Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus Windows 7, seems to be destroying my operating system


  • This topic is locked This topic is locked
24 replies to this topic

#1 SinisterTechnique

SinisterTechnique

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 January 2016 - 04:30 PM

I first noticed the malware a couple days ago about 5-10 minutes after downloading a chess engine called Thinker and opening it in a chess GUI called Arena. I had scanned the folder containing the engine with Avast before using it, but it said no threats detected. Earlier today I found a site called virustotal.com which scans a file on your computer with something like 53 different antivirus programs including Kaspersky, NANO, Malwarebytes, etc, etc. and all of the programs said it was clean except one called "ByteHero" which says it detects "Virus.Win32.Part.j". Anyway as I said earlier I noticed the malware 5-10 minutes after opening the engine in Arena when all of a sudden a page in my browser popped up for no reason, and soon after my screen turned into the screen that shows all users on your computer when windows loads. I immediately knew I had been infected and turned off my wireless connection and turned off the computer. When I restarted upon bootup I could immediately see weird things happening caused by the virus (I don't remember what was happening, it doesn't happen now). When I logged back into my user, I started task manager and saw a couple of the same or very similar thing under processes (again I don't remember what it was, but in the description I think it said something about "server") when I tried to end task it generated a blue screen. I tried to go into safe mode and run avast and malwarebytes to scan my computer, but the virus was doing something even in safe mode that prevented me from opening them. Then I restarted my computer again and went into the "Directory services restore mode" and from there I was able to run a malware bytes scan and open avast but when I tried to scan with avast it said "no endpoints available." The malware bytes scan only found 27 potentially unwanted programs, it couldn't see the virus somehow. Yesterday I was very busy so I left my computer alone all day with the internet disabled. Today I backed up all my files from the "Directory services restore mode" and I'm ready to work on this with your assistance. I noticed now if I go into the regular safe mode the virus doesn't do anything noticeable anymore and I don't see anything in the task manager processes. I ran a normal startup and at first everything seemed fine, again nothing weird in the task manager processes, but after about 10 minutes my normal windows blue background turned into a pure black background and at the bottom right of my desktop was written across 3 separate lines: "Windows 7... Build 7601... This copy of windows is not genuine." When I went into Control Panel -> System the bottom said "Status not available" under Windows Activation. So it seems to have been destroying my OS. During this time I had temporarily turned my internet back on to try to download ByteHero, but didn't find a working link. I turned the internet back off when I noticed the background had changed to black. Note: I'm not sure if you care about these details but I'm trying to be as detailed as I can accurately remember in case you do. Now here we are... I've just run the First scan and waiting for your response.

 

Here's the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Seldentar (administrator) on ALYARIS (23-01-2016 14:27:34)
Running from C:\Users\Seldentar\Documents
Loaded Profiles: Seldentar (Available Profiles: Seldentar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHDA.EXE
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Extract without confirmation\arena_3.5.1\Arena.exe
() C:\Extract without confirmation\Thinker_54D_UCI (2)\Thinker 5.4D UCI\X64\Thinker Active MP x64\(Active)Thinker_64-bit.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-03-13] (NVIDIA Corporation)
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-23] (AVAST Software)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AceGain LiveUpdate] => C:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe [417792 2003-12-31] ()
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\a2ead791-e4fe-4630-896e-3f24f7d5b076.exe [168336 2016-01-23] (AVAST Software)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\Run: [EPLTarget\P0000000000000002] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHDA.EXE [241280 2013-03-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: {dc74abcd-b653-11e1-9616-806e6f6e6963} - E:\Autorun.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-23] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-04-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9829448E-3B2A-415F-8BEC-B14154951D46}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> DefaultScope {F2DE676E-FE2C-4E02-8BF9-3C86097BA191} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {F2DE676E-FE2C-4E02-8BF9-3C86097BA191} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-23] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-23] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-23] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Yahoo Web
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-01]
FF Extension: Adblock Plus - C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-03]
CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2015-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-15]
CHR Extension: (Google Search) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-03]
CHR Extension: (Avast Online Security) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-07]
CHR Extension: (Reddit PGN viewer.) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hplecpnihkigeaiobbmfnfblepiadjdh [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Seldentar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-03]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-23] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-01-23] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-03-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-02] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-16] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-03-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-03-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2012-08-09] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-07] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [568512 2014-02-25] (Valve Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2016-01-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-23] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2016-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-23] (AVAST Software)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-07] (Bigfoot Networks, Inc.)
U0 brcoe; C:\Windows\System32\drivers\uuhdh.sys [79064 2016-01-23] (Malwarebytes)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-07] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [40104 2015-03-09] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-10-07] () [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [25088 2015-01-27] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [42568 2015-02-26] (SteelSeries ApS)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S0 fhxp; System32\drivers\hvkmy.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-23 14:27 - 2016-01-23 14:27 - 00028333 _____ C:\Users\Seldentar\Documents\FRST.txt
2016-01-23 14:27 - 2016-01-23 14:27 - 00000000 ____D C:\FRST
2016-01-23 12:57 - 2016-01-23 12:57 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\uuhdh.sys
2016-01-23 12:44 - 2016-01-23 12:45 - 01359286 _____ C:\Users\Seldentar\Downloads\Thinker_54D_UCI (2).zip
2016-01-23 11:54 - 2016-01-23 11:54 - 00003030 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1453571685
2016-01-23 11:54 - 2016-01-23 11:54 - 00001049 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-23 11:54 - 2016-01-23 11:54 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-23 11:51 - 2016-01-23 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-23 11:50 - 2016-01-23 11:50 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2016-01-23 11:50 - 2016-01-23 11:50 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-01-23 11:50 - 2016-01-23 11:50 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2016-01-23 11:50 - 2016-01-23 11:50 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-01-23 11:28 - 2016-01-23 11:28 - 00003352 ____N C:\bootsqm.dat
2016-01-23 11:26 - 2016-01-23 11:26 - 00000000 __SHD C:\found.001
2016-01-23 09:06 - 2016-01-23 13:54 - 00001184 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-23 09:06 - 2016-01-23 13:54 - 00001184 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-23 09:06 - 2016-01-23 09:06 - 00000552 _____ C:\windows\system32\spsys.log
2016-01-22 16:01 - 2016-01-22 21:51 - 00000000 ____D C:\Users\Seldentar\Desktop\SC2 replays
2016-01-22 08:32 - 2016-01-23 11:03 - 00006920 _____ C:\windows\system32\PerfStringBackup.TMP
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\ProgramData\Avira
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-20 21:10 - 2016-01-20 21:10 - 00273304 _____ C:\windows\Minidump\012016-23524-01.dmp
2016-01-20 20:25 - 2016-01-20 20:25 - 01359286 _____ C:\Users\Seldentar\Downloads\Thinker_54D_UCI (1).zip
2016-01-20 12:10 - 2016-01-20 12:10 - 00000000 ____D C:\Users\Seldentar\AppData\Local\LEGO
2016-01-20 12:09 - 2016-01-20 12:09 - 00000000 ____D C:\ProgramData\IVI Foundation
2016-01-20 12:09 - 2016-01-20 12:09 - 00000000 ____D C:\Program Files (x86)\IVI Foundation
2016-01-20 12:08 - 2016-01-20 12:08 - 00000000 ____D C:\Users\Seldentar\Documents\LEGO Creations
2016-01-20 12:08 - 2016-01-20 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS EV3 Home Edition
2016-01-20 12:08 - 2016-01-20 12:08 - 00000000 ____D C:\Program Files (x86)\LEGO Software
2016-01-20 12:07 - 2016-01-20 12:08 - 00000000 ____D C:\Program Files (x86)\National Instruments
2016-01-20 12:07 - 2016-01-20 12:07 - 00000000 ____D C:\ProgramData\LEGO MINDSTORMS EV3
2016-01-20 12:06 - 2016-01-20 12:09 - 00000000 ____D C:\ProgramData\National Instruments
2016-01-20 11:59 - 2016-01-20 12:03 - 659595736 _____ (The LEGO Group) C:\Users\Seldentar\Downloads\LMS-EV3-WIN32-ENUS-01-01-01-full-setup.exe
2016-01-20 11:55 - 2016-01-20 11:59 - 695109632 _____ C:\Users\Seldentar\Downloads\MINDSTORMS NXT Retail MacWin.iso
2016-01-19 21:22 - 2016-01-19 21:22 - 03357982 _____ C:\Users\Seldentar\Downloads\Bin_Files.zip
2016-01-18 18:36 - 2016-01-18 18:36 - 00000000 ____D C:\DR
2016-01-17 21:18 - 2016-01-17 21:18 - 00000086 _____ C:\Users\Seldentar\Documents\Semper vs Snute.txt
2016-01-17 16:12 - 2016-01-17 16:35 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Firestorm
2016-01-17 16:12 - 2016-01-17 16:14 - 00000000 ____D C:\Users\Seldentar\AppData\Local\FirestormOS
2016-01-17 16:10 - 2016-01-17 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FirestormOS-Release
2016-01-17 16:10 - 2016-01-17 16:10 - 00000000 ____D C:\Program Files (x86)\FirestormOS-Release
2016-01-17 16:06 - 2016-01-17 16:07 - 47763952 _____ C:\Users\Seldentar\Downloads\Phoenix-FirestormOS-Release-4-7-5-47975_Setup.exe
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\npm
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2016-01-15 20:36 - 2016-01-15 20:36 - 00000000 ____D C:\Program Files\nodejs
2016-01-15 20:34 - 2016-01-15 20:34 - 10309632 _____ C:\Users\Seldentar\Downloads\node-v4.2.4-x64.msi
2016-01-15 20:11 - 2016-01-15 20:11 - 00055047 _____ C:\Users\Seldentar\Downloads\AgarBot.user.js
2016-01-15 16:00 - 2016-01-18 09:41 - 00000000 ____D C:\Users\Seldentar\AppData\Local\SecondLife
2016-01-15 16:00 - 2016-01-15 16:00 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\SecondLife
2016-01-15 16:00 - 2016-01-15 16:00 - 00000000 ____D C:\Users\Seldentar\AppData\Local\CEF
2016-01-15 15:59 - 2016-01-15 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2016-01-15 15:58 - 2016-01-15 15:59 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2016-01-15 15:57 - 2016-01-15 15:57 - 52191576 _____ C:\Users\Seldentar\Downloads\Second_Life_4_0_1_310054_i686_Setup.exe
2016-01-15 14:59 - 2016-01-15 14:59 - 01135496 _____ C:\Users\Seldentar\Downloads\Komodo 9 Chess Engine.cab
2016-01-14 23:26 - 2016-01-14 23:27 - 04598321 _____ C:\Users\Seldentar\Downloads\numpy-1.10.4.zip
2016-01-14 23:16 - 2016-01-14 23:17 - 87891968 _____ C:\Users\Seldentar\Downloads\VCForPython27.msi
2016-01-14 23:14 - 2016-01-14 23:14 - 00837844 _____ C:\Users\Seldentar\Downloads\PIL-1.1.7.win32-py2.7.exe
2016-01-14 21:41 - 2016-01-14 21:41 - 09181408 _____ (Bookup Corp. ) C:\Users\Seldentar\Downloads\ChessOpeningsWizardExpressSetup (1).exe
2016-01-13 10:13 - 2015-12-23 17:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-01-13 10:13 - 2015-12-23 16:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-01-13 10:13 - 2015-12-12 12:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-13 10:13 - 2015-12-12 12:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-01-13 10:13 - 2015-12-12 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-01-13 10:13 - 2015-12-12 12:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-01-13 10:13 - 2015-12-12 12:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-01-13 10:13 - 2015-12-12 12:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-13 10:13 - 2015-12-12 12:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-01-13 10:13 - 2015-12-12 12:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-01-13 10:13 - 2015-12-12 12:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-01-13 10:13 - 2015-12-12 12:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-13 10:13 - 2015-12-12 12:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-01-13 10:13 - 2015-12-12 12:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-01-13 10:13 - 2015-12-12 12:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-01-13 10:13 - 2015-12-12 12:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-13 10:13 - 2015-12-12 12:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-13 10:13 - 2015-12-12 12:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-01-13 10:13 - 2015-12-12 12:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-01-13 10:13 - 2015-12-12 12:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-01-13 10:13 - 2015-12-12 11:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-01-13 10:13 - 2015-12-12 11:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-01-13 10:13 - 2015-12-12 11:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-01-13 10:13 - 2015-12-12 11:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 10:13 - 2015-12-12 11:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-01-13 10:13 - 2015-12-12 11:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-13 10:13 - 2015-12-12 11:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-13 10:13 - 2015-12-12 11:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-01-13 10:13 - 2015-12-12 11:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-01-13 10:13 - 2015-12-12 11:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-01-13 10:13 - 2015-12-12 11:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-01-13 10:13 - 2015-12-12 11:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-01-13 10:13 - 2015-12-12 11:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-01-13 10:13 - 2015-12-12 11:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-01-13 10:13 - 2015-12-12 11:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-01-13 10:13 - 2015-12-12 11:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-01-13 10:13 - 2015-12-12 11:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-01-13 10:13 - 2015-12-12 11:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-13 10:13 - 2015-12-12 11:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-01-13 10:13 - 2015-12-12 11:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-01-13 10:13 - 2015-12-12 11:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-01-13 10:13 - 2015-12-12 11:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-13 10:13 - 2015-12-12 11:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-01-13 10:13 - 2015-12-12 11:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-01-13 10:13 - 2015-12-12 11:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-01-13 10:13 - 2015-12-12 11:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-01-13 10:13 - 2015-12-12 11:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-13 10:13 - 2015-12-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 10:13 - 2015-12-12 11:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-01-13 10:13 - 2015-12-12 11:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-01-13 10:13 - 2015-12-12 11:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-01-13 10:13 - 2015-12-12 11:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-13 10:13 - 2015-12-12 11:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-01-13 10:13 - 2015-12-12 11:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-13 10:13 - 2015-12-12 11:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-01-13 10:13 - 2015-12-12 11:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-13 10:13 - 2015-12-12 11:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-01-13 10:13 - 2015-12-12 11:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-01-13 10:13 - 2015-12-12 11:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-13 10:13 - 2015-12-12 10:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-13 10:13 - 2015-12-12 10:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-13 10:13 - 2015-12-12 10:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-13 10:13 - 2015-12-12 10:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-13 10:13 - 2015-12-12 10:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-13 10:13 - 2015-12-11 12:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-13 10:13 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 10:13 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-13 10:13 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-13 10:13 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-13 10:13 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-13 10:13 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-13 10:13 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-13 10:13 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-13 10:13 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-13 10:13 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-13 10:13 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-13 10:13 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-13 10:13 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-13 10:13 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-13 10:13 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-13 10:13 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-13 10:13 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-13 10:13 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-13 10:13 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-13 10:13 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-13 10:13 - 2015-12-08 11:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-01-13 10:13 - 2015-11-16 19:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-13 10:13 - 2015-11-16 19:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-13 10:13 - 2015-11-16 19:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-13 10:13 - 2015-11-16 19:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-13 10:13 - 2015-11-16 19:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-13 10:13 - 2015-11-16 19:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-13 10:13 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-13 10:13 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-13 10:13 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-13 10:13 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-13 10:13 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-13 10:13 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-13 10:13 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-13 10:12 - 2015-12-30 13:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-13 10:12 - 2015-12-30 13:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-13 10:12 - 2015-12-30 13:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-01-13 10:12 - 2015-12-30 13:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-13 10:12 - 2015-12-30 13:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-01-13 10:12 - 2015-12-30 13:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-01-13 10:12 - 2015-12-30 13:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-01-13 10:12 - 2015-12-30 13:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-01-13 10:12 - 2015-12-30 13:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-01-13 10:12 - 2015-12-30 13:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-01-13 10:12 - 2015-12-30 13:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-01-13 10:12 - 2015-12-30 13:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-01-13 10:12 - 2015-12-30 12:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-01-13 10:12 - 2015-12-30 12:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-13 10:12 - 2015-12-30 12:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-01-13 10:12 - 2015-12-30 12:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-13 10:12 - 2015-12-30 12:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-01-13 10:12 - 2015-12-30 12:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-01-13 10:12 - 2015-12-30 12:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-01-13 10:12 - 2015-12-30 12:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-01-13 10:12 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-01-13 10:12 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-01-13 10:12 - 2015-12-30 12:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-01-13 10:12 - 2015-12-30 12:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-01-13 10:12 - 2015-12-30 12:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-01-13 10:12 - 2015-12-30 12:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-01-13 10:12 - 2015-12-30 12:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-13 10:12 - 2015-12-30 12:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-01-13 10:12 - 2015-12-30 12:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-01-13 10:12 - 2015-12-30 12:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-13 10:12 - 2015-12-30 12:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-01-13 10:12 - 2015-12-30 12:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-01-13 10:12 - 2015-12-30 12:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-01-13 10:12 - 2015-12-30 12:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 11:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-01-13 10:12 - 2015-12-30 11:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-01-13 10:12 - 2015-12-30 11:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-01-13 10:12 - 2015-12-30 11:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-01-13 10:12 - 2015-12-30 11:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-13 10:12 - 2015-12-30 11:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-01-13 10:12 - 2015-12-30 11:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-13 10:12 - 2015-12-30 11:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-01-13 10:12 - 2015-12-30 11:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-01-13 10:12 - 2015-12-30 11:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-01-13 10:12 - 2015-12-30 11:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-01-13 10:12 - 2015-12-30 11:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-01-13 10:12 - 2015-12-30 11:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-01-13 10:12 - 2015-12-30 11:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-01-13 10:12 - 2015-12-30 11:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 11:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 11:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 10:12 - 2015-12-30 11:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 10:58 - 2016-01-12 10:58 - 03329080 _____ (Blizzard Entertainment) C:\Users\Seldentar\Downloads\StarCraft-II-Setup.exe
2016-01-12 10:08 - 2016-01-12 10:08 - 01018957 _____ C:\Users\Seldentar\Downloads\pyagar-develop.zip
2016-01-11 23:07 - 2016-01-23 11:47 - 00000000 ____D C:\Python27
2016-01-11 23:07 - 2016-01-11 23:07 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-01-11 23:05 - 2016-01-11 23:05 - 19382272 _____ C:\Users\Seldentar\Downloads\python-2.7.10.amd64 (1).msi
2016-01-11 22:41 - 2016-01-11 22:41 - 00685496 _____ C:\Users\Seldentar\Downloads\setuptools-19.2.zip
2016-01-11 22:20 - 2016-01-11 22:20 - 00189016 _____ C:\Users\Seldentar\Downloads\pyagar-0.0.7.tar.gz
2016-01-11 21:12 - 2016-01-11 21:12 - 00000000 ____D C:\Users\Seldentar\AppData\Local\YSearchUtil
2016-01-11 21:09 - 2016-01-11 21:09 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-11 21:09 - 2016-01-11 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-11 21:09 - 2016-01-11 21:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-11 21:07 - 2016-01-11 21:07 - 00584288 _____ (Oracle Corporation) C:\Users\Seldentar\Downloads\chromeinstall-8u66 (1).exe
2016-01-11 21:05 - 2016-01-11 21:05 - 00036881 _____ C:\Users\Seldentar\Downloads\Agar.io-bot-master.zip
2016-01-10 18:08 - 2016-01-10 18:08 - 05767536 _____ C:\Users\Seldentar\Downloads\MeetMongo.mp4
2016-01-10 17:10 - 2016-01-10 17:10 - 00140227 _____ C:\Users\Seldentar\Downloads\ASEE Scoring Sp14.xlsx
2016-01-10 11:28 - 2016-01-10 11:28 - 00002415 _____ C:\Users\Seldentar\Documents\hopeyouguessmyname.txt
2016-01-09 20:15 - 2016-01-09 20:15 - 00000022 _____ C:\Users\Seldentar\Documents\Mom and dad.txt
2016-01-08 19:21 - 2016-01-08 19:24 - 00000480 _____ C:\Users\Seldentar\Documents\Possible classes Collin College.txt
2016-01-07 20:37 - 2016-01-07 20:37 - 05864921 _____ C:\Users\Seldentar\Downloads\Tomcat_Opening_For_Arena_March_2012.zip
2016-01-07 17:50 - 2016-01-07 17:50 - 08640995 _____ C:\Users\Seldentar\Downloads\Automate_the_Boring_Stuff_onlinematerials (5).zip
2016-01-07 17:49 - 2016-01-07 17:50 - 08640995 _____ C:\Users\Seldentar\Downloads\Automate_the_Boring_Stuff_onlinematerials (4).zip
2016-01-06 14:03 - 2016-01-06 14:04 - 206966783 _____ C:\Users\Seldentar\Downloads\ADS-B_Docs-8-3-2015.zip
2016-01-04 11:46 - 2016-01-04 11:48 - 02249054 _____ C:\Users\Seldentar\Downloads\icsdroneng-0.28-windows.zip
2016-01-04 11:19 - 2016-01-04 11:27 - 00000918 _____ C:\Users\Seldentar\Documents\GMlucifer vs Stockfish7 1_4_16.pgn
2016-01-04 02:55 - 2016-01-04 02:55 - 00000985 _____ C:\Users\Seldentar\Documents\Stockfish7 vs GMlucifer.pgn
2016-01-03 18:47 - 2016-01-03 18:54 - 00000000 ____D C:\Users\Seldentar\Documents\Tarrasch
2016-01-03 18:47 - 2016-01-03 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tarrasch
2016-01-03 18:47 - 2016-01-03 18:47 - 00000000 ____D C:\Program Files (x86)\Tarrasch
2016-01-03 18:46 - 2016-01-03 18:46 - 04655736 _____ (Triple Happy Ltd. ) C:\Users\Seldentar\Downloads\setup-tarrasch-v2.03b.exe
2016-01-03 16:23 - 2016-01-03 16:23 - 01388400 _____ C:\Users\Seldentar\Downloads\komodo-7.zip
2016-01-03 12:36 - 2016-01-03 12:37 - 18199132 _____ C:\Users\Seldentar\Downloads\arena_3.5.1.zip
2016-01-03 12:16 - 2016-01-03 12:16 - 01556392 _____ C:\Users\Seldentar\Downloads\stockfish-7-win.zip
2016-01-03 10:52 - 2016-01-03 10:52 - 00603455 _____ C:\Users\Seldentar\Downloads\Nirvanachess 2.2.rar
2016-01-03 10:50 - 2016-01-03 10:50 - 01161457 _____ C:\Users\Seldentar\Downloads\critter_1.6a_win.zip
2016-01-03 10:50 - 2016-01-03 10:50 - 00846062 _____ C:\Users\Seldentar\Downloads\Gull 3.zip
2016-01-03 10:43 - 2016-01-03 10:44 - 00323295 _____ C:\Users\Seldentar\Downloads\Fire_4.rar
2016-01-02 23:19 - 2016-01-02 23:19 - 00774688 _____ C:\Users\Seldentar\Downloads\Equinox 3.20-x64.rar
2016-01-02 23:14 - 2016-01-03 13:47 - 00000000 ____D C:\Users\Seldentar\Documents\Virtual Machines
2016-01-02 23:10 - 2016-01-18 12:56 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\VMware
2016-01-02 23:10 - 2016-01-18 12:55 - 00000000 ____D C:\Users\Seldentar\AppData\Local\VMware
2016-01-02 23:02 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2016-01-02 23:02 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2016-01-02 23:02 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys
2016-01-02 23:02 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll
2016-01-02 23:02 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll
2016-01-02 23:01 - 2016-01-02 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-01-02 23:01 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll
2016-01-02 23:01 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2016-01-02 23:01 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2016-01-02 23:01 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys
2016-01-02 23:00 - 2016-01-23 11:54 - 00000000 ____D C:\ProgramData\VMware
2016-01-02 23:00 - 2016-01-02 23:00 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-01-02 23:00 - 2016-01-02 23:00 - 00000000 ____D C:\Program Files (x86)\VMware
2016-01-02 22:41 - 2016-01-02 23:00 - 68999248 _____ C:\Users\Seldentar\Downloads\kali-linux-2.0-i386.iso
2016-01-02 22:07 - 2016-01-02 22:56 - 73121952 _____ (VMware, Inc.) C:\Users\Seldentar\Downloads\VMware-player-12.1.0-3272444.exe
2016-01-02 14:24 - 2016-01-02 14:24 - 00000000 ____D C:\Users\Seldentar\AppData\Local\PwnAdventure3
2016-01-02 13:06 - 2016-01-02 13:06 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\.mono
2016-01-02 13:05 - 2016-01-02 13:05 - 10932222 _____ C:\Users\Seldentar\Downloads\PwnAdventure3_Launcher_Windows.zip
2016-01-01 23:11 - 2016-01-01 23:11 - 01513925 _____ C:\Users\Seldentar\Downloads\stockfish-6-win.zip
2016-01-01 22:31 - 2016-01-01 22:31 - 00167491 _____ C:\Users\Seldentar\Downloads\Fischer.zip
2016-01-01 22:29 - 2016-01-01 22:29 - 00408166 _____ C:\Users\Seldentar\Downloads\Carlsen.zip
2016-01-01 22:26 - 2016-01-01 22:26 - 00332825 _____ C:\Users\Seldentar\Downloads\Alekhine.zip
2016-01-01 22:22 - 2016-01-01 22:22 - 00592784 _____ C:\Users\Seldentar\Downloads\Adams.zip
2015-12-31 14:38 - 2015-12-31 14:44 - 598561434 _____ C:\Users\Seldentar\Downloads\-Getintopc.com-Windows_XP_Home_Edition_SP3_x86_Incl_SATA_Drivers.zip
2015-12-31 13:40 - 2015-12-31 13:45 - 1064304640 _____ C:\Users\Seldentar\Downloads\ubuntu-14.04.3-desktop-i386.iso
2015-12-31 11:28 - 2015-12-31 11:34 - 1054867456 _____ C:\Users\Seldentar\Downloads\ubuntu-14.04.3-desktop-amd64.iso
2015-12-31 00:08 - 2015-12-31 00:08 - 00000950 _____ C:\Users\Seldentar\Documents\LuciferGM vs Pulsar and Stockfish.pgn
2015-12-30 23:25 - 2016-01-20 20:32 - 00000000 ____D C:\Users\Seldentar\Documents\BabasChess
2015-12-30 23:24 - 2015-12-30 23:24 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BabasChess
2015-12-30 23:24 - 2015-12-30 23:24 - 00000000 ____D C:\Program Files (x86)\BabasChess
2015-12-30 23:23 - 2015-12-30 23:23 - 05685248 _____ C:\Users\Seldentar\Downloads\SetupBabasChess_4_0_XP.exe
2015-12-30 23:20 - 2015-12-30 23:20 - 00584288 _____ (Oracle Corporation) C:\Users\Seldentar\Downloads\chromeinstall-8u66.exe
2015-12-30 14:54 - 2016-01-14 23:39 - 00000000 ___RD C:\Users\Seldentar\Virtual Machines
2015-12-30 14:39 - 2016-01-11 22:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-30 14:33 - 2015-12-30 14:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2015-12-30 14:33 - 2015-12-30 14:34 - 00000000 ____D C:\windows\system32\Drivers\tr-TR
2015-12-30 14:33 - 2015-12-30 14:33 - 00000000 ____D C:\windows\system32\Drivers\th-TH
2015-12-30 14:33 - 2015-12-30 14:33 - 00000000 ____D C:\windows\system32\Drivers\ro-RO
2015-12-30 14:33 - 2015-12-30 14:33 - 00000000 ____D C:\windows\system32\Drivers\he-IL
2015-12-30 14:33 - 2015-12-30 14:33 - 00000000 ____D C:\windows\system32\Drivers\ar-SA
2015-12-30 14:33 - 2015-12-30 14:33 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC
2015-12-30 10:26 - 2010-11-20 07:34 - 00360832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpcvmm.sys
2015-12-30 10:26 - 2010-11-20 07:34 - 00194944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpchbus.sys
2015-12-30 10:26 - 2010-11-20 07:27 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\vpchbuspipe.dll
2015-12-30 10:26 - 2010-11-20 07:25 - 04514816 _____ (Microsoft Corporation) C:\windows\system32\vpc.exe
2015-12-30 10:26 - 2010-11-20 07:25 - 02264064 _____ (Microsoft Corporation) C:\windows\system32\VPCWizard.exe
2015-12-30 10:26 - 2010-11-20 07:25 - 01369600 _____ (Microsoft Corporation) C:\windows\system32\VPCSettings.exe
2015-12-30 10:26 - 2010-11-20 05:37 - 01210368 _____ (Microsoft Corporation) C:\windows\system32\VMWindow.exe
2015-12-30 10:26 - 2010-11-20 05:37 - 00936448 _____ (Microsoft Corporation) C:\windows\system32\vmsal.exe
2015-12-30 10:26 - 2010-11-20 05:35 - 00562176 _____ (Microsoft Corporation) C:\windows\system32\VMCPropertyHandler.dll
2015-12-30 10:26 - 2010-11-20 05:35 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpcusb.sys
2015-12-30 10:26 - 2010-11-20 05:35 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpcnfltr.sys
2015-12-30 10:26 - 2010-11-20 04:52 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\vmsal.exe
2015-12-28 19:37 - 2015-12-28 19:37 - 00000049 _____ C:\Users\Seldentar\jagex_cl_runescape_LIVE1.dat
2015-12-28 19:37 - 2015-12-28 19:37 - 00000000 ____D C:\Users\Seldentar\jagexcache1
2015-12-28 19:37 - 2015-12-28 19:37 - 00000000 ____D C:\Users\Seldentar\.jagex_cache_32
2015-12-28 18:22 - 2015-12-28 18:22 - 24219648 _____ C:\Users\Seldentar\Downloads\RuneScape (1).msi
2015-12-27 22:52 - 2015-12-27 22:52 - 00614993 _____ C:\Users\Seldentar\Downloads\Socrates30x.zip
2015-12-27 22:51 - 2015-12-27 22:51 - 00378212 _____ C:\Users\Seldentar\Downloads\Socrates.zip
2015-12-27 12:56 - 2015-12-27 12:56 - 00088800 _____ C:\Users\Seldentar\Downloads\pybeep-master.zip
2015-12-26 09:17 - 2015-12-26 13:35 - 00000636 _____ C:\Users\Seldentar\Documents\Week13SuccessesandFails.txt
2015-12-26 08:58 - 2015-12-26 09:03 - 00000636 _____ C:\Users\Seldentar\Week 13 Successes and Fails.txt
2015-12-25 22:36 - 2015-12-25 22:36 - 00000084 _____ C:\Users\Seldentar\MyCats.py
2015-12-25 21:55 - 2015-12-25 21:55 - 00024576 _____ C:\Users\Seldentar\mydata
2015-12-25 21:43 - 2015-12-25 21:43 - 00000174 _____ C:\Users\Seldentar\sonnet.txt
2015-12-25 21:40 - 2015-12-25 21:40 - 00000075 _____ C:\Users\Seldentar\sample.txt
2015-12-25 20:26 - 2015-12-25 20:27 - 00136951 _____ C:\Users\Seldentar\Downloads\pulsar2007-9a-release.zip
2015-12-25 20:18 - 2015-12-25 20:18 - 00154631 _____ C:\Users\Seldentar\Downloads\Numpty_Recharged_64.7z
2015-12-25 20:12 - 2015-12-25 20:12 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chess Giants
2015-12-25 20:12 - 2015-12-25 20:12 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Chess Giants
2015-12-25 20:10 - 2015-12-25 20:11 - 46745610 _____ C:\Users\Seldentar\Downloads\Chess Giants Installer.exe
2015-12-25 11:03 - 2015-12-25 11:04 - 01566389 _____ C:\Users\Seldentar\Downloads\ccsystem.zip
2015-12-24 17:10 - 2015-12-24 17:14 - 00000000 ____D C:\Users\Seldentar\AppData\Local\GitHub
2015-12-24 17:10 - 2015-12-24 17:13 - 00000000 ____D C:\Users\Seldentar\Documents\GitHub
2015-12-24 17:10 - 2015-12-24 17:10 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-12-24 17:10 - 2015-12-24 17:10 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\GitHub
2015-12-24 17:09 - 2015-12-30 13:10 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Deployment
2015-12-24 17:09 - 2015-12-24 17:09 - 00675936 _____ () C:\Users\Seldentar\Downloads\GitHubSetup.exe
2015-12-24 17:09 - 2015-12-24 17:09 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Apps\2.0
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-23 14:23 - 2012-08-09 10:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-23 14:08 - 2012-09-03 19:50 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-23 13:24 - 2015-10-09 17:22 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 12:57 - 2015-10-07 12:55 - 00000000 ____D C:\windows\wb
2016-01-23 12:57 - 2014-06-11 12:39 - 00000000 ____D C:\ProgramData\deaal4real
2016-01-23 12:45 - 2015-12-11 22:03 - 00000000 ____D C:\Extract without confirmation
2016-01-23 12:12 - 2015-09-14 12:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-23 12:07 - 2015-10-09 10:28 - 01629781 _____ C:\windows\WindowsUpdate.log
2016-01-23 12:04 - 2015-10-09 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-23 12:04 - 2015-10-09 17:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-23 11:57 - 2009-07-13 23:32 - 00000000 ____D C:\windows\system32\FxsTmp
2016-01-23 11:54 - 2015-10-09 10:25 - 00012064 _____ C:\windows\setupact.log
2016-01-23 11:54 - 2012-09-03 19:50 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-23 11:53 - 2015-10-09 12:31 - 00436132 _____ C:\windows\PFRO.log
2016-01-23 11:53 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-23 11:50 - 2014-08-01 10:25 - 00155304 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-01-23 11:50 - 2014-08-01 10:25 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-01-23 11:50 - 2013-11-26 15:11 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-01-23 11:50 - 2013-11-26 15:11 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-01-23 11:50 - 2012-10-16 07:38 - 01065208 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-01-23 11:50 - 2012-10-16 07:38 - 00464256 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-01-23 11:50 - 2012-10-16 07:38 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-01-23 11:50 - 2012-10-16 07:38 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-01-23 11:50 - 2012-10-16 07:38 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-01-23 11:50 - 2012-10-16 07:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-23 11:50 - 2012-10-16 07:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-23 08:47 - 2012-08-11 18:48 - 00000000 ____D C:\Share
2016-01-22 16:47 - 2015-10-09 09:10 - 00000000 ____D C:\Users\Seldentar\Desktop\SC
2016-01-20 22:24 - 2015-12-01 03:24 - 00000000 ____D C:\Program Files\Faster Web
2016-01-20 21:10 - 2015-10-15 21:32 - 567233418 _____ C:\windows\MEMORY.DMP
2016-01-20 21:10 - 2014-07-04 09:58 - 00000000 ____D C:\windows\Minidump
2016-01-20 20:51 - 2014-07-25 11:05 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Battle.net
2016-01-20 08:23 - 2012-08-09 10:18 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 08:23 - 2012-08-09 10:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 08:23 - 2012-03-15 00:41 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-15 17:39 - 2014-05-15 19:31 - 00007622 _____ C:\Users\Seldentar\AppData\Local\resmon.resmoncfg
2016-01-15 15:02 - 2015-10-11 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-15 15:01 - 2015-12-01 03:24 - 00000000 ____D C:\Program Files (x86)\Faster Web
2016-01-15 13:49 - 2015-12-04 13:35 - 00001434 _____ C:\Users\Seldentar\Documents\Daily to do list.txt
2016-01-15 11:31 - 2015-05-29 18:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-14 21:42 - 2014-11-24 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chess Openings
2016-01-14 19:47 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2016-01-14 09:22 - 2009-07-13 23:08 - 00032626 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-01-14 09:22 - 2009-07-13 22:45 - 00571224 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-14 09:18 - 2014-12-11 11:42 - 00000000 ____D C:\windows\system32\appraiser
2016-01-14 09:18 - 2014-05-27 10:18 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-14 09:15 - 2015-09-04 08:19 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-01-14 09:15 - 2013-03-17 08:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 09:15 - 2013-03-17 08:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 02:14 - 2013-08-15 06:01 - 00000000 ____D C:\windows\system32\MRT
2016-01-14 02:14 - 2013-03-17 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-14 02:09 - 2012-08-13 06:25 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-11 22:59 - 2015-09-04 08:20 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-11 22:59 - 2015-07-16 02:09 - 00000000 ____D C:\ProgramData\Skype
2016-01-11 22:53 - 2013-02-21 17:30 - 00000000 ____D C:\Users\Seldentar\AppData\Roaming\Skype
2016-01-11 22:50 - 2013-01-15 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-04 14:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2016-01-03 13:18 - 2012-08-08 18:23 - 00159000 _____ C:\Users\Seldentar\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-03 12:35 - 2014-11-27 21:28 - 00000000 ____D C:\Program Files (x86)\Arena
2016-01-02 23:01 - 2012-08-09 08:10 - 00832032 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-12-30 14:54 - 2012-08-08 18:23 - 00000000 ____D C:\Users\Seldentar
2015-12-30 14:39 - 2014-09-22 03:45 - 00000000 ____D C:\Users\Seldentar\AppData\Local\Skype
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\tr-TR
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\th-TH
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\ro-RO
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\he-IL
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\SysWOW64\ar-SA
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\tr-TR
2015-12-30 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\ro-RO
2015-12-30 14:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\th-TH
2015-12-30 14:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\he-IL
2015-12-30 14:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\ar-SA
2015-12-29 20:33 - 2014-03-12 11:34 - 00000024 _____ C:\Users\Seldentar\random.dat
2015-12-29 14:23 - 2015-09-12 10:17 - 00000023 _____ C:\Users\Seldentar\jagexappletviewer.preferences
2015-12-29 14:21 - 2014-03-12 11:34 - 00000048 _____ C:\Users\Seldentar\jagex_cl_runescape_LIVE.dat
 
==================== Files in the root of some directories =======
 
2014-10-28 01:15 - 2015-08-31 07:31 - 0017408 _____ () C:\Users\Seldentar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 14:47 - 2012-08-09 14:47 - 0000097 _____ () C:\Users\Seldentar\AppData\Local\fusioncache.dat
2014-05-15 19:31 - 2016-01-15 17:39 - 0007622 _____ () C:\Users\Seldentar\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Seldentar\AppData\Local\Temp\CleanSchedule.exe
C:\Users\Seldentar\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Seldentar\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Seldentar\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 08:43
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 23 January 2016 - 07:11 PM

Hello SinisterTechnique and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

Replie will write tomorrow. Please be patient.

Sincerely
:hello:


Edited by olgun52, 23 January 2016 - 07:19 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 24 January 2016 - 12:24 PM

Hi SinisterTechnique,

 

Please Uninstall:
Avira Launcher
C:\Program Files (x86)\Avira
C:\Program Files (x86)\Arena

Now PC restart please.

======================================

 

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   6.96KB   6 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 4:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 SinisterTechnique

SinisterTechnique
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 24 January 2016 - 02:59 PM

Hi olgun52, 

 

I ran the FRST fix in step 1, but it froze when it was deleting files in Mozilla-> Firefox -> Profiles. Note: I ran it as administrator as you said to do. I let it go for about 40 minutes to make sure it was actually frozen before I finally ended it with task managers "end process" button. When I did this it said "fix complete, fixlog has been created" even though I stopped it before it was actually done. When I tried to run it again it said a restart is required and automatically restarted my computer.

 

What would you like me to do from here?

 

Thanks a lot for your help it's much appreciated! 


Edited by SinisterTechnique, 24 January 2016 - 03:02 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 24 January 2016 - 05:31 PM

All browsers and programs must be closed during operation. Including antivirus and firewall
Please try again. Browser  is not a problem.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 SinisterTechnique

SinisterTechnique
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 24 January 2016 - 10:49 PM

Okay, that did the trick. 

 

 

Step 1: 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Seldentar (2016-01-24 17:48:14) Run:3
Running from C:\Users\Seldentar\Documents
Loaded Profiles: Seldentar (Available Profiles: Seldentar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2016-01-03 12:37 - 2015-12-20 18:58 - 03921920 _____ () C:\Extract without confirmation\arena_3.5.1\Arena.exe
C:\Extract without confirmation\arena_3.5.1\Arena.exe
C:\Extract without confirmation
2016-01-23 12:45 - 2009-03-10 01:47 - 00083968 _____ () C:\Extract without confirmation\Thinker_54D_UCI (2)\Thinker 5.4D UCI\X64\Thinker Active MP x64\(Active)Thinker_64-bit.exe
C:\Extract without confirmation\Thinker_54D_UCI (2)\Thinker 5.4D UCI\X64\Thinker Active MP x64\(Active)Thinker_64-bit.exe
2016-01-03 12:37 - 1998-06-17 08:22 - 00187392 _____ () C:\Extract without confirmation\arena_3.5.1\lpng.dll
IE trusted site: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\vizzed.com -> www.vizzed.com
IE trusted site: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\...\MountPoints2: {dc74abcd-b653-11e1-9616-806e6f6e6963} - E:\Autorun.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> DefaultScope {F2DE676E-FE2C-4E02-8BF9-3C86097BA191} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {542AC1D8-8750-4499-BE75-BC166CFEDA63} URL = 
SearchScopes: HKU\S-1-5-21-3984804975-3913061207-2306128548-1001 -> {F2DE676E-FE2C-4E02-8BF9-3C86097BA191} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF ProfilePath: C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Yahoo Web
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR HomePage: Default -> hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/?fr=hp-avast&type=odc179"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-23]
S0 fhxp; System32\drivers\hvkmy.sys [X]
C:\Users\Seldentar\Downloads\Thinker_54D_UCI (2).zip
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\ProgramData\Avira
2016-01-20 22:27 - 2016-01-20 22:27 - 00000000 ____D C:\Program Files (x86)\Avira
C:\Users\Seldentar\Downloads\Thinker_54D_UCI (1).zip
C:\Users\Seldentar\AppData\Roaming\npm
C:\Users\Seldentar\AppData\Local\YSearchUtil
2016-01-11 21:07 - 2016-01-11 21:07 - 00584288 _____ (Oracle Corporation) C:\Users\Seldentar\Downloads\chromeinstall-8u66 (1).exe
2016-01-07 20:37 - 2016-01-07 20:37 - 05864921 _____ C:\Users\Seldentar\Downloads\Tomcat_Opening_For_Arena_March_2012.zip
2016-01-03 12:36 - 2016-01-03 12:37 - 18199132 _____ C:\Users\Seldentar\Downloads\arena_3.5.1.zip
C:\Users\Seldentar\AppData\Roaming\.mono
C:\windows\PFRO.log
C:\Program Files (x86)\Arena
C:\Users\Seldentar\AppData\Local\Temp\CleanSchedule.exe
C:\Users\Seldentar\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Seldentar\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Seldentar\AppData\Local\Temp\xmlUpdater.exe
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_us_005010109" /f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_us_005010109
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\Extract without confirmation\arena_3.5.1\Arena.exe" => File/Folder not found.
"C:\Extract without confirmation\arena_3.5.1\Arena.exe" => File/Folder not found.
"C:\Extract without confirmation" => File/Folder not found.
"C:\Extract without confirmation\Thinker_54D_UCI (2)\Thinker 5.4D UCI\X64\Thinker Active MP x64\(Active)Thinker_64-bit.exe" => File/Folder not found.
"C:\Extract without confirmation\Thinker_54D_UCI (2)\Thinker 5.4D UCI\X64\Thinker Active MP x64\(Active)Thinker_64-bit.exe" => File/Folder not found.
"C:\Extract without confirmation\arena_3.5.1\lpng.dll" => File/Folder not found.
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vizzed.com => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc74abcd-b653-11e1-9616-806e6f6e6963} => key not found. 
HKCR\CLSID\{dc74abcd-b653-11e1-9616-806e6f6e6963} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
HKCR\CLSID\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
HKCR\Wow6432Node\CLSID\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
HKCR\CLSID\{542AC1D8-8750-4499-BE75-BC166CFEDA63} => key not found. 
HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2DE676E-FE2C-4E02-8BF9-3C86097BA191} => key not found. 
HKCR\CLSID\{F2DE676E-FE2C-4E02-8BF9-3C86097BA191} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
FF ProfilePath: C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default => FRST is scripted not to move this directory.
FF DefaultSearchEngine: Bing® => not found
FF DefaultSearchEngine.US: Yahoo Web => not found
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search => not found
FF SearchEngineOrder.1: Yahoo! (Avast) => not found
FF SelectedSearchEngine: Bing® => not found
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset => not found
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search => not found
FF NetworkProxy: "type", 0 => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 => key not found. 
C:\Program Files (x86)\Yahoo!\Shared\npYState.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513 => key not found. 
Chrome HomePage => not found.
Chrome StartupUrls => not found.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
Chrome DefaultSuggestURL => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key not found. 
C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx => moved successfully
fhxp => service not found.
"C:\Users\Seldentar\Downloads\Thinker_54D_UCI (2).zip" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira" => File/Folder not found.
"C:\ProgramData\Avira" => File/Folder not found.
"C:\Program Files (x86)\Avira" => File/Folder not found.
"C:\Users\Seldentar\Downloads\Thinker_54D_UCI (1).zip" => File/Folder not found.
"C:\Users\Seldentar\AppData\Roaming\npm" => File/Folder not found.
"C:\Users\Seldentar\AppData\Local\YSearchUtil" => File/Folder not found.
"C:\Users\Seldentar\Downloads\chromeinstall-8u66 (1).exe" => File/Folder not found.
"C:\Users\Seldentar\Downloads\Tomcat_Opening_For_Arena_March_2012.zip" => File/Folder not found.
"C:\Users\Seldentar\Downloads\arena_3.5.1.zip" => File/Folder not found.
"C:\Users\Seldentar\AppData\Roaming\.mono" => File/Folder not found.
C:\windows\PFRO.log => moved successfully
"C:\Program Files (x86)\Arena" => File/Folder not found.
"C:\Users\Seldentar\AppData\Local\Temp\CleanSchedule.exe" => File/Folder not found.
"C:\Users\Seldentar\AppData\Local\Temp\jre-8u65-windows-au.exe" => File/Folder not found.
"C:\Users\Seldentar\AppData\Local\Temp\jre-8u66-windows-au.exe" => File/Folder not found.
"C:\Users\Seldentar\AppData\Local\Temp\xmlUpdater.exe" => File/Folder not found.
Avira.ServiceHost => service not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Avira SystrayStartTrigger => value not found.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_us_005010109" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gmsd_us_005010109 => Error: No automatic fix found for this entry.
EmptyTemp: => 2.3 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:48:55 ====
 
Step 2: 
 
# AdwCleaner v5.030 - Logfile created 24/01/2016 at 17:58:36
# Updated 17/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Seldentar - ALYARIS
# Running from : C:\Users\Seldentar\Desktop\adwcleaner_5.030.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\Faster Web
[-] Folder Deleted : C:\Program Files (x86)\Faster Web
[-] Folder Deleted : C:\ProgramData\deaal4real
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Faster Web
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\prefs.js] [Preference] Deleted : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1404743242);
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1694 bytes] ##########
 
Step 3: 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Seldentar (Administrator) on Sun 01/24/2016 at 18:05:01.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 13 
 
Successfully deleted: C:\Users\Seldentar\AppData\Local\{119EF626-32E2-445C-B65C-88ACFA1867CF} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{39866B81-5A75-4B44-857D-8D509CA51041} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{6B640F4C-0AF0-4B30-A91C-D42825717C12} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{6C59E493-9586-47ED-8B28-B2B33E5D2370} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{7CF8E639-B914-43E6-A664-EC9FA89E7D88} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{8730027F-E0A2-4407-82CF-C606C427EF4B} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{B533AAEB-C813-49D1-9FCC-35A6348C66D8} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\{C0AF294B-A84B-466D-9D39-DEEA8265F6E6} (Empty Folder)
Successfully deleted: C:\Users\Seldentar\AppData\Local\cre (Folder) 
Successfully deleted: C:\Users\Seldentar\AppData\Roaming\nico mak computing (Folder) 
Successfully deleted: C:\Program Files\003 (Folder) 
Successfully deleted: C:\windows\SysWOW64\sho18C5.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho5F5F.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/24/2016 at 18:10:52.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Step 4:

 

I already ran my own scan with Malware Bytes before I came here, but I ran it again just in case. I will post the log of my scan first and then I will post the log of today's scan.

 

Here is the log of my scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/23/2016
Scan Time: 12:07 PM
Logfile: MBScan1.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.23.04
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Seldentar
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398593
Time Elapsed: 48 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 26
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{6306dc18-167c-4bfa-9c77-469dc02cc127}, Quarantined, [4bc5142913867eb841b4eea0f40ec23e], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6306DC18-167C-4BFA-9C77-469DC02CC127}, Quarantined, [4bc5142913867eb841b4eea0f40ec23e], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{6306DC18-167C-4BFA-9C77-469DC02CC127}, Quarantined, [4bc5142913867eb841b4eea0f40ec23e], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{6dfe2004-9287-41c3-be29-cf2b0d3138a9}, Quarantined, [ac64310cb1e8f14507efbed009f9d927], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6DFE2004-9287-41C3-BE29-CF2B0D3138A9}, Quarantined, [ac64310cb1e8f14507efbed009f9d927], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{6DFE2004-9287-41C3-BE29-CF2B0D3138A9}, Quarantined, [ac64310cb1e8f14507efbed009f9d927], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{87129AC5-E754-4EA9-B521-7671C0AD4889}, Quarantined, [c24e54e9a7f2e3537abfb5a79c66ae52], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{D00BCE5B-A428-45CB-ABA3-BF3EFD1EE161}, Quarantined, [c24e54e9a7f2e3537abfb5a79c66ae52], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D00BCE5B-A428-45CB-ABA3-BF3EFD1EE161}, Quarantined, [c24e54e9a7f2e3537abfb5a79c66ae52], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D00BCE5B-A428-45CB-ABA3-BF3EFD1EE161}, Quarantined, [c24e54e9a7f2e3537abfb5a79c66ae52], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{87129AC5-E754-4EA9-B521-7671C0AD4889}, Quarantined, [c24e54e9a7f2e3537abfb5a79c66ae52], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{87129AC5-E754-4EA9-B521-7671C0AD4889}, Quarantined, [c24e54e9a7f2e3537abfb5a79c66ae52], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, Quarantined, [b75985b89cfd9c9aa4f98ba52ada35cb], 
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NETTCPHANDLER, Quarantined, [020ea29b80190234a7ee6ccb60a452ae], 
PUP.Optional.Gameo, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\GoldenGate, Quarantined, [7b957cc1e4b5072ffa08dff87989d828], 
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\CITADEX, Quarantined, [e92783baefaad85ede8985ae887c659b], 
PUP.Optional.Gameo, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\B3AFA15_0, Quarantined, [31dfbe7f148582b42bd8e8ef24de9c64], 
 
Registry Values: 7
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [23ed152850499c9a8b7427fd6c98c43c], 
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [957b43fa6a2fa1952dd26fb51be9a35d], 
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [54bc3a03a5f4df5753ac39ebce36dc24], 
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, globalupdate Helper, Quarantined, [b75985b89cfd9c9aa4f98ba52ada35cb]
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NETTCPHANDLER|EventMessageFile, C:\Users\Seldentar\AppData\Roaming\NetService\netservice.exe -start, Quarantined, [020ea29b80190234a7ee6ccb60a452ae]
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\CITADEX, dm20150930, Quarantined, [e92783baefaad85ede8985ae887c659b]
PUP.Optional.Gameo, HKU\S-1-5-21-3984804975-3913061207-2306128548-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\b3afa15_0, {0.0.0.00000000}.{7ffcec55-edb5-4dfd-8711-a7d19ccd11e5}|\Device\HarddiskVolume3\Users\Seldentar\AppData\Roaming\Gameo\gameo.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [31dfbe7f148582b42bd8e8ef24de9c64]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Gameo, C:\Users\Seldentar\AppData\Roaming\GoldenGate, Quarantined, [a8681e1f15840f2753ad0ec99e64de22], 
 
Files: 12
PUP.Optional.MultiPlug, C:\ProgramData\deaal4real\9DWD319Ic.tlb, Quarantined, [858b5ae30e8b4bebb07cb7d1dd25d729], 
PUP.Optional.ConsumerInput, C:\Users\Seldentar\AppData\Local\Temp\awhC6C7.tmp, Quarantined, [848cbb82ebae1422b858d70b2ada2fd1], 
PUP.Optional.BundleInstaller, C:\Users\Seldentar\AppData\Local\Temp\awhC93D.tmp, Quarantined, [8d83c5780396c96dd501f05dcf3334cc], 
Adware.DownloadGuide, C:\Users\Seldentar\Downloads\3DMEditor2_alpha_win32.7z.exe, Quarantined, [e62a40fdbedbe650199a3c9245bc5fa1], 
PUP.Optional.Amonetize, C:\Users\Seldentar\Downloads\Total Annihilation Downloader.rar, Quarantined, [040c7ac36c2d1521a560e379a65bd62a], 
PUP.Optional.Amonetize, C:\Users\Seldentar\Downloads\total+annihilation+kingdo.ace, Quarantined, [d13f81bcc5d443f37759ce778e7246ba], 
PUP.Optional.Gameo, C:\Users\Seldentar\AppData\Roaming\GoldenGate\6a0d2960fee21d62ac3c5c61a9244f4a.data.db, Quarantined, [a8681e1f15840f2753ad0ec99e64de22], 
PUP.Optional.Gameo, C:\Users\Seldentar\AppData\Roaming\GoldenGate\6a0d2960fee21d62ac3c5c61a9244f4a.events.db, Quarantined, [a8681e1f15840f2753ad0ec99e64de22], 
PUP.Optional.Gameo, C:\Users\Seldentar\AppData\Roaming\GoldenGate\6a0d2960fee21d62ac3c5c61a9244f4a.logic.db, Quarantined, [a8681e1f15840f2753ad0ec99e64de22], 
PUP.Optional.Gameo, C:\Users\Seldentar\AppData\Roaming\GoldenGate\6a0d2960fee21d62ac3c5c61a9244f4a.user.db, Quarantined, [a8681e1f15840f2753ad0ec99e64de22], 
PUP.Optional.WinYahoo, C:\Users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\searchplugins\yahoo-web.xml, Quarantined, [20f0ea53edac1e1818fef33ff01411ef], 
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi, Quarantined, [d739af8e43568aace97756e463a13ec2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Here is the log of today's scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/24/2016
Scan Time: 6:19 PM
Logfile: MBScan2.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.23.04
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Seldentar
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399841
Time Elapsed: 28 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Step 5: 
 
ComboFix 16-01-24.01 - Seldentar 01/24/2016  18:56:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12185.9865 [GMT -6:00]
Running from: c:\users\Seldentar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\iun6002.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-12-25 to 2016-01-25  )))))))))))))))))))))))))))))))
.
.
2016-01-25 01:15 . 2016-01-25 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-25 01:15 . 2016-01-25 01:15 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-01-25 00:12 . 2016-01-25 00:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60AAA63-02D4-4A79-BC96-AA6240684FAE}\offreg.7036.dll
2016-01-24 23:57 . 2016-01-24 23:58 -------- d-----w- C:\AdwCleaner
2016-01-23 20:27 . 2016-01-24 23:52 -------- d-----w- C:\FRST
2016-01-23 17:26 . 2016-01-23 17:26 -------- d-----w- C:\found.001
2016-01-22 14:32 . 2016-01-24 23:58 6984 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2016-01-21 04:27 . 2016-01-24 18:49 -------- d-----w- c:\programdata\Package Cache
2016-01-20 18:10 . 2016-01-20 18:10 -------- d-----w- c:\users\Seldentar\AppData\Local\LEGO
2016-01-20 18:09 . 2016-01-20 18:09 -------- d-----w- c:\programdata\IVI Foundation
2016-01-20 18:09 . 2016-01-20 18:09 -------- d-----w- c:\program files (x86)\IVI Foundation
2016-01-20 18:08 . 2016-01-20 18:08 -------- d-----w- c:\program files (x86)\LEGO Software
2016-01-20 18:07 . 2016-01-20 18:07 -------- d-----w- c:\programdata\LEGO MINDSTORMS EV3
2016-01-20 18:07 . 2016-01-20 18:08 -------- d-----w- c:\program files (x86)\National Instruments
2016-01-20 18:06 . 2016-01-20 18:09 -------- d-----w- c:\programdata\National Instruments
2016-01-19 14:43 . 2016-01-19 14:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60AAA63-02D4-4A79-BC96-AA6240684FAE}\offreg.7440.dll
2016-01-19 14:17 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60AAA63-02D4-4A79-BC96-AA6240684FAE}\mpengine.dll
2016-01-19 00:36 . 2016-01-19 00:36 -------- d-----w- C:\DR
2016-01-17 22:12 . 2016-01-17 22:35 -------- d-----w- c:\users\Seldentar\AppData\Roaming\Firestorm
2016-01-17 22:12 . 2016-01-17 22:14 -------- d-----w- c:\users\Seldentar\AppData\Local\FirestormOS
2016-01-17 22:10 . 2016-01-17 22:10 -------- d-----w- c:\program files (x86)\FirestormOS-Release
2016-01-16 02:36 . 2016-01-16 02:36 -------- d-----w- c:\program files\nodejs
2016-01-15 22:00 . 2016-01-15 22:00 -------- d-----w- c:\users\Seldentar\AppData\Local\CEF
2016-01-15 22:00 . 2016-01-18 15:41 -------- d-----w- c:\users\Seldentar\AppData\Local\SecondLife
2016-01-15 22:00 . 2016-01-15 22:00 -------- d-----w- c:\users\Seldentar\AppData\Roaming\SecondLife
2016-01-15 21:58 . 2016-01-15 21:59 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2016-01-13 16:12 . 2015-12-30 19:08 5572544 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-01-12 05:07 . 2016-01-12 05:07 98304 ----a-r- c:\users\Seldentar\AppData\Roaming\Microsoft\Installer\{E2B51919-207A-43EB-AE78-733F9C6797C3}\python_icon.exe
2016-01-12 05:07 . 2016-01-23 17:47 -------- d-----w- C:\Python27
2016-01-12 03:10 . 2016-01-12 03:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-01-12 03:09 . 2016-01-12 03:09 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-01-12 03:09 . 2016-01-12 03:09 -------- d-----w- c:\program files (x86)\Java
2016-01-04 00:47 . 2016-01-04 00:47 -------- d-----w- c:\program files (x86)\Tarrasch
2016-01-03 05:10 . 2016-01-18 18:55 -------- d-----w- c:\users\Seldentar\AppData\Local\VMware
2016-01-03 05:10 . 2016-01-18 18:56 -------- d-----w- c:\users\Seldentar\AppData\Roaming\VMware
2016-01-03 05:02 . 2015-11-06 01:25 68288 ----a-w- c:\windows\system32\vsocklib.dll
2016-01-03 05:02 . 2015-11-06 01:25 64192 ----a-w- c:\windows\SysWow64\vsocklib.dll
2016-01-03 05:02 . 2015-11-06 01:25 75512 ----a-w- c:\windows\system32\drivers\vsock.sys
2016-01-03 05:02 . 2015-11-26 00:10 66752 ----a-w- c:\windows\system32\drivers\vmx86.sys
2016-01-03 05:02 . 2015-11-26 00:10 358080 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2016-01-03 05:01 . 2015-11-26 00:10 392896 ----a-w- c:\windows\SysWow64\vmnat.exe
2016-01-03 05:01 . 2015-11-25 23:52 26816 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2016-01-03 05:01 . 2015-11-26 00:10 934080 ----a-w- c:\windows\system32\vnetlib64.dll
2016-01-03 05:01 . 2015-11-06 17:57 57536 ----a-w- c:\windows\system32\drivers\hcmon.sys
2016-01-03 05:00 . 2016-01-03 05:00 -------- d-----w- c:\program files\Common Files\VMware
2016-01-03 05:00 . 2016-01-03 05:00 -------- d-----w- c:\program files (x86)\Common Files\ThinPrint
2016-01-03 05:00 . 2016-01-25 00:00 -------- d-----w- c:\programdata\VMware
2016-01-03 05:00 . 2016-01-03 05:00 -------- d-----w- c:\program files (x86)\VMware
2016-01-03 04:59 . 2016-01-03 05:00 -------- d-----w- c:\program files (x86)\Common Files\VMware
2016-01-02 20:24 . 2016-01-02 20:24 -------- d-----w- c:\users\Seldentar\AppData\Local\PwnAdventure3
2015-12-31 05:24 . 2015-12-31 05:24 -------- d-----w- c:\program files (x86)\BabasChess
2015-12-30 20:54 . 2016-01-15 05:39 -------- d-----r- c:\users\Seldentar\Virtual Machines
2015-12-30 20:39 . 2016-01-12 04:59 -------- d-----r- c:\program files (x86)\Skype
2015-12-30 16:27 . 2010-11-20 11:03 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2015-12-30 16:27 . 2010-11-20 11:02 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2015-12-30 16:27 . 2010-11-20 11:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui
2015-12-30 16:27 . 2010-11-20 11:09 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
2015-12-30 16:27 . 2010-11-20 11:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui
2015-12-30 16:26 . 2010-11-20 11:35 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2015-12-30 16:26 . 2010-11-20 13:25 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2015-12-30 16:26 . 2010-11-20 10:52 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2015-12-30 16:26 . 2010-11-20 13:34 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2015-12-30 16:26 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2015-12-30 16:26 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2015-12-30 16:26 . 2010-11-20 13:25 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2015-12-30 16:26 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2015-12-30 16:26 . 2010-11-20 11:35 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2015-12-30 16:26 . 2010-11-20 13:25 4514816 ----a-w- c:\windows\system32\vpc.exe
2015-12-30 16:26 . 2010-11-20 11:37 936448 ----a-w- c:\windows\system32\vmsal.exe
2015-12-30 16:26 . 2010-11-20 11:37 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2015-12-29 01:37 . 2015-12-29 01:37 -------- d-----w- c:\users\Seldentar\jagexcache1
2015-12-29 01:37 . 2015-12-29 01:37 -------- d-----w- c:\users\Seldentar\.jagex_cache_32
2015-12-26 02:12 . 2015-12-26 02:12 -------- d-----w- c:\users\Seldentar\AppData\Local\Chess Giants
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-25 00:19 . 2015-10-09 23:22 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-23 18:10 . 2015-09-14 18:36 630992 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-01-20 14:23 . 2012-08-09 16:18 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-20 14:23 . 2012-03-15 06:41 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-14 08:09 . 2012-08-13 12:25 143671360 ----a-w- c:\windows\system32\MRT.exe
2015-12-30 18:37 . 2016-01-13 16:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-08 19:07 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-02 19:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 23:51 . 2015-11-25 23:51 49856 ----a-w- c:\windows\system32\vnetinst.dll
2015-11-25 23:51 . 2015-11-25 23:51 81088 ----a-w- c:\windows\system32\vmnetbridge.dll
2015-11-25 23:51 . 2015-11-25 23:51 48832 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2015-11-25 23:51 . 2015-11-25 23:51 28864 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2015-11-25 23:51 . 2015-11-25 23:51 27328 ----a-w- c:\windows\system32\drivers\vmnet.sys
2015-11-20 18:54 . 2015-12-09 00:53 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 00:53 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 00:53 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 00:53 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 00:53 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 00:53 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 00:53 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 00:53 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 00:53 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 00:53 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-09 00:53 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-09 00:53 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 00:53 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 00:53 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 00:53 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 00:53 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-11 18:53 . 2015-12-09 00:52 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 00:52 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 00:52 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 00:52 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 00:52 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 00:52 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 00:52 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 00:52 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 00:52 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-06 01:25 . 2015-11-06 01:25 90816 ----a-w- c:\windows\system32\drivers\vmci.sys
2015-11-05 19:05 . 2015-12-09 00:52 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-09 00:52 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 19:02 . 2015-12-09 00:53 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 19:00 . 2015-12-09 00:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-05 09:53 . 2015-12-09 00:52 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-09 00:53 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-09 00:52 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-09 00:53 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-09 00:52 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-10-29 17:50 . 2015-11-11 00:31 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-11 00:31 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-11 00:31 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-11 00:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 00:31 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 00:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 00:31 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-11 00:31 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-11 00:31 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-11 00:31 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-11 00:31 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 00:31 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 00:31 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 00:31 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-11 00:31 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-11 00:31 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-09-14 18:41 329376 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-09-14 18:41 329376 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-09-14 18:41 329376 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-09-14 18:41 329376 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-09-14 18:41 329376 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VGAOCAP"="c:\program files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe" [2012-01-31 88576]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AceGain LiveUpdate"="c:\program files (x86)\AceGain\LiveUpdate\LiveUpdate.exe" [2004-01-01 417792]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-07-08 592704]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"KLM"="c:\program files (x86)\MSI\KLM\KLM.exe" [2011-12-19 1522376]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
"InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707"="c:\program files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe" [2013-11-21 265608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SteelSeries Engine 3.lnk - c:\program files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="c:\programdata\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true [2015-3-5 18305024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 GS In-Game Service;GS In-Game Service;c:\program files (x86)\GameTracker\GSInGameService.exe;c:\program files (x86)\GameTracker\GSInGameService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NVSTREAMKMS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-15 02:09 1006920 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 14:23]
.
2016-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 20:10]
.
2016-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-09-14 18:41 358064 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-09-14 18:41 358064 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-09-14 18:41 358064 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-09-14 18:41 358064 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-09-14 18:41 358064 ----a-w- c:\users\Seldentar\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-01-23 18:11 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-01-23 18:11 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-01-23 18:11 2339032 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-13 2585744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: Interfaces\{9829448E-3B2A-415F-8BEC-B14154951D46}\C496E6B63797372323136353D27657563747: DhcpNameServer = 192.168.3.1
FF - ProfilePath - c:\users\Seldentar\AppData\Roaming\Mozilla\Firefox\Profiles\bgtakz9t.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AceGain_LiveUpdate - c:\windows\iun6002.exe
AddRemove-Battlecraft Vietnam1.0 BETA - c:\windows\iun6002.exe
AddRemove-BFVCC Server Manager1.00_A Beta - c:\windows\iun6002.exe
AddRemove-InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4} - c:\program files (x86)\InstallShield Installation Information\{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}\setup.exe
AddRemove-InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F} - c:\program files (x86)\InstallShield Installation Information\{DF446558-ADF7-4884-9B2D-281979CCE71F}\setup.exe
AddRemove-MDT - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A} - c:\program files (x86)\InstallShield Installation Information\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}\setup.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
AddRemove-{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F} - c:\program files (x86)\InstallShield Installation Information\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}\setup.exe
AddRemove-{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6} - c:\program files (x86)\InstallShield Installation Information\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}\setup.exe
AddRemove-{3E31400D-274E-4647-916C-2CACC3741799} - c:\program files (x86)\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe
AddRemove-{49D77BFA-135A-49AD-9A8A-8488EADA562D} - c:\program files (x86)\InstallShield Installation Information\{49D77BFA-135A-49AD-9A8A-8488EADA562D}\setup.exe
AddRemove-{562CBD30-CA59-4640-862C-99C0ECED4B4C} - c:\program files (x86)\InstallShield Installation Information\{562CBD30-CA59-4640-862C-99C0ECED4B4C}\setup.exe
AddRemove-{C1594429-8296-4652-BF54-9DBE4932A44C} - c:\program files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe
AddRemove-{F78FC958-7354-43EA-BF26-AFCBFE7B9C18} - c:\program files (x86)\InstallShield Installation Information\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-24  20:02:10
ComboFix-quarantined-files.txt  2016-01-25 02:01
.
Pre-Run: 196,918,112,256 bytes free
Post-Run: 196,734,414,848 bytes free
.
- - End Of File - - A1447BA00F68063457E48F32876C4F22
 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 25 January 2016 - 01:37 PM

Hi SinisterTechnique,

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Please follow the below steps to disable "Teredo" and report whether it helps.

:step1: Open an elevated "command prompt".

http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

:step2: Type the below commands exactly and press "Enter" key.

netsh interface teredo set state disabled

Reboot the system when completed and check how the torrents works.
=============================================================================
Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

=================================================================================

Step 1:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK  and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 2:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 SinisterTechnique

SinisterTechnique
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 25 January 2016 - 06:10 PM

I'm not sure what you mean by "check how the torrents works," but I ran the command successfully.

 

Step 1:

 

The zoek results file is attached.

 

Step 2:

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Seldentar [Administrator]
Started from : C:\Users\Seldentar\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/25/2016 14:12:44
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3984804975-3913061207-2306128548-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] c9473f5abbea0b97a7e4773f857f2f1d
[BSP] c2d3f28febd5f4c070cfc20ed7b7fcca : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11185 MB
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 22908928 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 23113728 | Size: 422471 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 888334336 | Size: 281647 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Kingston DT 101 G2 USB Device +++++
--- User ---
[MBR] 7a5f95cdc6348269c34acb06df57e0c3
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8064 | Size: 3741 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 25 January 2016 - 08:16 PM

Hi SinisterTechnique,
 
Java 8 Update 66 ====>>>Java 8 Update 71 now

Please Update;

Download and install please: Windows Offline (64-bit)

================================================================

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 SinisterTechnique

SinisterTechnique
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 25 January 2016 - 11:09 PM

Log of ESET Scan:

 

C:\Share\disktop foler\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Seldentar\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Seldentar\Downloads\Total Annihilation 3D - CHIP-Installer.exe a variant of Win32/DownloadSponsor.C potentially unwanted application
 



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 26 January 2016 - 11:26 AM

Hi SinisterTechnique,

How is your PC running now and  any issus ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 SinisterTechnique

SinisterTechnique
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 26 January 2016 - 06:42 PM

It's running like normal, there's nothing going on that I'm able to see. If my computer is still infected then it's very subtle.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 26 January 2016 - 08:41 PM

Hi SinisterTechnique,

 

Now PC is clean no longer :thumbup2:

 

Thank you for your patience.  Please do the following:
Uninstall Combofix:

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg
 
next.....
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices
 
Note:  Some safety suggestions !
http://trmalwarefix.freeforums.net/t...ty-suggestions

Best regards.wave.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 SinisterTechnique

SinisterTechnique
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 26 January 2016 - 10:55 PM

You mean now my PC is no longer infected... I hope  :P

 

Anyhow, so far I have uninstalled Combofix and run delfix successfully but when I went to "System Restore" there was no button to create a restore point. At the top it says "Restore your computer to the state it was in before the selected event" and then it lists an item under three columns labeled "Date and Time," "Description," and "Type." The item value for these columns is "1/26/2016 9:39:34PM", "End of disinfection", "System." There's a check box labeled "Show more restore points" and a clickable box "Scan for affected programs." Should I click the item and press "Next"? 


Edited by SinisterTechnique, 26 January 2016 - 10:55 PM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 27 January 2016 - 01:20 PM

There must be the Create button.Do not you?
Try the following directive

 

Create a new, clean System Restore point which you can use in case of future system problems:

  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users