 00023781 _____ () C:\Users\Lisa\Desktop\FRST.txt
2015-02-20 23:13 - 2015-02-21 14:49 - 00000000 ____D () C:\FRST
2015-02-20 23:09 - 2015-02-20 23:09 - 02086912 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2015-02-20 21:36 - 2015-02-21 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-20 21:34 - 2015-02-20 21:34 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lisa\Downloads\mbar-1.09.1.1004.exe
2015-02-20 18:46 - 2015-02-20 18:46 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-20 18:33 - 2015-02-21 14:26 - 00000000 ____D () C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31
2015-02-20 18:33 - 2015-02-20 18:36 - 00003742 _____ () C:\Users\Lisa\Desktop\Rkill.txt
2015-02-20 18:32 - 2015-02-21 14:47 - 00001348 _____ () C:\WINDOWS\Tasks\JGPST.job
2015-02-20 18:32 - 2015-02-20 18:33 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31
2015-02-20 18:32 - 2015-02-20 18:33 - 00000000 ____D () C:\Program Files (x86)\2a52c132-c7f7-446a-9ba3-e7854a9815ad
2015-02-20 18:32 - 2015-02-20 18:32 - 01974224 _____ (PlayMCVenture) C:\Users\Lisa\AppData\Roaming\JGPST.exe
2015-02-20 18:32 - 2015-02-20 18:32 - 00004352 _____ () C:\WINDOWS\System32\Tasks\JGPST
2015-02-20 18:31 - 2015-02-20 18:33 - 00000000 ____D () C:\ProgramData\NPaxYHLMy
2015-02-20 18:31 - 2015-02-20 18:33 - 00000000 ____D () C:\Program Files (x86)\Mediaplayersversion2.4
2015-02-20 18:23 - 2015-02-20 21:53 - 00000000 ____D () C:\Users\Lisa\Desktop\mbar
2015-02-20 17:56 - 2015-02-20 21:36 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 17:56 - 2015-02-20 21:35 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-20 17:56 - 2015-02-20 17:56 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 17:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-20 17:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-20 17:52 - 2015-02-20 17:53 - 00046946 _____ () C:\Users\Lisa\Desktop\Result.txt
2015-02-20 17:46 - 2015-02-20 17:47 - 00002562 _____ () C:\Users\Lisa\Desktop\FSS.txt
2015-02-20 17:44 - 2015-02-20 17:44 - 00001090 _____ () C:\Users\Lisa\Desktop\checkup.txt
2015-02-20 07:45 - 2015-02-20 07:45 - 00000000 ____D () C:\Users\Lisa\Documents\Evernote
2015-02-19 22:29 - 2015-02-19 22:29 - 00000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin
2015-02-19 21:53 - 2015-02-19 21:53 - 00000000 ____D () C:\Program Files (x86)\Tumblr Shortcuts
2015-02-19 20:48 - 2015-02-19 21:04 - 00000000 ____D () C:\Program Files (x86)\TampaEdit
2015-02-14 18:49 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-14 18:49 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 18:00 - 2015-02-14 18:00 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files\iTunes
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files\iPod
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-14 17:56 - 2015-02-14 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-14 17:54 - 2015-02-14 17:54 - 00000000 ____D () C:\ProgramData\jdjmabjmabmfmoglkmneahckcmcldiak
2015-02-14 17:53 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}
2015-02-14 17:51 - 2015-02-19 20:48 - 00000000 ____D () C:\Program Files (x86)\AppendEngine
2015-02-14 17:49 - 2015-02-14 17:49 - 00000000 ____D () C:\ProgramData\{11734d82-fa53-88a7-1173-34d82fa5360b}
2015-02-13 08:03 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-13 08:03 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-13 08:03 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-13 08:03 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-13 08:03 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-13 08:03 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-13 08:03 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-13 08:03 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-13 08:03 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-13 08:03 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-13 08:03 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-13 08:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-13 08:03 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-13 08:03 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-13 08:03 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-13 08:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-13 08:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-13 08:03 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-13 08:03 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-13 08:03 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-13 08:03 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-13 08:03 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-13 08:03 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-13 08:03 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-13 08:03 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-13 08:03 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-13 08:03 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-13 08:03 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-13 08:03 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-13 08:03 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-13 08:03 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-13 08:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-13 08:03 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-13 08:03 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-13 08:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-13 08:03 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-13 08:03 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-13 08:03 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-13 08:03 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-13 08:03 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-13 08:03 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-13 08:03 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-13 08:03 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-13 08:03 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-13 08:03 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-13 08:03 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-13 08:03 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 08:03 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-13 08:03 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-13 08:03 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-13 08:03 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-13 08:03 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-13 08:03 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-13 08:03 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-13 08:03 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-13 08:03 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-13 08:03 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-13 08:03 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-13 08:03 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-13 08:03 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-13 08:03 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-13 08:03 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-13 08:03 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-13 08:02 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-13 08:02 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-13 08:02 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-13 08:02 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-13 08:02 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-13 08:02 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-13 08:02 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-13 08:02 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 21:36 - 2015-02-20 07:36 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-11 21:36 - 2015-02-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-10 19:01 - 2015-02-05 12:57 - 00621384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-02-10 19:00 - 2015-02-05 16:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-10 19:00 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Users\Lisa\AppData\Roaming\XUGOB
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\KGOR
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST
2015-01-24 17:41 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2015-01-24 17:41 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\ZinioReader4
2015-01-24 17:40 - 2015-01-24 17:40 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zinio Reader 4.lnk
2015-01-24 17:40 - 2015-01-24 17:40 - 00000945 _____ () C:\Users\Public\Desktop\Zinio Reader 4.lnk
2015-01-24 17:40 - 2015-01-24 17:40 - 00000000 ____D () C:\Program Files (x86)\Zinio Reader 4
2015-01-23 17:51 - 2015-01-23 17:51 - 00000000 ____D () C:\Users\Lisa\Desktop\Candy Crush 1-23-15
2015-01-22 16:00 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-01-22 16:00 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434725.dll
2015-01-22 16:00 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434725.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 14:48 - 2013-11-19 13:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-21 14:47 - 2014-03-26 12:27 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 14:47 - 2014-01-07 19:45 - 00000000 ___DO () C:\Users\Lisa\SkyDrive
2015-02-21 14:46 - 2014-01-07 18:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-21 14:46 - 2013-08-22 09:46 - 00320668 _____ () C:\WINDOWS\setupact.log
2015-02-21 14:46 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-21 14:45 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-21 14:42 - 2014-03-15 20:48 - 00000000 ____D () C:\Users\Lisa\Documents\Outlook
2015-02-21 14:42 - 2014-01-25 15:07 - 00000000 ____D () C:\Users\Lisa\AppData\Local\F6E1BA2A-56A7-4821-A056-60D793DE864E.aplzod
2015-02-21 14:28 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-21 14:27 - 2014-01-25 19:27 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Adobe
2015-02-21 14:27 - 2014-01-07 16:13 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2402126613-901041406-3136686689-1001
2015-02-21 14:21 - 2013-11-14 02:20 - 00647946 _____ () C:\WINDOWS\PFRO.log
2015-02-21 14:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-21 13:22 - 2014-01-07 18:19 - 01550755 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-21 13:00 - 2015-01-17 15:10 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-02-21 12:58 - 2014-03-26 12:27 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 12:44 - 2014-01-25 19:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-21 11:42 - 2014-01-07 19:49 - 00003768 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{280B3323-E231-4EAC-AB97-C2A03060FB8A}
2015-02-20 18:33 - 2014-10-23 05:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-20 18:15 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-20 07:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 07:47 - 2014-01-07 18:23 - 00000000 ____D () C:\Users\Lisa
2015-02-20 02:59 - 2015-01-14 08:08 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 20:42 - 2014-01-25 16:47 - 00000000 ____D () C:\Users\Lisa\Documents\Bookmarks
2015-02-18 23:52 - 2014-01-25 21:23 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps
2015-02-18 22:01 - 2014-01-07 19:58 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Deployment
2015-02-18 00:01 - 2014-01-25 21:04 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2015-02-17 15:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-14 17:59 - 2014-01-25 12:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-13 09:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-13 08:19 - 2013-08-22 09:44 - 00504328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 08:15 - 2014-01-25 15:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-13 08:11 - 2014-01-07 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 08:10 - 2014-01-07 16:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 08:06 - 2014-01-07 16:51 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 08:04 - 2014-12-20 08:44 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-13 08:04 - 2014-07-08 21:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 08:12 - 2014-11-08 16:38 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-11 08:12 - 2014-11-08 16:38 - 00001108 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-02-10 19:02 - 2014-03-23 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-10 19:02 - 2013-11-19 13:07 - 00000000 ____D () C:\Temp
2015-02-05 16:01 - 2014-01-07 18:19 - 00074056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-02-05 16:01 - 2014-01-07 18:19 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-02-05 16:01 - 2013-08-27 00:03 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-05 16:01 - 2013-08-27 00:03 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-05 16:01 - 2013-08-27 00:02 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-05 16:01 - 2013-08-27 00:02 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-05 16:01 - 2013-08-27 00:02 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 14:07 - 2014-01-07 18:19 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 14:06 - 2014-01-07 18:19 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 08:53 - 2014-01-07 19:59 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 08:53 - 2014-01-07 19:59 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 07:50 - 2014-01-07 18:19 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 16:56 - 2014-12-06 14:23 - 00001033 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2015-01-23 16:56 - 2014-12-06 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2015-01-23 16:56 - 2014-12-06 14:23 - 00000000 ____D () C:\Program Files (x86)\iExplorer

==================== Files in the root of some directories =======

2015-02-19 22:29 - 2015-02-19 22:29 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST
2015-02-20 18:32 - 2015-02-20 18:32 - 1974224 _____ (PlayMCVenture) C:\Users\Lisa\AppData\Roaming\JGPST.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Lisa\AppData\Roaming\KGOR
2015-02-21 12:43 - 2015-02-21 12:43 - 1802192 _____ (Cinema PlusV21.02) C:\Users\Lisa\AppData\Roaming\KGOR.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Users\Lisa\AppData\Roaming\XUGOB
2015-02-21 12:44 - 2015-02-21 12:44 - 1325008 _____ (Cinema PlusV21.02) C:\Users\Lisa\AppData\Roaming\XUGOB.exe
2014-03-18 16:21 - 2014-03-18 16:21 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-19 13:05 - 2013-11-19 13:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-19 13:02 - 2013-11-19 13:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-19 13:03 - 2013-11-19 13:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-19 13:02 - 2013-11-19 13:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-19 13:04 - 2013-11-19 13:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\26E534.exe
C:\Users\Lisa\AppData\Local\Temp\6DC074E5-0784-70F2-586A-7CA4D5527E2E.dll
C:\Users\Lisa\AppData\Local\Temp\6DC074E5-0784-70F2-586A-7CA4D5527E2E.exe
C:\Users\Lisa\AppData\Local\Temp\7143.exe
C:\Users\Lisa\AppData\Local\Temp\7adD48.exe
C:\Users\Lisa\AppData\Local\Temp\8790D93C-443B-7787-F887-6B33A6DF1A26.exe
C:\Users\Lisa\AppData\Local\Temp\8d068.exe
C:\Users\Lisa\AppData\Local\Temp\8D56.exe
C:\Users\Lisa\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lisa\AppData\Local\Temp\FE73205874F.exe
C:\Users\Lisa\AppData\Local\Temp\iExplorer_Setup_3650.exe
C:\Users\Lisa\AppData\Local\Temp\install_reader11_en_chrd_awa_aih.exe
C:\Users\Lisa\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Lisa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lisa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Lisa\AppData\Local\Temp\nvStInst.exe
C:\Users\Lisa\AppData\Local\Temp\nvstlink.exe
C:\Users\Lisa\AppData\Local\Temp\ose00000.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-15 18:47

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Lisa at 2015-02-21 14:51:04
Running from C:\Users\Lisa\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Amazon Cloud Drive) (Version: 1.0.2014.3130 - Amazon Digital Services, LLC.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{0B341FFF-66F9-4B82-A73A-C2317514A30F}) (Version: 8.4.3.1793 - TechSmith Corporation)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.6.5.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mediaplayersversion2.4 (HKLM-x32\...\Mediaplayersversion2.4) (Version: 1.36.01.22 - PlayMCVenture)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
New England Baseball Journal - April 2014 (HKLM-x32\...\288e5686a0ce4f2dfa09a3d905f414b7) (Version: 1.0.3 - Nxtbook Media, LLC)
New England Baseball Journal - April 2014 (x32 Version: 1.0.3 - Nxtbook Media, LLC) Hidden
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2010 (HKLM-x32\...\{0700E22B-A424-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TheAnswerFinder (HKLM\...\TheAnswerFinder) (Version: 1.0.7 - TheAnswerFinder)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wondershare Video Editor(Build 4.7.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.3972 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-01-2015 15:59:49 Windows Update
07-02-2015 04:11:01 Scheduled Checkpoint
10-02-2015 18:44:56 Windows Update
11-02-2015 21:33:40 Installed Evernote v. 5.8.3
20-02-2015 07:20:08 Scheduled Checkpoint
20-02-2015 21:52:44 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C45E029-4A76-4E4C-9306-2392F5A5E2B4} - System32\Tasks\KGOR => C:\Users\Lisa\AppData\Roaming\KGOR.exe [2015-02-21] (Cinema PlusV21.02) <==== ATTENTION
Task: {208659E5-1F39-4874-A3DF-48F01543268D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {277B11F1-37E8-43C8-84E2-E3C891D57A34} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {2F68E7E6-4B3C-4CCD-822B-C919E0A5D4C2} - System32\Tasks\XUGOB => C:\Users\Lisa\AppData\Roaming\XUGOB.exe [2015-02-21] (Cinema PlusV21.02) <==== ATTENTION
Task: {328706DA-B9A9-4387-A6AC-600102DB2297} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4E64751E-AA32-4832-880F-0ECFC8152787} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {7E37C6B5-763F-4119-B412-56913FB2FEA7} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {7FAB4AB8-CCB9-4770-BFAB-BB34550476B5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {903A2894-7F5D-4B0A-BFE5-2244AC0A7526} - System32\Tasks\JGPST => C:\Users\Lisa\AppData\Roaming\JGPST.exe [2015-02-20] (PlayMCVenture) <==== ATTENTION
Task: {98AB0B71-7A56-4886-A942-6C80744C0325} - System32\Tasks\PocketCloud => C:\Program
Task: {9BDC8BEC-9A70-4EC1-BE2C-88B5FF21503F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {A54384EE-815B-479F-B479-8C57FAB44B0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation)
Task: {ABE9636C-DD6E-4C1F-BF7B-7F212D86A3CB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-21] (PC-Doctor, Inc.)
Task: {AFDCFA9A-F463-4A52-8E26-AC0D44A1228B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {B8F4C5F3-4A38-47C7-BDAD-E4026567ABD7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-21] (PC-Doctor, Inc.)
Task: {CF5D164A-5942-4D0C-928F-9452A4244FE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {EB20E352-B59C-4641-B456-18026C5A1FB9} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\JGPST.job => C:\Users\Lisa\AppData\Roaming\JGPST.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\KGOR.job => C:\Users\Lisa\AppData\Roaming\KGOR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\XUGOB.job => C:\Users\Lisa\AppData\Roaming\XUGOB.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-01-07 18:19 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 18:33 - 2015-02-20 18:33 - 00229376 _____ () C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp
2015-02-20 18:33 - 2015-02-20 18:33 - 00141312 _____ () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs
2015-02-20 18:33 - 2015-02-20 18:33 - 00090624 _____ () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp
2013-06-21 20:46 - 2013-06-21 20:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 20:35 - 2013-06-21 20:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 20:31 - 2013-06-21 20:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2012-12-28 16:39 - 2012-12-28 16:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 16:36 - 2012-12-28 16:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 16:41 - 2012-12-28 16:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-02-14 17:53 - 2015-02-14 17:53 - 01137352 _____ () C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe
2012-12-28 16:42 - 2012-12-28 16:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2014-11-15 14:08 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-15 14:08 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-21 17:48 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-19 12:55 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lisa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_0096c.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: TeamViewer9 => 2
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== Accounts: =============================

Administrator (S-1-5-21-2402126613-901041406-3136686689-500 - Administrator - Disabled)
Guest (S-1-5-21-2402126613-901041406-3136686689-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2402126613-901041406-3136686689-1006 - Limited - Enabled)
Lisa (S-1-5-21-2402126613-901041406-3136686689-1001 - Administrator - Enabled) => C:\Users\Lisa
UpdatusUser (S-1-5-21-2402126613-901041406-3136686689-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2015 02:31:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Faulting module name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Exception code: 0xc0000409
Fault offset: 0x000250ec
Faulting process id: 0x9a4
Faulting application start time: 0xqrsvc.exe0
Faulting application path: qrsvc.exe1
Faulting module path: qrsvc.exe2
Report Id: qrsvc.exe3
Faulting package full name: qrsvc.exe4
Faulting package-relative application ID: qrsvc.exe5

Error: (02/21/2015 02:29:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nsw5208.tmp version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a50

Start Time: 01d04e0c6e115211

Termination Time: 15

Application Path: C:\Users\Lisa\AppData\Local\Temp\nsw5208.tmp

Report Id: bd1dc87b-b9ff-11e4-bee9-342387120f4e

Faulting package full name:

Faulting package-relative application ID:

Error: (02/21/2015 00:44:05 PM) (Source: MsiInstaller) (EventID: 11309) (User: LISA-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (02/20/2015 11:17:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2010":
The user canceled one of the dialog boxes. No message was sent.

Error: (02/20/2015 11:17:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2010":
Failed to send mail message:

Error: (02/20/2015 10:53:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/20/2015 10:53:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/20/2015 10:53:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/20/2015 07:28:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/20/2015 07:22:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

System errors:
=============
Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (12/20/2014 05:32:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23427 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (12/09/2014 00:37:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 107051 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (07/29/2014 05:06:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12873 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (05/08/2014 07:58:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54144 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (04/12/2014 11:32:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 504 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (04/12/2014 11:23:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4850 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (03/31/2014 08:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8391 seconds with 900 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-02-21 14:43:40.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 14:43:40.586
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 14:33:23.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 14:33:23.189
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 14:33:23.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 14:33:22.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 14:33:22.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 13:06:37.308
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 13:06:37.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-21 13:06:37.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 10%
Total physical RAM: 16335.21 MB
Available physical RAM: 14539.25 MB
Total Pagefile: 18767.21 MB
Available Pagefile: 16588.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.4 GB) (Free:498.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 85005941)

Partition: GPT Partition Type.

==================== End Of Log ============================



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 21 February 2015 - 03:53 PM

Step 1

Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 21 February 2015 - 05:09 PM

Hi Jürgen,

 

Here's the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/21/2015
Scan Time: 4:37:21 PM
Logfile: MBAM Scan Log 2-21.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.08
Rootkit Database: v2015.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Lisa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367714
Time Elapsed: 16 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MovieWizard.A, C:\ProgramData\NPaxYHLMy\qYHYClnv.exe, 2676, Delete-on-Reboot, [1b9cdf419af0c86eb02bcde38d740bf5]

Modules: 0
(No malicious items detected)

Registry Keys: 16
PUP.Optional.MovieWizard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qYHYClnv, Quarantined, [1b9cdf419af0c86eb02bcde38d740bf5],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV21.02-nv, Quarantined, [6e49c25e5e2cb6803bcaaf021be8fc04],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV21.02-nv-ie, Quarantined, [bdfa47d95634ef4752b35a57a36058a8],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\Mediaplayersversion2.4, Quarantined, [199ec759f397fd39b232d7bd996aab55],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\Mediaplayersversion2.4-nv, Quarantined, [e4d361bfe9a14cea8a5a54401fe4b050],
PUP.Optional.QuickRef.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qrnfd_1_10_0_9, Quarantined, [36819e82cac00b2bed020f89f40fda26],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV21.02-nv, Quarantined, [aa0dfa26236768ce778f4968ef1441bf],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV21.02-nv-ie, Quarantined, [fcbb57c9305a0333be48cfe2e61dc040],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mediaplayersversion2.4-nv, Quarantined, [427561bf1a70fb3b5293474dfb08728e],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2402126613-901041406-3136686689-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV21.02-nv, Quarantined, [9126fc24365431058185a809649f3fc1],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2402126613-901041406-3136686689-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV21.02-nv-ie, Quarantined, [d8df4fd18cfef442af57129f6f944fb1],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-2402126613-901041406-3136686689-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mediaplayersversion2.4, Quarantined, [ad0ac35d870338fe8d58fa9a57ac31cf],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-2402126613-901041406-3136686689-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mediaplayersversion2.4-nv, Quarantined, [c2f538e8a2e820168f567e168e75a55b],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Mediaplayersversion2.4, Quarantined, [eccb23fd4d3d3501d6133a58ef14df21],

Registry Values: 3
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_238, Quarantined, [7245859b4743b87e1cde4858669d6a96],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_241, Quarantined, [4a6dc858642663d346b4a000ba49ac54],
PUP.Optional.TheAnswerFinder.A, HKU\S-1-5-21-2402126613-901041406-3136686689-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TheAnswerFinder, "C:\Users\Lisa\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe", Quarantined, [04b39987fe8c79bd11248120d42fa957]

Registry Data: 0
(No malicious items detected)

Folders: 29
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\defaults, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\defaults\preferences, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\userCode, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\locale, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\locale\en-US, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults\preferences, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\userCode, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale\en-US, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4, Quarantined, [eccb23fd4d3d3501d6133a58ef14df21],

Files: 331
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, Delete-on-Reboot, ,
PUP.Optional.MovieWizard.A, C:\ProgramData\NPaxYHLMy\qYHYClnv.exe, Delete-on-Reboot, [1b9cdf419af0c86eb02bcde38d740bf5],
PUP.Optional.MovieWizard.A, C:\ProgramData\NPaxYHLMy\dat\BbDLrgqY.exe, Delete-on-Reboot, [2196dc446b1f57dff0eb4d6379884db3],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\NPaxYHLMy\dat\OBzSxZsYl.dll, Delete-on-Reboot, [00b725fb2a60ba7cec4da814c83d55ab],
PUP.Optional.MovieWizard.A, C:\ProgramData\NPaxYHLMy\dat\UCQSJYsfnR.exe, Delete-on-Reboot, [645359c79ceef442518a8b25c9387987],
PUP.Optional.MediaPlayer.A, C:\Users\Lisa\AppData\Roaming\JGPST.exe, Quarantined, [12a564bc7a100135fe2c60a35fa71ce4],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\KGOR.exe, Quarantined, [ae09eb35850590a65a4a43b9ae5755ab],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\XUGOB.exe, Quarantined, [c7f0e739e5a514229e06b14b25e06799],
PUP.Optional.Nova.A, C:\Program Files (x86)\24ac5c38-df28-4842-a9a5-3b5ea72b9147\7aff59bf-a351-4f17-b4e0-ca7b5a1f3162.dll, Quarantined, [6750f22eb2d82412b4f54fb9a95959a7],
PUP.Optional.Nova.A, C:\Program Files (x86)\2a52c132-c7f7-446a-9ba3-e7854a9815ad\a3548c16-f491-4a37-842e-d77541c30778.dll, Quarantined, [eccba9778703cb6bb8f1f90f16ec9c64],
PUP.Optional.Nova.A, C:\Program Files (x86)\Adobe\bdc887cb-9d85-44ac-bc74-43ada72054b1.dll, Quarantined, [f1c63be5f49683b391186a9ec53d8e72],
PUP.Optional.Nova.A, C:\Program Files (x86)\AGEIA Technologies\eb9cd583-748c-42ae-9a49-259bacf36bf8.dll, Quarantined, [edcaa37d1c6efd3932778e7a7191936d],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-10.exe, Quarantined, [4572df411c6ec472fa30669dd531d22e],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-4.exe, Quarantined, [b205c9571179de58e3470bf894728977],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-6.exe, Quarantined, [4077c15f008a8caa42e8e81bfd0960a0],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-64.exe, Quarantined, [02b5cc54d3b7e254f53537cc15f16898],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c-7.exe, Quarantined, [635409170288f640f03ab64d60a69868],
PUP.Optional.Nova.A, C:\Program Files (x86)\Mediaplayersversion2.4\e59011bd-cda6-41df-98d4-2f92c8d6fff4.dll, Quarantined, [dbdc40e07e0cbb7b9118f414b2505ca4],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\UninstallBrw.exe, Quarantined, [af087aa64c3e66d034f69c67e71f34cc],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Mediaplayersversion2.4\utils.exe, Quarantined, [bafddb45a2e852e40c4183d6f40ce51b],
PUP.Optional.MagnoPlayer.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RNA886O.exe, Quarantined, [f5c2dd43d8b255e18fd5aabfb54b39c7],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RTQ3BQX.exe, Quarantined, [fcbbe33de9a1dc5aff758bc1738de51b],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$R9F4AP9.exe, Quarantined, [dfd8130de7a322142084b547ad58eb15],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RPN6FM2.exe, Quarantined, [8532bf612169c175ced6f309976e2bd5],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RPPMY65.exe, Quarantined, [8730b96748425bdb0d9739c38c79bc44],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RLIQHHI.exe, Quarantined, [5d5a130d880261d59f05807c1bead22e],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$R6RC9AF.exe, Quarantined, [ded98e92513990a6752f36c6af56d927],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RJGVROC.exe, Quarantined, [9b1c5ec231597bbb881cde1e0ff68a76],
PUP.Optional.MagnoPlayer.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RHT84HD.exe, Quarantined, [793e928e1179c57185df2742619f7b85],
PUP.Optional.Nova.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$ROI1AMQ.dll, Quarantined, [d5e28a9695f5a78fbaef47c1dd25649c],
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RXQW39H.exe, Quarantined, [2592eb3556340e28525228d407feb050],
PUP.Optional.MagnoPlayer.A, C:\$Recycle.Bin\S-1-5-21-2402126613-901041406-3136686689-1001\$RD5HC90\mgChecker.exe, Quarantined, [fcbbf030c7c3a1951d47c2a78e72c33d],
Trojan.MSIL.Injector, C:\Users\Lisa\AppData\Local\Temp\mytmpinstaller.exe, Quarantined, [8a2db56b3d4d82b443e012aad332fe02],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Temp\nsf53C5.tmp, Quarantined, [02b5859b5d2d072f6892ed389c66728e],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Temp\7143.exe, Quarantined, [0daa0b159feba591bfe5d6260ef78b75],
PUP.Optional.MagnoPlayer.A, C:\Users\Lisa\AppData\Local\Temp\3dc8dd53-bdbe-4738-9586-8642a2a14846\magnoplayersetup.exe, Quarantined, [8433839da9e10531d68ecb9e14ecc13f],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Local\Temp\e7879322-f364-4b98-adad-603b86cee677\setup.exe, Quarantined, [8d2a17091278e84e996153d29171bc44],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\7c08d519-0ae4-408f-bb04-5e6487faf128\games desktop.exe, Quarantined, [a3141d03741656e07230f91b34ce817f],
PUP.Optional.TheAnswerFinder.A, C:\Users\Lisa\AppData\Local\Temp\8e83034f-d82a-45bf-b0f0-f5c8ba0f8fe7\installer.exe, Quarantined, [a01754cc1b6ffd3947ccc23b5ea33cc4],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_secureprotect_installer_multilang.exe, Quarantined, [882f110f94f6db5b0ede3ebae51cb050],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_speeditup_installer_multilang.exe, Quarantined, [2d8a28f8325873c319d355a38978867a],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_stormpverti_installer_multilang.exe, Quarantined, [932455cb157514226f7d0bed5ea3f709],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [665130f062283006fbf10bed768b7c84],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_superpc_installer_multilang.exe, Quarantined, [7740c15f5b2fbd79717bcd2bb34eb24e],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_taplika_installer_multilang.exe, Quarantined, [bcfbaa765e2c7cba3cb0e513758cf40c],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_zombie_installer_multilang.exe, Quarantined, [9a1d0b155a3080b678746395d22fd42c],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_AmNuvision_installer_multilang.exe, Quarantined, [a1160d13ee9c76c06b815a9e827f5da3],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_boost_installer_multilang.exe, Quarantined, [3f789d83dfaba5919c50ea0e10f140c0],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_browsergood_installer_multilang.exe, Quarantined, [2e89120edcae94a2ce1e08f0b94809f7],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [754277a9d6b4b086e408e315c140758b],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_cp_desktopdock_installer_multilang.exe, Quarantined, [cee9b9676525c472e3090eeadc25dc24],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [2d8aac742d5df83e58949167b34eac54],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_cubepile_speedcheck_installer_multilang.exe, Quarantined, [c5f2b26e47432f0744a840b80001b14f],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_cubepile_wajam_installer_multilang.exe, Quarantined, [a31446dafe8cd46224c835c3b54c3ec2],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_FlashBeat_installer_multilang.exe, Quarantined, [2c8bb66a404af343509c7c7ce9186e92],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_optimizerpro_installer_multilang.exe, Quarantined, [6057a7797d0db97d27c5e51312ef08f8],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_piccolor_installer_multilang.exe, Quarantined, [2b8c8e920e7cdc5a58948d6b758cc23e],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_plumoweb_installer_multilang.exe, Quarantined, [c4f37ca477139e9845a746b2d42d857b],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_plushd_installer_multilang.exe, Quarantined, [387f67b94743b2848b61e612bb466a96],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_psecprotwhite_installer_multilang.exe, Quarantined, [d5e28b950189c37341ab15e344bd08f8],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_pzombie_installer_multilang.exe, Quarantined, [e7d0170992f8d75fc12b26d2b150cd33],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_quickref_installer_multilang.exe, Quarantined, [31868e92b3d76acc896326d2ac5530d0],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_quickref_p_installer_multilang.exe, Quarantined, [4770aa7619715bdb2fbd87711ae7d729],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [27905fc13753f73fea02669216eb659b],
PUP.Optional.Tuto4PC.A, C:\Users\Lisa\AppData\Local\Temp\is-GF976.tmp\package_sb_driverupdater_installer_multilang.exe, Quarantined, [11a6948c6a207cba02eada1e996806fa],
PUP.Optional.MovieWizard.A, C:\Users\Lisa\AppData\Local\Temp\b33ab158-4b32-4cc0-a5bc-8dc2779107bb\setup.exe, Quarantined, [d9de6eb2771363d34dd8d786fb054cb4],
PUP.Optional.Vitruvian.A, C:\Users\Lisa\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [7641051b3753ef47b5ba70af8d78ff01],
PUP.Optional.Vitruvian.A, C:\Users\Lisa\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [13a4be623456a195b4bb938cae57ae52],
PUP.Optional.Vitruvian.A, C:\Users\Lisa\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [2e8950d01e6cb97d88e729f60401a65a],
PUP.Optional.Vitruvian.A, C:\Users\Lisa\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [dfd8d54bb3d71b1b2c43a27d838236ca],
PUP.Optional.Vitruvian.A, C:\Users\Lisa\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [8a2d0818aae0e74f90df6db2e71e57a9],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\GoogleCrashHandler.exe, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\GoogleUpdate.exe, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\GoogleUpdateBroker.exe, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\GoogleUpdateHelper.msi, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\GoogleUpdateOnDemand.exe, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\goopdate.dll, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\goopdateres_en.dll, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\npGoogleUpdate4.dll, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\psmachine.dll, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.224948\psuser.dll, Quarantined, [41767ea2afdb0234663cd99ace35c23e],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\GoogleCrashHandler.exe, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\GoogleUpdate.exe, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\GoogleUpdateBroker.exe, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\GoogleUpdateHelper.msi, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\GoogleUpdateOnDemand.exe, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\goopdate.dll, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\goopdateres_en.dll, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\npGoogleUpdate4.dll, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\psmachine.dll, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.GlobalUpdate.A, C:\Users\Lisa\AppData\Local\Temp\comh.96214\psuser.dll, Quarantined, [4374b16f1278e5515d4552215fa4a45c],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome.manifest, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\install.rdf, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\178856bb5e7203ae7450d7c487bd8e11.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\34a7cc665fa59324626706c5f482695d.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\65f2807c0dff251e1bffb4b87706125d.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\848e6cb255022c9a16a65da041875790.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\a2b3ff52845621c2352f3845186ce3c6.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\background.html, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\browser.xul, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\dialog.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\f8ea92e91c0deab996a3dba1ebfb751e.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\options.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\options.xul, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\search_dialog.xul, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\7dcc3aac7acdd8ebef7b91773dbc69d7.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\1163a6d6f465804e6fd48a64cc44b770.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\21b013194b844c37266439856f6c85b5.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\25cb8cb8af50e01566ed9b5edd31f5cd.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\370328e542ae494590d56c242ee829d4.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\67f4d165859a148b5034f7779a79c1ce.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\6a855cb281ed2bf4fb1de80824df9e9a.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\6f8c51c22aab49c204ac22e660c99a72.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\70ae9b93a398d0ecb29d5feba3da9eff.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\926237eca5833477881dee5d229a491e.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\9f3042d0ab0bf4b552c4d684ffdcccdd.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\ad342802531e4f1a980f8857f42e61ce.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\c22e6a8c0be7f877209dc9f0de155ab5.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\e108bb579afd9cace9308b06fb871626.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\e2626f6a98608ae74899b66fe6038bd5.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\api\f6fde21b9d1f4ec29bfe770bd578170b.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\000b13a8c148e74e63b425fb1aaecd34.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\06ccbe93b5e957c81e95d5d7c3dd4a42.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\1feb52cd996bb024c32c13be78cd6733.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\3042147a68101f1b2de77b55dcaa7190.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\3ec00d2175808d0627754c37a73274c3.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\3feb8e1c163a9ff34a6d62ad74deba45.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\49f875789886def2a7a31f6b5a727458.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\5d2f1cecdeb026d016b3dc360e7f1026.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\6a4056a21b5ada3abd6215513ae54af1.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\6ed92e7cd60ccd33d57508c342c57634.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\72948bf1ec3edc1d8706cb8ab859aefc.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\83847697aeb0f91e7fb8b6d5a96d7f81.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\884378afd42daec09c087cc4811dc99e.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\8cb668a8c4141ef7de3a27ebc391010f.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\a779c0adaa337b68919c6ac12850a526.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\c8748e415507eb4d8ed7d6ac1a80e1f4.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\d115cac0444b66b41d54de3467f12c0b.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\eb0155fd1ec8b4ccc9ae4e25ea25e904.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\f4cdbb726e4b2929d8737980d4cd1aa9.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\fa91888aac337d6ceea4977d82592669.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\chrome\content\core\installer.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\defaults\preferences\prefs.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\manifest.xml, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins.json, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\253.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\102.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\104.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\119.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\123.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\124.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\13.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\14.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\16.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\17.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\178.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\179.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\180.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\184.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\191.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\195.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\200.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\213.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\217.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\220.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\221.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\223.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\230.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\231.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\232.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\233.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\234.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\242.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\246.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\252.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\260.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\262.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\263.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\264.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\273.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\281.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\286.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\288.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\289.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\290.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\300.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\334.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\335.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\337.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\342.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\344.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\345.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\354.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\356.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\377.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\380.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\4.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\47.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\64.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\7.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\78.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\9.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\91.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\plugins\93.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\userCode\background.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\extensionData\userCode\extension.js, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\locale\en-US\translations.dtd, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\button1.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\button2.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\button3.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\button4.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\button5.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\crossrider_statusbar.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\icon128.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\icon16.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\icon24.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\icon48.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\panelarrow-up.png, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\popup.html, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\skin.css, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com\skin\update.css, Quarantined, [dddafc241f6bec4aaf57f97c39ca7c84],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome.manifest, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\install.rdf, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\110b37e1b9bf9e6ab33c60b52e378658.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\4ffb7222a3b477b2594f5a930a9e0c8e.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\5616670e01810458193592c62486587e.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\7c6461c11e477e3c294cb3e01cd9078c.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\96b43f62512cd2d4748d7df8872c5fe7.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\97874b7fa32718b1b82e490515551cce.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\background.html, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\browser.xul, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\dialog.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\options.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\options.xul, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\search_dialog.xul, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\69cf626404a029e9380a6ac2c52d560a.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\017dd1e95f2adc2a9679602a4bb1b96f.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\14f8bab43855afd186bb003ebc97dbc8.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\1e0e0c789b5e9b519b8fcfa4309c6771.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\20b5d81c69dcad8f8689c9a6496ca62e.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\38feb6045363feb297a391d6e730f431.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\44b45d3d6d6f5375d38a7df29aeb0e66.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\50306f03a4421eb5c9aec1f834eb0378.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\50a93b88f0d3dada4dce9149280ed2ae.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\8efc99e64df1f4bbb679b228fd53ab10.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\d98b5a6c675948f59a990e76b3263b61.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\de3c60323cdb1c285239dfa2f9200d31.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\ece1a6daebb5d1ef89cbe4a5ba28ee12.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\edfacdad9ac7a3877802143deac3861e.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\f699fe149706753251ae1023925c2b4a.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\api\fe1d025af671f4d5d001e2c632ada15f.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\68162d5a9abf44f5374ff7c8de37abd8.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\0828e3e2348bb88062488cb0c5fb9677.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\08fd3d9f5db1fe5ecbf2f4e34e9b4e2e.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\0fb8c19b388948322a616e4a68bb8fb5.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\211aed69ae33d1949e3ae31d6530e27a.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\2875c7c6bb07ed6f6665cff46600babe.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\36a87a530ae8aca2fe4aa2aa14e632ea.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\4523a4638e5f4ae3cb088ee1bf687094.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\47bf6570234e050702a9df804ac7fff9.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\4f02c577b1deb393b921d277f8ef862c.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\4f77814535b6c900fde9c09457dbe684.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\754a290687d6fc0e92286a11eff7fd3e.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\759b62c04930675294c999d82d310a12.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\903fb6db8b0cb97b8a8ba2ab05eaa676.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\965aeb8d5ed342dabc6a7bb846be8c0f.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\96d4f290d2102e71e50fc40c9c929381.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\b84ccb95dee18a247de14a70b6c69715.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\d7ad8ca539a449f9a904468aca22c3d0.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\e5afbc5b842ac287bc0dd61cdb122759.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\f3d03149e0ceac898c6decd74b31ced7.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\chrome\content\core\installer.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\defaults\preferences\prefs.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\manifest.xml, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins.json, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\102.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\13.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\14.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\16.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\17.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\180.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\184.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\192.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\193.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\195.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\200.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\220.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\221.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\223.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\242.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\246.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\253.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\262.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\263.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\273.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\281.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\288.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\301.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\345.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\354.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\373.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\4.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\47.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\64.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\7.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\78.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\9.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\plugins\91.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\userCode\background.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\extensionData\userCode\extension.js, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\locale\en-US\translations.dtd, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button1.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button2.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button3.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button4.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\button5.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\crossrider_statusbar.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon128.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon16.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon24.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\icon48.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\panelarrow-up.png, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\popup.html, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\skin.css, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.CrossRider.A, C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com\skin\update.css, Quarantined, [44738898197160d6c99bcabe0af94fb1],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\35957745-bb28-4d7b-9bb7-31d890990ed6.dll, Quarantined, [eccb23fd4d3d3501d6133a58ef14df21],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\40f1654d-f1c0-41fe-9308-7d57b535dc3c.xpi, Quarantined, [eccb23fd4d3d3501d6133a58ef14df21],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\bgNova.html, Quarantined, [eccb23fd4d3d3501d6133a58ef14df21],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaplayersversion2.4\Uninstall.exe, Quarantined, [eccb23fd4d3d3501d6133a58ef14df21],

Physical Sectors: 0
(No malicious items detected)

(end)



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 22 February 2015 - 05:01 AM

:thumbup2:
 

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 lisa629

lisa629
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 22 February 2015 - 09:17 AM

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Lisa (administrator) on LISA-PC on 22-02-2015 09:14:51
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available profiles: Lisa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Small Island Development) C:\ProgramData\NPaxYHLMy\qYHYClnv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell) C:\Users\Lisa\AppData\Local\Apps\2.0\QJ8EQ181.Q48\3WZXKD8R.PA8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
() C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1439496 2010-10-19] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-07] (Google Inc.)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Run: [DellSystemDetect] => C:\Users\Lisa\AppData\Local\Apps\2.0\QJ8EQ181.Q48\3WZXKD8R.PA8\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-28] (Dell)
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\RunOnce: [Application Restart #1] => C:\Windows\SysWOW64\mshta.exe [12800 2014-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk
ShortcutTarget: Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk -> C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> DefaultScope {67CF62CB-DFEE-4C12-9F96-56B9E69D818B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {67CF62CB-DFEE-4C12-9F96-56B9E69D818B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {EEAA610A-35F7-4F61-96EB-0FB625E0C089} URL =
Toolbar: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [Not Found]
FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://mysearch.avg.com?cid={47ABCD36-EC63-4A8E-B336-F4EBFA5569B1}&mid=c7219e4d54d747d3a053d16daef66cc4-e29242b5d80771a036df2e9d09d7d16ebce75dd8&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-13 18:46:06&v=17.2.0.38&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?ei=utf-8&fr=chr-yo_gc&type=523482&ilc=12&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Calendar) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Tumblr Shortcuts) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeaoiimgjnefgefklfijghnlngmkcgom [2015-02-19]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 fetikigu; C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp [229376 2015-02-20] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-01-25] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
R2 kuzodiku; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp [90624 2015-02-20] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
R2 fewonize; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-08-28] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
U0 xcyksem; C:\Windows\System32\drivers\ewrwh.sys [79064 2015-02-21] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 09:14 - 2015-02-22 09:15 - 00023904 _____ () C:\Users\Lisa\Desktop\FRST.txt
2015-02-22 08:48 - 2015-02-22 08:48 - 00000000 ___RD () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-22 08:48 - 2015-02-22 08:48 - 00000000 ____D () C:\ProgramData\Browser
2015-02-21 16:54 - 2015-02-21 16:54 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\ewrwh.sys
2015-02-21 15:17 - 2015-02-21 15:17 - 00001133 _____ () C:\Users\Lisa\Desktop\Continue Live Installation.lnk
2015-02-21 14:55 - 2015-02-21 14:55 - 00000000 ____D () C:\Users\Lisa\AppData\Local\MovieWizard
2015-02-21 14:48 - 2015-02-21 14:48 - 00015816 _____ () C:\Users\Lisa\Desktop\AdwCleaner[S0].txt
2015-02-21 14:45 - 2015-02-21 14:45 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-02-21 14:43 - 2015-02-21 14:45 - 00000000 ____D () C:\AdwCleaner
2015-02-21 14:43 - 2015-02-21 14:43 - 02126848 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe
2015-02-21 12:44 - 2015-02-22 08:48 - 00001348 _____ () C:\WINDOWS\Tasks\XUGOB.job
2015-02-21 12:44 - 2015-02-21 12:44 - 00004350 _____ () C:\WINDOWS\System32\Tasks\XUGOB
2015-02-21 12:43 - 2015-02-22 08:48 - 00001346 _____ () C:\WINDOWS\Tasks\KGOR.job
2015-02-21 12:43 - 2015-02-21 16:54 - 00000000 ____D () C:\Program Files (x86)\24ac5c38-df28-4842-a9a5-3b5ea72b9147
2015-02-21 12:43 - 2015-02-21 12:43 - 00004348 _____ () C:\WINDOWS\System32\Tasks\KGOR
2015-02-21 11:46 - 2015-02-21 11:46 - 00001282 _____ () C:\Users\Lisa\Desktop\Revo Uninstaller.lnk
2015-02-21 11:46 - 2015-02-21 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-20 23:14 - 2015-02-21 14:52 - 00034633 _____ () C:\Users\Lisa\Desktop\Addition2.txt
2015-02-20 23:14 - 2015-02-20 23:15 - 00040292 _____ () C:\Users\Lisa\Desktop\Addition1.txt
2015-02-20 23:13 - 2015-02-22 09:14 - 00000000 ____D () C:\FRST
2015-02-20 23:13 - 2015-02-21 14:52 - 00052625 _____ () C:\Users\Lisa\Desktop\FRST2.txt
2015-02-20 23:09 - 2015-02-20 23:09 - 02086912 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2015-02-20 21:36 - 2015-02-21 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-20 21:34 - 2015-02-20 21:34 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lisa\Downloads\mbar-1.09.1.1004.exe
2015-02-20 18:46 - 2015-02-20 18:46 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-20 18:33 - 2015-02-21 14:51 - 00000000 ____D () C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31
2015-02-20 18:33 - 2015-02-20 18:36 - 00003742 _____ () C:\Users\Lisa\Desktop\Rkill.txt
2015-02-20 18:32 - 2015-02-22 08:48 - 00001348 _____ () C:\WINDOWS\Tasks\JGPST.job
2015-02-20 18:32 - 2015-02-21 16:54 - 00000000 ____D () C:\Program Files (x86)\2a52c132-c7f7-446a-9ba3-e7854a9815ad
2015-02-20 18:32 - 2015-02-20 18:33 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31
2015-02-20 18:32 - 2015-02-20 18:32 - 00004352 _____ () C:\WINDOWS\System32\Tasks\JGPST
2015-02-20 18:31 - 2015-02-20 18:33 - 00000000 ____D () C:\ProgramData\NPaxYHLMy
2015-02-20 18:23 - 2015-02-20 21:53 - 00000000 ____D () C:\Users\Lisa\Desktop\mbar
2015-02-20 17:56 - 2015-02-21 16:37 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 17:56 - 2015-02-20 21:35 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-20 17:56 - 2015-02-20 17:56 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 17:56 - 2015-02-20 17:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 17:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-20 17:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-20 17:52 - 2015-02-20 17:53 - 00046946 _____ () C:\Users\Lisa\Desktop\Result.txt
2015-02-20 17:46 - 2015-02-20 17:47 - 00002562 _____ () C:\Users\Lisa\Desktop\FSS.txt
2015-02-20 17:44 - 2015-02-20 17:44 - 00001090 _____ () C:\Users\Lisa\Desktop\checkup.txt
2015-02-20 07:45 - 2015-02-20 07:45 - 00000000 ____D () C:\Users\Lisa\Documents\Evernote
2015-02-19 22:29 - 2015-02-19 22:29 - 00000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin
2015-02-19 21:53 - 2015-02-19 21:53 - 00000000 ____D () C:\Program Files (x86)\Tumblr Shortcuts
2015-02-19 20:48 - 2015-02-19 21:04 - 00000000 ____D () C:\Program Files (x86)\TampaEdit
2015-02-14 18:49 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-14 18:49 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 18:00 - 2015-02-14 18:00 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-14 18:00 - 2015-02-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files\iTunes
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files\iPod
2015-02-14 17:59 - 2015-02-14 17:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-14 17:56 - 2015-02-14 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-14 17:54 - 2015-02-14 17:54 - 00000000 ____D () C:\ProgramData\jdjmabjmabmfmoglkmneahckcmcldiak
2015-02-14 17:53 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}
2015-02-14 17:51 - 2015-02-19 20:48 - 00000000 ____D () C:\Program Files (x86)\AppendEngine
2015-02-14 17:49 - 2015-02-14 17:49 - 00000000 ____D () C:\ProgramData\{11734d82-fa53-88a7-1173-34d82fa5360b}
2015-02-13 08:03 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-13 08:03 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-13 08:03 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-13 08:03 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-13 08:03 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-13 08:03 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-13 08:03 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-13 08:03 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-13 08:03 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-13 08:03 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-13 08:03 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-13 08:03 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-13 08:03 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-13 08:03 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-13 08:03 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-13 08:03 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-13 08:03 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-13 08:03 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-13 08:03 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-13 08:03 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-13 08:03 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-13 08:03 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-13 08:03 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-13 08:03 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-13 08:03 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-13 08:03 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-13 08:03 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-13 08:03 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-13 08:03 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-13 08:03 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-13 08:03 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-13 08:03 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-13 08:03 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-13 08:03 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-13 08:03 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-13 08:03 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-13 08:03 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-13 08:03 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-13 08:03 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-13 08:03 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-13 08:03 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-13 08:03 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-13 08:03 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-13 08:03 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-13 08:03 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-13 08:03 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-13 08:03 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-13 08:03 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-13 08:03 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-13 08:03 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-13 08:03 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-13 08:03 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-13 08:03 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-13 08:03 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-13 08:03 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-13 08:03 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-13 08:03 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-13 08:03 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-13 08:03 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-13 08:03 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-13 08:03 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-13 08:03 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-13 08:03 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-13 08:02 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-13 08:02 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-13 08:02 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-13 08:02 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-13 08:02 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-13 08:02 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-13 08:02 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-13 08:02 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 21:36 - 2015-02-20 07:36 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-11 21:36 - 2015-02-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-10 19:01 - 2015-02-05 12:57 - 00621384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-02-10 19:00 - 2015-02-05 16:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-10 19:00 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-10 19:00 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Users\Lisa\AppData\Roaming\XUGOB
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\KGOR
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST
2015-01-24 17:41 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2015-01-24 17:41 - 2015-01-24 17:41 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\ZinioReader4
2015-01-24 17:40 - 2015-01-24 17:40 - 00000957 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zinio Reader 4.lnk
2015-01-24 17:40 - 2015-01-24 17:40 - 00000945 _____ () C:\Users\Public\Desktop\Zinio Reader 4.lnk
2015-01-24 17:40 - 2015-01-24 17:40 - 00000000 ____D () C:\Program Files (x86)\Zinio Reader 4
2015-01-23 17:51 - 2015-01-23 17:51 - 00000000 ____D () C:\Users\Lisa\Desktop\Candy Crush 1-23-15
2015-01-23 17:50 - 2015-01-23 17:50 - 00000000 ____D () C:\Users\Lisa\Desktop\Documents for Candy Crush

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 09:11 - 2014-01-07 18:19 - 01611651 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-22 09:10 - 2014-03-15 20:48 - 00000000 ____D () C:\Users\Lisa\Documents\Outlook
2015-02-22 09:10 - 2014-01-25 15:07 - 00000000 ____D () C:\Users\Lisa\AppData\Local\F6E1BA2A-56A7-4821-A056-60D793DE864E.aplzod
2015-02-22 09:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-22 09:00 - 2015-01-17 15:10 - 00000352 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-02-22 08:58 - 2014-03-26 12:27 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 08:58 - 2014-03-26 12:27 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 08:51 - 2014-01-07 19:49 - 00003768 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{280B3323-E231-4EAC-AB97-C2A03060FB8A}
2015-02-22 08:48 - 2014-01-07 19:45 - 00000000 ___DO () C:\Users\Lisa\SkyDrive
2015-02-21 16:54 - 2014-10-23 05:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-21 16:54 - 2014-01-25 19:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-21 16:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\security
2015-02-21 15:24 - 2014-01-07 16:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2402126613-901041406-3136686689-1001
2015-02-21 14:54 - 2013-11-19 13:05 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-21 14:53 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-21 14:46 - 2014-01-07 18:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-21 14:46 - 2013-08-22 09:46 - 00320668 _____ () C:\WINDOWS\setupact.log
2015-02-21 14:46 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-21 14:45 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-21 14:27 - 2014-01-25 19:27 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Adobe
2015-02-21 14:21 - 2013-11-14 02:20 - 00647946 _____ () C:\WINDOWS\PFRO.log
2015-02-20 18:15 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-20 07:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 07:47 - 2014-01-07 18:23 - 00000000 ____D () C:\Users\Lisa
2015-02-20 02:59 - 2015-01-14 08:08 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 20:42 - 2014-01-25 16:47 - 00000000 ____D () C:\Users\Lisa\Documents\Bookmarks
2015-02-18 23:52 - 2014-01-25 21:23 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps
2015-02-18 22:01 - 2014-01-07 19:58 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Deployment
2015-02-18 00:01 - 2014-01-25 21:04 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2015-02-17 15:26 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-14 17:59 - 2014-01-25 12:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-13 09:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-13 08:19 - 2013-08-22 09:44 - 00504328 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 08:15 - 2014-01-25 15:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-13 08:11 - 2014-01-07 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 08:10 - 2014-01-07 16:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-13 08:06 - 2014-01-07 16:51 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 08:04 - 2014-12-20 08:44 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-13 08:04 - 2014-07-08 21:18 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 08:12 - 2014-11-08 16:38 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-11 08:12 - 2014-11-08 16:38 - 00001108 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-02-10 19:02 - 2014-03-23 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-10 19:02 - 2013-11-19 13:07 - 00000000 ____D () C:\Temp
2015-02-05 16:01 - 2014-01-07 18:19 - 00074056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-02-05 16:01 - 2014-01-07 18:19 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-02-05 16:01 - 2013-08-27 00:03 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-05 16:01 - 2013-08-27 00:03 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-05 16:01 - 2013-08-27 00:02 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-05 16:01 - 2013-08-27 00:02 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-05 16:01 - 2013-08-27 00:02 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 14:07 - 2014-01-07 18:19 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 14:07 - 2014-01-07 18:19 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 14:06 - 2014-01-07 18:19 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 08:53 - 2014-01-07 19:59 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 08:53 - 2014-01-07 19:59 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 07:50 - 2014-01-07 18:19 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 16:56 - 2014-12-06 14:23 - 00001033 _____ () C:\Users\Public\Desktop\iExplorer.lnk
2015-01-23 16:56 - 2014-12-06 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
2015-01-23 16:56 - 2014-12-06 14:23 - 00000000 ____D () C:\Program Files (x86)\iExplorer

==================== Files in the root of some directories =======

2015-02-19 22:29 - 2015-02-19 22:29 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Lisa\AppData\Roaming\KGOR
2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Users\Lisa\AppData\Roaming\XUGOB
2014-03-18 16:21 - 2014-03-18 16:21 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-19 13:05 - 2013-11-19 13:05 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-11-19 13:02 - 2013-11-19 13:03 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-11-19 13:03 - 2013-11-19 13:04 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-11-19 13:02 - 2013-11-19 13:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-11-19 13:04 - 2013-11-19 13:05 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\26E534.exe
C:\Users\Lisa\AppData\Local\Temp\6DC074E5-0784-70F2-586A-7CA4D5527E2E.dll
C:\Users\Lisa\AppData\Local\Temp\6DC074E5-0784-70F2-586A-7CA4D5527E2E.exe
C:\Users\Lisa\AppData\Local\Temp\7adD48.exe
C:\Users\Lisa\AppData\Local\Temp\8790D93C-443B-7787-F887-6B33A6DF1A26.exe
C:\Users\Lisa\AppData\Local\Temp\8d068.exe
C:\Users\Lisa\AppData\Local\Temp\8D56.exe
C:\Users\Lisa\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lisa\AppData\Local\Temp\FE73205874F.exe
C:\Users\Lisa\AppData\Local\Temp\iExplorer_Setup_3650.exe
C:\Users\Lisa\AppData\Local\Temp\install_reader11_en_chrd_awa_aih.exe
C:\Users\Lisa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lisa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Lisa\AppData\Local\Temp\nvStInst.exe
C:\Users\Lisa\AppData\Local\Temp\nvstlink.exe
C:\Users\Lisa\AppData\Local\Temp\ose00000.exe
C:\Users\Lisa\AppData\Local\Temp\Quarantine.exe
C:\Users\Lisa\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll
C:\Users\Lisa\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-15 18:47

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Lisa at 2015-02-22 09:15:17
Running from C:\Users\Lisa\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\Amazon Cloud Drive) (Version: 1.0.2014.3130 - Amazon Digital Services, LLC.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{0B341FFF-66F9-4B82-A73A-C2317514A30F}) (Version: 8.4.3.1793 - TechSmith Corporation)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.6.5.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
New England Baseball Journal - April 2014 (HKLM-x32\...\288e5686a0ce4f2dfa09a3d905f414b7) (Version: 1.0.3 - Nxtbook Media, LLC)
New England Baseball Journal - April 2014 (x32 Version: 1.0.3 - Nxtbook Media, LLC) Hidden
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2010 (HKLM-x32\...\{0700E22B-A424-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TheAnswerFinder (HKLM\...\TheAnswerFinder) (Version: 1.0.7 - TheAnswerFinder)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wondershare Video Editor(Build 4.7.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.3972 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

30-01-2015 15:59:49 Windows Update
07-02-2015 04:11:01 Scheduled Checkpoint
10-02-2015 18:44:56 Windows Update
11-02-2015 21:33:40 Installed Evernote v. 5.8.3
20-02-2015 07:20:08 Scheduled Checkpoint
20-02-2015 21:52:44 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C45E029-4A76-4E4C-9306-2392F5A5E2B4} - System32\Tasks\KGOR => C:\Users\Lisa\AppData\Roaming\KGOR.exe <==== ATTENTION
Task: {208659E5-1F39-4874-A3DF-48F01543268D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {277B11F1-37E8-43C8-84E2-E3C891D57A34} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {2F68E7E6-4B3C-4CCD-822B-C919E0A5D4C2} - System32\Tasks\XUGOB => C:\Users\Lisa\AppData\Roaming\XUGOB.exe <==== ATTENTION
Task: {328706DA-B9A9-4387-A6AC-600102DB2297} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {4E64751E-AA32-4832-880F-0ECFC8152787} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {7149A987-3A52-46BD-877A-736615D76C26} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-13] (Microsoft Corporation)
Task: {7E37C6B5-763F-4119-B412-56913FB2FEA7} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {7FAB4AB8-CCB9-4770-BFAB-BB34550476B5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {903A2894-7F5D-4B0A-BFE5-2244AC0A7526} - System32\Tasks\JGPST => C:\Users\Lisa\AppData\Roaming\JGPST.exe <==== ATTENTION
Task: {98AB0B71-7A56-4886-A942-6C80744C0325} - System32\Tasks\PocketCloud => C:\Program
Task: {9BDC8BEC-9A70-4EC1-BE2C-88B5FF21503F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {ABE9636C-DD6E-4C1F-BF7B-7F212D86A3CB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-21] (PC-Doctor, Inc.)
Task: {AFDCFA9A-F463-4A52-8E26-AC0D44A1228B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {B8F4C5F3-4A38-47C7-BDAD-E4026567ABD7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-21] (PC-Doctor, Inc.)
Task: {CF5D164A-5942-4D0C-928F-9452A4244FE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-07] (Google Inc.)
Task: {EB20E352-B59C-4641-B456-18026C5A1FB9} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\JGPST.job => C:\Users\Lisa\AppData\Roaming\JGPST.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\KGOR.job => C:\Users\Lisa\AppData\Roaming\KGOR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\XUGOB.job => C:\Users\Lisa\AppData\Roaming\XUGOB.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 18:33 - 2015-02-20 18:33 - 00229376 _____ () C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp
2015-02-20 18:33 - 2015-02-20 18:33 - 00141312 _____ () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs
2015-02-20 18:33 - 2015-02-20 18:33 - 00090624 _____ () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp
2013-06-21 20:46 - 2013-06-21 20:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 20:35 - 2013-06-21 20:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 20:31 - 2013-06-21 20:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-01-07 18:19 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-28 16:39 - 2012-12-28 16:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 16:36 - 2012-12-28 16:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 16:41 - 2012-12-28 16:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-02-14 17:53 - 2015-02-14 17:53 - 01137352 _____ () C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe
2012-12-28 16:42 - 2012-12-28 16:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2013-05-09 20:58 - 2013-05-09 20:58 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2013-11-19 12:55 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-15 14:08 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-15 14:08 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-06-21 17:48 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2010-12-17 15:56 - 2010-12-17 15:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 15:53 - 2013-03-07 15:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2010-12-17 15:56 - 2010-12-17 15:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 15:56 - 2010-12-17 15:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 19:55 - 2010-01-12 19:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 19:55 - 2010-01-12 19:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 15:16 - 2010-12-16 15:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2010-01-18 02:34 - 2010-01-18 02:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 15:55 - 2013-03-07 15:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 15:58 - 2013-03-07 15:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 15:54 - 2013-03-07 15:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 15:56 - 2010-12-17 15:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 15:56 - 2010-12-17 15:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 15:56 - 2010-12-17 15:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2014-03-17 22:33 - 2013-05-08 01:57 - 02666496 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lisa\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2402126613-901041406-3136686689-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_0096c.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: TeamViewer9 => 2
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater"
HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2402126613-901041406-3136686689-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== Accounts: =============================

Administrator (S-1-5-21-2402126613-901041406-3136686689-500 - Administrator - Disabled)
Guest (S-1-5-21-2402126613-901041406-3136686689-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2402126613-901041406-3136686689-1006 - Limited - Enabled)
Lisa (S-1-5-21-2402126613-901041406-3136686689-1001 - Administrator - Enabled) => C:\Users\Lisa
UpdatusUser (S-1-5-21-2402126613-901041406-3136686689-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2015 09:06:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/22/2015 08:59:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/21/2015 03:24:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/21/2015 02:31:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Faulting module name: qrsvc.exe, version: 1.10.0.9, time stamp: 0x54d51cc7
Exception code: 0xc0000409
Fault offset: 0x000250ec
Faulting process id: 0x9a4
Faulting application start time: 0xqrsvc.exe0
Faulting application path: qrsvc.exe1
Faulting module path: qrsvc.exe2
Report Id: qrsvc.exe3
Faulting package full name: qrsvc.exe4
Faulting package-relative application ID: qrsvc.exe5

Error: (02/21/2015 02:29:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nsw5208.tmp version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a50

Start Time: 01d04e0c6e115211

Termination Time: 15

Application Path: C:\Users\Lisa\AppData\Local\Temp\nsw5208.tmp

Report Id: bd1dc87b-b9ff-11e4-bee9-342387120f4e

Faulting package full name:

Faulting package-relative application ID:

Error: (02/21/2015 00:44:05 PM) (Source: MsiInstaller) (EventID: 11309) (User: LISA-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (02/20/2015 11:17:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2010":
The user canceled one of the dialog boxes. No message was sent.

Error: (02/20/2015 11:17:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2010":
Failed to send mail message:

Error: (02/20/2015 10:53:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/20/2015 10:53:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

System errors:
=============
Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1069

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (02/21/2015 02:45:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/21/2015 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (12/20/2014 05:32:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23427 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (12/09/2014 00:37:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 107051 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (07/29/2014 05:06:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12873 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (05/08/2014 07:58:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54144 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (04/12/2014 11:32:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 504 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (04/12/2014 11:23:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4850 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (03/31/2014 08:04:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8391 seconds with 900 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-02-22 09:01:34.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.386
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.276
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:34.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:33.948
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-02-22 09:01:33.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16335.21 MB
Available physical RAM: 13893.02 MB
Total Pagefile: 18767.21 MB
Available Pagefile: 15955.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.4 GB) (Free:498.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 85005941)

Partition: GPT Partition Type.

==================== End Of Log ============================



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:59 PM

Posted 22 February 2015 - 11:09 AM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ShopAtHomeWatcher] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    HKLM-x32\...\Run: [ShopAtHomeUpdater] => C:\Users\Lisa\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    C:\Users\Lisa\AppData\Roaming\ShopAtHome
    Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk
    ShortcutTarget: Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .lnk -> C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}\Thinking Out Loud _ Im Not The Only One MASHUP (Sam Tsui .exe ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Folder:  C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}
    C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2402126613-901041406-3136686689-1001 -> {EEAA610A-35F7-4F61-96EB-0FB625E0C089} URL =
    FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [Not Found]
    FF Extension: No Name - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\fcv7vw7j.default\extensions\OIBMBKA115048682@HYKFIU97176590.com [Not Found]
    R2 fetikigu; C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\snsz5BA1.tmp [229376 2015-02-20] () [File not signed]
    R2 kuzodiku; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\jnswFC67.tmp [90624 2015-02-20] () [File not signed]
    C:\Users\Lisa\AppData\Local\4C4C4544-1424457219-3110-8032-B8C04F425A31\
    R2 fewonize; C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31\nscCA07.tmpfs [X]
    2015-02-22 08:48 - 2015-02-22 08:48 - 00000000 ____D () C:\ProgramData\Browser
    2015-02-21 14:55 - 2015-02-21 14:55 - 00000000 ____D () C:\Users\Lisa\AppData\Local\MovieWizard
    2015-02-21 14:45 - 2015-02-21 14:45 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
    2015-02-21 12:44 - 2015-02-22 08:48 - 00001348 _____ () C:\WINDOWS\Tasks\XUGOB.job
    2015-02-21 12:44 - 2015-02-21 12:44 - 00004350 _____ () C:\WINDOWS\System32\Tasks\XUGOB
    2015-02-21 12:43 - 2015-02-22 08:48 - 00001346 _____ () C:\WINDOWS\Tasks\KGOR.job
    2015-02-21 12:43 - 2015-02-21 16:54 - 00000000 ____D () C:\Program Files (x86)\24ac5c38-df28-4842-a9a5-3b5ea72b9147
    2015-02-21 12:43 - 2015-02-21 12:43 - 00004348 _____ () C:\WINDOWS\System32\Tasks\KGOR
    2015-02-20 18:32 - 2015-02-22 08:48 - 00001348 _____ () C:\WINDOWS\Tasks\JGPST.job
    2015-02-20 18:32 - 2015-02-21 16:54 - 00000000 ____D () C:\Program Files (x86)\2a52c132-c7f7-446a-9ba3-e7854a9815ad
    2015-02-20 18:32 - 2015-02-20 18:33 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\4C4C4544-1424457159-3110-8032-B8C04F425A31
    2015-02-20 18:32 - 2015-02-20 18:32 - 00004352 _____ () C:\WINDOWS\System32\Tasks\JGPST
    2015-02-20 18:31 - 2015-02-20 18:33 - 00000000 ____D () C:\ProgramData\NPaxYHLMy
    2015-02-14 17:54 - 2015-02-14 17:54 - 00000000 ____D () C:\ProgramData\jdjmabjmabmfmoglkmneahckcmcldiak
    2015-02-14 17:53 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\{126f226a-35ff-5220-126f-f226a35f89a8}
    2015-02-14 17:51 - 2015-02-19 20:48 - 00000000 ____D () C:\Program Files (x86)\AppendEngine
    2015-02-14 17:49 - 2015-02-14 17:49 - 00000000 ____D () C:\ProgramData\{11734d82-fa53-88a7-1173-34d82fa5360b}
    2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Users\Lisa\AppData\Roaming\XUGOB
    2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\KGOR
    2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Users\Lisa\AppData\Roaming\JGPST
    Task: {1C45E029-4A76-4E4C-9306-2392F5A5E2B4} - System32\Tasks\KGOR => C:\Users\Lisa\AppData\Roaming\KGOR.exe 
    Task: {2F68E7E6-4B3C-4CCD-822B-C919E0A5D4C2} - System32\Tasks\XUGOB => C:\Users\Lisa\AppData\Roaming\XUGOB.exe 
    Task: {903A2894-7F5D-4B0A-BFE5-2244AC0A7526} - System32\Tasks\JGPST => C:\Users\Lisa\AppData\Roaming\JGPST.exe 
    Task: C:\WINDOWS\Tasks\JGPST.job => C:\Users\Lisa\AppData\Roaming\JGPST.exe 
    Task: C:\WINDOWS\Tasks\KGOR.job => C:\Users\Lisa\AppData\Roaming\KGOR.exe 
    Task: C:\WINDOWS\Tasks\XUGOB.job => C:\Users\Lisa\AppData\Roaming\XUGOB.exe 
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 

Step 3

 

Do you know how to make zip files? :)

  1. Locate the file or folder that you want to compress.

  2. Right-click the file or folder, point to Send to, and then click Compressed (zipped) folder.

    A new compressed folder is created in the same location. To rename it, right-click the folder, click Rename, and then type the new name.

 

I want you to do following:

 

Please search for the  C:\FRST\Quarantine folder and create a zip-file of it. Please upload the zip-file to my channel.

http://www.bleepingcomputer.com/submit-malware.php?channel=177

 

Thank you very much!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users