PDA

View Full Version : Strange actions after closing W10 offer... GWX?


Vince
2016-06-25, 14:25
Hi again

Been having a problem... again :(

Really hope you can help

I have been noticing a lag in all youtube videos recently and have when I notice this I run a scan with spybot1.6.2 , which always I notice always picks up the same 2 tracing cookies.

one is casalemedia and the other plexi... something.


The other day I had a friend over, he has access to hundreds of Pcs every day, who tells me that the w10 free upgrade offer in the bottom right of my screen... does not look right.

I closed the window as he was saying not to click it (by using the x) and almost immediately my PC was telling me that a particular application was requesting access to the harddrive. The applications name was in Chinese (or other oriental language).

I clicked no to disallow, and found myself in a repetitive loop of it trying to run and me hitting no.... the end result was me hiting the power button and restarting.

My FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Mup (administrator) on MUP-PC (25-06-2016 11:37:58)
Running from C:\Users\Mup\Desktop
Loaded Profiles: Mup (Available Profiles: Mup)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(TeamViewer GmbH) Z:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(TomTom) Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() Z:\xampp\xampp-control.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apache Software Foundation) Z:\xampp\apache\bin\httpd.exe
() Z:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) Z:\xampp\apache\bin\httpd.exe
(David Harris) Z:\xampp\MercuryMail\mercury.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(HexChat) Z:\Program Files\HexChat\hexchat.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_213_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXUX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [615144 2016-03-09] (Samsung Electronics Co.,Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2909615783-3256432697-2275361012-1000\...\Run: [TomTomHOME.exe] => Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-13] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ED63C13B-4D8B-442C-AAB8-042F350DA227}: [NameServer] 192.168.1.111,8.8.8.8
Tcpip\..\Interfaces\{ED63C13B-4D8B-442C-AAB8-042F350DA227}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2909615783-3256432697-2275361012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
SearchScopes: HKU\S-1-5-21-2909615783-3256432697-2275361012-1000 -> {A197405C-150C-4040-A558-94AD9B9C9386} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v10
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-13] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-09] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-13] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2909615783-3256432697-2275361012-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909615783-3256432697-2275361012-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mup\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-19] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-05-13] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-01-05] ()
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)
R2 TeamViewer; z:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 TomTomHOMEService; Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-04-30] (TomTom)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-05-13] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-05-13] (Avast Software)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-25 11:37 - 2016-06-25 11:38 - 00019497 _____ C:\Users\Mup\Desktop\FRST.txt
2016-06-25 11:36 - 2016-06-25 11:37 - 00000000 ____D C:\FRST
2016-06-25 11:36 - 2016-06-25 11:36 - 02387456 _____ (Farbar) C:\Users\Mup\Desktop\FRST64.exe
2016-06-24 00:17 - 2016-06-24 00:17 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-06-24 00:17 - 2016-06-24 00:17 - 00000000 ____D C:\Windows\system32\vbox
2016-06-18 00:12 - 2016-05-09 17:42 - 00315456 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-06-18 00:12 - 2016-05-09 17:42 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-06-18 00:12 - 2016-05-09 17:42 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-06-15 02:58 - 2016-06-06 17:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 02:58 - 2016-06-06 17:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 02:58 - 2016-06-03 14:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 02:58 - 2016-05-27 14:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 02:58 - 2016-05-27 14:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 02:58 - 2016-05-27 14:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 02:58 - 2016-05-27 14:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 02:58 - 2016-05-24 00:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 02:58 - 2016-05-23 23:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 02:58 - 2016-05-22 14:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 02:58 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 02:58 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 02:58 - 2016-05-20 23:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 02:58 - 2016-05-20 23:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 02:58 - 2016-05-20 23:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 02:58 - 2016-05-20 23:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 02:58 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 02:58 - 2016-05-20 23:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 02:58 - 2016-05-20 23:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 02:58 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 02:58 - 2016-05-20 23:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 02:58 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 02:58 - 2016-05-20 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 02:58 - 2016-05-20 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 02:58 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 02:58 - 2016-05-20 22:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 02:58 - 2016-05-20 22:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 02:58 - 2016-05-20 22:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 02:58 - 2016-05-20 22:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 02:58 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 02:58 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 02:58 - 2016-05-20 22:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 02:58 - 2016-05-20 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 02:58 - 2016-05-20 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 02:58 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 02:58 - 2016-05-20 22:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 02:58 - 2016-05-20 22:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 02:58 - 2016-05-20 22:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 02:58 - 2016-05-20 22:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 02:58 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 02:58 - 2016-05-20 22:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 02:58 - 2016-05-20 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 02:58 - 2016-05-20 22:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 02:58 - 2016-05-20 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 02:58 - 2016-05-20 22:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 02:58 - 2016-05-20 22:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 02:58 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 02:58 - 2016-05-20 22:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 02:58 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 02:58 - 2016-05-20 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 02:58 - 2016-05-20 22:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 02:58 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 02:58 - 2016-05-20 22:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 02:58 - 2016-05-20 22:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 02:58 - 2016-05-20 22:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 02:58 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 02:58 - 2016-05-20 22:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 02:58 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 02:58 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 02:58 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 02:58 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 02:58 - 2016-05-20 22:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 02:58 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 02:58 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 02:58 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 02:58 - 2016-05-20 22:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 02:58 - 2016-05-20 22:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 02:58 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 02:58 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 02:58 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 02:58 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 02:58 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 02:58 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 02:58 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 02:58 - 2016-05-18 17:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 02:58 - 2016-05-18 17:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 02:58 - 2016-05-13 23:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 02:58 - 2016-05-13 23:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 02:58 - 2016-05-13 23:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 02:58 - 2016-05-13 23:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 02:58 - 2016-05-13 23:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 02:58 - 2016-05-13 22:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 02:58 - 2016-05-13 22:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 02:58 - 2016-05-13 22:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 02:58 - 2016-05-13 22:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 02:58 - 2016-05-13 22:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 02:58 - 2016-05-12 18:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 02:58 - 2016-05-12 18:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 02:58 - 2016-05-12 18:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 02:58 - 2016-05-12 18:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 02:58 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 02:58 - 2016-05-12 18:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 02:58 - 2016-05-12 18:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 02:58 - 2016-05-12 18:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 02:58 - 2016-05-12 18:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 02:58 - 2016-05-12 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 02:58 - 2016-05-12 16:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 02:58 - 2016-05-12 16:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 02:58 - 2016-05-12 16:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 02:58 - 2016-05-12 16:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 02:58 - 2016-05-12 15:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 02:58 - 2016-05-12 15:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 02:58 - 2016-05-12 15:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 02:58 - 2016-05-12 15:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 02:58 - 2016-05-12 15:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 02:58 - 2016-05-12 15:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 02:58 - 2016-05-12 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 02:58 - 2016-05-12 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 02:58 - 2016-05-12 15:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 02:58 - 2016-05-12 15:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 02:58 - 2016-05-12 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 02:58 - 2016-05-12 14:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 02:58 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 02:58 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 02:58 - 2016-05-11 18:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 02:58 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 02:58 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 02:58 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 02:58 - 2016-05-11 16:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 02:58 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 02:58 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 02:58 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 02:58 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 02:58 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 02:58 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 02:58 - 2016-04-14 17:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 02:58 - 2016-04-14 17:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 02:58 - 2016-04-14 17:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 02:58 - 2016-04-14 17:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 02:58 - 2016-04-14 17:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 02:58 - 2016-04-14 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 02:58 - 2016-04-14 16:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 02:58 - 2016-04-14 16:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 02:58 - 2016-04-14 16:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 02:58 - 2016-04-14 16:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 02:58 - 2016-04-14 16:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 02:58 - 2016-04-14 16:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 02:58 - 2016-04-09 07:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 02:58 - 2016-04-09 07:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 02:58 - 2016-04-09 07:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 02:58 - 2016-04-09 07:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 02:58 - 2016-04-09 06:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 02:58 - 2016-04-09 06:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 02:58 - 2016-03-09 20:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 02:58 - 2016-03-09 19:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-13 18:24 - 2016-06-13 18:24 - 00000956 _____ C:\Users\Mup\Desktop\Android Studio.lnk
2016-06-12 15:19 - 2016-06-12 15:26 - 00713066 _____ C:\Users\Mup\Desktop\wales.bmp
2016-06-12 15:19 - 2016-06-12 15:19 - 00000000 _____ C:\Users\Mup\Desktop\New Bitmap Image.bmp
2016-06-12 15:18 - 2016-06-12 15:18 - 00060790 _____ C:\Users\Mup\Desktop\Flag_of_Wales.svg
2016-06-06 16:41 - 2016-06-06 16:41 - 00000000 ____D C:\Users\Mup\Desktop\2016_06_06
2016-05-28 14:43 - 2016-05-28 14:43 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1464442988
2016-05-28 14:43 - 2016-05-28 14:43 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-05-28 14:43 - 2016-05-28 14:43 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-05-26 12:24 - 2016-05-26 12:24 - 00000145 _____ C:\Users\Mup\.appletviewer
2016-05-26 11:51 - 2016-05-26 11:56 - 00000000 ____D C:\Users\Mup\SpaceInvaders

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-25 11:36 - 2015-01-05 03:26 - 00000000 ____D C:\Users\Mup\AppData\Roaming\Skype
2016-06-25 11:24 - 2016-04-19 00:30 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2909615783-3256432697-2275361012-1000.job
2016-06-25 11:15 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 11:15 - 2009-07-14 05:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 10:43 - 2015-01-05 14:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-25 09:49 - 2016-04-19 00:30 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2909615783-3256432697-2275361012-1000.job
2016-06-24 21:43 - 2015-01-05 14:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-24 08:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-06-24 01:04 - 2015-10-20 22:48 - 00000000 ____D C:\Users\Mup\AppData\Roaming\HexChat
2016-06-23 21:09 - 2009-07-14 06:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-23 21:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-06-23 21:03 - 2016-04-13 15:27 - 00000093 _____ C:\HaxLogs.txt
2016-06-23 21:03 - 2015-01-06 22:15 - 00000000 ___RD C:\Users\Mup\Virtual Machines
2016-06-23 21:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-23 21:03 - 2009-07-14 05:45 - 00565152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-23 21:02 - 2015-01-05 00:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-23 21:01 - 2015-04-15 19:56 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-23 20:58 - 2015-01-05 01:50 - 00000000 ____D C:\Windows\system32\MRT
2016-06-23 20:57 - 2015-01-08 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 20:57 - 2015-01-05 01:50 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-23 20:56 - 2015-01-08 01:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-23 20:56 - 2015-01-08 01:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 20:44 - 2015-03-03 20:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 20:37 - 2015-04-15 19:04 - 01362536 _____ C:\Windows\ntbtlog.txt
2016-06-22 19:35 - 2016-04-15 17:09 - 00103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-06-18 03:27 - 2015-01-05 03:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-18 03:27 - 2015-01-05 03:26 - 00000000 ____D C:\ProgramData\Skype
2016-06-18 00:22 - 2016-04-14 00:58 - 00000000 ____D C:\Users\Mup\.android
2016-06-18 00:19 - 2015-01-28 15:10 - 00000000 ____D C:\ProgramData\Oracle
2016-06-18 00:17 - 2015-01-28 15:10 - 00000000 ____D C:\Program Files\Java
2016-06-18 00:11 - 2015-10-12 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-18 00:11 - 2015-01-28 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-06-15 23:38 - 2016-04-19 00:30 - 00003664 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2909615783-3256432697-2275361012-1000
2016-06-15 23:38 - 2016-04-19 00:30 - 00003568 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2909615783-3256432697-2275361012-1000
2016-06-14 18:26 - 2015-01-12 20:05 - 00000000 ____D C:\Users\Mup\AppData\Roaming\vlc
2016-06-13 19:31 - 2010-11-21 04:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-13 18:27 - 2016-04-13 21:43 - 00000000 ____D C:\Users\Mup\AndroidStudioProjects
2016-06-12 21:22 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-10 15:49 - 2016-02-13 16:25 - 00000000 ____D C:\Users\Mup\AppData\Local\CrashDumps
2016-06-09 23:41 - 2016-02-25 20:46 - 00000000 ____D C:\Users\Mup\AppData\Local\Deployment
2016-06-03 18:44 - 2016-03-21 23:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-30 10:44 - 2015-01-05 14:51 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-05-30 10:44 - 2015-01-05 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-28 15:52 - 2015-02-04 19:11 - 00000000 ____D C:\Users\Mup\.zenmap
2016-05-28 15:38 - 2015-04-11 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-05-28 15:38 - 2015-01-05 00:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-28 15:36 - 2015-03-21 02:40 - 00000000 ____D C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-28 15:31 - 2015-01-05 14:51 - 00000000 ___RD C:\Users\Mup\Google Drive
2016-05-28 14:43 - 2015-01-05 00:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-28 14:41 - 2015-04-15 19:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-28 14:41 - 2015-04-15 19:56 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-28 14:41 - 2011-04-12 09:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-26 12:24 - 2015-01-04 23:44 - 00000000 ____D C:\Users\Mup
2016-05-26 11:51 - 2015-10-12 18:42 - 00000000 ____D C:\Users\Mup\.p2
2016-05-26 11:51 - 2015-03-13 15:43 - 00000000 ____D C:\Users\Mup\AppData\Local\Eclipse

==================== Files in the root of some directories =======

2015-01-09 22:10 - 2016-05-24 20:22 - 0000600 _____ () C:\Users\Mup\AppData\Roaming\winscp.rnd
2015-08-22 20:14 - 2015-08-22 20:14 - 0017024 _____ () C:\Users\Mup\AppData\Local\0495EBD29BD14c729759BD95BE6F68B8.customer 62mmnew.lbx
2015-10-03 13:44 - 2015-10-03 13:44 - 0017036 _____ () C:\Users\Mup\AppData\Local\3D5253FDFC844592876D12222B240ED8.customer 62mmnew.lbx
2016-03-16 13:50 - 2016-03-16 13:50 - 0017046 _____ () C:\Users\Mup\AppData\Local\415C0AB7C8D4490095E94280DA786F7F.customer 62mmnew.lbx
2015-02-18 23:13 - 2015-02-18 23:13 - 0017077 _____ () C:\Users\Mup\AppData\Local\4CA63DB1E1504938AB3215B489312E9F.customer 62mmnew.lbx
2016-03-03 01:03 - 2016-03-03 01:03 - 0017035 _____ () C:\Users\Mup\AppData\Local\532253B5D291496e99DA0B0A4AD61B46.customer 62mmnew.lbx
2016-02-25 10:38 - 2016-02-25 10:38 - 0017086 _____ () C:\Users\Mup\AppData\Local\5D57E98BAD0E4b17886A53B3F621EBFD.customer 62mmnew.lbx
2015-08-31 10:42 - 2015-08-31 10:42 - 0017042 _____ () C:\Users\Mup\AppData\Local\6EB680A42A634db9BC8D7CC9A1F6AB40.customer 62mmnew.lbx
2016-03-04 22:34 - 2016-03-04 22:34 - 0017025 _____ () C:\Users\Mup\AppData\Local\73A689F606B3435b98F43715EC39FC0C.customer 62mmnew.lbx
2015-03-03 20:48 - 2015-03-03 20:48 - 0017031 _____ () C:\Users\Mup\AppData\Local\78AA1BDFE1C841309EC4C999F2C8DA3A.customer 62mmnew.lbx
2015-02-23 22:22 - 2015-02-23 22:22 - 0017036 _____ () C:\Users\Mup\AppData\Local\7F2D0B1BB6E0479fB824289324827D85.customer 62mmnew.lbx
2015-08-16 20:39 - 2015-08-16 20:39 - 0017018 _____ () C:\Users\Mup\AppData\Local\A2291D89627E4ddf9C0FDEFB60E2A834.customer 62mmnew.lbx
2015-10-28 22:49 - 2015-10-28 22:49 - 0017024 _____ () C:\Users\Mup\AppData\Local\BB87D95EF1F4448c9CFB9D4B6D060652.customer 62mmnew.lbx
2016-04-06 14:15 - 2016-04-06 14:15 - 0017023 _____ () C:\Users\Mup\AppData\Local\D10E213F4814490cAE1385E57760C054.customer 62mmnew.lbx
2015-06-05 08:26 - 2015-06-05 08:26 - 0017050 _____ () C:\Users\Mup\AppData\Local\DD70F42358784452B36FDDC96369D86D.customer 62mmnew.lbx
2016-03-01 22:14 - 2016-03-01 22:14 - 0017026 _____ () C:\Users\Mup\AppData\Local\E95B52297C974f2d9F08C83FFB2C6C44.customer 62mmnew.lbx
2016-03-21 23:01 - 2016-03-21 23:01 - 0017069 _____ () C:\Users\Mup\AppData\Local\F11E1C395BA4412d87B0D301AA635B03.customer 62mmnew.lbx
2015-04-15 13:59 - 2015-04-15 13:59 - 0017042 _____ () C:\Users\Mup\AppData\Local\FBFC02DED512465f816AA4AE29C95EF9.customer 62mmnew.lbx
2015-01-10 15:16 - 2016-05-24 00:37 - 0000600 _____ () C:\Users\Mup\AppData\Local\PUTTY.RND
2016-05-11 08:47 - 2016-05-11 08:47 - 0000736 _____ () C:\Users\Mup\AppData\Local\recently-used.xbel
2015-02-18 23:40 - 2016-05-12 12:37 - 0007594 _____ () C:\Users\Mup\AppData\Local\Resmon.ResmonCfg
2015-11-28 11:36 - 2015-11-28 11:36 - 0000105 _____ () C:\ProgramData\.sdplic

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 00:36

==================== End of FRST.txt ============================

and my addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Mup (2016-06-25 11:38:14)
Running from C:\Users\Mup\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-01-04 22:43:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2909615783-3256432697-2275361012-500 - Administrator - Disabled)
Guest (S-1-5-21-2909615783-3256432697-2275361012-501 - Limited - Enabled)
Mup (S-1-5-21-2909615783-3256432697-2275361012-1000 - Administrator - Enabled) => C:\Users\Mup

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B93CD779-D1C1-4B4D-A9E5-564A542C6DFD}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.7.8 - Arduino Srl)
Atmel Driver Files (x32 Version: 7.0.930 - Atmel Corporation) Hidden
Atmel Jungo USB Driver (x32 Version: 7.0.122 - Atmel) Hidden
Atmel LibUSB0 Driver (x32 Version: 7.0.75 - Atmel) Hidden
Atmel Segger USB Drivers (497j) (x32 Version: 7.0.165 - Atmel) Hidden
Atmel USB Driver Package (HKLM-x32\...\{de4b888f-1e37-44df-86c7-8efcf4c390ba}) (Version: 7.0.712 - Atmel)
Atmel WinUSB (x32 Version: 6.2.30 - Atmel) Hidden
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother P-touch Address Book 1.2 (HKLM-x32\...\{71410B72-3DA8-4330-BC05-7380FDE09410}) (Version: 1.2.0010 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0300 - Brother Industries, Ltd.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Erlang OTP 18 (7.2.1) (HKLM-x32\...\Erlang OTP 18 (7.2.1)) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - )
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-2909615783-3256432697-2275361012-1000\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.0 - HexChat)
IBM Installation Manager (HKLM\...\IBM Installation Manager) (Version: - )
IBM Software Delivery Platform (HKLM-x32\...\IM-IBM Software Delivery Platform) (Version: - )
IBM® Rational® Software Architect (IBM Software Delivery Platform) (HKLM\...\IBMIM_win.uninstall.registry_IBM Software Delivery Platform_com.ibm.rational.rsa.90) (Version: 9.0 - IBM)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation)
iTunes (HKLM\...\{D5021BF1-39FF-4550-AB7D-6193A6B38671}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
JetBrains PhpStorm 8.0.2 (HKLM-x32\...\PhpStorm 8.0.2) (Version: 139.732 - JetBrains s.r.o.)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Virtual Machine Converter (HKLM\...\{332C1E78-1D2F-4A64-B718-68095DC6254B}) (Version: 3.1.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version: - Firaxis Games)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TeXstudio 2.9.4 (HKLM-x32\...\TeXstudio_is1) (Version: 2.9.4 - Benito van der Zander)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - Arduino Srl (www.arduino.org) Arduino USB Driver (03/19/2015 1.1.1.0) (HKLM\...\71ED52D169E1147606C3FDA469E3466C0BF6F768) (Version: 03/19/2015 1.1.1.0 - Arduino Srl (www.arduino.org))
Windows Driver Package - Linino (usbser) Ports (01/13/2014 1.0.0.0) (HKLM\...\4DC66C8049FDE56A565BF7D9C136B55308845122) (Version: 01/13/2014 1.0.0.0 - Linino)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2909615783-3256432697-2275361012-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2909615783-3256432697-2275361012-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mup\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2909615783-3256432697-2275361012-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> z:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A8DCCA6-EDB9-45F1-ACA3-D2D4F33BF55F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {257FDFF4-9389-486D-BCD6-55EC6DD2932A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4F14BE65-DCF1-47EB-B701-A20D92186845} - System32\Tasks\G2MUploadTask-S-1-5-21-2909615783-3256432697-2275361012-1000 => C:\Users\Mup\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe [2016-06-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5A20781C-577F-4A72-8788-A50A3F613E70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {64C5AEC3-E127-413E-93E5-81C8E751E0E3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-13] (AVAST Software)
Task: {99B99695-40E5-49CE-B5D7-CCA7D3019D96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {A199B7B7-74EE-4C75-8C57-2E4F2034C271} - System32\Tasks\SafeZone scheduled Autoupdate 1464442988 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {BF677476-143A-4A88-8D67-C376EEBBD7A1} - System32\Tasks\G2MUpdateTask-S-1-5-21-2909615783-3256432697-2275361012-1000 => C:\Users\Mup\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe [2016-06-15] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2909615783-3256432697-2275361012-1000.job => C:\Users\Mup\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2909615783-3256432697-2275361012-1000.job => C:\Users\Mup\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mup\Desktop\startserver.bat - Shortcut.lnk -> Z:\Program Files (x86)\mw3 steam free server\startserver.bat ()

==================== Loaded Modules (Whitelisted) ==============

2005-09-09 04:24 - 2005-09-09 04:24 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2016-04-01 16:16 - 2016-05-02 06:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-01 16:16 - 2016-05-02 06:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-01 16:16 - 2016-05-02 06:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-12 10:03 - 2016-05-02 06:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-01-05 11:44 - 2015-01-05 11:47 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-11 22:33 - 2016-03-09 17:18 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2015-04-11 22:33 - 2016-03-09 17:18 - 02513920 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2015-04-11 22:33 - 2016-03-09 17:18 - 02436096 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:25 - 2013-12-21 11:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 11:26 - 2013-12-21 11:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2016-06-23 20:40 - 2016-06-23 20:40 - 00669696 _____ () C:\Windows\Temp\sqlite-3.7.151-amd64-sqlitejdbc.dll
2015-04-11 22:33 - 2016-03-09 17:18 - 00049664 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2016-04-01 16:16 - 2016-05-02 06:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-01 16:16 - 2016-05-02 06:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-12 10:03 - 2016-05-02 06:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-01 16:16 - 2016-05-02 06:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2015-01-05 00:34 - 2016-04-27 12:51 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-01 16:16 - 2016-05-02 06:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-01 16:16 - 2016-05-02 06:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-15 21:05 - 2014-12-17 22:23 - 00736962 _____ () z:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2015-01-05 13:14 - 2005-06-07 13:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-06-13 22:02 - 2013-06-17 10:42 - 02569216 _____ () Z:\xampp\xampp-control.exe
2014-06-13 22:02 - 2014-01-14 16:54 - 10966528 _____ () z:\xampp\mysql\bin\mysqld.exe
2015-10-20 22:48 - 2016-03-12 14:57 - 00032256 _____ () Z:\Program Files\HexChat\iconv.dll
2015-10-20 22:48 - 2016-03-12 14:59 - 01423872 _____ () Z:\Program Files\HexChat\cairo.dll
2015-10-20 22:48 - 2016-03-12 14:58 - 00731136 _____ () Z:\Program Files\HexChat\fontconfig.dll
2015-10-20 22:48 - 2016-03-12 14:58 - 01430016 _____ () Z:\Program Files\HexChat\libxml2.dll
2015-10-20 22:48 - 2016-03-12 14:58 - 00597504 _____ () Z:\Program Files\HexChat\pixman-1.dll
2015-10-20 22:48 - 2016-03-12 14:58 - 00217088 _____ () Z:\Program Files\HexChat\libpng16.dll
2015-10-20 22:48 - 2016-03-12 14:57 - 00081408 _____ () Z:\Program Files\HexChat\zlib1.dll
2015-10-20 22:48 - 2016-03-12 15:00 - 00975872 _____ () Z:\Program Files\HexChat\harfbuzz.dll
2016-03-21 23:06 - 2016-03-12 15:00 - 00059904 _____ () Z:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs14\engines\libwimp.dll
2016-03-21 23:06 - 2016-03-12 14:59 - 00292864 _____ () Z:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2016-03-21 23:06 - 2016-03-12 17:00 - 00011776 _____ () Z:\Program Files\HexChat\plugins\hcupd.dll
2016-05-13 12:06 - 2016-05-13 12:06 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-13 12:06 - 2016-05-13 12:06 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-23 19:11 - 2016-06-23 19:11 - 02948608 _____ () C:\Program Files\AVAST Software\Avast\defs\16062303\algo.dll
2016-05-13 12:06 - 2016-05-13 12:06 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-13 12:06 - 2016-05-13 12:06 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-25 01:04 - 2016-06-25 01:04 - 02948608 _____ () C:\Program Files\AVAST Software\Avast\defs\16062401\algo.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 15:57 - 2015-11-20 15:57 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2016-02-12 10:03 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-13 12:06 - 2016-05-13 12:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-13 22:02 - 2014-03-11 21:01 - 00217600 _____ () z:\xampp\apache\bin\pcre.dll
2014-06-13 22:02 - 2014-04-09 00:21 - 00128512 _____ () Z:\xampp\php\libpq.dll
2014-06-13 22:02 - 2014-03-11 21:01 - 00217600 _____ () Z:\xampp\apache\bin\pcre.dll
2015-01-05 00:11 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2909615783-3256432697-2275361012-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.111 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8B5002F7-9986-47E0-9C0C-F8316D02E271}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FEDB0E41-027B-470D-AD66-96F0A2A73734}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{391477D2-B564-4CE6-BA53-24A5957E86B5}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{11CD0B6E-A675-480F-8BE3-9F1B5A331136}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{77372182-09C8-4102-9217-C9B18F9B3394}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED1F0D8D-799B-4E22-A37D-05EF71CB2328}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA9B72FE-E5A5-49A0-9846-D06271279C73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8DC8F84E-52BC-4962-8559-7094D678A3FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8207CD80-797C-49D9-BED8-D0DF22A20DB7}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{7DF92B40-5DD9-4A9A-81F4-18DCA6E87307}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{3D2E8271-5594-4407-84A2-1C22FF5916BE}C:\program files (x86)\xfire\xfire.exe] => (Allow) C:\program files (x86)\xfire\xfire.exe
FirewallRules: [UDP Query User{B8688D01-FEFE-4057-8061-8D1E8D9816A4}C:\program files (x86)\xfire\xfire.exe] => (Allow) C:\program files (x86)\xfire\xfire.exe
FirewallRules: [{0A77AD23-EE8D-45A9-A8CF-7AE3D70067AC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{89D8E5AC-2EC0-4D35-BEB3-7FE6D21C7504}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{4F0695D8-A9F6-41C6-A597-3A05652797FF}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{05AD80CE-1569-405D-A9B4-C4415A6B2B17}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CDF44D25-29EE-4FCD-9E8B-883A272EC1EA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7012BC00-9C81-487D-ABBA-F5E5FFDCEC6B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BE521888-41DA-4C28-B8D6-18B641CB216D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{25076F0E-D75F-4A89-8B2A-F2607577966A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D9E464A-78A8-4DFE-98EB-6BE59ECAF4F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{817CC663-0A1B-489F-9D52-11FED0DECF55}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{209FFB35-FABC-4F38-B54C-7783ADA43084}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8D389E2D-1066-4A33-91B5-572F6F2019E9}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{65AF6201-D571-45F1-885B-F28A70E93055}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [TCP Query User{BD532571-1517-4E10-8B85-AE4A48784BEA}C:\program files (x86)\all seeing eye\eye.exe] => (Allow) C:\program files (x86)\all seeing eye\eye.exe
FirewallRules: [UDP Query User{EA93772F-E8DE-494D-B30E-02A2F10036BE}C:\program files (x86)\all seeing eye\eye.exe] => (Allow) C:\program files (x86)\all seeing eye\eye.exe
FirewallRules: [TCP Query User{7A797D2C-B9EE-462D-901B-C39CA85A15A2}Z:\xampp\apache\bin\httpd.exe] => (Allow) Z:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{6380B8D1-DC27-44D7-A57E-61D1125EB913}Z:\xampp\apache\bin\httpd.exe] => (Allow) Z:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{3242F1DC-909D-4455-BFE4-724D11955D0A}Z:\xampp\mysql\bin\mysqld.exe] => (Allow) Z:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{1BC21B15-09A0-4BE4-8E5B-83C42FC9F82D}Z:\xampp\mysql\bin\mysqld.exe] => (Allow) Z:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{E24812C6-195E-4736-A72C-3F2B57B4D761}Z:\xampp\mercurymail\mercury.exe] => (Allow) Z:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{55D808C4-880E-47C5-A1A3-FA99643A1089}Z:\xampp\mercurymail\mercury.exe] => (Allow) Z:\xampp\mercurymail\mercury.exe
FirewallRules: [{EA635637-AE61-4624-95D4-F0C9E46E686B}] => (Allow) Z:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4463E59F-321B-4324-BB90-E00D3BCEB28D}] => (Allow) Z:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{8A693BAC-5CC2-4162-9E50-FC11B5A9CC1F}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [UDP Query User{017548A1-02E3-46A0-B91F-E9E672DBA152}C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.2\bin\phpstorm.exe
FirewallRules: [{9459C6AA-08C4-411B-A5E1-946B93BD259E}] => (Allow) Z:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A16383C-5B02-4854-9231-ED5CCC30E202}] => (Allow) Z:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C6B9A497-C95E-4015-8536-30CBDEA1BA13}] => (Allow) Z:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6D426DF2-ED9B-4841-89FE-20D836DF09BE}] => (Allow) Z:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8AF58A0F-177B-491E-AF78-91E1002BF506}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\half-life 2\hl2.exe
FirewallRules: [{9E575CC0-A789-4E61-B4A6-EBA98C32E304}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\half-life 2\hl2.exe
FirewallRules: [{3620A4C1-9316-4A4A-AB33-7B05658C5BF8}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B3E71174-C8DF-412A-9E98-E6371BB78252}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9241ED97-252F-4C02-9E73-20B64BBA4F15}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{D80C6780-DBAA-4C9A-9043-75F156EA590C}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{138F89AD-7DC1-443B-AD7A-D0F9947B4DFE}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C69A9D87-EDA9-4E65-A2E8-8DDBF1B27565}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4757B192-E49D-43DF-A3EA-01A789E521CD}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe
FirewallRules: [{52702106-73F3-4407-9069-02237F1E9FEE}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Railroads\RailRoads.exe
FirewallRules: [TCP Query User{6BB103B7-E6A1-486E-886B-82E857E8CF24}Z:\program files (x86)\mw3 steam free server\teknomw3_dedicated.exe] => (Allow) Z:\program files (x86)\mw3 steam free server\teknomw3_dedicated.exe
FirewallRules: [UDP Query User{03338847-F8BD-4F45-9B7A-EE3B9A2E102B}Z:\program files (x86)\mw3 steam free server\teknomw3_dedicated.exe] => (Allow) Z:\program files (x86)\mw3 steam free server\teknomw3_dedicated.exe
FirewallRules: [{BE2EC8C6-8C30-4020-B106-B1928FAD887D}] => (Allow) Z:\program files (x86)\mw3 steam free server\teknomw3_dedicated.exe
FirewallRules: [{06E81D50-1669-49CA-B4C5-6693E5C7FEE8}] => (Allow) Z:\program files (x86)\mw3 steam free server\teknomw3_dedicated.exe
FirewallRules: [TCP Query User{22A3717B-D4E5-4F8E-BC92-1A185303C5C7}Z:\program files (x86)\call of duty modern warfare 3 steam free\iw5mp.exe] => (Allow) Z:\program files (x86)\call of duty modern warfare 3 steam free\iw5mp.exe
FirewallRules: [UDP Query User{2F9045A6-8E6A-4DAE-8B1C-7DD163183EE0}Z:\program files (x86)\call of duty modern warfare 3 steam free\iw5mp.exe] => (Allow) Z:\program files (x86)\call of duty modern warfare 3 steam free\iw5mp.exe
FirewallRules: [{47423032-AA44-4E16-9622-2C3571F64684}] => (Block) Z:\program files (x86)\call of duty modern warfare 3 steam free\iw5mp.exe
FirewallRules: [{15EB48AB-80CB-481B-8F4F-C28C7798C954}] => (Block) Z:\program files (x86)\call of duty modern warfare 3 steam free\iw5mp.exe
FirewallRules: [{7B0BFF12-2D5F-43ED-A25A-5F29A749F749}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{0C4DF7B4-448D-4592-8F00-53D9270FB9D1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{8503B057-6C00-4F1B-8DDC-3488F376AE1F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{87E9B6B4-855E-47DF-AB81-83C775B93635}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{E3E90308-8883-4151-B962-EF47CFCFC5E8}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{2A676B5E-599A-4D70-A254-8D572D38601E}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{D7594ED7-42E1-4DDE-8E8F-F4F6079610D0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{92CDD64E-814A-45FF-BA80-9A98E2BF3863}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{59B90041-2B4C-46FB-92FA-C775270EF4C3}] => (Allow) LPort=8743
FirewallRules: [{46E844D6-2DE8-4776-A809-3724F45B9750}] => (Allow) LPort=8643
FirewallRules: [{FC08AF48-0FAC-487F-9DB3-005798A39A7B}] => (Allow) LPort=7676
FirewallRules: [{3F4D0ABA-FE23-4EE1-AB64-20B471BD0C8B}] => (Allow) LPort=7679
FirewallRules: [{C47CE1B3-E0C9-4565-8E90-25FC05637010}] => (Allow) LPort=24234
FirewallRules: [{B5AC7C7B-5E0D-4FC7-9D1F-BDAE99CC73A2}] => (Allow) LPort=7900
FirewallRules: [{7B277DB3-0C4A-4AFA-B00B-E9000DADF0D4}] => (Allow) LPort=1900
FirewallRules: [{5BDB56C9-6F04-4B28-A804-11C1EB6F6062}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe
FirewallRules: [{D1B6D09B-7E1B-453B-BDA9-391FACD2135C}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe
FirewallRules: [TCP Query User{676517C2-27CD-412E-9D7C-25627905296A}Z:\program files\hexchat\hexchat.exe] => (Allow) Z:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{AD677D96-601A-4323-B6BB-625239D7950C}Z:\program files\hexchat\hexchat.exe] => (Allow) Z:\program files\hexchat\hexchat.exe
FirewallRules: [{C4372B8E-A216-4CD5-A2B4-43E33B7730DA}] => (Block) Z:\program files\hexchat\hexchat.exe
FirewallRules: [{BCB1F593-54B6-4FA6-BA6F-E91AE3E1C979}] => (Block) Z:\program files\hexchat\hexchat.exe
FirewallRules: [{89DE68B7-3A28-4549-9273-08C7F18CC0AA}] => (Allow) Z:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E53364B7-FF79-483F-AD93-0695438A5437}] => (Allow) Z:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BB9AC2AA-50BE-4E79-926A-F3C1E24F5655}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{9055F5EC-C4B3-4352-9004-09AF72EB18EC}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [TCP Query User{C9411AF0-2874-4984-95D8-7E16AA21FEDA}C:\program files\java\jdk1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{D25C477C-BD38-411F-BC53-A3D548028D2E}C:\program files\java\jdk1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\javaw.exe
FirewallRules: [{FACF67F8-F4CB-4A22-B8E7-DC51C0CF65D8}] => (Block) C:\program files\java\jdk1.8.0_60\bin\javaw.exe
FirewallRules: [{81BB0641-0759-472A-A6E7-0877FE60BDBF}] => (Block) C:\program files\java\jdk1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{305284EE-EF31-4109-A94A-479BA85D1D29}C:\users\mup\appdata\local\temp\ibmim7067413542866435976.tmp\jre_6.0.0.sr9_20110208_03\jre\bin\javaw.exe] => (Allow) C:\users\mup\appdata\local\temp\ibmim7067413542866435976.tmp\jre_6.0.0.sr9_20110208_03\jre\bin\javaw.exe
FirewallRules: [UDP Query User{88E6CA55-B82C-4561-8878-9E22DE63C528}C:\users\mup\appdata\local\temp\ibmim7067413542866435976.tmp\jre_6.0.0.sr9_20110208_03\jre\bin\javaw.exe] => (Allow) C:\users\mup\appdata\local\temp\ibmim7067413542866435976.tmp\jre_6.0.0.sr9_20110208_03\jre\bin\javaw.exe
FirewallRules: [{18B57C2E-BB2F-4F85-B77A-2D9193475BCD}] => (Block) C:\users\mup\appdata\local\temp\ibmim7067413542866435976.tmp\jre_6.0.0.sr9_20110208_03\jre\bin\javaw.exe
FirewallRules: [{D4E1BAF0-7CC2-4A4B-AF2F-C8DCB39C1A7E}] => (Block) C:\users\mup\appdata\local\temp\ibmim7067413542866435976.tmp\jre_6.0.0.sr9_20110208_03\jre\bin\javaw.exe
FirewallRules: [TCP Query User{B505164A-522F-4E27-9599-D9F61841BC9D}Z:\program files\ibm\sdp\jdk\jre\bin\javaw.exe] => (Allow) Z:\program files\ibm\sdp\jdk\jre\bin\javaw.exe
FirewallRules: [UDP Query User{FC0DCFA7-1EB0-425D-A154-666A9452FBE9}Z:\program files\ibm\sdp\jdk\jre\bin\javaw.exe] => (Allow) Z:\program files\ibm\sdp\jdk\jre\bin\javaw.exe
FirewallRules: [{B51548DA-8AD5-4D04-ABBB-36BD55E12D79}] => (Block) Z:\program files\ibm\sdp\jdk\jre\bin\javaw.exe
FirewallRules: [{582FF378-7215-4E62-8377-07F6565B83CC}] => (Block) Z:\program files\ibm\sdp\jdk\jre\bin\javaw.exe
FirewallRules: [{1DC14F68-C001-41B4-A8A4-CD5B0AF91080}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E444603D-FF25-4532-8725-DC5B86A4C145}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F2C7117E-D77E-4F7F-A3D0-28AD2E405E92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D05CFDAF-221F-42DB-85D3-AA66898EBC89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B816DC7-A709-4060-9D29-EF23544D8DDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09894498-FAE3-44D6-BCBD-0887F8E7FA8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4386772F-F998-47D7-B96B-9159878A6768}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{172BB810-C417-4938-B22B-A2A1D55BCFBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{42BA3B01-EB9B-4C32-83D0-34F506FAD89B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{AF1EBB08-E8F7-4A07-B361-061CA17F60B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{30577A46-96A9-4BEF-A568-C7C4E8E70763}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A82BBE11-8B9C-445D-B356-183366535881}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9752F704-66F3-45FD-97BB-021A2D943C12}Z:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) Z:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{5DCE4E19-E029-4CB7-BE07-5EA5B535261D}Z:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) Z:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{2F892964-0777-4EAE-A1E6-573C1F7AFB83}] => (Block) Z:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{DBA4AF47-CCF9-4721-88B9-A7DC56130F25}] => (Block) Z:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{7C393EFE-AC17-4A3E-9C85-4F0EDE09097D}Z:\users\mup\eclipse\java-mars\eclipse\eclipse.exe] => (Allow) Z:\users\mup\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [UDP Query User{EBA7DD0F-FAF6-439E-8BB7-51F5154D7A2E}Z:\users\mup\eclipse\java-mars\eclipse\eclipse.exe] => (Allow) Z:\users\mup\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{D8F7FBEA-526B-4177-911D-EEB6A1EF4884}] => (Block) Z:\users\mup\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{ADF4E2FE-3677-4454-8710-702FCE4318E6}] => (Block) Z:\users\mup\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{686D52E3-C978-4668-8014-075145DC3C31}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{73E454A5-3188-4631-B390-70C2CB67F500}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{2E31E092-DAD5-439C-B6F4-9D1F28C3E860}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{708A65AF-1ED6-4DC7-8744-4C4328E572D1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{77E447B3-2A14-443E-A550-39AB464D9705}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{637BD86A-E7B5-4368-B3F1-4A3626DE8DD2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{F60EC1CF-990D-4CF6-A7AF-3228D8E06959}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{82F4A552-47FE-4E02-B509-BD12E4D3CA97}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{220A6AF4-E320-4F5B-9D68-25C8D0E03AB4}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{929D0F8D-2A98-412B-8E4A-6A96606BAA60}] => (Allow) Z:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [TCP Query User{BC015F25-FAA1-4AA4-8E90-38A47B20B52D}C:\program files\java\jdk1.8.0_31\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_31\bin\java.exe
FirewallRules: [UDP Query User{16583FF0-C60F-4186-92CD-A431805A8E30}C:\program files\java\jdk1.8.0_31\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_31\bin\java.exe
FirewallRules: [TCP Query User{23B6B42D-51B2-44B7-90AE-DC682D55D6F8}Z:\program files\android\android studio\bin\studio64.exe] => (Allow) Z:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{4DC5A5D5-407F-446E-8254-686CEE94CA8E}Z:\program files\android\android studio\bin\studio64.exe] => (Allow) Z:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{E6C7E23A-9082-4DC9-A90C-210DC34FBF80}] => (Block) Z:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{3EC087C1-E39C-486F-9947-779E9DED73B3}] => (Block) Z:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{72341287-906D-43F4-98CA-D72215A75A68}Z:\program files (x86)\nmap\nmap.exe] => (Allow) Z:\program files (x86)\nmap\nmap.exe
FirewallRules: [UDP Query User{B81DE274-CF2E-45AD-95C8-6AE2FC0F80CF}Z:\program files (x86)\nmap\nmap.exe] => (Allow) Z:\program files (x86)\nmap\nmap.exe
FirewallRules: [{589E4F37-B018-4666-A234-71EAA0E1B4FA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{73BD6792-95DD-4981-B99D-447F2640E7E7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{EDD5C639-F91E-45FC-8C4E-7799BD6823E1}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{A86D0BB7-98E2-42F3-91AF-62A95CD1C7FF}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{74B355BB-C3A2-4941-98BB-0C38C38B79F5}Z:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) Z:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{25AE6C41-7755-4D51-81C4-5D1AF3E07B0F}Z:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) Z:\program files\java\jdk1.7.0_79\bin\java.exe

==================== Restore Points =========================

12-06-2016 02:34:55 Scheduled Checkpoint
18-06-2016 00:11:32 Installed Java SE Development Kit 7 Update 79 (64-bit)
18-06-2016 00:12:06 Installed Java 7 Update 79 (64-bit)
18-06-2016 00:17:15 Removed Java SE Development Kit 7 Update 79 (64-bit)
18-06-2016 00:17:54 Removed Java 7 Update 79 (64-bit)
18-06-2016 00:18:44 Installed Java SE Development Kit 7 Update 79 (64-bit)
18-06-2016 00:19:15 Installed Java 7 Update 79 (64-bit)
18-06-2016 03:25:59 ASU_MSI_TRAN
23-06-2016 20:52:44 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2016 10:06:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 31f0

Start Time: 01d1ceaeb9e5ab1a

Termination Time: 95

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/23/2016 09:03:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2016 08:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 14 1.0.0.127.in-addr.arpa. PTR Mup-PC.local.

Error: (06/23/2016 08:40:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 16 1.0.0.127.in-addr.arpa. PTR Mup-PC-2.local.

Error: (06/23/2016 08:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2016 08:17:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 10:45:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2160

Start Time: 01d1c9ab19dbe5ac

Termination Time: 87

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/12/2016 10:23:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4ab0

Start Time: 01d1c4ef39683e9b

Termination Time: 107

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/10/2016 03:49:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18315, time stamp: 0x571ae616
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a73e
Exception code: 0xc0000017
Fault offset: 0x0007d7e6
Faulting process id: 0x33c0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/10/2016 03:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18315, time stamp: 0x571ae616
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0xc0000005
Fault offset: 0x00035f75
Faulting process id: 0x3b68
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (06/24/2016 06:33:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (06/24/2016 06:33:28 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (06/23/2016 09:03:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (06/23/2016 09:02:48 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/23/2016 09:01:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/23/2016 08:56:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device.

Error: (06/23/2016 08:40:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (06/23/2016 08:40:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/23/2016 08:16:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (06/23/2016 08:16:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.



==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 16269.48 MB
Available physical RAM: 10302.14 MB
Total Virtual: 16267.67 MB
Available Virtual: 8803.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:58.45 GB) NTFS
Drive f: (Pictures and Films) (Fixed) (Total:292.97 GB) (Free:135.96 GB) NTFS
Drive g: (Software) (Fixed) (Total:390.62 GB) (Free:153.98 GB) NTFS
Drive z: (Installs) (Fixed) (Total:488.28 GB) (Free:58.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: EED682A4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3D937C41)

Partition: GPT.

==================== End of Addition.txt ============================

thank you
Juliet
2016-06-26, 14:42
I don't think you have an infection but rather Microsoft taking over and installing the “Get Windows 10″ update.

GWXUX.EXE is related to “Get Windows 10″ "



[quote name="AplusWebMaster" post="877165" timestamp="1464209585"]
FYI...

MS 'tactics' upgrading people to Win10
- https://bgr.com/2016/05/25/microsoft-windows-10-upgrade-trick/
May 25, 2016 - "For months now, Microsoft has done everything in its power to shove Windows 10 down your throat. The 'free' update is mandatory at this point, and we’ve heard from many Windows users who discovered their computers updated to the newest version automatically, -without- their knowledge or explicit permission. Microsoft kept offering excuses for these annoying occurrences, and even said it will stop pushing upgrades to Windows users refuse to hop aboard the Windows 10 train. Now, the company has come up with its most evil trick yet to get you to update your PC to Windows 10, and it’s based on the same methodology hackers use to trick people into installing malware. 'Pop-ups' often appear when you visit 'malicious' websites and when you click the “X” to close them, malware is installed on your computer. Well, Microsoft just tweaked its 'Windows 10 upgrade alert pop-up' so that the update is triggered when clicking the X, PC World explains:
> http://www.pcworld.com/article/3073457/windows/how-microsofts-nasty-new-windows-10-pop-up-tricks-you-into-upgrading.html
May 22, 2016
>> https://boygeniusreport.files.wordpress.com/2016/05/microsoft-windows-10-upgrade-x-button-popup-alert.jpg
The Get Windows X app that pushes the update prompt has recently changed the behavior of the “X” button. Earlier, users would have been able to dismiss the pop-up by pressing the button, as you would expect. But you can’t do that anymore. Pressing the X now has a different function. It tells the company you’re happy to have your computer updated at the time shown inside the pop-up. The only way to get rid of it is to change the update time manually. But of course, that’s not intuitive at all and many people are about to be tricked into upgrading. The trick is disingenuous at best, since Microsoft isn’t technically doing anything wrong. It’s just turning the function of the X button from “close and do nothing” to “close and upgrade later.” You know, without explaining this tiny change to anyone. Come July 29th, Microsoft will stop prompting users to upgrade, Business Insider reminds us*, so make sure you change your Windows 10 upgrade time to August or later!"
* http://www.businessinsider.com/windows-10-pop-ups-tricking-users-into-upgrading-x-2016-5

>> http://core0.staticworld.net/images/article/2016/05/gwx-new-100662456-orig.png
May 22, 2016

https://forums.whatthetech.com/index.php?showtopic=130652


****************
We can run a couple of tools to check things out.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.




======================================================



Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


***
please post
AdwCleaner[C1].txt
JRT.txt
Vince
2016-06-26, 15:34
Thanks Juliet

I have used them both. AWD found a couple of keys and JRT some temp files

# AdwCleaner v5.200 - Logfile created 26/06/2016 at 13:19:54
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-25.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Mup - MUP-PC
# Running from : C:\Users\Mup\Desktop\AdwCleaner (2).exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uhytajrtpo-a.akamaihd.net

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2613 bytes] - [09/05/2016 12:21:15]
C:\AdwCleaner\AdwCleaner[C2].txt - [1008 bytes] - [26/06/2016 13:19:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [2325 bytes] - [09/05/2016 12:19:00]
C:\AdwCleaner\AdwCleaner[S2].txt - [1131 bytes] - [26/06/2016 13:09:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1227 bytes] ##########


JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by Mup (Administrator) on 26/06/2016 at 13:25:20.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 12

Successfully deleted: C:\Users\Mup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X2K6NEL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7S29CEVD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4T1SY2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAYJTGH8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ8UQMRX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mup\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPMBDTIT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X2K6NEL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7S29CEVD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4T1SY2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAYJTGH8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ8UQMRX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPMBDTIT (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2016 at 13:26:29.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Juliet
2016-06-26, 15:47
Let's update and run a scan with Malwarebytes Anti-Malware.

Open Malwarebytes Anti-Malware



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.




~~~~~~~~~~~~~~~~~~~~~`

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Go here (http://www.eset.com/int/home/products/online-scanner/) and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location. Double-click on esetonlinescanner_enu.exe to install and a new window will open.
Follow the prompts.
Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html)
At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
Tick the option Enable detection of potentially unwanted applications
Click on Advanced settings
Make sure that the option Clean threats automatically is unticked.
Ensure these options are ticked:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth technology
Click Scan Wait for the scan to finish.
When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Please copy/paste the contents of the log in your next reply.
To close ESET Online Scanner, select Do not clean then Finish


Please post these 2 logs when finished.

Also, tell me what the computer is doing now.
Vince
2016-06-26, 23:22
I have some bad news :(

I started an ESET scan and had noticed it saying there is 10 infected files after about 10 mins of the scan.

With your instructions about not browsing while ESET is scanning in my head I started playing a game for a couple of hours.

After playing and returning to my desktop, it was at that moment I got I noticed that all the box's in the online scanner were blank :(
I'm guessing this is why you tell people not to browse.
I tried moving the box about and was clicking randomly, when the middle changed to text and I could see a status of processing.....
knowing you did not want me to clean with ESET I kinda panicked, I ended up killing the task and starting again... it has been running for about 2 hrs again and so far is saying 2 infected files, but the text display area has turned black. I don't believe there is a log of scan 1.

No idea how much longer it will take, i'll post the log from this attempt once it finishes.
Juliet
2016-06-26, 23:44
oh bad Vince, tsk tsk tsk

I really don't think you hurt anything. Remember you have files in quarantine folders already so let's let it finish (no games please)
Vince
2016-06-27, 09:27
ESET is a pain for me :(

Last night the progress bar seemed to be stuck and I ended up killing the scan again.

I said to myself I would run it overnight with no other application running and the ESET window central to the screen. Which is what I did.

I have come down this morning to fins a blank ESET box again :(

maybe it would run better from safe mode?
Juliet
2016-06-27, 14:06
There is definitely less running in safe mode for sure.....

wonder if something was updating in the background?.....might never know.

We can give safemode a try and be sure to disable your antivirus, remember, no surfing while scanning.

How to Temporarily Disable your Anti-virus
AVAST
Right-click on the avast! icon in system tray (looks like this: http://i100.photobucket.com/albums/m7/dasaki/avast.jpg but orange in color starting with v5). Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
Juliet
2016-06-28, 00:59
Try this link:

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.

Temporarily disable your Anti-Virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).

If you are running the ESET Online Scanner from a downloaded .exe, visit the following web page to download the latest version:
http://www.eset.com/us/online-scanner/
Vince
2016-06-28, 20:00
Thanks :)

I tried and succeeded in safe mode. But, there was nothing found with either malwarebytes or ESET

Can you tell me the possible location for the quarantined files as a number of applications are now missing configs :(

Vince
Juliet
2016-06-29, 00:51
Thanks :)

I tried and succeeded in safe mode. But, there was nothing found with either malwarebytes or ESET

Can you tell me the possible location for the quarantined files as a number of applications are now missing configs :(

Vince

Which tool or program removed those?, and which programs have been altered?

AWD
[26/06/2016 13:19:54] <-- this is the log I see and it really found very little. The one you ran and I haven't seen [09/05/2016 12:21:15]


Junkware Removal Tool 26/06/2016
only remove temp files located here---> Temporary Internet Files Folder
Vince
2016-06-29, 01:10
Hi again Juliet and really thank you for the support you have given. No biggie if the files are gone.

ESET looked like it was doing something when I killed the process, you said something about quarantined files... I asked where they might be :)

Vince
Juliet
2016-06-29, 01:25
you said something about quarantined files... I asked where they might be

When I instruct people to run a Eset scan I always tell them they might see files held in quarantine folders. Yours didn't come back with that.

we don't have much in that way to remove.
We ended up not having to quarantine anything with FRST and from what I can see ADW and JRT didn't either.


If the machine is OK we can remove tools used and I can give preventive tips.
Vince
2016-06-30, 01:36
Hi again

I have just noticed the pc being slow again, and again scanned with spybot. it found the same MediaPlex cookie.

I don't think its ok at the moment.
Vince
2016-06-30, 09:48
and again this morning

I would accept that they are only cookies, but I don't think the laggy video playback is right :(

12598
Juliet
2016-06-30, 14:38
Please download and scan with SUPERAntiSpyware Free (http://www.superantispyware.com/) Double-click SUPERAntiSypware.exe, choose Custom Install and uncheck the options to install Google Chrome or any offers for free toolbars if you do not want them.
After setup completes...Decline any Trial offers to upgrade to the Pro Version.
An icon will be created on your desktop. Double-click that icon to launch the program.
If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here (http://www.superantispyware.com/definitions.html). Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.
In the Main Menu, click System Tools & Program Settings, then click Preferences.
Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set): Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the Back button on the bottom, then click Home to return to the Main Menu.
Back on the Main Menu, under "Select Scan Type" check the box for Complete Scan.
If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
Click the Scan your computer... button.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the Main Menu.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again. Click the View Scan Logs button at the bottom.
This will open the Scanner Logs Window.
Click on the log to highlight it and then click on View Selected Log to open it.
Copy and paste the scan log results in your next reply.


Enable and disable cookies that websites use to track your preferences
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences


Does this occur on any specific websites and all browsers?
do you mean the video is loading choppily? Sometimes, this can be due to a bandwidth issue.. have you tried pausing the video for a few minutes then going back to it?

It's possible you need to update Flash Player
or I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_22_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_22_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/
___


your graphics card?
Vince
2016-06-30, 20:25
Hi again

My superantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2016 at 06:11 PM

Application Version : 6.0.1220
Database Version : 12810

Scan type : Complete Scan
Total Scan Time : 00:20:16

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned : 757
Memory threats detected : 0
Registry items scanned : 57487
Registry threats detected : 0
File items scanned : 38547
File threats detected : 526

Adware.Tracking Cookie
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TDGBVMTH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TDGBVMTH.txt [ /ru4.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\E17V28KM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\E17V28KM.txt [ /btrll.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\O7YAQ17G.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\O7YAQ17G.txt [ /pubmatic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GGZGORPH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GGZGORPH.txt [ /yieldoptimizer.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\1T8KTGPK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\1T8KTGPK.txt [ /tradelab.fr ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GKWW74N5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GKWW74N5.txt [ /angsrvr.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\NI61AHEP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\NI61AHEP.txt [ /tubemogul.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\IYFMMB40.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\IYFMMB40.txt [ /flashtalking.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\UXE0JD53.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\UXE0JD53.txt [ /ih.adscale.de ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LOKEBV4J.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LOKEBV4J.txt [ /adsymptotic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\0D4M1R3K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\0D4M1R3K.txt [ /bluecava.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\6HPS9W4J.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\6HPS9W4J.txt [ /intentiq.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\FOWLV3KJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\FOWLV3KJ.txt [ /mediaplex.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\IMZMBKLW.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\IMZMBKLW.txt [ /domdex.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\BPIZRVW9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\BPIZRVW9.txt [ /insightexpressai.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\E16O122Y.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\E16O122Y.txt [ /revsci.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\AO4022N6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\AO4022N6.txt [ /adfarm1.adition.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\W7M2SCAJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\W7M2SCAJ.txt [ /dotomi.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\9Q4G1OBI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\9Q4G1OBI.txt [ /lfstmedia.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MDBF0Q90.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MDBF0Q90.txt [ /bs.serving-sys.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LXO06S72.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LXO06S72.txt [ /m.exactag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\FF16IP8A.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\FF16IP8A.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4LRMI47P.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4LRMI47P.txt [ /simpli.fi ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\UBBOY2U1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\UBBOY2U1.txt [ /media6degrees.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LKS1BMKE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LKS1BMKE.txt [ /adadvisor.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4F9TOX0W.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4F9TOX0W.txt [ /rlcdn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\SYEOZYV9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\SYEOZYV9.txt [ /bs.serving-sys.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\7TNXDHQU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\7TNXDHQU.txt [ /mathtag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\O74409C2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\O74409C2.txt [ /atdmt.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TIDEAJVQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TIDEAJVQ.txt [ /contextweb.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MJX3CPW4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MJX3CPW4.txt [ /server.adformdsp.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\R2CMKCJN.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\R2CMKCJN.txt [ /spotxchange.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\PI2ODTSA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\PI2ODTSA.txt [ /s407.meetrics.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\R4TJEPNF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\R4TJEPNF.txt [ /amgdgt.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TU7050B1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TU7050B1.txt [ /ibeu2.mookie1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\6YAY95OU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\6YAY95OU.txt [ /pixel.rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\CXITUSH3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\CXITUSH3.txt [ /gwallet.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GGQM1F87.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GGQM1F87.txt [ /c1.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\XF03D4TB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\XF03D4TB.txt [ /atemda.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\F09H8ZJI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\F09H8ZJI.txt [ /demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\P07ZOPHQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\P07ZOPHQ.txt [ /exelator.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GGKB37C0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GGKB37C0.txt [ /skimresources.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\JO6CIDNC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\JO6CIDNC.txt [ /bluekai.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\XKEJWTXX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\XKEJWTXX.txt [ /adtech.de ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\25O7FZS5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\25O7FZS5.txt [ /rfihub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\OFPWYEUG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\OFPWYEUG.txt [ /geo-um.btrll.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\ZV7LHALG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\ZV7LHALG.txt [ /turn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\116LSBIR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\116LSBIR.txt [ /tapad.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\KPMEJOTR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\KPMEJOTR.txt [ /legolas-media.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\3HNL5VPF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\3HNL5VPF.txt [ /smartadserver.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\DGCI0ACR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\DGCI0ACR.txt [ /ligadx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\K1Q83T7K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\K1Q83T7K.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GKU5XH7Q.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\GKU5XH7Q.txt [ /imrworldwide.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LWKVQ943.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LWKVQ943.txt [ /openx.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\049QIEDG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\049QIEDG.txt [ /scorecardresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Q2X2OON1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Q2X2OON1.txt [ /collective-media.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LCXZSZNU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LCXZSZNU.txt [ /pfa.levexis.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\D8MU18I1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\D8MU18I1.txt [ /serving-sys.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\5WP7VU50.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\5WP7VU50.txt [ /sitescout.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\0V1UX828.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\0V1UX828.txt [ /univide.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\T4RMDUBV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\T4RMDUBV.txt [ /adsrvr.org ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\I0ZG2NN8.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\I0ZG2NN8.txt [ /adnxs.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\WTMAFKUR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\WTMAFKUR.txt [ /advertising.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\F0HNDHJZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\F0HNDHJZ.txt [ /chango.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\8W3O752F.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\8W3O752F.txt [ /eyeota.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\J087TY38.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\J087TY38.txt [ /dc-storm.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\3D563DYK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\3D563DYK.txt [ /sa.scorecardresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Q1Y11WLX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Q1Y11WLX.txt [ /tellapart.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\P030I52Q.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\P030I52Q.txt [ /lijit.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\08NYG64V.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\08NYG64V.txt [ /go.flx1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\KDED1WMZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\KDED1WMZ.txt [ /connexity.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\0429RW5X.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\0429RW5X.txt [ /w55c.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\EKT587RV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\EKT587RV.txt [ /dmtry.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\PCAXPKXP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\PCAXPKXP.txt [ /sxp.smartclip.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\R3P7WTB8.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\R3P7WTB8.txt [ /vizu.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\ZM5WHCVF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\ZM5WHCVF.txt [ /ad.360yield.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\IJ022Q86.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\IJ022Q86.txt [ /tremorhub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\C4K4KEX4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\C4K4KEX4.txt [ /yieldlab.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\PX3JS0SN.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\PX3JS0SN.txt [ /pfa.levexis.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\H3F8SAIS.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\H3F8SAIS.txt [ /mookie1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\VD170841.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\VD170841.txt [ /dpm.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\KD2F5XTF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\KD2F5XTF.txt [ /adgrx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LZIP230D.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LZIP230D.txt [ /krxd.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\9PIQM3BQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\9PIQM3BQ.txt [ /nexac.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\070S1PW7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\070S1PW7.txt [ /bidswitch.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\5J6PJ5A5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\5J6PJ5A5.txt [ /adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\JMH4DDCV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\JMH4DDCV.txt [ /ads.converge-digital.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\F2LQ3883.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\F2LQ3883.txt [ /crwdcntrl.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\N8SNGV82.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\N8SNGV82.txt [ /gametracker.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\SYG2R9YQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\SYG2R9YQ.txt [ /rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TXINANIL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\TXINANIL.txt [ /everesttech.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\1HHT4844.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\1HHT4844.txt [ /semasio.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MTCVPVUZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MTCVPVUZ.txt [ /runadtag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\9PO3GVWF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\9PO3GVWF.txt [ /owneriq.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\AWLUJUOV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\AWLUJUOV.txt [ /wtp101.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\QFT2LO0O.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\QFT2LO0O.txt [ /vindicosuite.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MEZ6TX2P.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\MEZ6TX2P.txt [ /track.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4DJ2602S.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4DJ2602S.txt [ /at.atwola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\VR77AT17.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\VR77AT17.txt [ /adscale.de ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\AKE6UC3J.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\AKE6UC3J.txt [ /3lift.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\6D8K7FII.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\6D8K7FII.txt [ /adformdsp.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\U8GJQIJP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\U8GJQIJP.txt [ /samsung.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LYV0R78N.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\LYV0R78N.txt [ /agkn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\VUPHBJL2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\VUPHBJL2.txt [ /po.st ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4QLNVAVA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\4QLNVAVA.txt [ /tidaltv.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\T89KPEGI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\T89KPEGI.txt [ /ibillboard.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\A28AUV17.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\A28AUV17.txt [ /liverail.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\J137J0QA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\J137J0QA.txt [ /ru4.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHH6XFQ5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHH6XFQ5.txt [ /btrll.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\65XQM22J.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\65XQM22J.txt [ /shaw.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LIYWX0LD.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LIYWX0LD.txt [ /go.sonobi.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KFT7FR4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KFT7FR4.txt [ /www.epmads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH59P0WR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH59P0WR.txt [ /pubmatic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUWZFDNE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUWZFDNE.txt [ /in.getclicky.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FQFB00QP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FQFB00QP.txt [ /provenpixel.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4V0FZURJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4V0FZURJ.txt [ /yieldoptimizer.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQF1K4UI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQF1K4UI.txt [ /mythings.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2PV513R.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2PV513R.txt [ /nxtck.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVDYFQUB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IVDYFQUB.txt [ /tracker.yougov.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VF7YGNAZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VF7YGNAZ.txt [ /autouk.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMP1Y2T9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMP1Y2T9.txt [ /dyntrk.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\449MI1IG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\449MI1IG.txt [ /adblade.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MXC1T5I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MXC1T5I.txt [ /abmr.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LEZFXCT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1LEZFXCT.txt [ /angsrvr.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BJBJ3DC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BJBJ3DC.txt [ /pixel-a.sitescout.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R93OMTG4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R93OMTG4.txt [ /tubemogul.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4XBQXYP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4XBQXYP.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6T0SPYSF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6T0SPYSF.txt [ /udmserve.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YLYW9OX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YLYW9OX.txt [ /us.ads.justpremium.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9TWOKF0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P9TWOKF0.txt [ /click4reg.co.uk ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHE2Z5AG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EHE2Z5AG.txt [ /flashtalking.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWKKBZ3S.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWKKBZ3S.txt [ /recommender.scarabresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0XOUFI22.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0XOUFI22.txt [ /blutonic-ads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8APTJ7D1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8APTJ7D1.txt [ /xapads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\37U8IRSO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\37U8IRSO.txt [ /bttrack.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5O37GOIP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5O37GOIP.txt [ /ih.adscale.de ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3A9ELVXQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3A9ELVXQ.txt [ /adsymptotic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP0XS6E4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MP0XS6E4.txt [ /ads.pubmatic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QRZRSOB3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QRZRSOB3.txt [ /bluecava.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKJTXH71.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKJTXH71.txt [ /intentiq.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEV2B3FP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SEV2B3FP.txt [ /cxense.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y80UG36N.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y80UG36N.txt [ /lenovo.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\U9U0UWZU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\U9U0UWZU.txt [ /mediaplex.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EH59HHLI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EH59HHLI.txt [ /adtechjp.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBUED7P3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBUED7P3.txt [ /domdex.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HFMY8IB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HFMY8IB.txt [ /xg4ken.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VSLPECMJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VSLPECMJ.txt [ /ads.chargeads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JNO4YQCV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JNO4YQCV.txt [ /convertro.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8YK7CW7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8YK7CW7.txt [ /server.cpmstar.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHL3I0DZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHL3I0DZ.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WEWGEX31.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WEWGEX31.txt [ /insightexpressai.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQBSXK8N.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQBSXK8N.txt [ /revsci.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QWBR5KR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QWBR5KR.txt [ /sekindo.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLCDGSTM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLCDGSTM.txt [ /adfarm1.adition.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9GN8S5HE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9GN8S5HE.txt [ /prfct.co ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3FR6E61.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3FR6E61.txt [ /advg.jp ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4CMTT3YB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4CMTT3YB.txt [ /dotomi.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GYL99U2S.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GYL99U2S.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCU66TWH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JCU66TWH.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0LS1VSV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E0LS1VSV.txt [ /lfstmedia.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5162BGDL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5162BGDL.txt [ /ox-d.ibtuk.servedbyopenx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\837D7APS.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\837D7APS.txt [ /adaptv.advertising.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AO32OAN3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AO32OAN3.txt [ /bs.serving-sys.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JY6I377.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JY6I377.txt [ /m.exactag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NR7SAD88.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NR7SAD88.txt [ /ads.undertone.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJBY3W8P.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJBY3W8P.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RULWFNYO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RULWFNYO.txt [ /ads.servebom.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HVYH3NU6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HVYH3NU6.txt [ /perfectmarket.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPVL9OW6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HPVL9OW6.txt [ /crsspxl.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8XRLC3L.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8XRLC3L.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I5L0KRDA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I5L0KRDA.txt [ /gumgum.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YDPN41P.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YDPN41P.txt [ /c.appier.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZFM8MGFY.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZFM8MGFY.txt [ /adhigh.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPSAP1SO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPSAP1SO.txt [ /s.thebrighttag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\81LZ9QM5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\81LZ9QM5.txt [ /omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX4GG716.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX4GG716.txt [ /1rx.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1RH9XRJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1RH9XRJ.txt [ /statse.webtrendslive.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBGURTUO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RBGURTUO.txt [ /adap.tv ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4G24ALG4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4G24ALG4.txt [ /acxiom-online.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F94M5LBA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F94M5LBA.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7J3H2H7X.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7J3H2H7X.txt [ /pardot.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\15FCZKK2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\15FCZKK2.txt [ /clickfuse.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDATFT0H.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDATFT0H.txt [ /adserver.davidicke.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4L08RH5B.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4L08RH5B.txt [ /basebanner.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9R7LHLR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9R7LHLR.txt [ /reson8.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\D7B761WP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\D7B761WP.txt [ /eyeviewads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1NF8HYM7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1NF8HYM7.txt [ /adserver.silence-media.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8Q5ZNAE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8Q5ZNAE.txt [ /simpli.fi ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M07XKFZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9M07XKFZ.txt [ /254a.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0986L1FH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0986L1FH.txt [ /www.ist-track.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IAZWSS3U.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IAZWSS3U.txt [ /cstatic.weborama.fr ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4K396J3S.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4K396J3S.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKANFJFT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKANFJFT.txt [ /media6degrees.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7N25CSB7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7N25CSB7.txt [ /idgenterprise.d1.sc.omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRHIYUDA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRHIYUDA.txt [ /adadvisor.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYKSKWTY.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PYKSKWTY.txt [ /bidr.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3WU2G1O.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3WU2G1O.txt [ /ebz.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5A3F1OEU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5A3F1OEU.txt [ /audienceiq.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CW16NDVJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CW16NDVJ.txt [ /rlcdn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Y8TSHP1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Y8TSHP1.txt [ /4545490799.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AV1LPEL3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AV1LPEL3.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCGJC0PA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCGJC0PA.txt [ /viglink.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6V02X2E9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6V02X2E9.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTM02960.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTM02960.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFRRETOX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFRRETOX.txt [ /dashbida.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NG3HDEHB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NG3HDEHB.txt [ /a1.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VK8OYHNF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VK8OYHNF.txt [ /bs.serving-sys.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ME08Q0DD.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ME08Q0DD.txt [ /adsby.bidtheatre.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKU82WRM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKU82WRM.txt [ /unrulymedia.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHRPQJSE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHRPQJSE.txt [ /visualdna.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8WGJ4BY.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8WGJ4BY.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRYV2WZP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRYV2WZP.txt [ /mathtag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLR99079.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YLR99079.txt [ /justpremium.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZW4X26ZH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZW4X26ZH.txt [ /effectivemeasure.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8G83MUI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8G83MUI.txt [ /mmstat.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Q4UETK7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Q4UETK7.txt [ /adgear.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4Y70RAJE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4Y70RAJE.txt [ /dpclk.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6PQDB86.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\H6PQDB86.txt [ /areyouahuman.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNTKID6A.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNTKID6A.txt [ /atdmt.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGRA4D4C.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGRA4D4C.txt [ /a.scorecardresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUEZXK85.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUEZXK85.txt [ /contextweb.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RLAS6S1T.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RLAS6S1T.txt [ /vodafoneuk.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUOWZZMJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GUOWZZMJ.txt [ /admized.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DM22F9OV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DM22F9OV.txt [ /delivery.platform.switchads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUFD7VEH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUFD7VEH.txt [ /tekblue.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LOMVJBR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9LOMVJBR.txt [ /tag.1rx.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7SDV72DX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7SDV72DX.txt [ /1425218314.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\27G28B0B.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\27G28B0B.txt [ /swid.switchads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3E4VSXZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I3E4VSXZ.txt [ /uk.sitestat.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCVHI227.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCVHI227.txt [ /trackingplex.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OVHLOC8.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1OVHLOC8.txt [ /fwmrm.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z3IBAZF0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z3IBAZF0.txt [ /delivery.a.switchadhub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VWOX7OK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VWOX7OK.txt [ /server.adformdsp.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VX1E91HY.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VX1E91HY.txt [ /dsply.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\G30EN8AU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\G30EN8AU.txt [ /company-target.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1GSIE33S.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1GSIE33S.txt [ /apxlv.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLJ8YHNK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLJ8YHNK.txt [ /sociomantic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5OXKK8W8.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5OXKK8W8.txt [ /www.i.matheranalytics.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\H8EOGTY6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\H8EOGTY6.txt [ /adserver.video ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\86JL25V4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\86JL25V4.txt [ /rev.adip.ly ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYK1I22K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYK1I22K.txt [ /spotxchange.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZFJCUWOR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZFJCUWOR.txt [ /tynt.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KSNQH24K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KSNQH24K.txt [ /acuityplatform.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1BHVLT2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1BHVLT2.txt [ /optimatic.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\COR5HO6K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\COR5HO6K.txt [ /zemanta.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFT2UXOV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFT2UXOV.txt [ /collector-475.tvsquared.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXZIVZVH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WXZIVZVH.txt [ /ads.creative-serving.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8JM41JV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R8JM41JV.txt [ /tribalfusion.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZA0PNEC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZA0PNEC.txt [ /jsrdn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VAHMI4AV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VAHMI4AV.txt [ /daimlerag.d2.sc.omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALOKTTOW.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALOKTTOW.txt [ /amgdgt.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8Q97EQ5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8Q97EQ5.txt [ /ibeu2.mookie1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6QSBQ29.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6QSBQ29.txt [ /teads.tv ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\75NC1AMS.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\75NC1AMS.txt [ /trib.al ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISMG729F.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ISMG729F.txt [ /timeoutcommunications.122.2o7.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJAUSXHA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJAUSXHA.txt [ /revcontent.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OFL77SR8.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OFL77SR8.txt [ /pixel.rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKHXX73T.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKHXX73T.txt [ /gwallet.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6QXMFQT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6QXMFQT.txt [ /c1.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1DNBDT2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1DNBDT2.txt [ /atemda.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5LQFK3F7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5LQFK3F7.txt [ /demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QO3E6EH2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QO3E6EH2.txt [ /adlegend.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5M9N8IB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5M9N8IB.txt [ /afy11.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1YAMUEB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1YAMUEB.txt [ /scanscout.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E30PSMOI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E30PSMOI.txt [ /pixel.keywee.co ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ1OLPJ3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ1OLPJ3.txt [ /pippio.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JG988ML.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JG988ML.txt [ /blutonic2.as.adforgeinc.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXSM3PWT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXSM3PWT.txt [ /tracker.adotmob.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4D2LK53.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4D2LK53.txt [ /exelator.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VOB17JAQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VOB17JAQ.txt [ /stats.paypal.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\A15K3AEU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\A15K3AEU.txt [ /casalemedia.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TF0PJHN.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7TF0PJHN.txt [ /ox-d.33across.servedbyopenx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VGZJ14EI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VGZJ14EI.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTBCSMTP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HTBCSMTP.txt [ /cdn.turn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2AH919U4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2AH919U4.txt [ /ads.linkedin.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AI29ZV6E.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AI29ZV6E.txt [ /korrelate.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VK7M47C.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VK7M47C.txt [ /pagefair.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4NNQ1YK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z4NNQ1YK.txt [ /skimresources.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O00WSXX9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O00WSXX9.txt [ /pro-market.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BN04XVB6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BN04XVB6.txt [ /ctnsnet.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRQ78E0X.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZRQ78E0X.txt [ /cbsi.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGDAJNE0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGDAJNE0.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IC4O0OC7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IC4O0OC7.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TWYPGWC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TWYPGWC.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FPMBBMW6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FPMBBMW6.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0XC3SSV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0XC3SSV.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1WM2CAWV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1WM2CAWV.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2T6N7ZBG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2T6N7ZBG.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPRTAUVT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPRTAUVT.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VN5CP39C.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VN5CP39C.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SV7EZAPK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SV7EZAPK.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3CSAVNZT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3CSAVNZT.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WSK0NP8L.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WSK0NP8L.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\COD5P10A.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\COD5P10A.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBV7NZJ7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBV7NZJ7.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1U71V40V.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1U71V40V.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XK5LEPOV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XK5LEPOV.txt [ /www.googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\37M2RCAK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\37M2RCAK.txt [ /addthis.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UGEOF5P1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UGEOF5P1.txt [ /scotts.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF1XH261.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF1XH261.txt [ /2881051090.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VQO62CKH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VQO62CKH.txt [ /toshibass.d2.sc.omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BWWSVPF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BWWSVPF.txt [ /cm.adsafety.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLVPQG27.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLVPQG27.txt [ /bizrate.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\67024R65.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\67024R65.txt [ /videoplaza.tv ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFFPMLU3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFFPMLU3.txt [ /kontera.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1E8VSR5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E1E8VSR5.txt [ /bluekai.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T594ZZND.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T594ZZND.txt [ /adtech.de ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PL1P1WYT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PL1P1WYT.txt [ /rfihub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCJE9II5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PCJE9II5.txt [ /sundaysky.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\85RY3P34.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\85RY3P34.txt [ /www.eliteregistrations.co.uk ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYJGEF7I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RYJGEF7I.txt [ /match.rundsp.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z48H9MLO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z48H9MLO.txt [ /criteo.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPTAGQN7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPTAGQN7.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7GMSJDQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7GMSJDQ.txt [ /a2.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\K81W62V7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\K81W62V7.txt [ /geo-um.btrll.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCRFREGL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCRFREGL.txt [ /turn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RND0130Z.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RND0130Z.txt [ /8413102.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0593CKEZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0593CKEZ.txt [ /springserve.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9I2KNN0I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9I2KNN0I.txt [ /exchange.nativeads.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8TMZ1RHX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8TMZ1RHX.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7DMJ3RT2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7DMJ3RT2.txt [ /tapad.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MCM9MO8K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MCM9MO8K.txt [ /zedo.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT9U832K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XT9U832K.txt [ /yadro.ru ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\W923J1S6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\W923J1S6.txt [ /netseer.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UP8YPV1K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UP8YPV1K.txt [ /adscience.nl ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X3N24SLA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X3N24SLA.txt [ /taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPS7CDB9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPS7CDB9.txt [ /oracle.112.2o7.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7MON047L.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7MON047L.txt [ /adsearch.adkontekst.pl ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMO25ZQE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VMO25ZQE.txt [ /intellitxt.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7AYQ5GHV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7AYQ5GHV.txt [ /danoneuk.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HEY55ZVO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HEY55ZVO.txt [ /ads.p161.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BS1DZUC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BS1DZUC.txt [ /mxptint.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOR0YPKL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOR0YPKL.txt [ /tealiumiq.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KQF1Y2LH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KQF1Y2LH.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOILLPOZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOILLPOZ.txt [ /ads.stickyadstv.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWBYTIUZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QWBYTIUZ.txt [ /lporirxe.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\77EKN6PT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\77EKN6PT.txt [ /estat.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZMP7HYIX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZMP7HYIX.txt [ /legolas-media.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HST1FW1H.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HST1FW1H.txt [ /smartadserver.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU5R8ZKT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CU5R8ZKT.txt [ /igodigital.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSP4DGS5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JSP4DGS5.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5MWUC5A.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5MWUC5A.txt [ /ads.avocet.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\W7WEEB63.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\W7WEEB63.txt [ /rambler.ru ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VM4HZ4DM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VM4HZ4DM.txt [ /rbi.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYPLTS7D.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYPLTS7D.txt [ /erne.co ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUJB9ZA2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RUJB9ZA2.txt [ /js.leadin.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWSDYSQC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWSDYSQC.txt [ /delivery.f.switchadhub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OZGDMD00.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OZGDMD00.txt [ /tag.clrstm.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VIFBP03B.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VIFBP03B.txt [ /ligadx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X71BZRM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X71BZRM.txt [ /www.inskinad.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KO1EW55C.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KO1EW55C.txt [ /searchmarketing.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSGT48TP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSGT48TP.txt [ /imrworldwide.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGFPOSXY.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGFPOSXY.txt [ /openx.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQP8P2LC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQP8P2LC.txt [ /pixel.sitescout.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7FC9957.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7FC9957.txt [ /infolinks.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9K41F1Y.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9K41F1Y.txt [ /scorecardresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6R7SFI14.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6R7SFI14.txt [ /eloqua.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NR4I849J.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NR4I849J.txt [ /gigya.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\263Z580K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\263Z580K.txt [ /collective-media.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHHOSSBL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHHOSSBL.txt [ /sandbox.bidswitch.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4I5MY8H.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\W4I5MY8H.txt [ /netmng.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BGXWESH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2BGXWESH.txt [ /engine.adzerk.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y05AJY77.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y05AJY77.txt [ /pfa.levexis.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8I52BVGL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8I52BVGL.txt [ /serving-sys.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWQNK0WB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWQNK0WB.txt [ /yashi.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SVJUBKT1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SVJUBKT1.txt [ /and.co.uk ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1O2MPEQX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1O2MPEQX.txt [ /sitescout.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIR1OEYN.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIR1OEYN.txt [ /groceries.iceland.co.uk ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBXGEWAL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZBXGEWAL.txt [ /metanetwork.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNBTZ9PS.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNBTZ9PS.txt [ /choicestream.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZSWKMRC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZSWKMRC.txt [ /collector-545.tvsquared.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KHD5YFKI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KHD5YFKI.txt [ /adbrn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FDG5KDFX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FDG5KDFX.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\C095H6M3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\C095H6M3.txt [ /univide.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZHFT7DP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZHFT7DP.txt [ /eyereturn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YG68P6J.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YG68P6J.txt [ /www3.smartadserver.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S70MLUFF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S70MLUFF.txt [ /131788053.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PK34UAUF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PK34UAUF.txt [ /adsrvr.org ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AKE7CN9U.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\AKE7CN9U.txt [ /ox-d.huddler.servedbyopenx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y459VAY7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y459VAY7.txt [ /ox-d.diply.servedbyopenx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7XYIJCA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7XYIJCA.txt [ /adnxs.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLSCWHKB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLSCWHKB.txt [ /advertising.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWAIQ7W6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWAIQ7W6.txt [ /sbal4kp.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EZ013R1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EZ013R1.txt [ /4426605944.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E65ZLTH5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\E65ZLTH5.txt [ /xiti.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0XGBT44.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\C0XGBT44.txt [ /livefyre.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O54CW31F.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O54CW31F.txt [ /kau.li ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S4H0542E.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S4H0542E.txt [ /chango.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\COTOIPOG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\COTOIPOG.txt [ /videoamp.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZN4DJP5V.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZN4DJP5V.txt [ /ib.mookie1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B16Z93QM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B16Z93QM.txt [ /adserving.ancoraplatform.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MA3ZSHS.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MA3ZSHS.txt [ /delivery.e.switchadhub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9MCVZ48.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9MCVZ48.txt [ /marchex.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1MKMHT3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1MKMHT3.txt [ /innovid.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MUCV60C8.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MUCV60C8.txt [ /reedbusinessinternat.tt.omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Q8GECRX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Q8GECRX.txt [ /securedvisit.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCB3S785.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCB3S785.txt [ /c3tag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZB8ENTPO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZB8ENTPO.txt [ /eyeota.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\82TF5EFL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\82TF5EFL.txt [ /visiblemeasures.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6AYK32D0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6AYK32D0.txt [ /dc-storm.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FWPKWUB2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FWPKWUB2.txt [ /sp.adbrn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8KGCOMP.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8KGCOMP.txt [ /targeting.unrulymedia.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PA32WHFC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PA32WHFC.txt [ /sa.scorecardresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\827PDQ2H.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\827PDQ2H.txt [ /tellapart.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3VLSJZL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3VLSJZL.txt [ /sp1.convertro.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZD3177Q.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZD3177Q.txt [ /iceland.co.uk ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGW0RK47.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGW0RK47.txt [ /ads.cannaclicks.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZPPSRFL.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZPPSRFL.txt [ /googleadservices.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HXA97PDI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HXA97PDI.txt [ /36983484.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGQ94Y9Y.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGQ94Y9Y.txt [ /outbrain.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\G3DR1GTU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\G3DR1GTU.txt [ /lijit.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQK5X2UE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQK5X2UE.txt [ /go.flx1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZB6OU7WW.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZB6OU7WW.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\29LULCHX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\29LULCHX.txt [ /connexity.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XWD1OYRG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XWD1OYRG.txt [ /w55c.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P4ASRA4G.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P4ASRA4G.txt [ /walmartasda.d2.sc.omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EL2KE3Z.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EL2KE3Z.txt [ /dmtry.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FZO9J3L.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0FZO9J3L.txt [ /bskyb.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHRD5G5G.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHRD5G5G.txt [ /virool.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XFGDQ0K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7XFGDQ0K.txt [ /sxp.smartclip.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8ESBSYN.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8ESBSYN.txt [ /weborama.fr ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NUFW5X1R.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NUFW5X1R.txt [ /2o7.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0GIZHUH7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\0GIZHUH7.txt [ /p2.keywee.co ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQ41B33A.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQ41B33A.txt [ /pfa.levexis.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\985BPUSM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\985BPUSM.txt [ /statcounter.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCW7W7SO.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCW7W7SO.txt [ /705751183.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0BN7CLI.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0BN7CLI.txt [ /vizu.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVYOXQ67.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DVYOXQ67.txt [ /tap2-cdn.rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GF6MBBXH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\GF6MBBXH.txt [ /tap-t.rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\88NF8VE7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\88NF8VE7.txt [ /ad.360yield.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YA6F86W.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YA6F86W.txt [ /tremorhub.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MC77LW21.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MC77LW21.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1BPCOLR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1BPCOLR.txt [ /ad-serverparc.nl ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQ9IF5PD.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQ9IF5PD.txt [ /yieldlab.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDHEKMHD.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDHEKMHD.txt [ /cdn.firstimpression.io ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTXNSBJ9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTXNSBJ9.txt [ /pfa.levexis.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1XC1S1OF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1XC1S1OF.txt [ /fidelity-media.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6H0PPA4I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6H0PPA4I.txt [ /mookie1.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\00VTRNB3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\00VTRNB3.txt [ /yumenetworks.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JB7HW7KB.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JB7HW7KB.txt [ /srv.imonomy.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\482MNF2I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\482MNF2I.txt [ /dpm.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P99BJE30.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P99BJE30.txt [ /ar.atwola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OAIBSCD6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OAIBSCD6.txt [ /engine.4dsply.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLSS0CAH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZLSS0CAH.txt [ /d.adroll.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NOHGPKX.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NOHGPKX.txt [ /opendsp.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JB2DNSXW.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JB2DNSXW.txt [ /gradientx.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QN6HAFJE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QN6HAFJE.txt [ /adgrx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFD1O7HC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFD1O7HC.txt [ /krxd.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNGCID0F.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNGCID0F.txt [ /nexac.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\21ZS0ZDE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\21ZS0ZDE.txt [ /amazon-adsystem.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKQ1KGQ4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKQ1KGQ4.txt [ /extend.tv ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YS9VWJ5T.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YS9VWJ5T.txt [ /bidswitch.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4WJ3FEC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4WJ3FEC.txt [ /adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRVQOUA6.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRVQOUA6.txt [ /ads.converge-digital.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDTS5KY9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDTS5KY9.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7GSF3CE.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7GSF3CE.txt [ /ads.smartstream.tv ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Q0MJ1K4.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Q0MJ1K4.txt [ /crwdcntrl.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NX3ENQD.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5NX3ENQD.txt [ /gametracker.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AAKN1YV.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AAKN1YV.txt [ /n269adserv.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FV0WDFI0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FV0WDFI0.txt [ /matchflow.as.adforgeinc.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPMOM69K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LPMOM69K.txt [ /ml314.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YFRLS82.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4YFRLS82.txt [ /imonomy.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDSSQIK2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDSSQIK2.txt [ /rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\993W245U.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\993W245U.txt [ /tap-secure.rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWF4M4I3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWF4M4I3.txt [ /ebayinc.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYYQD9NU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYYQD9NU.txt [ /www.iceland.co.uk ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BN0CC164.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BN0CC164.txt [ /dpmsrv.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KD2OFQD.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KD2OFQD.txt [ /everesttech.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBIJBHLH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\JBIJBHLH.txt [ /brookingsinstitution.tt.omtrdc.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDBKK730.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDBKK730.txt [ /ace.adoftheyear.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH020ZRR.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\OH020ZRR.txt [ /tap.rubiconproject.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWK4R8E0.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\NWK4R8E0.txt [ /diff3.smartadserver.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RH0N3E1I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\RH0N3E1I.txt [ /semasio.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GGCP21I.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5GGCP21I.txt [ /runadtag.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR15JGX2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR15JGX2.txt [ /mediaforge.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGLBDMUN.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGLBDMUN.txt [ /owneriq.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SH4JFUXJ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SH4JFUXJ.txt [ /altitude-arena.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGUB4SA3.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGUB4SA3.txt [ /republer.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW7J1ES2.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW7J1ES2.txt [ /wtp101.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ID45H7E1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\ID45H7E1.txt [ /ads.kiosked.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\63CK5W9Z.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\63CK5W9Z.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJ6HCL6S.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJ6HCL6S.txt [ /695572306.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8PA6ZOY.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\S8PA6ZOY.txt [ /vindicosuite.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJRF33Q7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJRF33Q7.txt [ /ads.programattik.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8L6UOAA5.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\8L6UOAA5.txt [ /pool.admedo.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCP46K6Z.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCP46K6Z.txt [ /rhythmxchange.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW2AWZ8K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW2AWZ8K.txt [ /a.wishabi.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YXDXQ48U.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\YXDXQ48U.txt [ /track.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6QTB4TCU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6QTB4TCU.txt [ /at.atwola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WUV0BJ7W.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\WUV0BJ7W.txt [ /counterpunch.org ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QRNA6D2G.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\QRNA6D2G.txt [ /adx.adform.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA5UX7VW.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA5UX7VW.txt [ /adscale.de ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4OAYL896.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\4OAYL896.txt [ /d3.ebayuk.servedbyopenx.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z2MD8CBQ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z2MD8CBQ.txt [ /dynamicyield.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9D9ZMKP7.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9D9ZMKP7.txt [ /metrigo.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O43XSL3K.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\O43XSL3K.txt [ /cardlytics.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUC9FAXG.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUC9FAXG.txt [ /trc.taboola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SBUPUZXH.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\SBUPUZXH.txt [ /3lift.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\66XVLCZZ.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\66XVLCZZ.txt [ /adformdsp.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B7DC2LQU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\B7DC2LQU.txt [ /choicestream.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CT2Z0ZF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CT2Z0ZF.txt [ /videohub.tv ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CG17B0SM.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CG17B0SM.txt [ /s372.meetrics.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CHYU5J9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CHYU5J9.txt [ /tacoda.at.atwola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MZ8409GU.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\MZ8409GU.txt [ /hlserve.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5OYQDSK.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5OYQDSK.txt [ /samsung.demdex.net ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FTM5UA9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FTM5UA9.txt [ /adtechus.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LAOJEX2T.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\LAOJEX2T.txt [ /agkn.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5SSMCWAA.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\5SSMCWAA.txt [ /mgid.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1U40L52Y.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\1U40L52Y.txt [ /37441550.log.optimizely.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJD0OBM1.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJD0OBM1.txt [ /adsby.webtraffic.se ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOOO84UC.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOOO84UC.txt [ /yume.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\G59YOIW9.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\G59YOIW9.txt [ /atwola.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9TM55255.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\9TM55255.txt [ /veinteractive.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\A46OR4LT.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\A46OR4LT.txt [ /po.st ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CE4KIMOF.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\CE4KIMOF.txt [ /match.rundsp.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q69XGS0U.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q69XGS0U.txt [ /jivox.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\WOLM601E.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\WOLM601E.txt [ /sa.scorecardresearch.com ]
C:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\ISBOI361.txtC:\Users\Mup\AppData\Roaming\Microsoft\Windows\Cookies\ISBOI361.txt [ /nexac.com ]
acdn.adnxs.com [ C:\USERS\MUP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PTZD46D4 ]
cdn.gotraffic.net [ C:\USERS\MUP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PTZD46D4 ]
cdn.stickyadstv.com [ C:\USERS\MUP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PTZD46D4 ]
cdn.vidible.tv [ C:\USERS\MUP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PTZD46D4 ]
opf.ooyala.com [ C:\USERS\MUP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PTZD46D4 ]
player.ooyala.com [ C:\USERS\MUP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PTZD46D4 ]

Trojan.Agent/Gen-Genome
F:\PHP AND C++ DEV\REVERSE ENG\SND-REVERSINGWITHLENA-TUTORIAL01.TUTORIAL\SND-REVERSINGWITHLENA-TUTORIAL01.TUTORIAL\FILES\REVERSEME.EXE
F:\OLD DESKTOP FILES\PHP AND C++ DEV\REVERSE ENG\SND-REVERSINGWITHLENA-TUTORIAL01.TUTORIAL\SND-REVERSINGWITHLENA-TUTORIAL01.TUTORIAL\FILES\REVERSEME.EXE

============
End of Log
============


As soon as I clear those cookies the laggy feeling is gone. I say laggy... the video stutters... like buffering, but im sure is not a bandwidth issue. (im on fibre and seem to get a steady 70MB down)

my graphics card is a GTX760, and I only have IE installed on this machine.

It could be the sites I have been visiting recently... mainly Brexit related pages that google has recently found... there always seems to be a lot of ads on them.

Not sure what I can say about reverse engineering with lena... I think it was a course I found a few years back that I thought I would do one day. No issue if you feel its better gone.

Vince
Juliet
2016-06-30, 21:59
That took out a ton of cookies and was glad to see that.

I don't think the issue with trying to watch the video's is related to malware, don't give up tho

https://adblockplus.org/
The above can be used on all browsers and does a good job with ads and popups.

This site might be able to show you if you need an update to your graphics driver, not sure if they can detect problems with it or not.
http://www.nvidia.com/Download/index.aspx?lang=en-us

~~~

I only have IE installed on this machine
Have you removed Firefox since we started working on the computer?
Vince
2016-07-01, 09:58
I have now installed addblockplus, and there was a newer driver for graphics.

Regarding Firefox... No I have not removed it in the last few days. I can see the entries in the log on page1, but firefox is not there if I do a search for firefox after clicking "start".


I think it was installed on one of my previous requests for help.

Vince
Juliet
2016-07-01, 15:18
Go to Add/remove programs in the control panel, we need to remove old versions of Java because of exploitation of older versions

Java 8 Update 91 <-- the latest version keep this one

Remove these outdated versions

Java 7 Update 79 (64-bit)
Java SE Development Kit 7 Update 79
Java SE Development Kit 8 Update 31
Java SE Development Kit 8 Update 60

~~~~~~~~~~~~~~~~~`

Since there seems to be an incomplete uninstall of Firefox we can remove those remnants.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909615783-3256432697-2275361012-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mup\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-19] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-13]
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

****

Now big question, how is the computer now?
Vince
2016-07-01, 22:02
Hi again

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Mup (2016-07-01 19:39:36) Run:1
Running from C:\Users\Mup\Desktop
Loaded Profiles: Mup (Available Profiles: Mup)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2909615783-3256432697-2275361012-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mup\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-19] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-13]
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll => moved successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0" => key removed successfully
"FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)" => not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1" => key removed successfully
C:\Program Files\VideoLAN\VLC\npvlc.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0" => key removed successfully
C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX" => key removed successfully
C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5" => key removed successfully
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => key removed successfully
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0" => key removed successfully
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => key removed successfully
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision" => key removed successfully
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming" => key removed successfully
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => key removed successfully
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll => moved successfully
"HKU\S-1-5-21-2909615783-3256432697-2275361012-1000\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => key removed successfully
C:\Users\Mup\AppData\Local\Citrix\Plugins\104\npappdetector.dll => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\WebRep\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\WebRep\FF" => Scheduled to move on reboot.

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-13] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-13] => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23232161 B
Java, Flash, Steam htmlcache => 78821610 B
Windows/system/drivers => 670578 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33058 B
LocalService => 0 B
NetworkService => 34306 B
Mup => 7940622654 B

RecycleBin => 1738784 B
EmptyTemp: => 7.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-01 19:41:23)

"C:\Program Files\AVAST Software\Avast\WebRep\FF" => Could not move
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move

==== End of Fixlog 19:41:23 ====





I have not yet removed any of the java.... Is there any safe java7? I ask as I have recently started a new job and they use java7 still. I had installed it at home to mirror what I have learned.

PC seems ok at the moment, ill use it tonight and let report back again in the morning.
Thank you for your help.

Vince

Vince
Juliet
2016-07-01, 22:42
I have not yet removed any of the java.... Is there any safe java7? I ask as I have recently started a new job and they use java7 still. I had installed it at home to mirror what I have learned.

PC seems ok at the moment, ill use it tonight and let report back again in the morning.
Thank you for your help. hot-diggty-dog for the computer.

****
You might want to hold off with that then cause it's hard to find that specific version.

Ever used NoScript for Java?
I use, it's a free download for all browsers I think (CORRECTION, Firefox only)

...It creates an options button on the bottom of web pages whether to allow it to run or work in Java?

http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.

Knowledge base
https://noscript.net/faq

Let me know about removing tools and quarantine folders so that your onboard security apps wont detect them as threats.
Vince
2016-07-02, 19:14
Hi again,

PC seems to be ok still... big difference with no adds.

Im not sure where the quarantine folders are and I have never used noscript. Honestly disappointed that there is nothing for IE.

Vince
Juliet
2016-07-02, 21:06
We'll remove the tools used.

DelFix


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).



************************************


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Vince
2016-07-06, 19:54
I have run delfix and the system seems to be good.

Many thanks again for your help
Juliet
2016-07-06, 21:04
We're glad to help http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Juliet
2016-07-07, 20:01
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.