Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a .exe file I downloaded. Now all kinds of things going haywire


  • This topic is locked This topic is locked
10 replies to this topic

#1 NinjaNight

NinjaNight

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 09 October 2015 - 03:48 PM

Too many things going on to be specific in the title so here goes...

 

This all started yesterday from such a silly thing. I was looking to download a very old strategy game that I played about 15 years ago called "Total Annihilation." I tried downloading from 10 or more different sites none of which ended up working except the demo. I was well aware that one of them may end up having a virus but I figured Avast + Malware Bytes would take care of it if it did. Finally I came across one that was just a single .exe file and nothing else. I opened it and Avast starting spamming the "THREAT HAS BEEN DETECTED!" warning. I could tell the .exe was doing a bunch of stuff invisibly at first because the hourglass next to my cursor kept flickering for a while. I instantly ran an Avast scan and while that was going a bunch of weird stuff began happening. For example, a new weird browser appeared that opened with all my tabs I already had open in chrome and the icon of this browser looked like a warped version of the chrome icon. It was called "MyBrowser." At the same time it redirected me to some webpages - I don't remember what they were. All the while my computer had a strange "laggy" feeling to it because of whatever this thing was doing constantly. The Avast scan (full scan) finished and found NOTHING. Somehow this completely evades detection outside of the original warning when I opened the .exe file. I opened task manager and saw a bunch of different things running that were never there before (in hindsight I should've taken a screenshot but I was only thinking about what is going on). I tried to end task on all of them but they just reactivated themselves or told me I don't have permission. It was late at night and I was super tired so I just shut it down and went to sleep. This morning when I turned it on there was a pitch black screen for a couple minutes before my desktop finally loaded and a "cmd" opened itself that wouldn't let me close it. End task didn't work either I think access was denied. The "cmd" was showing a path to C:\Windows\ to somewhere - can't remember the rest... There was again a lot of stuff running in task manager from this virus or whatever this thing is that wouldn't go away or gave permission errors. "cmd" began flickering and any folders I opened started flickering too. After doing some reading on another forum (before I found this one) someone said they tried to "infect the virus with a virus" by renaming the applications to .txt. I tried that on some of the applications I found in my folders that seemed to be from it and was successful on a few of them but with others it prevented me from doing that by making an error that told me I need admin access to rename them. So apparently this thing can even deny me admin rights for stuff it doesn't want me to do -_- . From a different forum I got the idea to then go into Safe Mode with Networking and then see if I could end these tasks or do things I couldn't in normal mode. **Note** So much has happened that I don't remember if the "cmd" prompt was still there after switching to safe mode or if something I did later got rid of it.** I tried uninstalling "MyBrowser" through programs and features which didn't work. I ran Malwarebytes and CCleaner - Malwarebytes found 313 threats but after it dealt with all that "MyBrowser" and all the other things were still present. I went to my C drive and then looked for anything created and modified last night or this morning to delete it all figuring anything created so recently couldn't be important and at least a lot of it would surely be related to this virus. I deleted everything I found and then permanently deleted from recycle bin because I was afraid it would still be able to use any of that from the recycle bin somehow. I restarted my computer and went to normal mode. The long black screen didn't happen this time which I took as a good sign and I only saw one .exe program in task manager that didn't belong which disappeared a couple seconds later. However, I tried to browse the web and web pages wouldn't load despite having perfect internet connection. I even pinged different websites and the response was perfect. Same thing happens with every browser IE/Chrome/Firefox. No page ever shows up. Note I was still able to web browse last night even after the virus took hold. I didn't try to web browse today until after I had already done all this (except on my phone b/c my provider was having issues that caused the internet to be down temporarily. From my phone was how I found the forum posts mentioned). I can't tell if not being able to browse is a new development by this virus or if it's happening because of something I deleted or if CCleaner somehow messed things up. I forgot to mention I used CCleaner tools to disable on startup anything that looked related to the virus (a script to open "MyBrowser" was one of them). Anyway, sorry if this post is confusing - my memory isn't perfect plus there's so many details as to what went on.

 

Thanks very much in advance for your help! From here on out I will only do what you tell me to do and stop doing anything with it myself. It would have been better if I searched more for a forum that could actually help my specific problem from the start but I couldn't resist messing around with this thing; it's really interesting to explore what it can do and has done and what works/what doesn't.

 

 

Contents of FRST file:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Seldentar (administrator) on ALYARIS (09-10-2015 14:09:31)
Running from C:\Users\Seldentar\Documents
Loaded Profiles: Seldentar (Available Profiles: Seldentar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHDA.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Users\Seldentar\AppData\Roaming\NetService\netservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AceGain LiveUpdate] => C:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe [417792 2003-12-31] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\Run: [EPLTarget\P0000000000000002] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE [241280 2013-03-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: {dc74abcd-b653-11e1-9616-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-04-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 05 C:\windows\system32\LavasoftTcpService.dll No File 
Winsock: Catalog9 06 C:\windows\system32\LavasoftTcpService.dll No File 
Winsock: Catalog9 07 C:\windows\system32\LavasoftTcpService.dll No File 
Winsock: Catalog9 08 C:\windows\system32\LavasoftTcpService.dll No File 
Winsock: Catalog9 20 C:\windows\system32\LavasoftTcpService.dll No File 
Winsock: Catalog9 21 C:\windows\SysWOW64\BfLLR.dll [183808 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-10-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-10-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-10-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-10-08] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\BfLLR.dll [200704 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 06 C:\Windows\system32\BfLLR.dll [200704 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 07 C:\Windows\system32\BfLLR.dll [200704 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 08 C:\Windows\system32\BfLLR.dll [200704 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 20 C:\Windows\system32\BfLLR.dll [200704 2012-03-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 21 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-10-08] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9829448E-3B2A-415F-8BEC-B14154951D46}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D100915-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D100915-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: No Name -> {b8635db9-2694-4837-be3d-4ed3bea8a8ee} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-14] (Microsoft Corporation)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D100915-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Bing®
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Bing®
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D100915-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\user.js [2015-10-08]
FF SearchPlugin: C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\searchplugins\bing-lavasoft.xml [2015-10-08]
FF Extension: Flash and Video Download - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-09-21]
FF Extension: Video Tile - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{3ad9b784-0cd6-4c9a-ad1d-bf54c6bbe0f6}.xpi [2015-10-08]
FF Extension: Adblock Plus - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-16]
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc179" 
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-03]
CHR Extension: (Google Search) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-03]
CHR Extension: (AdBlock) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-18]
CHR Extension: (Avast Online Security) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 NetTcpHandler; C:\Users\Seldentar\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2012-08-09] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [568512 2014-02-25] (Valve Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gyvixodu; C:\Program Files (x86)\03000200-1444365005-0500-0006-000700080009\hnswD038.tmp [X]
S2 syfinizy; C:\Program Files (x86)\03000200-1444365005-0500-0006-000700080009\jnshBA85.tmp [X]
S2 tucuzecy; C:\Program Files (x86)\03000200-1444365005-0500-0006-000700080009\knswA318.tmpfs [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [40104 2015-03-09] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-10-07] () [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [25088 2015-01-27] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [42568 2015-02-26] (SteelSeries ApS)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
S1 wwfd_vt_1_10_0_24; system32\drivers\wwfd_vt_1_10_0_24.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-09 14:09 - 2015-10-09 14:10 - 00028938 _____ C:\Users\Seldentar\Documents\FRST.txt
2015-10-09 14:09 - 2015-10-09 14:09 - 00000000 ____D C:\FRST
2015-10-09 13:56 - 2015-10-09 13:56 - 02194944 _____ (Farbar) C:\Users\Seldentar\Documents\FRST64.exe
2015-10-09 13:31 - 2015-10-09 13:31 - 00000614 _____ C:\windows\PFRO.log
2015-10-09 11:28 - 2015-10-09 13:52 - 00017737 _____ C:\windows\WindowsUpdate.log
2015-10-09 11:25 - 2015-10-09 13:32 - 00000336 _____ C:\windows\setupact.log
2015-10-09 11:25 - 2015-10-09 11:25 - 00000000 _____ C:\windows\setuperr.log
2015-10-09 10:47 - 2015-10-09 10:47 - 01232559 ____H C:\Users\Seldentar\Desktop\Cache.mxc3
2015-10-09 10:26 - 2015-10-09 10:26 - 00476126 _____ C:\Users\Seldentar\Desktop\CCCleaner backup 10_9_15.reg
2015-10-09 10:10 - 2015-10-09 10:47 - 00000000 ____D C:\Users\Seldentar\Desktop\SC
2015-10-08 23:46 - 2015-10-08 23:46 - 00004068 _____ C:\windows\System32\Tasks\dsphtr1aPKxjbW4lj28icAOm
2015-10-08 23:46 - 2015-10-08 23:46 - 00004054 _____ C:\windows\System32\Tasks\HNxSN2cYGwflcw5Iz
2015-10-08 23:45 - 2015-10-09 12:18 - 00003282 _____ C:\windows\System32\Tasks\Easy Driver Pro Schedule
2015-10-08 23:44 - 2015-10-08 23:54 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\RunDir
2015-10-08 23:44 - 2015-10-08 23:44 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\NetService
2015-10-08 23:43 - 2015-10-09 08:51 - 00000000 ____D C:\ProgramData\XtXnxI
2015-10-08 23:42 - 2015-10-08 23:42 - 00004070 _____ C:\windows\System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y
2015-10-08 23:42 - 2015-10-08 23:42 - 00004050 _____ C:\windows\System32\Tasks\Cnj8iD3JtyeUUTj
2015-10-08 23:42 - 2015-10-08 23:42 - 00003140 _____ C:\windows\System32\Tasks\newSI_42074
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 __SHD C:\Users\Seldentar\AppData\Local\WinKav
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ___HD C:\Users\Seldentar\AppData\Local\ZeastOptimiserUn
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\newSI_42074
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ____D C:\Users\Seldentar\AppData\Local\ZeastOptimiser
2015-10-08 23:40 - 2015-10-08 23:40 - 00004088 _____ C:\windows\System32\Tasks\MyBrowser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Seldentar\AppData\Local\MyBrowser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default\AppData\Local\MyBrowser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default User\AppData\Local\MyBrowser
2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Opera Software
2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Opera Software
2015-10-08 23:30 - 2015-10-08 23:30 - 01479466 _____ C:\Users\Seldentar\Downloads\total+annihilation+kingdo.ace
2015-10-08 23:30 - 2009-06-10 16:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-10-08 23:29 - 2015-10-08 23:29 - 00001235 _____ C:\Users\Seldentar\Desktop\Continue installation .lnk
2015-10-08 23:28 - 2015-10-08 23:28 - 00839963 _____ C:\Users\Seldentar\Downloads\Total Annihilation Downloader.rar
2015-10-08 23:14 - 2015-10-08 23:16 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\springlobby
2015-10-08 23:08 - 2015-10-08 23:08 - 14253856 _____ C:\Users\Seldentar\Downloads\OTA31.sdz
2015-10-08 23:06 - 2015-10-08 23:07 - 22184135 _____ (Spring community) C:\Users\Seldentar\Downloads\spring_100.0 (1).exe
2015-10-08 22:39 - 2015-10-08 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring
2015-10-08 22:38 - 2015-10-08 22:39 - 22184135 _____ (Spring community) C:\Users\Seldentar\Downloads\spring_100.0.exe
2015-10-08 22:32 - 2015-10-08 22:32 - 00980576 _____ (Hyuna International LTD) C:\Users\Seldentar\Downloads\lilplay-installer.1326855958.793de24c36834843be69d6c5273e4dd8.exe
2015-10-08 22:30 - 2015-10-08 22:30 - 00980576 _____ (Hyuna International LTD) C:\Users\Seldentar\Downloads\lilplay-installer.1326855958.13e38cd08d334607b3aaa4bf6ee94d77.exe
2015-10-08 22:28 - 2015-10-09 00:21 - 00000000 ____D C:\Users\Seldentar\AppData\Local\YummyInteractiveInc
2015-10-08 22:28 - 2015-10-08 22:31 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Yummy
2015-10-08 22:28 - 2015-10-08 22:28 - 00980576 _____ (Hyuna International LTD) C:\Users\Seldentar\Downloads\lilplay-installer.1326855958.68a4ae3c7e9b4019a571333e488241a2.exe
2015-10-08 22:28 - 2015-10-08 22:28 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Yummy Interactive Inc
2015-10-08 22:28 - 2015-10-08 22:28 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Hyuna_International_LTD
2015-10-08 22:16 - 2015-10-08 22:16 - 00010136 _____ C:\Users\Seldentar\Downloads\TOTALCRK.ZIP
2015-10-08 22:10 - 2015-10-08 23:43 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Total Annihilation Zero
2015-10-08 22:09 - 2015-10-08 22:10 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Total Annihilation Universe
2015-10-08 22:08 - 2015-10-08 22:09 - 121067451 _____ (Total Annihilation Universe) C:\Users\Seldentar\Downloads\TA_Zero_Alpha_4.exe
2015-10-08 22:07 - 2015-10-08 22:07 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-10-08 22:06 - 2015-10-08 22:06 - 00532104 _____ C:\Users\Seldentar\Downloads\3DMEditor2_alpha_win32.7z.exe
2015-10-08 22:05 - 2015-10-08 22:06 - 26398785 _____ C:\Users\Seldentar\Downloads\totalannihilation.sit
2015-10-08 21:22 - 2015-10-08 21:25 - 317202981 _____ C:\Users\Seldentar\Downloads\TA-Setup2 (2).exe
2015-10-08 21:09 - 2015-10-08 21:11 - 317202981 _____ C:\Users\Seldentar\Downloads\TA-Setup2 (1).exe
2015-10-08 20:00 - 2015-10-08 20:00 - 02746318 _____ C:\Users\Seldentar\Downloads\installer (2).zip
2015-10-08 19:59 - 2015-10-08 19:59 - 00000000 ____D C:\Users\Seldentar\AppData\Local\IsolatedStorage
2015-10-08 19:58 - 2015-10-09 12:18 - 00003766 _____ C:\windows\System32\Tasks\gameo_update
2015-10-08 19:58 - 2015-10-09 00:11 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Nico Mak Computing
2015-10-08 19:58 - 2015-10-08 21:18 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Gameo
2015-10-08 19:58 - 2015-10-08 20:01 - 15029066 _____ (InstallShield Software Corporation) C:\Users\Seldentar\Downloads\tzagdemo.exe
2015-10-08 19:58 - 2015-10-08 19:59 - 00000000 ___HD C:\Users\Seldentar\AppData\Roaming\GoldenGate
2015-10-08 19:58 - 2014-09-30 16:07 - 00019120 _____ (WinZip Computing, S.L.(WinZip Computing)) C:\windows\system32\roboot64.exe
2015-10-08 19:57 - 2015-10-08 19:57 - 02746317 _____ C:\Users\Seldentar\Downloads\installer (1).zip
2015-10-08 17:28 - 2015-10-08 17:29 - 45315072 _____ C:\Users\Seldentar\Downloads\takingdomsdemo.exe
2015-10-08 17:19 - 2015-10-08 17:22 - 317202981 _____ C:\Users\Seldentar\Downloads\TA-Setup2.exe
2015-10-08 17:14 - 2015-10-09 00:23 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\GameRanger
2015-10-08 17:13 - 2015-10-08 17:13 - 00114352 _____ (GameRanger Technologies) C:\Users\Seldentar\Downloads\GameRangerSetup.exe
2015-10-07 16:54 - 1998-10-29 15:45 - 00306688 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe
2015-10-07 14:15 - 2015-10-07 14:17 - 00993473 ____H C:\Users\Seldentar\Desktop\~WRL1482.tmp
2015-10-07 13:55 - 2015-10-09 12:18 - 00003046 _____ C:\windows\System32\Tasks\{3717A831-8B0C-45D6-9A14-03728ADDA9D1}
2015-10-07 13:55 - 2015-10-07 13:55 - 00000000 ____D C:\windows\wb
2015-10-07 13:55 - 1996-08-16 08:44 - 00087552 ____R (Microsoft Corporation) C:\windows\system\url.dll
2015-10-07 13:35 - 2015-10-07 13:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-10-06 18:09 - 2015-10-06 18:09 - 01130621 _____ ( ) C:\Users\Seldentar\Downloads\WarZoneInstall.exe
2015-10-06 18:09 - 2015-10-06 18:09 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\WarZone
2015-10-06 15:45 - 2015-10-06 15:45 - 21540864 _____ (Cavedog Entertainment) C:\Users\Seldentar\Downloads\tadinst (1).exe
2015-10-06 15:42 - 2015-10-06 15:42 - 21540864 _____ (Cavedog Entertainment) C:\Users\Seldentar\Downloads\tadinst.exe
2015-10-06 15:39 - 2015-10-06 15:39 - 01457952 _____ C:\Users\Seldentar\Downloads\Total Annihilation 3D - CHIP-Installer.exe
2015-10-05 17:49 - 2015-10-05 17:57 - 00000153 _____ C:\Users\Seldentar\Desktop\Me vs line favor tennis.txt
2015-10-05 13:35 - 2015-10-05 14:05 - 00001614 _____ C:\Users\Seldentar\Desktop\Tokyo changes before new lines.txt
2015-10-05 00:43 - 2015-10-05 13:15 - 00001145 _____ C:\Users\Seldentar\Desktop\Football guys Draftkings lineups Week 4 points scored.txt
2015-10-05 00:19 - 2015-10-05 02:19 - 00000117 _____ C:\Users\Seldentar\Desktop\FBSportsCapping Profits.txt
2015-10-04 23:50 - 2015-10-05 10:41 - 00000178 _____ C:\Users\Seldentar\Desktop\EaglesPhan36 Profits.txt
2015-10-04 23:38 - 2015-10-05 02:19 - 00000742 _____ C:\Users\Seldentar\Desktop\Bets favored by line-toptennistips-consensus tipping-my opinion.txt
2015-10-04 22:55 - 2015-10-05 13:17 - 00002902 _____ C:\Users\Seldentar\Desktop\toptennistips record by percentage groups.txt
2015-10-03 11:52 - 2015-10-03 11:52 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Apple Computer
2015-10-03 11:52 - 2015-10-03 11:52 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Apple Computer
2015-10-03 11:52 - 2015-10-03 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-03 11:50 - 2015-10-03 11:52 - 00000000 ____D C:\Program Files\iTunes
2015-10-03 11:50 - 2015-10-03 11:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-03 11:50 - 2015-10-03 11:50 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\windows\System32\Tasks\Apple
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Apple
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files\iPod
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files\Bonjour
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-03 11:49 - 2015-10-03 11:50 - 00000000 ____D C:\ProgramData\Apple
2015-10-03 11:49 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-03 11:48 - 2015-10-03 11:49 - 167601944 _____ (Apple Inc.) C:\Users\Seldentar\Downloads\iTunes6464Setup.exe
2015-10-02 18:27 - 2015-10-02 18:27 - 01404754 _____ C:\Users\Seldentar\Downloads\installer.zip
2015-10-01 08:53 - 2015-10-02 01:10 - 00000277 _____ C:\Users\Seldentar\Desktop\toptennistips record.txt
2015-09-30 17:35 - 2015-09-30 17:35 - 00000114 _____ C:\Users\Seldentar\Desktop\UTD Calculator return info.txt
2015-09-30 17:30 - 2015-10-06 10:15 - 00007421 _____ C:\Users\Seldentar\Desktop\Bets - does pick usually win when bet moves in favor of it.txt
2015-09-28 12:25 - 2015-10-02 01:10 - 00001649 _____ C:\Users\Seldentar\Desktop\MNF NFL betting options.txt
2015-09-28 10:32 - 2015-09-28 11:01 - 00000112 _____ C:\Users\Seldentar\Desktop\Covers forum tracking majority.txt
2015-09-25 17:37 - 2015-10-02 01:10 - 00000995 _____ C:\Users\Seldentar\Desktop\First Impressions NFL Betting Week to Week.txt
2015-09-24 19:23 - 2015-10-02 01:10 - 00000309 _____ C:\Users\Seldentar\Desktop\Bank Roll Bovada NFL and Tennis.txt
2015-09-24 19:04 - 2015-10-02 01:10 - 00000226 _____ C:\Users\Seldentar\Desktop\Draftkings amt of entries note.txt
2015-09-16 22:59 - 2015-09-16 22:59 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P) (3).SC2Replay
2015-09-16 22:59 - 2015-09-16 22:59 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P) (2).SC2Replay
2015-09-16 22:57 - 2015-09-16 22:58 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P) (1).SC2Replay
2015-09-16 22:57 - 2015-09-16 22:57 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P).SC2Replay
2015-09-14 18:53 - 2015-09-14 18:53 - 00000048 _____ C:\Users\Seldentar\jagex_cl_oldschool_LIVE.dat
2015-09-14 13:46 - 2015-09-14 13:46 - 00321716 _____ C:\Users\Seldentar\Downloads\DFS-Lineup-Generator (2).xlsm
2015-09-14 13:41 - 2015-09-14 13:41 - 00002114 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-14 13:41 - 2015-09-14 13:41 - 00002114 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-14 13:41 - 2015-09-14 13:41 - 00000000 ___RD C:\Users\Seldentar\OneDrive
2015-09-14 13:41 - 2015-09-14 13:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-14 13:41 - 2015-09-14 13:41 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-09-14 13:33 - 2015-09-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-14 13:32 - 2015-09-25 07:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-14 13:31 - 2015-09-14 13:31 - 01102520 _____ (Microsoft Corporation) C:\Users\Seldentar\Downloads\Setup.X86.en-US_O365HomePremRetail_bfddce29-f48e-4205-92fb-b2345caafc72_TX_PR_(1).exe
2015-09-14 13:30 - 2015-09-14 13:30 - 01102520 _____ (Microsoft Corporation) C:\Users\Seldentar\Downloads\Setup.X86.en-US_O365HomePremRetail_bfddce29-f48e-4205-92fb-b2345caafc72_TX_PR_.exe
2015-09-14 13:23 - 2015-09-14 13:23 - 00321716 _____ C:\Users\Seldentar\Downloads\DFS-Lineup-Generator (1).xlsm
2015-09-14 13:09 - 2015-09-14 13:09 - 00321716 _____ C:\Users\Seldentar\Downloads\DFS-Lineup-Generator.xlsm
2015-09-13 10:31 - 2015-09-13 10:31 - 05522014 _____ ( ) C:\Users\Seldentar\Downloads\LD100a_Setup.exe
2015-09-13 10:31 - 2015-09-13 10:31 - 00000744 _____ C:\Users\Seldentar\Desktop\Lineup Dominator.lnk
2015-09-13 10:31 - 2015-09-13 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineupDominator
2015-09-12 11:17 - 2015-09-17 14:00 - 00000023 _____ C:\Users\Seldentar\jagexappletviewer.preferences
2015-09-12 11:17 - 2015-09-12 11:17 - 00000000 ____D C:\.jagex_cache_32
2015-09-12 11:16 - 2015-09-12 11:16 - 00002084 _____ C:\Users\Seldentar\Desktop\RuneScape.lnk
2015-09-12 11:15 - 2015-09-12 11:15 - 24219648 _____ C:\Users\Seldentar\Downloads\RuneScape.msi
2015-09-09 06:54 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-09 06:54 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-09 06:54 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-09 06:54 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-09-09 06:54 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-09 06:54 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-09-09 06:54 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-09 06:54 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-09 06:54 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-09 06:54 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-09-09 06:54 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-09 06:54 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-09 06:54 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-09 06:54 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-09 06:54 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-09 06:54 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-09-09 06:54 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-09-09 06:54 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-09-09 06:54 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-09 06:54 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-09-09 06:54 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-09 06:54 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-09 06:54 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 06:54 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-09 06:54 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-09 06:54 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-09 06:54 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-09 06:54 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-09 06:54 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-09-09 06:54 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-09-09 06:54 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-09 06:54 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-09 06:54 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-09 06:54 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-09 06:54 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-09 06:54 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-09-09 06:54 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-09-09 06:54 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-09 06:54 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-09 06:54 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-09 06:54 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-09-09 06:54 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-09 06:54 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-09 06:54 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 06:54 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-09 06:54 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-09 06:54 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-09 06:54 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-09 06:54 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-09 06:54 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-09 06:54 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-09 06:54 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-09 06:54 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-09-09 06:54 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-09 06:54 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-09 06:54 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-09 06:54 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-09 06:54 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-09 06:54 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-09 06:54 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-09 06:54 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-09 06:54 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-09 06:54 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-09 06:54 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-09 06:54 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-09 06:54 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-09 06:54 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-09 06:54 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-09 06:53 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-09 06:53 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-09 06:53 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-09 06:53 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-09 06:53 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-09 06:53 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-09 06:53 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-09 06:53 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-09 06:53 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-09 06:53 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-09 06:53 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-09 06:53 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-09 06:53 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-09 06:53 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-09 06:53 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-09 06:53 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-09 06:53 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-09 06:53 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-09 06:53 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-09 06:53 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-09 06:53 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-09 06:53 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-09 06:53 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-09 06:53 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-09 06:53 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-09 06:53 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-09 06:53 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-09 06:53 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-09 06:53 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-09 06:53 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-09 06:53 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-09 06:53 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-09 06:53 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-09 06:53 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 06:53 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-09 06:53 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-09 06:53 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-09 06:53 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-09 06:52 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-09 06:52 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-09 06:52 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-09 06:52 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-09 06:52 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-09 06:52 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-09 06:52 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-09 06:52 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-09 06:52 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-09 06:52 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-09 06:52 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-09 06:52 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-09 06:52 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-09 06:52 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-09 06:52 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-09 06:52 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-09 06:52 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-09 06:52 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-09 06:52 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-09 06:52 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-09 06:52 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-09 13:34 - 2009-07-14 00:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-10-09 13:32 - 2012-09-03 20:50 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 13:32 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-09 13:31 - 2013-01-15 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-09 12:50 - 2013-04-11 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-09 12:23 - 2012-08-09 11:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 11:56 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-10-09 11:48 - 2009-07-13 23:45 - 00031712 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 11:48 - 2009-07-13 23:45 - 00031712 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 10:47 - 2015-08-28 13:53 - 00000000 ____D C:\Users\Seldentar\Desktop\liteCam
2015-10-09 10:47 - 2014-12-01 23:11 - 00000000 ____D C:\Users\Seldentar\Desktop\Houdini 2 Chess
2015-10-09 10:47 - 2014-11-29 18:01 - 00000000 ____D C:\Users\Seldentar\Desktop\stockfish-5-win
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\Windows
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\MacOSX
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\Linux
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\Android
2015-10-09 10:47 - 2014-11-28 05:39 - 00000000 ____D C:\Users\Seldentar\Desktop\X86
2015-10-09 10:47 - 2014-11-28 05:39 - 00000000 ____D C:\Users\Seldentar\Desktop\X64
2015-10-09 10:47 - 2014-11-28 05:39 - 00000000 ____D C:\Users\Seldentar\Desktop\Tools
2015-10-09 10:47 - 2013-04-01 16:31 - 00000000 ____D C:\Users\Seldentar\Desktop\Non-Chemtrail Photos
2015-10-09 10:47 - 2013-01-13 19:13 - 00000000 ____D C:\Users\Seldentar\Desktop\samsung
2015-10-09 10:47 - 2012-12-13 15:08 - 00000000 ____D C:\Users\Seldentar\Desktop\Duke Nukem 3D PC
2015-10-09 10:47 - 2012-09-27 19:05 - 00000000 ____D C:\Users\Seldentar\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
2015-10-09 10:47 - 2012-08-28 09:47 - 00000000 ____D C:\Users\Seldentar\Desktop\Govt 1
2015-10-09 10:47 - 2012-08-28 09:47 - 00000000 ____D C:\Users\Seldentar\Desktop\Art Appreciation
2015-10-09 10:47 - 2012-08-08 19:23 - 00000000 ____D C:\Users\Seldentar
2015-10-09 10:47 - 2011-11-02 21:58 - 00000000 ____D C:\Users\Seldentar\Desktop\steevi's Adobe Portable CS6
2015-10-09 09:27 - 2012-08-24 11:54 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2015-10-09 08:56 - 2014-10-24 19:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 08:30 - 2012-10-16 08:38 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-10-09 01:07 - 2014-07-04 10:58 - 00000000 ____D C:\windows\Minidump
2015-10-09 00:26 - 2015-02-09 22:51 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Octoshape
2015-10-08 23:48 - 2009-07-13 23:45 - 00498056 _____ C:\windows\system32\FNTCACHE.DAT
2015-10-08 23:43 - 2015-03-04 17:34 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2015-10-08 23:10 - 2012-08-09 10:24 - 00000000 ____D C:\Users\Seldentar\Documents\My Games
2015-10-08 22:06 - 2014-07-25 12:05 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Battle.net
2015-10-08 20:05 - 2012-03-15 01:30 - 00000000 ____D C:\Program Files (x86)\MSI
2015-10-08 20:04 - 2012-03-15 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-10-08 19:58 - 2012-08-08 19:23 - 00139120 _____ C:\Users\Seldentar\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-08 04:54 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\system32\GWX
2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-10-07 17:46 - 2015-05-29 19:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-07 13:55 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system
2015-10-07 13:52 - 2002-10-07 13:07 - 00011376 _____ C:\windows\SysWOW64\Drivers\SECDRV.SYS
2015-10-02 09:32 - 2014-03-12 12:32 - 00000000 ____D C:\ProgramData\Oracle
2015-10-02 09:32 - 2014-03-12 12:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-02 09:31 - 2014-03-12 12:30 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-02 02:04 - 2012-09-03 20:51 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-02 01:57 - 2012-09-03 20:50 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-02 01:57 - 2012-09-03 20:50 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-02 01:57 - 2012-09-03 20:50 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 11:37 - 2009-07-14 00:13 - 00812192 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-21 23:23 - 2014-11-12 01:23 - 18819272 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-21 23:23 - 2012-08-09 11:18 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 23:23 - 2012-08-09 11:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 23:23 - 2012-03-15 01:41 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-17 14:00 - 2014-03-12 12:34 - 00000024 _____ C:\Users\Seldentar\random.dat
2015-09-17 13:37 - 2014-03-12 12:34 - 00000048 _____ C:\Users\Seldentar\jagex_cl_runescape_LIVE.dat
2015-09-15 18:21 - 2015-08-06 10:45 - 00000000 ____D C:\Program Files (x86)\Overwatch
2015-09-15 16:52 - 2012-09-03 20:50 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Google
2015-09-15 03:01 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-14 18:53 - 2014-03-12 12:34 - 00000000 ____D C:\Users\Seldentar\jagexcache
2015-09-14 13:45 - 2012-03-15 01:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-13 10:31 - 2015-07-28 22:39 - 00000000 ____D C:\FBG
2015-09-10 04:20 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-09-10 03:34 - 2012-03-14 23:06 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:34 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-10 03:15 - 2013-08-15 07:01 - 00000000 ____D C:\windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj
2015-04-20 09:05 - 2015-04-20 09:05 - 1579520 _____ () C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm
2015-04-20 09:05 - 2015-04-20 09:05 - 1579520 _____ () C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y
2014-10-28 02:15 - 2015-08-31 08:31 - 0017408 _____ () C:\Users\Seldentar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 15:47 - 2012-08-09 15:47 - 0000097 _____ () C:\Users\Seldentar\AppData\Local\fusioncache.dat
2014-05-15 20:31 - 2014-05-15 20:36 - 0007626 _____ () C:\Users\Seldentar\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Seldentar\AppData\Local\Temp\1276.exe
C:\Users\Seldentar\AppData\Local\Temp\1687.exe
C:\Users\Seldentar\AppData\Local\Temp\Itibiti_Knctr_C.exe
C:\Users\Seldentar\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Seldentar\AppData\Local\Temp\Total Annihilation Downloader__3687_i1700214787_il1568403.exe
C:\Users\Seldentar\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 11:52
 
==================== End of FRST.txt ============================

Attached Files


Edited by NinjaNight, 09 October 2015 - 03:52 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:55 PM

Posted 09 October 2015 - 03:57 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    globalupdate Helper
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[C#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 NinjaNight

NinjaNight
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 09 October 2015 - 07:30 PM

Hi Jurgen, 

 

Thanks a lot for your help this forum is amazing. After performing the Malware Bytes and Adware scans my browsers are able to access webpages now. Up until this point I have been using another computer for internet access to this forum and transferring the files by USB. Yesterday when I performed my own Malware Bytes scan I wasn't able to update the database because my internet provider was down temporarily. After updating this time it found over 500 threats. 

 

Here's the results:

 

Step 1:

 

There was no globalupdate Helper so I moved on to the next step.

 

Step 2:

 

# AdwCleaner v5.013 - Logfile created 09/10/2015 at 18:15:57
# Updated 09/10/2015 by Xplode
# Database : 2015-10-04.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Seldentar - ALYARIS
# Running from : C:\Users\Seldentar\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : YahooAUService
[-] Service Deleted : gyvixodu
[-] Service Deleted : syfinizy
[-] Service Deleted : tucuzecy
[-] Service Deleted : wwfd_vt_1_10_0_24
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\fa4e52c6d8b92b03
[-] Folder Deleted : C:\Users\SELDEN~1\AppData\Local\Temp\wizz
[-] Folder Deleted : C:\Users\Seldentar\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Seldentar\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Seldentar\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Seldentar\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Seldentar\AppData\Roaming\Gameo
[-] Folder Deleted : C:\Users\Seldentar\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Seldentar\AppData\Roaming\newSI_42074
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Seldentar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk
[-] File Deleted : C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\user.js
[-] File Deleted : C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\searchplugins\bing-lavasoft.xml
[-] File Deleted : C:\Users\Seldentar\Desktop\Continue installation .lnk
[-] File Deleted : C:\windows\SysNative\roboot64.exe
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : gameo_update
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : Easy Driver Pro Schedule
[-] Task Deleted : MyBrowser
[-] Task Deleted : newSI_42074
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
[-] Value Deleted : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [MyBrowser]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mybrowser.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\mybrowser.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\MyBrowser
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\Brothersoft
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\gameo
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[!] Key Not Deleted : [x64] HKCU\Software\Brothersoft
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\OCS
[!] Key Not Deleted : [x64] HKCU\Software\gameo
[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D100915-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962");
[-] [C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.bing.com/?pc=COSP&ptag=D100915-AB747CC590BEC44CD91F&form=CONMHP&conlogo=CT3330962");
[-] [C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\prefs.js] [Preference] Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.__ICM_DOWNLOADS__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22ama[...]
[-] [C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\prefs.js] [Preference] Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
[-] [C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\prefs.js] [Preference] Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[-] [C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17764 bytes] ##########
 
 
Step 3:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/9/2015
Scan Time: 6:25 PM
Logfile: Malware Bytes Scan Result.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.09.07
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Seldentar
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408515
Time Elapsed: 27 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 1
PUP.Optional.NetService, C:\Users\Seldentar\AppData\Roaming\NetService\netservice.exe, 2832, Delete-on-Reboot, [08e3c391206bda5c75483a0a679cd729]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.OnePCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\OnePCOptimizer_RASAPI32, Quarantined, [54971d37b0db55e1d44701e8f410ba46], 
PUP.Optional.OnePCOptimizer, HKLM\SOFTWARE\MICROSOFT\TRACING\OnePCOptimizer_RASMANCS, Quarantined, [d21968ec5437fd3968b388612fd544bc], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [d11aec682a61181e27415b35996b3fc1], 
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MyBrowser, Quarantined, [9457c2921e6d8da9c9fffde7fa0ac23e], 
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\WordWizard_1.10.0.24, Quarantined, [b53611432269a3936c417770cf35be42], 
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordwizardAutoUpdateClient_RASAPI32, Quarantined, [29c2ff55dcaf7db91b50f1fa36ce57a9], 
PUP.Optional.Vitruvian, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WordwizardAutoUpdateClient_RASMANCS, Quarantined, [d8135ef6eba0181e5c0f6586e71d32ce], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [28c39bb9246743f336325a36c44014ec], 
PUP.Optional.GameGogle, HKLM\SOFTWARE\WOW6432NODE\SAKURA, Quarantined, [39b275df56355fd7fcd0be2c18ecca36], 
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTCPHANDLER, Quarantined, [08e3c391206bda5c75483a0a679cd729], 
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\Cinema PlusV08.10-nv, Quarantined, [38b3d87c5d2e3006dc7f01a1c341926e], 
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\Cinema PlusV08.10-nv-ie, Quarantined, [707beb695b3003334318039f09fb4cb4], 
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\CinemaPlus_1.3dV09.10-nv, Quarantined, [edfe8dc7afdc76c02144dac8a36142be], 
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\CinemaPlus_1.3dV09.10-nv-ie, Quarantined, [6f7c30241477be78f96cccd649bb6c94], 
PUP.Optional.CinemaPlus, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Cinema PlusV08.10-nv-ie, Quarantined, [6487bd9796f5b680bc9ff5adf50f51af], 
PUP.Optional.CinemaPlus, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\CinemaPlus_1.3dV09.10-nv-ie, Quarantined, [5596d67e0d7e81b5aabbc8da0df78977], 
PUP.Optional.MyBrowser, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\MyBrowser, Quarantined, [529975dfccbf55e11c14618484806b95], 
 
Registry Values: 8
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [d11aec682a61181e27415b35996b3fc1]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, MyBrowser, Quarantined, [529966ee7318d95de5da7c68fc08d828]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, Quarantined, [b338054fd8b37fb7645b3aaac242d52b]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, MyBrowser, Quarantined, [826966ee315a1e18b10ee10333d1d030]
PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-xNAj4KGyf5wyhg@jetpack, C:\Program Files (x86)\Faster Web\faster-web.xpi, Quarantined, [f8f357fd3b509a9c06b27b3a986cd828]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [28c39bb9246743f336325a36c44014ec]
PUP.Optional.GameGogle, HKLM\SOFTWARE\WOW6432NODE\SAKURA|gamegogle, 1, Quarantined, [39b275df56355fd7fcd0be2c18ecca36]
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTCPHANDLER|ImagePath, C:\Users\Seldentar\AppData\Roaming\NetService\netservice.exe -start, Quarantined, [08e3c391206bda5c75483a0a679cd729]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 152
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Avatars, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Caps, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\NAVEQCUC, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer\sys, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer\sys\#partners.cmptch.com, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer\sys\#static.cmptch.com, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\partners.cmptch.com, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\partners.cmptch.com\flash, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\partners.cmptch.com\flash\ga.swf, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\partners.cmptch.com\flash\ut.swf, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\static.cmptch.com, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\static.cmptch.com\v, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\static.cmptch.com\v\swf, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\static.cmptch.com\v\swf\brmng.swf, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\templates, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ar, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\be, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bg, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bn, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ca, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\cs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\da, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\de, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\el, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en_GB, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\es, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\et, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fa, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fi, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\he, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hi, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hu, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\id, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\it, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ja, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ko, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lt, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lv, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ms, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nl, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pl, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_BR, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_PT, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ro, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ru, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sk, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sl, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sv, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\th, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\tr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\uk, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ur, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\vi, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_CN, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_TW, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_metadata, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIcons, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\SwReporter, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Temp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.Winkav, C:\Users\Seldentar\AppData\Local\WinKav, Quarantined, [2bc0292bbccf74c216fcf84c38cbe917], 
PUP.Optional.NetService, C:\Users\Seldentar\AppData\Roaming\NetService, Delete-on-Reboot, [92593024fa91cc6a58fab7151ee755ab], 
 
Files: 370
PUP.Optional.CrossRider, C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe, Quarantined, [f0fbafa5c0cb53e3369de6d82bd62dd3], 
PUP.Optional.CrossRider, C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe, Quarantined, [8d5ef55fdbb0e84ec211893518e9bd43], 
RiskWare.BitCoinMiner, C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.exe, Quarantined, [f1facd8707843df9fb793a38ae570ef2], 
PUP.Optional.Somoto, C:\Users\Seldentar\AppData\Local\Temp\nscA296.tmp, Quarantined, [0ae166ee137886b076a6cff693727b85], 
PUP.Optional.CrossRider, C:\Users\Seldentar\AppData\Local\Temp\1687.exe, Quarantined, [83683b19018aa096f3493391d92c35cb], 
PUP.Optional.Amonetize, C:\Users\Seldentar\AppData\Local\Temp\Total Annihilation Downloader__3687_i1700214787_il1568403.exe, Quarantined, [a3487ed6315a8bab7f2ba151c63bf808], 
PUP.Optional.ConvertAd, C:\Users\Seldentar\AppData\Local\Temp\nsrB9DE.tmp, Quarantined, [e10a98bc47445bdb02a47149bb47a25e], 
PUP.Optional.Tuto4PC, C:\Users\Seldentar\AppData\Local\Temp\nsw2E44.tmp, Quarantined, [5e8da7ad4f3ca78f383905bed92c926e], 
PUP.Optional.Vitruvian, C:\Users\Seldentar\AppData\Local\Temp\nsk525C.tmp, Quarantined, [45a696bed3b8092d70c7885d0ef350b0], 
PUP.Optional.MaxDriverUpdater, C:\Users\Seldentar\AppData\Local\Temp\WIZZTEMP\newversion.exe, Quarantined, [6784e96babe08da90473ae3a837e0000], 
PUP.Optional.Tuto4PC, C:\Users\Seldentar\AppData\Local\Temp\is-PKJ0A.tmp\gentlemjmp_ieeuu.exe, Quarantined, [5c8fb2a25932b581d8995172f4118977], 
PUP.Optional.EoRezo, C:\Users\Seldentar\AppData\Local\Temp\is-Q4FEA.tmp\dm.exe, Quarantined, [17d4f460612a00363695c8fbe32220e0], 
PUP.Optional.Amonetize, C:\Users\Seldentar\AppData\Local\Temp\Rar$EX00.060\Total Annihilation Downloader__3687_i1700214787_il1568403.exe, Quarantined, [0edd2b29d8b31f17beec955d9170a55b], 
PUP.Optional.InstallCore, C:\Users\Seldentar\Downloads\installer (1).zip, Quarantined, [6487a3b1bad13600d7fc687d43be14ec], 
PUP.Optional.InstallCore, C:\Users\Seldentar\Downloads\installer (2).zip, Quarantined, [5e8de76d068577bf835014d135ccb24e], 
PUP.Optional.Vitruvian, C:\Users\Seldentar\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [b734025224673afcdb40f9e15ca8ca36], 
PUP.Optional.Vitruvian, C:\Users\Seldentar\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [18d360f41f6ca19502198b4f09fb26da], 
PUP.Optional.Vitruvian, C:\Users\Seldentar\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [b734e76d5e2d93a3a675f1e98a7acd33], 
PUP.Optional.Vitruvian, C:\Users\Seldentar\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [2ebdb2a237547abc21fadefc0cf8d030], 
PUP.Optional.Vitruvian, C:\Users\Seldentar\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [6c7ff460325951e53edde8f2e51f3bc5], 
PUP.Optional.NetService, C:\Users\Seldentar\AppData\Roaming\NetService\netservice.exe, Delete-on-Reboot, [08e3c391206bda5c75483a0a679cd729], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\chrome.dat, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\First Run, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Local State, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Bookmarks, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Bookmarks.bak, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cookies, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cookies-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Current Session, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Current Tabs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Favicons, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Google Profile.ico, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History Provider Cache, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\History-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Last Session, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Last Tabs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Login Data, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Login Data-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Network Action Predictor, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Network Action Predictor-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Origin Bound Certs, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Origin Bound Certs-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Preferences, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\README, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Secure Preferences, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Shortcuts, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Shortcuts-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Top Sites, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Top Sites-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\TransportSecurity, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Visited Links, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Web Data, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Web Data-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer\sys\settings.sol, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer\sys\#partners.cmptch.com\settings.sol, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\macromedia.com\support\flashplayer\sys\#static.cmptch.com\settings.sol, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QRMS28P2\static.cmptch.com\v\swf\brmng.swf\pmuid01.sol, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_0, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_1, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_2, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\data_3, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000001, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000002, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000003, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000004, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000005, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000006, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000007, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000008, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000009, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_00000a, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_00000b, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_00000c, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_00000d, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_00000e, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_00000f, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000010, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000011, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000012, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000013, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000014, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000015, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000016, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000017, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\f_000018, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Cache\index, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\000012.log, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\CURRENT, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\LOCK, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\LOG, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\LOG.old, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension Rules\MANIFEST-000011, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000005.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000008.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000011.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\000012.log, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\CURRENT, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOCK, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOG, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\LOG.old, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extension State\MANIFEST-000010, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\manifest.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\options.html, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\csl.parser.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\eventemitter2.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\jquery-1.5.2.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\jquery.mustache.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\lodash.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\protobuf.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\libs\q.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\empty.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\ga.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\gpt.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\mocks\omniture.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\aos.panel.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\avastwrc.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\ava_connector.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\bal.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\gpb.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\ial.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\options.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\query.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\scripts\templates.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\css\extension.css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\css\settings.css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop_orange.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\sas_logo.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\avast-logo.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icnthumbdownsmall.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icnthumbsmall.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_bug.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_check.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_checkbig.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_close.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_close_small.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop_green.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_extensiontop_red.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_eye.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_norating_big.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_norating_big2.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_siteforward.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumbdown_big.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumblearn.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumbright_big.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_thumbup_big.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icn_warning.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon128.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon16.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon256.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon32.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon48.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\icon64.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\img_bg.jpg, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\logo_avast.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\logo_avastblack.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\logo_avastsmall.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_green.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_grey.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_norating.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_orange.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_red.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_thumbdown.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_thumbneutral.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\se_icn_thumbup.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switchersmall_dotgreen.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switchersmall_dotred.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_dotgreen.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_dotorange.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_dotred.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_greenbg.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_orangebg.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\skin\img\switcher_redbg.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\aos.panel.html, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs\logo-avast-dark.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs\logo-avast-white.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\bgs\logo-avast.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\css\style.css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\css\style.modal.css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\accordeon.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\arrow-right.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\attention.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\error.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\globe.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\ok.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-attention.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-error.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-none.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\serp-ok.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-facebook.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-gplus.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-in.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-instagram.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-pin.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-snapchat.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-twitter.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-vk.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\social-youtube.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-attention.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-none.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-ok.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\status-warning.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\thumbs-down.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\thumbs-up.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\icons\unknown.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\common\ui\templates\aos.control.html, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\abek.bl.crx.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\anchor.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\aos.bl.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\bs.aos.crx.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\bs.crx.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\scripts\extension.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ar\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\be\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bg\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\bn\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ca\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\cs\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\da\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\de\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\el\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\en_GB\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\es\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\et\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fa\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fi\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\fr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\he\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hi\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\hu\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\id\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\it\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ja\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ko\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lt\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\lv\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ms\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nb\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\nl\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pl\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_BR\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\pt_PT\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ro\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ru\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sk\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sl\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\sv\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\th\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\tr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\uk\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\ur\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\vi\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_CN\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_locales\zh_TW\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\_metadata\verified_contents.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_background.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_window.js, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\manifest.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css\craw_window.css, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html\craw_window.html, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\flapper.gif, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_128.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_16.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_close.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_hover.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_maximize.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_pressed.png, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW\messages.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata\verified_contents.json, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_0, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_1, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_2, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\data_3, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\GPUCache\index, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIcons\869D.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\80FC.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\80FD.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\80FE.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\80FF.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8100.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8101.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\85C2.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8602.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8603.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8604.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8605.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8625.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8626.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8627.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8628.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\8629.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\862A.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\862B.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\862C.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\JumpListIconsOld\862D.tmp, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000008.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000011.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000012.log, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG.old, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000010, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_static.cmptch.com_0.localstorage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_static.cmptch.com_0.localstorage-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_ul1.dvtps.com_0.localstorage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_ul1.dvtps.com_0.localstorage-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_www.oddsshark.com_0.localstorage, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Local Storage\http_www.oddsshark.com_0.localstorage-journal, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\000005.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\000008.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\000011.ldb, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\000012.log, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\CURRENT, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\LOCK, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\LOG, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\LOG.old, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.MyBrowser, C:\Users\Seldentar\AppData\Local\MyBrowser\MyBrowser\User Data\Default\Session Storage\MANIFEST-000010, Quarantined, [08e3f064098255e1491b360def1412ee], 
PUP.Optional.NetService, C:\Users\Seldentar\AppData\Roaming\NetService\conf.ini, Quarantined, [92593024fa91cc6a58fab7151ee755ab], 
PUP.Optional.NetService, C:\Users\Seldentar\AppData\Roaming\NetService\sc.exe, Quarantined, [92593024fa91cc6a58fab7151ee755ab], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 


#4 NinjaNight

NinjaNight
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 09 October 2015 - 07:32 PM

Step 4:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Seldentar (administrator) on ALYARIS (09-10-2015 19:13:19)
Running from C:\Users\Seldentar\Documents
Loaded Profiles: Seldentar (Available Profiles: Seldentar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-01] (Avast Software s.r.o.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AceGain LiveUpdate] => C:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe [417792 2003-12-31] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: {dc74abcd-b653-11e1-9616-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-04-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{9829448E-3B2A-415F-8BEC-B14154951D46}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-10-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: No Name -> {b8635db9-2694-4837-be3d-4ed3bea8a8ee} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-10-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-14] (Microsoft Corporation)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Bing®
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Bing®
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-10-02] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-09-21]
FF Extension: Adblock Plus - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-03]
CHR Extension: (Google Search) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-03]
CHR Extension: (AdBlock) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-18]
CHR Extension: (Avast Online Security) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2012-08-09] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [568512 2014-02-25] (Valve Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [40104 2015-03-09] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-10-07] () [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [25088 2015-01-27] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [42568 2015-02-26] (SteelSeries ApS)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-09 18:22 - 2015-10-09 18:25 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 18:21 - 2015-10-09 18:21 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 18:21 - 2015-10-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-09 18:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-09 18:21 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-09 18:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-10-09 18:20 - 2015-10-09 18:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-09 18:15 - 2015-10-09 18:15 - 00000000 ____D C:\AdwCleaner
2015-10-09 18:09 - 2015-10-09 18:10 - 00001278 _____ C:\Users\Seldentar\Desktop\Revo Uninstaller.lnk
2015-10-09 18:09 - 2015-10-09 18:10 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-09 18:04 - 2015-10-09 18:04 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Seldentar\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-09 18:03 - 2015-10-09 18:03 - 01682432 _____ C:\Users\Seldentar\Desktop\AdwCleaner.exe
2015-10-09 18:02 - 2015-10-09 18:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Seldentar\Desktop\revosetup.exe
2015-10-09 17:51 - 2015-10-09 17:51 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-09 14:16 - 2015-10-09 14:11 - 00081473 _____ C:\Users\Seldentar\Desktop\FRST.txt
2015-10-09 14:16 - 2015-10-09 14:11 - 00044890 _____ C:\Users\Seldentar\Desktop\Addition.txt
2015-10-09 14:10 - 2015-10-09 14:11 - 00044890 _____ C:\Users\Seldentar\Documents\Addition.txt
2015-10-09 14:09 - 2015-10-09 19:13 - 00024868 _____ C:\Users\Seldentar\Documents\FRST.txt
2015-10-09 14:09 - 2015-10-09 19:13 - 00000000 ____D C:\FRST
2015-10-09 13:56 - 2015-10-09 13:56 - 02194944 _____ (Farbar) C:\Users\Seldentar\Documents\FRST64.exe
2015-10-09 13:31 - 2015-10-09 19:02 - 00205460 _____ C:\windows\PFRO.log
2015-10-09 11:28 - 2015-10-09 19:07 - 00052298 _____ C:\windows\WindowsUpdate.log
2015-10-09 11:25 - 2015-10-09 19:03 - 00001176 _____ C:\windows\setupact.log
2015-10-09 11:25 - 2015-10-09 11:25 - 00000000 _____ C:\windows\setuperr.log
2015-10-09 10:47 - 2015-10-09 10:47 - 01232559 ____H C:\Users\Seldentar\Desktop\Cache.mxc3
2015-10-09 10:26 - 2015-10-09 10:26 - 00476126 _____ C:\Users\Seldentar\Desktop\CCCleaner backup 10_9_15.reg
2015-10-09 10:10 - 2015-10-09 10:47 - 00000000 ____D C:\Users\Seldentar\Desktop\SC
2015-10-09 09:02 - 2015-10-09 16:20 - 00000000 ____D C:\Users\Seldentar\Desktop\Files
2015-10-08 23:46 - 2015-10-08 23:46 - 00004068 _____ C:\windows\System32\Tasks\dsphtr1aPKxjbW4lj28icAOm
2015-10-08 23:46 - 2015-10-08 23:46 - 00004054 _____ C:\windows\System32\Tasks\HNxSN2cYGwflcw5Iz
2015-10-08 23:44 - 2015-10-08 23:54 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\RunDir
2015-10-08 23:43 - 2015-10-09 08:51 - 00000000 ____D C:\ProgramData\XtXnxI
2015-10-08 23:42 - 2015-10-08 23:42 - 00004070 _____ C:\windows\System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y
2015-10-08 23:42 - 2015-10-08 23:42 - 00004050 _____ C:\windows\System32\Tasks\Cnj8iD3JtyeUUTj
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ___HD C:\Users\Seldentar\AppData\Local\ZeastOptimiserUn
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ____D C:\Users\Seldentar\AppData\Local\ZeastOptimiser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default\AppData\Local\MyBrowser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default User\AppData\Local\MyBrowser
2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Opera Software
2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Opera Software
2015-10-08 23:30 - 2015-10-08 23:30 - 01479466 _____ C:\Users\Seldentar\Downloads\total+annihilation+kingdo.ace
2015-10-08 23:30 - 2009-06-10 16:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-10-08 23:28 - 2015-10-08 23:28 - 00839963 _____ C:\Users\Seldentar\Downloads\Total Annihilation Downloader.rar
2015-10-08 23:14 - 2015-10-08 23:16 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\springlobby
2015-10-08 23:08 - 2015-10-08 23:08 - 14253856 _____ C:\Users\Seldentar\Downloads\OTA31.sdz
2015-10-08 23:06 - 2015-10-08 23:07 - 22184135 _____ (Spring community) C:\Users\Seldentar\Downloads\spring_100.0 (1).exe
2015-10-08 22:39 - 2015-10-08 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spring
2015-10-08 22:38 - 2015-10-08 22:39 - 22184135 _____ (Spring community) C:\Users\Seldentar\Downloads\spring_100.0.exe
2015-10-08 22:32 - 2015-10-08 22:32 - 00980576 _____ (Hyuna International LTD) C:\Users\Seldentar\Downloads\lilplay-installer.1326855958.793de24c36834843be69d6c5273e4dd8.exe
2015-10-08 22:30 - 2015-10-08 22:30 - 00980576 _____ (Hyuna International LTD) C:\Users\Seldentar\Downloads\lilplay-installer.1326855958.13e38cd08d334607b3aaa4bf6ee94d77.exe
2015-10-08 22:28 - 2015-10-09 00:21 - 00000000 ____D C:\Users\Seldentar\AppData\Local\YummyInteractiveInc
2015-10-08 22:28 - 2015-10-08 22:31 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Yummy
2015-10-08 22:28 - 2015-10-08 22:28 - 00980576 _____ (Hyuna International LTD) C:\Users\Seldentar\Downloads\lilplay-installer.1326855958.68a4ae3c7e9b4019a571333e488241a2.exe
2015-10-08 22:28 - 2015-10-08 22:28 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Yummy Interactive Inc
2015-10-08 22:28 - 2015-10-08 22:28 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Hyuna_International_LTD
2015-10-08 22:16 - 2015-10-08 22:16 - 00010136 _____ C:\Users\Seldentar\Downloads\TOTALCRK.ZIP
2015-10-08 22:10 - 2015-10-08 23:43 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Total Annihilation Zero
2015-10-08 22:09 - 2015-10-08 22:10 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Total Annihilation Universe
2015-10-08 22:08 - 2015-10-08 22:09 - 121067451 _____ (Total Annihilation Universe) C:\Users\Seldentar\Downloads\TA_Zero_Alpha_4.exe
2015-10-08 22:07 - 2015-10-08 22:07 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-10-08 22:06 - 2015-10-08 22:06 - 00532104 _____ C:\Users\Seldentar\Downloads\3DMEditor2_alpha_win32.7z.exe
2015-10-08 22:05 - 2015-10-08 22:06 - 26398785 _____ C:\Users\Seldentar\Downloads\totalannihilation.sit
2015-10-08 21:22 - 2015-10-08 21:25 - 317202981 _____ C:\Users\Seldentar\Downloads\TA-Setup2 (2).exe
2015-10-08 21:09 - 2015-10-08 21:11 - 317202981 _____ C:\Users\Seldentar\Downloads\TA-Setup2 (1).exe
2015-10-08 19:59 - 2015-10-08 19:59 - 00000000 ____D C:\Users\Seldentar\AppData\Local\IsolatedStorage
2015-10-08 19:58 - 2015-10-09 00:11 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Nico Mak Computing
2015-10-08 19:58 - 2015-10-08 20:01 - 15029066 _____ (InstallShield Software Corporation) C:\Users\Seldentar\Downloads\tzagdemo.exe
2015-10-08 19:58 - 2015-10-08 19:59 - 00000000 ___HD C:\Users\Seldentar\AppData\Roaming\GoldenGate
2015-10-08 17:28 - 2015-10-08 17:29 - 45315072 _____ C:\Users\Seldentar\Downloads\takingdomsdemo.exe
2015-10-08 17:19 - 2015-10-08 17:22 - 317202981 _____ C:\Users\Seldentar\Downloads\TA-Setup2.exe
2015-10-08 17:14 - 2015-10-09 00:23 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\GameRanger
2015-10-08 17:13 - 2015-10-08 17:13 - 00114352 _____ (GameRanger Technologies) C:\Users\Seldentar\Downloads\GameRangerSetup.exe
2015-10-07 16:54 - 1998-10-29 15:45 - 00306688 _____ (InstallShield Software Corporation) C:\windows\IsUninst.exe
2015-10-07 14:15 - 2015-10-07 14:17 - 00993473 ____H C:\Users\Seldentar\Desktop\~WRL1482.tmp
2015-10-07 13:55 - 2015-10-09 12:18 - 00003046 _____ C:\windows\System32\Tasks\{3717A831-8B0C-45D6-9A14-03728ADDA9D1}
2015-10-07 13:55 - 2015-10-07 13:55 - 00000000 ____D C:\windows\wb
2015-10-07 13:55 - 1996-08-16 08:44 - 00087552 ____R (Microsoft Corporation) C:\windows\system\url.dll
2015-10-07 13:35 - 2015-10-07 13:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-10-06 18:09 - 2015-10-06 18:09 - 01130621 _____ ( ) C:\Users\Seldentar\Downloads\WarZoneInstall.exe
2015-10-06 18:09 - 2015-10-06 18:09 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\WarZone
2015-10-06 15:45 - 2015-10-06 15:45 - 21540864 _____ (Cavedog Entertainment) C:\Users\Seldentar\Downloads\tadinst (1).exe
2015-10-06 15:42 - 2015-10-06 15:42 - 21540864 _____ (Cavedog Entertainment) C:\Users\Seldentar\Downloads\tadinst.exe
2015-10-06 15:39 - 2015-10-06 15:39 - 01457952 _____ C:\Users\Seldentar\Downloads\Total Annihilation 3D - CHIP-Installer.exe
2015-10-05 17:49 - 2015-10-05 17:57 - 00000153 _____ C:\Users\Seldentar\Desktop\Me vs line favor tennis.txt
2015-10-05 13:35 - 2015-10-05 14:05 - 00001614 _____ C:\Users\Seldentar\Desktop\Tokyo changes before new lines.txt
2015-10-05 00:43 - 2015-10-05 13:15 - 00001145 _____ C:\Users\Seldentar\Desktop\Football guys Draftkings lineups Week 4 points scored.txt
2015-10-05 00:19 - 2015-10-05 02:19 - 00000117 _____ C:\Users\Seldentar\Desktop\FBSportsCapping Profits.txt
2015-10-04 23:50 - 2015-10-05 10:41 - 00000178 _____ C:\Users\Seldentar\Desktop\EaglesPhan36 Profits.txt
2015-10-04 23:38 - 2015-10-05 02:19 - 00000742 _____ C:\Users\Seldentar\Desktop\Bets favored by line-toptennistips-consensus tipping-my opinion.txt
2015-10-04 22:55 - 2015-10-05 13:17 - 00002902 _____ C:\Users\Seldentar\Desktop\toptennistips record by percentage groups.txt
2015-10-03 11:52 - 2015-10-03 11:52 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Apple Computer
2015-10-03 11:52 - 2015-10-03 11:52 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Apple Computer
2015-10-03 11:52 - 2015-10-03 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-03 11:50 - 2015-10-03 11:52 - 00000000 ____D C:\Program Files\iTunes
2015-10-03 11:50 - 2015-10-03 11:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-03 11:50 - 2015-10-03 11:50 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\windows\System32\Tasks\Apple
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Apple
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\ProgramData\Apple Computer
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files\iPod
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files\Bonjour
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-03 11:50 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-03 11:49 - 2015-10-03 11:50 - 00000000 ____D C:\ProgramData\Apple
2015-10-03 11:49 - 2015-10-03 11:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-03 11:48 - 2015-10-03 11:49 - 167601944 _____ (Apple Inc.) C:\Users\Seldentar\Downloads\iTunes6464Setup.exe
2015-10-02 18:27 - 2015-10-02 18:27 - 01404754 _____ C:\Users\Seldentar\Downloads\installer.zip
2015-10-01 08:53 - 2015-10-02 01:10 - 00000277 _____ C:\Users\Seldentar\Desktop\toptennistips record.txt
2015-09-30 17:35 - 2015-09-30 17:35 - 00000114 _____ C:\Users\Seldentar\Desktop\UTD Calculator return info.txt
2015-09-30 17:30 - 2015-10-06 10:15 - 00007421 _____ C:\Users\Seldentar\Desktop\Bets - does pick usually win when bet moves in favor of it.txt
2015-09-28 12:25 - 2015-10-02 01:10 - 00001649 _____ C:\Users\Seldentar\Desktop\MNF NFL betting options.txt
2015-09-28 10:32 - 2015-09-28 11:01 - 00000112 _____ C:\Users\Seldentar\Desktop\Covers forum tracking majority.txt
2015-09-25 17:37 - 2015-10-02 01:10 - 00000995 _____ C:\Users\Seldentar\Desktop\First Impressions NFL Betting Week to Week.txt
2015-09-24 19:23 - 2015-10-02 01:10 - 00000309 _____ C:\Users\Seldentar\Desktop\Bank Roll Bovada NFL and Tennis.txt
2015-09-24 19:04 - 2015-10-02 01:10 - 00000226 _____ C:\Users\Seldentar\Desktop\Draftkings amt of entries note.txt
2015-09-16 22:59 - 2015-09-16 22:59 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P) (3).SC2Replay
2015-09-16 22:59 - 2015-09-16 22:59 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P) (2).SC2Replay
2015-09-16 22:57 - 2015-09-16 22:58 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P) (1).SC2Replay
2015-09-16 22:57 - 2015-09-16 22:57 - 00062771 _____ C:\Users\Seldentar\Downloads\[sc2rep.ru_1442461154]_1x1_Standard(Z)_Pezz(P).SC2Replay
2015-09-14 18:53 - 2015-09-14 18:53 - 00000048 _____ C:\Users\Seldentar\jagex_cl_oldschool_LIVE.dat
2015-09-14 13:46 - 2015-09-14 13:46 - 00321716 _____ C:\Users\Seldentar\Downloads\DFS-Lineup-Generator (2).xlsm
2015-09-14 13:41 - 2015-09-14 13:41 - 00002114 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-14 13:41 - 2015-09-14 13:41 - 00002114 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-14 13:41 - 2015-09-14 13:41 - 00000000 ___RD C:\Users\Seldentar\OneDrive
2015-09-14 13:41 - 2015-09-14 13:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-14 13:41 - 2015-09-14 13:41 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-09-14 13:33 - 2015-09-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-14 13:32 - 2015-09-25 07:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-14 13:31 - 2015-09-14 13:31 - 01102520 _____ (Microsoft Corporation) C:\Users\Seldentar\Downloads\Setup.X86.en-US_O365HomePremRetail_bfddce29-f48e-4205-92fb-b2345caafc72_TX_PR_(1).exe
2015-09-14 13:30 - 2015-09-14 13:30 - 01102520 _____ (Microsoft Corporation) C:\Users\Seldentar\Downloads\Setup.X86.en-US_O365HomePremRetail_bfddce29-f48e-4205-92fb-b2345caafc72_TX_PR_.exe
2015-09-14 13:23 - 2015-09-14 13:23 - 00321716 _____ C:\Users\Seldentar\Downloads\DFS-Lineup-Generator (1).xlsm
2015-09-14 13:09 - 2015-09-14 13:09 - 00321716 _____ C:\Users\Seldentar\Downloads\DFS-Lineup-Generator.xlsm
2015-09-13 10:31 - 2015-09-13 10:31 - 05522014 _____ ( ) C:\Users\Seldentar\Downloads\LD100a_Setup.exe
2015-09-13 10:31 - 2015-09-13 10:31 - 00000744 _____ C:\Users\Seldentar\Desktop\Lineup Dominator.lnk
2015-09-13 10:31 - 2015-09-13 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineupDominator
2015-09-12 11:17 - 2015-09-17 14:00 - 00000023 _____ C:\Users\Seldentar\jagexappletviewer.preferences
2015-09-12 11:17 - 2015-09-12 11:17 - 00000000 ____D C:\.jagex_cache_32
2015-09-12 11:16 - 2015-09-12 11:16 - 00002084 _____ C:\Users\Seldentar\Desktop\RuneScape.lnk
2015-09-12 11:15 - 2015-09-12 11:15 - 24219648 _____ C:\Users\Seldentar\Downloads\RuneScape.msi
2015-09-09 06:54 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-09 06:54 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-09 06:54 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-09 06:54 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-09-09 06:54 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-09 06:54 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-09-09 06:54 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-09 06:54 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-09 06:54 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-09 06:54 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-09-09 06:54 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-09 06:54 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-09 06:54 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-09 06:54 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-09 06:54 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-09 06:54 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-09-09 06:54 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-09-09 06:54 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-09-09 06:54 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-09 06:54 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-09-09 06:54 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-09 06:54 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-09 06:54 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 06:54 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-09 06:54 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-09 06:54 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-09 06:54 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-09 06:54 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-09 06:54 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-09-09 06:54 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-09-09 06:54 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-09 06:54 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-09 06:54 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-09 06:54 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-09 06:54 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-09 06:54 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-09-09 06:54 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-09-09 06:54 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-09 06:54 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-09 06:54 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-09 06:54 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-09-09 06:54 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-09 06:54 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-09 06:54 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 06:54 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-09 06:54 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-09 06:54 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-09 06:54 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-09 06:54 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-09 06:54 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-09 06:54 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-09 06:54 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-09 06:54 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-09-09 06:54 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-09 06:54 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-09 06:54 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-09 06:54 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-09 06:54 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-09 06:54 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-09 06:54 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-09 06:54 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-09 06:54 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-09 06:54 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-09 06:54 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-09 06:54 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-09 06:54 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-09 06:54 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-09 06:54 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-09 06:53 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-09 06:53 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-09 06:53 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-09 06:53 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-09 06:53 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-09 06:53 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-09 06:53 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-09 06:53 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-09 06:53 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-09 06:53 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-09 06:53 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-09 06:53 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-09 06:53 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-09 06:53 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-09 06:53 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-09 06:53 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-09 06:53 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-09 06:53 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-09 06:53 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-09 06:53 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-09 06:53 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-09 06:53 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-09 06:53 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-09 06:53 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-09 06:53 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-09 06:53 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-09 06:53 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-09 06:53 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-09 06:53 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-09 06:53 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-09 06:53 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-09 06:53 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-09 06:53 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-09 06:53 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-09 06:53 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-09 06:53 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-09 06:53 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-09 06:53 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 06:53 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 06:53 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-09 06:53 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-09 06:53 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-09 06:53 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-09 06:52 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-09 06:52 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-09 06:52 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-09 06:52 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-09 06:52 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-09 06:52 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-09 06:52 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-09 06:52 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-09 06:52 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-09 06:52 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-09 06:52 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-09 06:52 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-09 06:52 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-09 06:52 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-09 06:52 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-09 06:52 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-09 06:52 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-09 06:52 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-09 06:52 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-09 06:52 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-09 06:52 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-09 06:52 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-09 06:52 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-09 06:52 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-09 19:11 - 2009-07-13 23:45 - 00031712 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 19:11 - 2009-07-13 23:45 - 00031712 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 19:02 - 2012-09-03 20:50 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 19:02 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-09 18:23 - 2012-08-09 11:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 18:15 - 2015-09-04 09:20 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Yahoo!
2015-10-09 18:15 - 2015-09-04 09:20 - 00000000 ____D C:\Users\Seldentar\AppData\LocalLow\Yahoo!
2015-10-09 18:15 - 2015-09-04 09:19 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-09 17:18 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-10-09 13:34 - 2009-07-14 00:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-10-09 13:31 - 2013-01-15 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-09 12:50 - 2013-04-11 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-09 10:47 - 2015-08-28 13:53 - 00000000 ____D C:\Users\Seldentar\Desktop\liteCam
2015-10-09 10:47 - 2014-12-01 23:11 - 00000000 ____D C:\Users\Seldentar\Desktop\Houdini 2 Chess
2015-10-09 10:47 - 2014-11-29 18:01 - 00000000 ____D C:\Users\Seldentar\Desktop\stockfish-5-win
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\Windows
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\MacOSX
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\Linux
2015-10-09 10:47 - 2014-11-28 15:37 - 00000000 ____D C:\Users\Seldentar\Desktop\Android
2015-10-09 10:47 - 2014-11-28 05:39 - 00000000 ____D C:\Users\Seldentar\Desktop\X86
2015-10-09 10:47 - 2014-11-28 05:39 - 00000000 ____D C:\Users\Seldentar\Desktop\X64
2015-10-09 10:47 - 2014-11-28 05:39 - 00000000 ____D C:\Users\Seldentar\Desktop\Tools
2015-10-09 10:47 - 2013-04-01 16:31 - 00000000 ____D C:\Users\Seldentar\Desktop\Non-Chemtrail Photos
2015-10-09 10:47 - 2013-01-13 19:13 - 00000000 ____D C:\Users\Seldentar\Desktop\samsung
2015-10-09 10:47 - 2012-12-13 15:08 - 00000000 ____D C:\Users\Seldentar\Desktop\Duke Nukem 3D PC
2015-10-09 10:47 - 2012-09-27 19:05 - 00000000 ____D C:\Users\Seldentar\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
2015-10-09 10:47 - 2012-08-28 09:47 - 00000000 ____D C:\Users\Seldentar\Desktop\Govt 1
2015-10-09 10:47 - 2012-08-28 09:47 - 00000000 ____D C:\Users\Seldentar\Desktop\Art Appreciation
2015-10-09 10:47 - 2012-08-08 19:23 - 00000000 ____D C:\Users\Seldentar
2015-10-09 10:47 - 2011-11-02 21:58 - 00000000 ____D C:\Users\Seldentar\Desktop\steevi's Adobe Portable CS6
2015-10-09 09:27 - 2012-08-24 11:54 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2015-10-09 08:30 - 2012-10-16 08:38 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-10-09 01:07 - 2014-07-04 10:58 - 00000000 ____D C:\windows\Minidump
2015-10-09 00:26 - 2015-02-09 22:51 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Octoshape
2015-10-08 23:48 - 2009-07-13 23:45 - 00498056 _____ C:\windows\system32\FNTCACHE.DAT
2015-10-08 23:43 - 2015-03-04 17:34 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2015-10-08 23:10 - 2012-08-09 10:24 - 00000000 ____D C:\Users\Seldentar\Documents\My Games
2015-10-08 22:06 - 2014-07-25 12:05 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Battle.net
2015-10-08 20:05 - 2012-03-15 01:30 - 00000000 ____D C:\Program Files (x86)\MSI
2015-10-08 20:04 - 2012-03-15 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-10-08 19:58 - 2012-08-08 19:23 - 00139120 _____ C:\Users\Seldentar\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-08 04:54 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\system32\GWX
2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-10-07 17:46 - 2015-05-29 19:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-07 13:55 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system
2015-10-07 13:52 - 2002-10-07 13:07 - 00011376 _____ C:\windows\SysWOW64\Drivers\SECDRV.SYS
2015-10-02 09:32 - 2014-03-12 12:32 - 00000000 ____D C:\ProgramData\Oracle
2015-10-02 09:32 - 2014-03-12 12:30 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-02 09:31 - 2014-03-12 12:30 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-02 02:04 - 2012-09-03 20:51 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-02 01:57 - 2012-09-03 20:50 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-02 01:57 - 2012-09-03 20:50 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-02 01:57 - 2012-09-03 20:50 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 11:37 - 2009-07-14 00:13 - 00812192 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-21 23:23 - 2014-11-12 01:23 - 18819272 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-21 23:23 - 2012-08-09 11:18 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 23:23 - 2012-08-09 11:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 23:23 - 2012-03-15 01:41 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-17 14:00 - 2014-03-12 12:34 - 00000024 _____ C:\Users\Seldentar\random.dat
2015-09-17 13:37 - 2014-03-12 12:34 - 00000048 _____ C:\Users\Seldentar\jagex_cl_runescape_LIVE.dat
2015-09-15 18:21 - 2015-08-06 10:45 - 00000000 ____D C:\Program Files (x86)\Overwatch
2015-09-15 16:52 - 2012-09-03 20:50 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Google
2015-09-15 03:01 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-14 18:53 - 2014-03-12 12:34 - 00000000 ____D C:\Users\Seldentar\jagexcache
2015-09-14 13:45 - 2012-03-15 01:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-13 10:31 - 2015-07-28 22:39 - 00000000 ____D C:\FBG
2015-09-10 04:20 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-09-10 03:34 - 2012-03-14 23:06 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 03:34 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-10 03:15 - 2013-08-15 07:01 - 00000000 ____D C:\windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y
2014-10-28 02:15 - 2015-08-31 08:31 - 0017408 _____ () C:\Users\Seldentar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 15:47 - 2012-08-09 15:47 - 0000097 _____ () C:\Users\Seldentar\AppData\Local\fusioncache.dat
2014-05-15 20:31 - 2014-05-15 20:36 - 0007626 _____ () C:\Users\Seldentar\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Seldentar\AppData\Local\Temp\1276.exe
C:\Users\Seldentar\AppData\Local\Temp\Itibiti_Knctr_C.exe
C:\Users\Seldentar\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Seldentar\AppData\Local\Temp\sqlite3.dll
C:\Users\Seldentar\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 11:52
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Seldentar (2015-10-09 19:14:00)
Running from C:\Users\Seldentar\Documents
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-09 00:23:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3984804975-3913061207-2306128548-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3984804975-3913061207-2306128548-1003 - Limited - Enabled)
Guest (S-1-5-21-3984804975-3913061207-2306128548-501 - Limited - Disabled)
Seldentar (S-1-5-21-3984804975-3913061207-2306128548-1001 - Administrator - Enabled) => C:\Users\Seldentar
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AceGain LiveUpdate 1.0 (HKLM-x32\...\AceGain_LiveUpdate) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arasan 17.4 (HKLM-x32\...\Arasan_is1) (Version:  - )
Arena 1.1 / SOS 5.1 for Arena (HKLM-x32\...\Arena_is1) (Version:  - )
Arena 3.5 (HKLM-x32\...\Arena 3.5_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlecraft Vietnam (HKLM-x32\...\Battlecraft Vietnam1.0 BETA) (Version:  - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version:  - )
Battlefield Vietnam™ (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
BFVCC Server Manager (HKLM-x32\...\BFVCC Server Manager1.00_A Beta) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1103.1801 - Micro-Star International Co., Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
Chess Openings Wizard - Express build 56 (HKLM-x32\...\ChessOpeningsWizardExpress_is1) (Version:  - Mike Leahy, Bookup)
Crysis Wars® Patch (HKLM-x32\...\Crysis Wars® Patch) (Version:  - Electronic Arts)
Crysis Wars® Patch (x32 Version: 1.0.5.0 - Crytek) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepJunior12.5UCI (HKLM-x32\...\{E6EF7A33-1AA3-4180-92B5-98B3BB3C7311}) (Version: 1.0.0 - DeepJunior)
DeepJunior13.3 (HKLM-x32\...\{D0F246F5-90C7-446E-B8B3-EDF0D844DFB8}) (Version: 13.0.2 - DeepJunior)
DeepJuniorYokohama (HKLM-x32\...\{12FC15C2-AEE3-404B-AE35-617AF9A23578}) (Version: 13.8.04 - DeepJunior)
DraftDominator Version 16.0e (HKLM-x32\...\DraftDominator_is1) (Version:  - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-7520 Series Printer Uninstall (HKLM\...\EPSON WF-7520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Homer 2.01 (HKLM-x32\...\Homer_is1) (Version: 2.01 - Daniel Mehrmann)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1262 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.)
KLM (x32 Version: 1.0.1112.1901 - Micro-Star International Co., Ltd.) Hidden
LineupDominator Version 10.0a Full (HKLM-x32\...\LineupDominator_is1) (Version:  - )
liteCam HD (HKLM-x32\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.02.0000 - RSUPPORT)
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Software Install (HKLM-x32\...\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}) (Version: 4.0.1105.1701 - Micro-Star International Co., Ltd.)
MSI VGA Overclock Tool (HKLM-x32\...\{95193654-3EF2-4D17-8503-9F80B56D9ED5}) (Version: 12.01.3101 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.8 - )
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PunkBuster for Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.315 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.315 - Qualcomm Atheros) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.90 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
S-Bar (HKLM-x32\...\{39BDC923-826E-4007-8179-50E7C570E545}) (Version: 21.011.11023 - Micro-Star International Co.,Ltd.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Shredder Classic 4 (HKLM-x32\...\{C0FA6973-0ED6-4523-9593-BE50927A28BB}_is1) (Version:  - Stefan Meyer-Kahlen)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarCraft II Public Test (HKLM-x32\...\StarCraft II Public Test) (Version:  - Blizzard Entertainment)
SteelSeries Engine 3.3.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.5 - SteelSeries ApS)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.006 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.01 - Creative Technology Limited)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
30-08-2015 18:10:13 paint.net 4.0.6
01-09-2015 00:52:02 Windows Update
04-09-2015 05:06:15 Windows Update
07-09-2015 13:54:57 Windows Update
10-09-2015 03:00:36 Windows Update
12-09-2015 11:15:36 Installed RuneScape Launcher 1.2.7
15-09-2015 03:00:10 Windows Update
24-09-2015 01:36:02 Scheduled Checkpoint
02-10-2015 02:00:36 Windows Update
03-10-2015 11:50:33 Installed iTunes
06-10-2015 06:55:23 Windows Update
08-10-2015 03:00:10 Windows Update
08-10-2015 20:04:40 Removed Battery Calibration
08-10-2015 21:07:01 Removed GeekBuddy.
08-10-2015 22:39:44 Installed Microsoft Visual C++ 2005 Redistributable
09-10-2015 00:12:15 Removed Windows Live Mesh ActiveX Control for Remote Connections
09-10-2015 00:13:16 Removed Windows Live Mesh ActiveX Control for Remote Connections
09-10-2015 00:17:31 Removed OnePCOptimizer.
09-10-2015 00:18:03 Removed NowUSeeIt Player
09-10-2015 00:23:17 Removed Firebird SQL Server - MAGIX Edition
09-10-2015 00:24:22 Removed Microsoft Visual C++ 2005 Redistributable
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E78F0C3-191C-4C57-823E-5C2782B58D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {1FD41EA4-ABF7-484A-922D-F3692D47E6EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1FE5A816-5FD7-460A-A68F-4B22B54FF7DE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {25AC1F12-E8F4-4137-93FF-FB2C5E209FF9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {39EC52C9-6AAB-4175-AB98-543896109C51} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {481BD43E-BCCD-4C7F-987A-4124BA373142} - System32\Tasks\Cnj8iD3JtyeUUTj => C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe <==== ATTENTION
Task: {597A1BAB-F784-4458-92E1-7EDF333EABE0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {59900237-7856-4525-88D7-676728A2858B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5E3F9D41-2C3E-491B-B1B8-459232CD332C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {8EEED629-C5F2-47E1-A0ED-68E7CF436D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {920D9228-84D2-4E33-9CD7-7940BC7D2BCE} - System32\Tasks\dsphtr1aPKxjbW4lj28icAOm => C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe <==== ATTENTION
Task: {A087BD52-31C6-413B-92BE-7517A1785F64} - System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y => C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.exe <==== ATTENTION
Task: {AFC16E60-410C-4232-AEED-71895CFA5FC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {B25F2F43-61D7-4678-A031-86788F93233F} - System32\Tasks\{3717A831-8B0C-45D6-9A14-03728ADDA9D1} => pcalua.exe -a E:\MPLAYNOW.EXE -d E:\
Task: {BDF21B0A-34C2-4B87-B8EB-C8164A1AF1FA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {C35D1F80-2EB1-4A09-91A7-2162E13BDDF1} - System32\Tasks\HNxSN2cYGwflcw5Iz => C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.exe <==== ATTENTION
Task: {F6DB7248-2E05-49B7-8120-5DCBACD6F0F9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-11] (Microsoft Corporation)
Task: {F7724BD0-826F-4643-9A49-DE730C90DD19} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-29 19:24 - 2015-03-13 14:41 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-03-15 00:57 - 2015-03-13 11:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-14 13:36 - 2015-09-14 13:36 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-14 13:32 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-09 09:05 - 2012-08-09 09:05 - 00066872 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-03-07 23:58 - 2012-03-07 23:58 - 00492032 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 21:46 - 2011-05-09 21:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 21:56 - 2011-05-09 21:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 21:47 - 2011-05-09 21:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2012-03-07 23:58 - 2012-03-07 23:58 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 13:32 - 2011-05-10 13:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 21:48 - 2011-05-09 21:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2015-06-23 14:11 - 2015-06-23 14:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-03-14 23:33 - 2012-01-05 04:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-15 01:33 - 2010-05-04 13:00 - 00237056 _____ () C:\windows\SYSTEM32\APOMgr64.DLL
2015-03-05 13:04 - 2015-03-05 13:04 - 18305024 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2015-03-05 11:44 - 2015-03-05 11:44 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2012-01-31 16:49 - 2012-01-31 16:49 - 00088576 _____ () C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
2015-07-01 11:28 - 2015-07-01 11:28 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 11:28 - 2015-07-01 11:28 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-09 18:24 - 2015-10-09 18:24 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15100901\algo.dll
2015-05-29 19:24 - 2015-03-13 14:41 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-01 11:28 - 2015-07-01 11:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-10-17 15:19 - 2014-10-17 15:19 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-03-15 01:06 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-05-19 21:29 - 2015-05-19 21:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\vizzed.com -> www.vizzed.com
IE trusted site: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: gmsd_us_005010109 => 
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: UpdReg => C:\windows\UpdReg.EXE
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E6CE8CF6-16F3-4FEF-A362-78A16A0C65EE}] => (Allow) LPort=2869
FirewallRules: [{54EBC9EB-5D9C-4A28-9136-49ABBFB440E5}] => (Allow) LPort=1900
FirewallRules: [{EC437C55-3A90-44CA-9EB3-DDC789E34535}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3F28EF11-C423-4876-9A5D-73E379300418}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8F4A8C10-22F6-4734-8D83-E16F025F4972}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{ACF6B380-3F5E-46AD-9794-41C18FE5AC4B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{26DAB7F1-6643-4619-9E91-741D8AF26BDB}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2C44C633-B8AE-4730-A6E9-3466AE4008D8}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{DC961484-FBB0-4324-A563-F30E36EC7867}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{50E6E672-9C39-4AB9-B6E5-A26204A98FEE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B27B977F-AB1D-44C5-99A8-2073368002DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{2A99A5E7-FED8-482B-A2CC-DFDCDFAF3F4D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{190D00DF-A3F9-4CC9-8DDB-A165E9940588}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A66553C4-173B-4446-B34D-43D5D62A5C82}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{28A07607-F89B-4F53-9B73-47AFC32B0245}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [UDP Query User{8279120C-8A88-4170-A2E7-74D77FB0C6FD}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [{0EE49D99-CF84-43D9-BA01-637140B8F557}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1805134D-07B6-42EF-BCA0-9EB47E0F1F53}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9DB1F2A1-2ECA-4592-8955-2378488D911F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A5ED7C8D-0F9F-4BC9-8EF3-99868052C89E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{D76311F6-BCA4-4907-8492-D5FBA085328C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{02E945EC-F457-4A41-B237-82E19C67C402}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{33284878-004A-40B2-AAF5-B5805309C86B}] => (Allow) C:\Program Files (x86)\StarCraft II Public Test\StarCraft II Public Test.exe
FirewallRules: [{5E18F524-5B4C-4E64-931B-AA0378E9E92E}] => (Allow) C:\Program Files (x86)\StarCraft II Public Test\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{84A426A8-DAB4-47E0-85F5-6297E9F36C4C}C:\program files (x86)\starcraft ii public test\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii public test\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{27CD7A87-D9E5-4FAB-89F5-7C101F6BA842}C:\program files (x86)\starcraft ii public test\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii public test\versions\base32283\sc2.exe
FirewallRules: [{8F39AE37-87F8-428C-B3FD-96EBA4EB926C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58E03DA9-6B58-4079-A77F-7F82E3F3A729}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0E20FB61-6A9B-43E5-B877-4C36D10EEB26}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6CF53A09-FFA7-4D7E-BE6A-7B7073D04A05}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E173317D-2157-4175-826A-48FDA9FB4F1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5A44AAE0-9A9A-4BF0-9E42-18782F50A711}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6456DE68-5221-406B-A6CE-560C1486E67F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1CF0B31A-DDD1-4650-8356-8DB0AE86DCC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3B41B7D-B3F3-41F1-8386-7A48D976C55C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F489D8C6-F278-4530-BC8E-299793AFB8F9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C84000A1-8624-49ED-8CEF-36797E820310}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9841D125-747B-468F-B621-90E3FA440B95}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BF95E9E1-2348-4D7B-BE4E-3E834D0CF977}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{B377BECA-9FE5-44C8-8010-9FD85BDA7034}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7A4ECDEC-DB83-4588-A040-FACB75F43B7B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2DDE9115-8CC1-423E-8CCB-B6C0E90C62BF}] => (Allow) C:\Users\Seldentar\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4EF52E07-F561-419D-AC47-F6F6706FA1ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1F2F96C0-AE7F-4E98-8318-F98706A0E4D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71BF6759-C80C-4CC4-8AB5-2F267D81CA44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FA593FB-4B52-4B54-933E-F68007401A69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1C4EDA7-21C6-4D25-BBB2-DB68F6A20214}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D250655-600A-4468-848E-EB1D5784C172}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{590EE428-7D3E-45C5-95F0-89352C8EF41E}] => (Allow) LPort=40000
FirewallRules: [{B7C00CD3-C1A7-4E33-AF7C-3B66447C3D7F}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/09/2015 07:13:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/09/2015 07:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KLM.exe, version: 1.0.1112.1901, time stamp: 0x4eeed613
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xb68
Faulting application start time: 0xKLM.exe0
Faulting application path: KLM.exe1
Faulting module path: KLM.exe2
Report Id: KLM.exe3
 
Error: (10/09/2015 07:06:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KLM.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
Stack:
   at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
   at System.Management.ManagementEventWatcher.Start()
   at KLM.MainWindow.<.ctor>b__0()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/09/2015 07:03:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2015 06:28:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/09/2015 06:19:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KLM.exe, version: 1.0.1112.1901, time stamp: 0x4eeed613
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x1a70
Faulting application start time: 0xKLM.exe0
Faulting application path: KLM.exe1
Faulting module path: KLM.exe2
Report Id: KLM.exe3
 
Error: (10/09/2015 06:19:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KLM.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
Stack:
   at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
   at System.Management.ManagementEventWatcher.Start()
   at KLM.MainWindow.<.ctor>b__0()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/09/2015 06:18:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/09/2015 06:06:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/09/2015 05:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KLM.exe, version: 1.0.1112.1901, time stamp: 0x4eeed613
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x368c
Faulting application start time: 0xKLM.exe0
Faulting application path: KLM.exe1
Faulting module path: KLM.exe2
Report Id: KLM.exe3
 
 
System errors:
=============
Error: (10/09/2015 07:03:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/09/2015 06:18:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/09/2015 06:16:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (10/09/2015 06:16:26 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/09/2015 06:15:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2015 06:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2015 06:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2015 06:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2015 06:15:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2015 06:15:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-08 23:47:19.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:47:19.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:46:58.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:46:58.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:45:52.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:45:51.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:45:51.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:45:51.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:45:51.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-08 23:45:50.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 19%
Total physical RAM: 12184.75 MB
Available physical RAM: 9801.9 MB
Total Virtual: 24367.7 MB
Available Virtual: 21747.08 MB
 
==================== Drives ================================
 
Drive c: (OS_Install) (Fixed) (Total:412.57 GB) (Free:152.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:275.05 GB) (Free:51.87 GB) NTFS
Drive f: (USB20FD) (Removable) (Total:3.73 GB) (Free:2.54 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0305439)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=412.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=275 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:55 PM

Posted 10 October 2015 - 04:08 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction 
    CHR HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Policies\Google: Restriction 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
    SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
    BHO-x32: No Name -> {b8635db9-2694-4837-be3d-4ed3bea8a8ee} ->  No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
    2015-10-08 23:46 - 2015-10-08 23:46 - 00004068 _____ C:\windows\System32\Tasks\dsphtr1aPKxjbW4lj28icAOm
    2015-10-08 23:46 - 2015-10-08 23:46 - 00004054 _____ C:\windows\System32\Tasks\HNxSN2cYGwflcw5Iz
    2015-10-08 23:44 - 2015-10-08 23:54 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\RunDir
    2015-10-08 23:43 - 2015-10-09 08:51 - 00000000 ____D C:\ProgramData\XtXnxI
    2015-10-08 23:42 - 2015-10-08 23:42 - 00004070 _____ C:\windows\System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y
    2015-10-08 23:42 - 2015-10-08 23:42 - 00004050 _____ C:\windows\System32\Tasks\Cnj8iD3JtyeUUTj
    2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ___HD C:\Users\Seldentar\AppData\Local\ZeastOptimiserUn
    2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ____D C:\Users\Seldentar\AppData\Local\ZeastOptimiser
    2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default\AppData\Local\MyBrowser
    2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default User\AppData\Local\MyBrowser
    2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Opera Software
    2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Opera Software
    2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj
    2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm
    2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz
    2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y
    C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe
    Task: {481BD43E-BCCD-4C7F-987A-4124BA373142} - System32\Tasks\Cnj8iD3JtyeUUTj => C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe 
    C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe 
    Task: {920D9228-84D2-4E33-9CD7-7940BC7D2BCE} - System32\Tasks\dsphtr1aPKxjbW4lj28icAOm => C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe 
    C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.exe 
    Task: {A087BD52-31C6-413B-92BE-7517A1785F64} - System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y => C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.exe 
     C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.exe 
    Task: {C35D1F80-2EB1-4A09-91A7-2162E13BDDF1} - System32\Tasks\HNxSN2cYGwflcw5Iz => C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.exe 
    CreateRestorePoint:
    EmptyTemp:
     
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 NinjaNight

NinjaNight
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 10 October 2015 - 12:34 PM

Step 1:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-10-2015

Ran by Seldentar (2015-10-10 09:52:54) Run:1
Running from C:\Users\Seldentar\Documents
Loaded Profiles: Seldentar (Available Profiles: Seldentar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction 
CHR HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Policies\Google: Restriction 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
BHO-x32: No Name -> {b8635db9-2694-4837-be3d-4ed3bea8a8ee} ->  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
2015-10-08 23:46 - 2015-10-08 23:46 - 00004068 _____ C:\windows\System32\Tasks\dsphtr1aPKxjbW4lj28icAOm
2015-10-08 23:46 - 2015-10-08 23:46 - 00004054 _____ C:\windows\System32\Tasks\HNxSN2cYGwflcw5Iz
2015-10-08 23:44 - 2015-10-08 23:54 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\RunDir
2015-10-08 23:43 - 2015-10-09 08:51 - 00000000 ____D C:\ProgramData\XtXnxI
2015-10-08 23:42 - 2015-10-08 23:42 - 00004070 _____ C:\windows\System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y
2015-10-08 23:42 - 2015-10-08 23:42 - 00004050 _____ C:\windows\System32\Tasks\Cnj8iD3JtyeUUTj
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ___HD C:\Users\Seldentar\AppData\Local\ZeastOptimiserUn
2015-10-08 23:42 - 2015-10-08 23:42 - 00000000 ____D C:\Users\Seldentar\AppData\Local\ZeastOptimiser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default\AppData\Local\MyBrowser
2015-10-08 23:40 - 2015-10-08 23:40 - 00000000 ____D C:\Users\Default User\AppData\Local\MyBrowser
2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Opera Software
2015-10-08 23:39 - 2015-10-08 23:41 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Opera Software
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj
2015-04-19 07:20 - 2015-04-19 07:20 - 0005872 _____ () C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y
C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe
Task: {481BD43E-BCCD-4C7F-987A-4124BA373142} - System32\Tasks\Cnj8iD3JtyeUUTj => C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe 
C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe 
Task: {920D9228-84D2-4E33-9CD7-7940BC7D2BCE} - System32\Tasks\dsphtr1aPKxjbW4lj28icAOm => C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe 
C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.exe 
Task: {A087BD52-31C6-413B-92BE-7517A1785F64} - System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y => C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.exe 
 C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.exe 
Task: {C35D1F80-2EB1-4A09-91A7-2162E13BDDF1} - System32\Tasks\HNxSN2cYGwflcw5Iz => C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.exe 
CreateRestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{542AC1D8-8750-4499-BE75-BC166CFEDA63}" => key removed successfully
HKCR\CLSID\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8635db9-2694-4837-be3d-4ed3bea8a8ee}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b8635db9-2694-4837-be3d-4ed3bea8a8ee} => key not found. 
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\wlmailhtml" => key removed successfully
HKCR\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0} => key not found. 
"HKCR\PROTOCOLS\Handler\wlpg" => key removed successfully
HKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found. 
C:\windows\System32\Tasks\dsphtr1aPKxjbW4lj28icAOm => moved successfully
C:\windows\System32\Tasks\HNxSN2cYGwflcw5Iz => moved successfully
C:\Users\Seldentar\AppData\Roaming\RunDir => moved successfully
C:\ProgramData\XtXnxI => moved successfully
C:\windows\System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y => moved successfully
C:\windows\System32\Tasks\Cnj8iD3JtyeUUTj => moved successfully
C:\Users\Seldentar\AppData\Local\ZeastOptimiserUn => moved successfully
C:\Users\Seldentar\AppData\Local\ZeastOptimiser => moved successfully
C:\Users\Default\AppData\Local\MyBrowser => moved successfully
"C:\Users\Default User\AppData\Local\MyBrowser" => File/Folder not found.
C:\Users\Seldentar\AppData\Roaming\Opera Software => moved successfully
C:\Users\Seldentar\AppData\Local\Opera Software => moved successfully
C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj => moved successfully
C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm => moved successfully
C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz => moved successfully
C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y => moved successfully
"C:\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{481BD43E-BCCD-4C7F-987A-4124BA373142}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{481BD43E-BCCD-4C7F-987A-4124BA373142}" => key removed successfully
C:\windows\System32\Tasks\Cnj8iD3JtyeUUTj => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cnj8iD3JtyeUUTj" => key removed successfully
"C:\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{920D9228-84D2-4E33-9CD7-7940BC7D2BCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{920D9228-84D2-4E33-9CD7-7940BC7D2BCE}" => key removed successfully
C:\windows\System32\Tasks\dsphtr1aPKxjbW4lj28icAOm => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dsphtr1aPKxjbW4lj28icAOm" => key removed successfully
"C:\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A087BD52-31C6-413B-92BE-7517A1785F64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A087BD52-31C6-413B-92BE-7517A1785F64}" => key removed successfully
C:\windows\System32\Tasks\mi5IANkTGDPIk0uZKfqkrjR9Y => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mi5IANkTGDPIk0uZKfqkrjR9Y" => key removed successfully
"C:\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C35D1F80-2EB1-4A09-91A7-2162E13BDDF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C35D1F80-2EB1-4A09-91A7-2162E13BDDF1}" => key removed successfully
C:\windows\System32\Tasks\HNxSN2cYGwflcw5Iz => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HNxSN2cYGwflcw5Iz" => key removed successfully
Restore point was successfully created.
EmptyTemp: => 744.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 09:53:45 ====
 
 
Step 2:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8d76583dfa1f144fbf7fd5cc243e6e1b
# end=init
# utc_time=2015-10-10 02:59:18
# local_time=2015-10-10 09:59:18 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26174
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8d76583dfa1f144fbf7fd5cc243e6e1b
# end=updated
# utc_time=2015-10-10 03:04:07
# local_time=2015-10-10 10:04:07 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8d76583dfa1f144fbf7fd5cc243e6e1b
# engine=26174
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-10 04:51:30
# local_time=2015-10-10 11:51:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 6524469 207994780 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 196039340 0 0
# scanned=264033
# found=15
# cleaned=0
# scan_time=6442
sh=6E86B5DE0D34DF389566ED91A6B9E21388C8AA6C ft=1 fh=f8071e5ef317d666 vn="a variant of Win32/Kryptik.DZZR trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Seldentar\AppData\Roaming\newSI_42074\proxy.exe.vir"
sh=28D2734065C5CEA30776CBFCA1CDA6AAD646D788 ft=1 fh=584220f2e754503b vn="a variant of Win32/Kryptik.DZZR trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Seldentar\AppData\Roaming\newSI_42074\s_inst.exe.vir"
sh=50DFCB22F76C557002CB26195D0942F75CA106C6 ft=1 fh=988799caa740a559 vn="a variant of Win32/Agent.RLD trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SELDEN~1\AppData\Local\Temp\wizz\ioprotect.txt.vir"
sh=DAC709B5E008F210478B919F1472D52361AB450E ft=1 fh=0750c33383e298e8 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysNative\roboot64.exe.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Seldentar\AppData\Roaming\Cnj8iD3JtyeUUTj.xBAD"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Seldentar\AppData\Roaming\dsphtr1aPKxjbW4lj28icAOm.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Seldentar\AppData\Roaming\HNxSN2cYGwflcw5Iz.xBAD"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Seldentar\AppData\Roaming\mi5IANkTGDPIk0uZKfqkrjR9Y.xBAD"
sh=B289C53DBB01232884364F964E8A5BCCDFBCE00A ft=1 fh=20604ce9407285e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Share\disktop foler\ccsetup310.exe"
sh=BBFFE3BF15DB964D128DCD110E173313A092DBE4 ft=1 fh=1cf1a13267bfc299 vn="a variant of Win32/DownloadGuide.D potentially unwanted application" ac=I fn="C:\Users\Seldentar\Downloads\3DMEditor2_alpha_win32.7z.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Seldentar\Downloads\ccsetup408.exe"
sh=2B2F94317FCB633C263EF498550FD417AAB82BD7 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.ACZ potentially unwanted application" ac=I fn="C:\Users\Seldentar\Downloads\installer.zip"
sh=BFD209AB29F78D10E345C49DB8060B8CFA7639DB ft=1 fh=838a06d6bd6e47bb vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="C:\Users\Seldentar\Downloads\Total Annihilation 3D - CHIP-Installer.exe"
sh=056193A93A3C6166D57AF818BC5BE809E4EA0467 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.JW potentially unwanted application" ac=I fn="C:\Users\Seldentar\Downloads\Total Annihilation Downloader.rar"
sh=27928B47F6AE55D8154132B69A76E52E0038ABB3 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.IX potentially unwanted application" ac=I fn="C:\Users\Seldentar\Downloads\total+annihilation+kingdo.ace"


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:55 PM

Posted 10 October 2015 - 12:39 PM

This looks good indeed. The stuff that ESET has found is already in quarantine or just some downloads, but no more active malware. :)


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 NinjaNight

NinjaNight
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 10 October 2015 - 01:44 PM

Nice! I haven't noticed any problems anymore - everything is running smoothly so far.



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:55 PM

Posted 10 October 2015 - 02:28 PM

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

Adobe Reader X
Java 8 Update 51



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 NinjaNight

NinjaNight
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 10 October 2015 - 04:05 PM

Awesome, thanks again for all your help I'm really impressed with how thorough and quick your replies were  :thumbsup2: . A+



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:55 PM

Posted 11 October 2015 - 05:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users