Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nasty root trojan keeps coming back after booting


  • This topic is locked This topic is locked
13 replies to this topic

#1 avanbon

avanbon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 12 March 2017 - 07:29 AM

Hi,

 

I have this trojan that keeps getting blocked by my Avira security program. The name of the notification is TR/Sefnit.szjwv

I have run multiple scans and malwary bytes programs trying to remove it myself but it keeps coming back. So a bit desperate now.

 

Things i noticed: My Windows Mail and Windows Store app are no longer working. The sync is not functioning anymore.

The malware created a new chrome user account.

I removed all malware, but this one is sticky. Also reinstalled chrome and changed all my passwords.

 

Log file is attached.

 

Thanks very much in advance,

Anna

 

---

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017 01
Ran by Anna (administrator) on DESKTOP-382V0VJ (12-03-2017 13:23:42)
Running from C:\Users\Anna\Downloads
Loaded Profiles: Anna (Available Profiles: defaultuser0 & Anna)
Platform: Windows 10 Education Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Anna\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Anna\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Anna\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2016-02-10] (Autodesk, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2171960 2016-06-10] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Anna\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Spotify Web Helper] => C:\Users\Anna\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-10] (Spotify Ltd)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Spotify] => C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe [7114352 2017-03-10] (Spotify Ltd)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [f.lux] => C:\Users\Anna\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [GoogleChromeAutoLaunch_12C6C396F9F079F593189BD3E5EB8A5F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Policies\Explorer: []
ShellExecuteHooks: No Name - {303DD29C-F44A-11E6-AAF0-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-20]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-20]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1a6d85aa-be77-4992-b473-e83e442cbf66}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26af6c18-f322-41b5-a52d-f8ade38eb54c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{97755e05-dbbd-46d2-8045-1fb681ef31f5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a4b1357f-0115-482a-8b81-eb4ea518f477}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a4b1357f-0115-482a-8b81-eb4ea518f477}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-03-03] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-03] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-02] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-02] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\C5BguHEy.default [2017-03-12]
FF Homepage: Mozilla\Firefox\Profiles\C5BguHEy.default -> www.google.nl
FF Extension: (Avira Browser Safety) - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\C5BguHEy.default\Extensions\abs@avira.com [2016-11-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-13]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-03] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Presentaties) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-07]
CHR Extension: (Google Documenten) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-07]
CHR Extension: (Google Drive) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-07]
CHR Extension: (YouTube) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-07]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-03-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Google Agenda) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-03-07]
CHR Extension: (Google Spreadsheets) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-07]
CHR Extension: (Offline Documenten) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Pinterest-bewaarknop) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-03-07]
CHR Extension: (Google Photos) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-07]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-07]
CHR Extension: (Chrome Media Router) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 HPDrvMntSvc.exe; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [197976 2013-01-23] (Hewlett-Packard Company) [File not signed]
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [66968 2016-09-13] (Robert McNeel & Associates)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3168824 2016-06-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [161824 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [163976 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [48584 2017-03-02] (Avira Operations GmbH & Co. KG)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-11] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3363112 2015-07-28] (Intel Corporation)
R3 SNP2UVCW10; C:\Windows\system32\DRIVERS\snp2uvcW10.sys [2530920 2015-12-21] (Sonix Tech. Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-11] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 13:23 - 2017-03-12 13:23 - 00031114 _____ C:\Users\Anna\Downloads\FRST.txt
2017-03-12 13:23 - 2017-03-12 13:23 - 00000000 ____D C:\FRST
2017-03-12 13:16 - 2017-03-12 13:16 - 02424320 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2017-03-11 12:58 - 2017-03-11 13:00 - 00000000 ____D C:\AdwCleaner
2017-03-10 18:08 - 2017-03-10 18:08 - 04031440 _____ C:\Users\Anna\Downloads\adwcleaner_6.044.exe
2017-03-10 18:07 - 2017-03-11 23:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-10 18:07 - 2017-03-11 12:58 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-10 18:07 - 2017-03-10 18:07 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-10 18:07 - 2017-03-10 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-10 18:07 - 2017-03-10 18:07 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-10 18:06 - 2017-03-10 18:06 - 34885984 _____ (Adlice Software ) C:\Users\Anna\Downloads\setup.exe
2017-03-10 18:04 - 2017-03-10 18:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Anna\Downloads\iExplore.exe
2017-03-10 18:04 - 2017-03-10 18:04 - 00004218 _____ C:\Users\Anna\Desktop\Rkill.txt
2017-03-10 17:58 - 2017-03-10 17:59 - 00271258 _____ C:\TDSSKiller.3.1.0.12_10.03.2017_17.58.05_log.txt
2017-03-10 17:57 - 2017-03-10 17:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Anna\Downloads\tdsskiller.exe
2017-03-10 13:48 - 2017-03-12 13:05 - 00000000 ____D C:\Users\Anna\AppData\LocalLow\Mozilla
2017-03-10 13:48 - 2017-03-10 13:53 - 00000000 ____D C:\Users\Anna\AppData\Local\Mozilla
2017-03-10 13:48 - 2017-03-10 13:48 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-10 13:48 - 2017-03-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-10 13:46 - 2017-03-10 13:46 - 00245480 _____ C:\Users\Anna\Downloads\Firefox Setup Stub 52.0.exe
2017-03-10 13:42 - 2017-03-10 13:42 - 11581544 _____ (SurfRight B.V.) C:\Users\Anna\Downloads\hitmanpro_x64 (1).exe
2017-03-10 13:42 - 2017-03-10 13:42 - 00001952 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-10 13:42 - 2017-03-10 13:42 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-09 12:28 - 2017-03-09 12:28 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-03-09 12:10 - 2017-03-09 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-07 12:27 - 2017-03-07 12:27 - 00035908 _____ C:\Users\Anna\Downloads\Verklaring behandeling Anna van Bon als pfd.pdf
2017-03-07 12:01 - 2017-03-07 12:01 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps
2017-03-07 11:58 - 2017-03-07 11:58 - 00002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 11:58 - 2017-03-07 11:58 - 00002356 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 11:54 - 2017-03-07 11:54 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-03-07 11:50 - 2017-03-07 11:54 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-07 11:50 - 2017-03-07 11:50 - 11581544 _____ (SurfRight B.V.) C:\Users\Anna\Downloads\hitmanpro_x64.exe
2017-03-06 21:50 - 2017-03-06 21:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-02 23:43 - 2017-03-02 23:43 - 00041122 _____ C:\Users\Anna\Desktop\cc_20170302_234344.reg
2017-03-02 23:41 - 2017-03-02 23:43 - 00149488 _____ C:\Users\Anna\Desktop\cc_20170302_234122.reg
2017-03-02 23:23 - 2017-03-02 23:38 - 00000000 ____D C:\Program Files\CCleaner
2017-03-02 23:23 - 2017-03-02 23:23 - 00002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-02 23:23 - 2017-03-02 23:23 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-02 23:22 - 2017-03-02 23:22 - 09261112 _____ (Piriform Ltd) C:\Users\Anna\Downloads\ccsetup527pro.exe
2017-03-02 18:55 - 2017-03-02 18:55 - 00001812 _____ C:\Users\Public\Desktop\Maya 2016.lnk
2017-03-02 18:46 - 2017-03-02 18:46 - 00377672 _____ (Autodesk Inc.) C:\Users\Anna\Downloads\Autodesk_Maya_2016_wi_en-US_Setup_webinstall (1).exe
2017-03-02 17:34 - 2017-03-02 18:46 - 09844496 _____ C:\Users\Anna\Downloads\Autodesk_Maya_2016_wi_en-US_Setup.exe
2017-03-02 17:33 - 2017-03-02 17:33 - 00377672 _____ (Autodesk Inc.) C:\Users\Anna\Downloads\Autodesk_Maya_2016_wi_en-US_Setup_webinstall.exe
2017-03-02 17:20 - 2017-03-02 17:20 - 00221662 _____ C:\Users\Anna\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-03-01 13:15 - 2017-03-02 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Maya 2016
2017-03-01 13:11 - 2017-03-01 13:11 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-26 15:46 - 2017-02-26 15:46 - 00000000 ____D C:\Users\Anna\Downloads\Creatures Village (October 2, 2001)
2017-02-26 15:34 - 2017-02-26 15:34 - 01421049 _____ C:\Users\Anna\Downloads\jazz.zip
2017-02-26 15:21 - 2017-02-26 15:21 - 00000000 ____D C:\Users\Anna\Desktop\New folder (2)
2017-02-26 15:20 - 2017-02-26 15:20 - 00354753 _____ C:\Users\Anna\Downloads\jumpbump.zip
2017-02-25 20:32 - 2017-02-25 20:32 - 00000000 ____D C:\Users\Anna\Documents\VAMT2
2017-02-25 20:29 - 2017-02-25 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAMT 2.0
2017-02-25 20:29 - 2017-02-25 20:29 - 00000000 ____D C:\Program Files (x86)\VAMT 2.0
2017-02-24 16:04 - 2017-03-10 18:03 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsigne04d2ed7870307d2
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign749486ee7caf721e
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign1b47b533d184b18f
2017-02-23 23:11 - 2017-02-23 23:11 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\08A224F3.sys
2017-02-23 17:17 - 2017-02-23 17:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsigneadd4eb22b35a38e
2017-02-23 17:17 - 2017-02-23 17:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign32449d6fc90ab680
2017-02-23 17:17 - 2017-02-23 17:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign19c6c8646dc45c9b
2017-02-23 17:04 - 2017-03-11 23:31 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 17:04 - 2017-03-09 22:27 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-23 17:04 - 2017-03-09 12:07 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-23 17:04 - 2017-03-09 12:07 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-23 17:04 - 2017-03-09 12:07 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-23 17:04 - 2017-03-03 10:02 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-23 17:04 - 2017-02-23 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 17:04 - 2017-02-23 17:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 17:04 - 2017-02-23 17:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 12:27 - 2017-02-23 12:27 - 01129376 _____ (Google Inc.) C:\Users\Anna\Downloads\ChromeSetup.exe
2017-02-23 11:54 - 2017-02-23 11:54 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Kedaly
2017-02-23 11:53 - 2017-02-23 11:56 - 00000000 ____D C:\Windows\system32\SSL
2017-02-23 11:53 - 2017-02-23 11:53 - 00000000 ____D C:\Users\Anna\AppData\Local\Clogeyreiwish
2017-02-20 00:00 - 2017-02-20 00:00 - 00254853 _____ C:\Users\Anna\Downloads\201704.pdf
2017-02-19 17:03 - 2017-02-19 17:03 - 00034627 _____ C:\Users\Anna\Downloads\the.magnificent.seven.(2016).dut.1cd.(6816834).zip
2017-02-18 19:13 - 2017-02-26 15:50 - 00000000 ____D C:\Users\Anna\AppData\LocalLow\uTorrent
2017-02-17 09:36 - 2017-02-17 09:36 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsigna4cc7bba0e5d7ea7
2017-02-17 09:36 - 2017-02-17 09:36 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign7182fc34e31e25b9
2017-02-17 09:36 - 2017-02-17 09:36 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign5105a8ef4492ce3a
2017-02-16 11:02 - 2017-02-16 11:02 - 00000000 ____D C:\Users\Anna\Documents\Mudbox
2017-02-16 09:28 - 2017-02-16 09:28 - 00001750 _____ C:\Users\Public\Desktop\Mudbox 2016.lnk
2017-02-16 09:28 - 2017-02-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Mudbox 2016
2017-02-16 09:22 - 2017-02-16 09:22 - 09260624 _____ C:\Users\Anna\Downloads\Autodesk_MBX_2016_English_French_German_Japanese_Win_64bit_wi_en-US_Setup.exe
2017-02-16 09:21 - 2017-02-16 09:21 - 00377840 _____ (Autodesk Inc.) C:\Users\Anna\Downloads\Autodesk_MBX_2016_English_French_German_Japanese_Win_64bit_wi_en-US_Setup_webinstall.exe
2017-02-16 09:21 - 2017-02-16 09:21 - 00000000 ____D C:\Program Files\Epic Games
2017-02-16 09:16 - 2017-02-16 09:51 - 00000000 ____D C:\Users\Anna\AppData\Local\UnrealEngine
2017-02-16 09:16 - 2017-02-16 09:17 - 00000000 ____D C:\ProgramData\Epic
2017-02-16 09:16 - 2017-02-16 09:16 - 00001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-02-16 09:16 - 2017-02-16 09:16 - 00001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-02-16 09:16 - 2017-02-16 09:16 - 00000000 ____D C:\Users\Anna\AppData\Local\UnrealEngineLauncher
2017-02-16 09:16 - 2017-02-16 09:16 - 00000000 ____D C:\Users\Anna\AppData\Local\EpicGamesLauncher
2017-02-16 09:16 - 2017-02-16 09:16 - 00000000 ____D C:\Program Files (x86)\Epic Games
2017-02-16 08:50 - 2017-02-16 08:50 - 00000000 ____D C:\Users\Anna\Documents\xgen
2017-02-16 08:50 - 2017-02-16 08:50 - 00000000 ____D C:\Users\Anna\Documents\maya
2017-02-13 16:21 - 2017-02-13 16:21 - 04899128 _____ (Cisco Systems, Inc.) C:\Users\Anna\Downloads\anyconnect-win-4.3.02039-web-deploy-k9.exe
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\Users\Anna\AppData\Local\Cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\Users\Anna\.cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\ProgramData\Cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-02-13 16:21 - 2016-08-12 17:41 - 00238344 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2017-02-13 16:17 - 2017-02-13 16:17 - 00049006 _____ (TU Delft) C:\Users\Anna\Downloads\TUDelft_Maya_License_Installer-2016-win32_x64.exe
2017-02-13 16:12 - 2017-02-13 16:12 - 00000000 ____D C:\Users\Anna\Documents\Direct Connect
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 13:10 - 2016-11-20 13:32 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Spotify
2017-03-12 13:08 - 2016-11-20 12:01 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2017-03-12 13:06 - 2016-11-20 13:36 - 00000000 ___RD C:\Users\Anna\Dropbox
2017-03-12 13:06 - 2016-11-20 12:11 - 00000000 ___RD C:\Users\Anna\Creative Cloud Files
2017-03-12 13:06 - 2016-11-20 12:06 - 00000000 ____D C:\Users\Anna\AppData\Local\Akamai
2017-03-12 13:05 - 2016-11-20 13:42 - 00000000 ___RD C:\Users\Anna\Google Drive
2017-03-12 01:00 - 2016-11-19 22:13 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-11 23:37 - 2016-11-19 22:21 - 01170918 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-11 23:32 - 2016-11-20 13:32 - 00000000 ____D C:\Users\Anna\AppData\Local\Spotify
2017-03-11 23:32 - 2016-11-20 12:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-11 23:31 - 2016-11-19 23:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-11 23:31 - 2016-11-19 22:13 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 23:31 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-03-11 13:06 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-10 13:48 - 2016-11-20 11:58 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Mozilla
2017-03-10 11:53 - 2016-11-21 14:19 - 00000000 ____D C:\ProgramData\RevitInterProcess
2017-03-10 10:20 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 10:10 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-09 12:29 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-09 12:28 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-09 12:27 - 2016-11-20 14:33 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-09 12:10 - 2016-11-20 13:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-07 11:59 - 2016-11-19 23:27 - 00000000 ____D C:\Users\Anna\AppData\Local\Google
2017-03-07 11:58 - 2016-11-19 23:27 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-07 11:39 - 2016-11-20 13:33 - 00000000 ____D C:\Users\Anna\AppData\Local\Dropbox
2017-03-03 10:08 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-03-02 23:53 - 2016-07-16 12:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-02 23:49 - 2016-11-19 22:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-02 23:46 - 2016-12-06 20:31 - 00002832 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 23:46 - 2016-11-20 13:49 - 00002700 _____ C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-03-02 23:40 - 2016-11-20 13:43 - 00000000 ____D C:\Users\Anna\AppData\Roaming\uTorrent
2017-03-02 23:39 - 2016-11-19 23:12 - 00000000 ____D C:\Windows\Panther
2017-03-02 20:11 - 2016-11-20 11:57 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-02 20:11 - 2016-11-20 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-02 20:05 - 2016-11-20 12:07 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Autodesk
2017-03-02 20:05 - 2016-11-20 12:07 - 00000000 ____D C:\ProgramData\Autodesk
2017-03-02 18:58 - 2016-11-20 13:19 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-03-02 18:52 - 2016-11-20 13:14 - 00000000 ____D C:\Program Files\Autodesk
2017-03-02 18:42 - 2016-11-20 14:13 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-03-02 18:17 - 2016-11-20 12:06 - 00000000 ____D C:\Autodesk
2017-03-02 17:40 - 2016-11-20 12:24 - 00000000 ____D C:\Users\Anna\AppData\Local\ElevatedDiagnostics
2017-03-01 13:19 - 2016-11-20 13:31 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-03-01 13:16 - 2016-11-19 22:17 - 00000000 ____D C:\Users\Anna
2017-02-23 23:39 - 2016-11-19 22:56 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 23:36 - 2016-11-19 22:56 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:06 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-22 14:15 - 2016-11-19 22:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Packages
2017-02-21 17:38 - 2016-11-20 12:40 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-02-19 12:07 - 2016-11-19 22:18 - 00002364 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-19 12:07 - 2016-11-19 22:18 - 00000000 ___RD C:\Users\Anna\OneDrive
2017-02-18 18:42 - 2017-01-16 11:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\vlc
2017-02-17 09:35 - 2016-11-20 13:57 - 00000033 _____ C:\Users\Anna\AppData\Roaming\AdobeWLCMCache.dat
2017-02-16 09:50 - 2016-11-19 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 08:50 - 2016-11-20 13:23 - 00000000 ____D C:\Users\Anna\AppData\Local\Autodesk
2017-02-14 10:27 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-11-20 13:57 - 2017-02-17 09:35 - 0000033 _____ () C:\Users\Anna\AppData\Roaming\AdobeWLCMCache.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-11 23:47

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 14 March 2017 - 09:02 AM

avanbon:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

In future, I would respectfully request that you copy and paste the content of all scan and fix logs into your replies. That makes it much easier and faster for me to analyze them. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 14 March 2017 - 12:00 PM

avanbon:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The logs show that you have Akamai Netsession installed on your computer. I would recommend that you read this post to determine if you want to keep that program. Personally, I would not have it on my computer. Seven of ten of the most recent application errors, listed in the "Addition.txt" scan log, were associated with Akamai Netsession not working properly.

If you decide you do not want to keep this program, please go to the Control Panel, Programs, Uninstall Program, and uninstall it from your computer.

Please let me know whether you keep, or uninstall, this program.

.

:step2: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to your Downloads folder.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Policies\Explorer: []
ShellExecuteHooks: No Name - {303DD29C-F44A-11E6-AAF0-64006A5CFC23} -  -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X]
Folder: C:\Users\Anna\AppData\Roaming\Kedaly
Folder: C:\Windows\system32\SSL
Folder: C:\Users\Anna\AppData\Local\Clogeyreiwish
CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D6D1089256BD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {4BCB948C-4D30-4C03-8021-52AC32C99F68} - \g1QvdypTTe -> No File <==== ATTENTION
Task: {8C97BADC-1B64-46FE-9649-7ED68B3A92A9} - \Shequlyqernily -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

EmptyTemp:
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log in your Downloads folder (Fixlog.txt). Please copy and paste the contents into your next reply.

.


:step4: If you uninstalled either Akamai Netsession or µTorrent, please re-run FRST64.exe again in Scan mode. Many programs do not cleanly uninstall, so I will check the new logs for remnants that might have been left, and remove them in a subsequent FRST "fix" that I will create for you.

Please copy and paste the contents of both the new "FRST.txt" and "Addition.txt" files into your next response.

If you did not uninstall either program, THEN PLEASE SKIP THIS STEP. I will only need to see the contents of the "fixlog.txt" file from Step :step3:

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 avanbon

avanbon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 March 2017 - 12:11 PM

Hi Phil,

 

thanks for the explanation and feedback.

I have removed both programs. Though I should tell you that just now I was using my computer and all these new popups came up from avira. There is a new program on my computer called amuleC and some other junk.

It was all removed and placed in quarantine. Should i run FRST again for a new log or can i execute you code anyway?

- sorry i guess your fourth step covers the answer

 

thanks,

Anna


Edited by avanbon, 14 March 2017 - 12:13 PM.


#5 avanbon

avanbon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 March 2017 - 12:17 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by Anna (administrator) on DESKTOP-382V0VJ (14-03-2017 18:13:19)
Running from C:\Users\Anna\Desktop\FRST folder
Loaded Profiles: Anna (Available Profiles: defaultuser0 & Anna)
Platform: Windows 10 Education Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Windows\System32\nvwmi64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe
(Flux Software LLC) C:\Users\Anna\AppData\Local\FluxSoftware\Flux\flux.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Firefox\Firefox.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2016-02-10] (Autodesk, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2171960 2016-06-10] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2016-12-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Anna\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Spotify Web Helper] => C:\Users\Anna\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-10] (Spotify Ltd)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Spotify] => C:\Users\Anna\AppData\Roaming\Spotify\Spotify.exe [7114352 2017-03-10] (Spotify Ltd)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2016-12-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [f.lux] => C:\Users\Anna\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [GoogleChromeAutoLaunch_12C6C396F9F079F593189BD3E5EB8A5F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Run: [GoogleChromeAutoLaunch_26E072903241AE00D28DE103DD8162EA] => C:\Program Files (x86)\Noflat\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Policies\Explorer: []
ShellExecuteHooks: No Name - {303DD29C-F44A-11E6-AAF0-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-20]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-20]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1a6d85aa-be77-4992-b473-e83e442cbf66}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26af6c18-f322-41b5-a52d-f8ade38eb54c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{97755e05-dbbd-46d2-8045-1fb681ef31f5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a4b1357f-0115-482a-8b81-eb4ea518f477}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a4b1357f-0115-482a-8b81-eb4ea518f477}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-03-03] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-03] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-02] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-02] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\C5BguHEy.default [2017-03-14]
FF Homepage: Mozilla\Firefox\Profiles\C5BguHEy.default -> hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
FF Extension: (Avira Browser Safety) - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\C5BguHEy.default\Extensions\abs@avira.com [2016-11-20]
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\C5BguHEy.default\searchplugins\startpageing123.xml [2017-03-14]
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default [2017-03-14]
FF Extension: (SimilarWeb) - C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-14] [not signed]
FF Extension: (FF Adr) - C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-14] [not signed]
FF Extension: (Avira Browser Safety) - C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default\Extensions\abs@avira.com [2017-03-14]
FF Extension: (English (GB) Language Pack) - C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-03-14] [not signed]
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default\searchplugins\startpageing123.xml [2017-03-14]
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Firefox\Firefox\Profiles\C5BguHEy.default\searchplugins\startsearch.xml [2017-03-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-13]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-03] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
CHR StartupUrls: Default -> "hxxp://www.startpageing123.com/?type=hp&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H"
CHR DefaultSearchURL: Default -> hxxp://www.startpageing123.com/search/?type=ds&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H&q={searchTerms}
CHR DefaultSearchKeyword: Default -> startpageing123
CHR Profile: C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default [2017-03-14]
CHR Extension: (Google Presentaties) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-07]
CHR Extension: (Google Documenten) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-07]
CHR Extension: (Google Drive) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-07]
CHR Extension: (YouTube) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-07]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-03-07]
CHR Extension: (Adobe Acrobat) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Google Agenda) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-03-07]
CHR Extension: (Google Spreadsheets) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-07]
CHR Extension: (Avira Browser Safety) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-07]
CHR Extension: (Offline Documenten) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Pinterest-bewaarknop) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-03-07]
CHR Extension: (Google Photos) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-07]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-07]
CHR Extension: (Chrome Media Router) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 HPDrvMntSvc.exe; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [197976 2013-01-23] (Hewlett-Packard Company) [File not signed]
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [66968 2016-09-13] (Robert McNeel & Associates)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3168824 2016-06-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 wimApSrv; C:\ProgramData\VMware\VMware Service\vmAutoStart.dll [105984 2017-03-14] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Anna\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-14] (Windows) [File not signed]
R2 WinSnare; C:\Users\Anna\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-14] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [161824 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [163976 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [48584 2017-03-02] (Avira Operations GmbH & Co. KG)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
R3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-14] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3363112 2015-07-28] (Intel Corporation)
R3 SNP2UVCW10; C:\Windows\system32\DRIVERS\snp2uvcW10.sys [2530920 2015-12-21] (Sonix Tech. Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-11] ()
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows ® Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 18:08 - 2017-03-14 18:13 - 00000000 ____D C:\Users\Anna\Desktop\FRST folder
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 ____D C:\Windows\system32\log
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Elex-tech
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 ____D C:\Users\Anna\AppData\Local\Noflat
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 ____D C:\ProgramData\VMware
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 ____D C:\Program Files (x86)\Noflat
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2017-03-14 17:49 - 2017-03-14 17:49 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-14 17:49 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-03-14 17:49 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-03-14 17:48 - 2017-03-14 17:49 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-14 17:48 - 2017-03-14 17:49 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-14 17:48 - 2017-03-14 17:48 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-14 17:48 - 2017-03-14 17:48 - 00000386 _____ C:\Windows\SysWOW64\data.bin
2017-03-14 17:48 - 2017-03-14 17:48 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Firefox
2017-03-14 17:48 - 2017-03-14 17:48 - 00000000 ____D C:\Users\Anna\AppData\Local\Firefox
2017-03-14 17:48 - 2017-03-14 17:48 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-14 17:48 - 2017-03-14 17:48 - 00000000 ____D C:\Program Files (x86)\58C81EC5_cacayima
2017-03-14 17:48 - 2017-03-14 17:48 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-14 17:47 - 2017-03-14 18:04 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-14 17:47 - 2017-03-14 17:47 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-14 17:47 - 2017-03-14 17:47 - 00000000 ____D C:\Users\Anna\AppData\Roaming\aMule
2017-03-14 17:19 - 2017-03-14 17:48 - 00003678 _____ C:\Windows\System32\Tasks\Milimili
2017-03-14 17:19 - 2017-03-14 17:47 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.0)
2017-03-14 17:19 - 2017-03-14 17:47 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-14 17:19 - 2017-03-14 17:42 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-14 17:19 - 2017-03-14 17:19 - 00003342 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Users\Anna\AppData\Roaming\WinSnare
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Users\Anna\AppData\Roaming\WinSAPSvc
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-14 17:14 - 2017-03-14 17:47 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-14 11:35 - 2017-03-14 11:35 - 00780293 _____ C:\Users\Anna\Downloads\SR_1.3_007.dwg
2017-03-14 10:06 - 2017-03-14 10:06 - 01360680 _____ C:\Users\Anna\Downloads\SR_1.3_023.dwg
2017-03-12 15:06 - 2017-03-12 15:06 - 06316353 _____ C:\Users\Anna\Downloads\20160929154731.pdf
2017-03-12 15:04 - 2017-03-12 15:04 - 00502263 _____ C:\Users\Anna\Downloads\dAngremond-Copedec2012.pdf
2017-03-12 13:24 - 2017-03-12 13:24 - 00060042 _____ C:\Users\Anna\Downloads\Addition.txt
2017-03-12 13:23 - 2017-03-14 18:13 - 00000000 ____D C:\FRST
2017-03-12 13:23 - 2017-03-12 13:24 - 00049173 _____ C:\Users\Anna\Downloads\FRST.txt
2017-03-12 13:16 - 2017-03-12 13:16 - 02424320 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2017-03-11 12:58 - 2017-03-11 13:00 - 00000000 ____D C:\AdwCleaner
2017-03-10 18:08 - 2017-03-10 18:08 - 04031440 _____ C:\Users\Anna\Downloads\adwcleaner_6.044.exe
2017-03-10 18:07 - 2017-03-11 23:27 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-10 18:07 - 2017-03-11 12:58 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-10 18:07 - 2017-03-10 18:07 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-10 18:07 - 2017-03-10 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-10 18:07 - 2017-03-10 18:07 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-10 18:06 - 2017-03-10 18:06 - 34885984 _____ (Adlice Software ) C:\Users\Anna\Downloads\setup.exe
2017-03-10 18:04 - 2017-03-10 18:04 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Anna\Downloads\iExplore.exe
2017-03-10 17:58 - 2017-03-10 17:59 - 00271258 _____ C:\TDSSKiller.3.1.0.12_10.03.2017_17.58.05_log.txt
2017-03-10 17:57 - 2017-03-10 17:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Anna\Downloads\tdsskiller.exe
2017-03-10 13:48 - 2017-03-14 17:57 - 00000000 ____D C:\Users\Anna\AppData\LocalLow\Mozilla
2017-03-10 13:48 - 2017-03-14 17:48 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-10 13:48 - 2017-03-10 13:53 - 00000000 ____D C:\Users\Anna\AppData\Local\Mozilla
2017-03-10 13:48 - 2017-03-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-10 13:46 - 2017-03-10 13:46 - 00245480 _____ C:\Users\Anna\Downloads\Firefox Setup Stub 52.0.exe
2017-03-10 13:42 - 2017-03-10 13:42 - 11581544 _____ (SurfRight B.V.) C:\Users\Anna\Downloads\hitmanpro_x64 (1).exe
2017-03-10 13:42 - 2017-03-10 13:42 - 00001952 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-10 13:42 - 2017-03-10 13:42 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-09 12:28 - 2017-03-09 12:28 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-03-09 12:10 - 2017-03-09 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-07 12:27 - 2017-03-07 12:27 - 00035908 _____ C:\Users\Anna\Downloads\Verklaring behandeling Anna van Bon als pfd.pdf
2017-03-07 11:58 - 2017-03-14 17:49 - 00002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-07 11:58 - 2017-03-14 17:49 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-07 11:54 - 2017-03-07 11:54 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-03-07 11:50 - 2017-03-07 11:54 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-07 11:50 - 2017-03-07 11:50 - 11581544 _____ (SurfRight B.V.) C:\Users\Anna\Downloads\hitmanpro_x64.exe
2017-03-06 21:50 - 2017-03-06 21:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-02 23:43 - 2017-03-02 23:43 - 00041122 _____ C:\Users\Anna\Desktop\cc_20170302_234344.reg
2017-03-02 23:41 - 2017-03-02 23:43 - 00149488 _____ C:\Users\Anna\Desktop\cc_20170302_234122.reg
2017-03-02 23:23 - 2017-03-02 23:38 - 00000000 ____D C:\Program Files\CCleaner
2017-03-02 23:23 - 2017-03-02 23:23 - 00002868 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-02 23:23 - 2017-03-02 23:23 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-02 23:22 - 2017-03-02 23:22 - 09261112 _____ (Piriform Ltd) C:\Users\Anna\Downloads\ccsetup527pro.exe
2017-03-02 18:55 - 2017-03-02 18:55 - 00001812 _____ C:\Users\Public\Desktop\Maya 2016.lnk
2017-03-02 18:46 - 2017-03-02 18:46 - 00377672 _____ (Autodesk Inc.) C:\Users\Anna\Downloads\Autodesk_Maya_2016_wi_en-US_Setup_webinstall (1).exe
2017-03-02 17:34 - 2017-03-02 18:46 - 09844496 _____ C:\Users\Anna\Downloads\Autodesk_Maya_2016_wi_en-US_Setup.exe
2017-03-02 17:33 - 2017-03-02 17:33 - 00377672 _____ (Autodesk Inc.) C:\Users\Anna\Downloads\Autodesk_Maya_2016_wi_en-US_Setup_webinstall.exe
2017-03-02 17:20 - 2017-03-02 17:20 - 00221662 _____ C:\Users\Anna\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-03-01 13:15 - 2017-03-02 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Maya 2016
2017-03-01 13:11 - 2017-03-01 13:11 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-26 15:46 - 2017-02-26 15:46 - 00000000 ____D C:\Users\Anna\Downloads\Creatures Village (October 2, 2001)
2017-02-26 15:34 - 2017-02-26 15:34 - 01421049 _____ C:\Users\Anna\Downloads\jazz.zip
2017-02-26 15:21 - 2017-02-26 15:21 - 00000000 ____D C:\Users\Anna\Desktop\New folder (2)
2017-02-26 15:20 - 2017-02-26 15:20 - 00354753 _____ C:\Users\Anna\Downloads\jumpbump.zip
2017-02-25 20:32 - 2017-02-25 20:32 - 00000000 ____D C:\Users\Anna\Documents\VAMT2
2017-02-25 20:29 - 2017-02-25 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAMT 2.0
2017-02-25 20:29 - 2017-02-25 20:29 - 00000000 ____D C:\Program Files (x86)\VAMT 2.0
2017-02-24 16:04 - 2017-03-10 18:03 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsigne04d2ed7870307d2
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign749486ee7caf721e
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign1b47b533d184b18f
2017-02-23 23:11 - 2017-02-23 23:11 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\08A224F3.sys
2017-02-23 17:17 - 2017-02-23 17:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsigneadd4eb22b35a38e
2017-02-23 17:17 - 2017-02-23 17:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign32449d6fc90ab680
2017-02-23 17:17 - 2017-02-23 17:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign19c6c8646dc45c9b
2017-02-23 17:04 - 2017-03-14 17:37 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 17:04 - 2017-03-09 22:27 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-23 17:04 - 2017-03-09 12:07 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-23 17:04 - 2017-03-09 12:07 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-23 17:04 - 2017-03-09 12:07 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-23 17:04 - 2017-03-03 10:02 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-23 17:04 - 2017-02-23 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 17:04 - 2017-02-23 17:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 17:04 - 2017-02-23 17:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 12:27 - 2017-02-23 12:27 - 01129376 _____ (Google Inc.) C:\Users\Anna\Downloads\ChromeSetup.exe
2017-02-23 11:54 - 2017-02-23 11:54 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Kedaly
2017-02-23 11:53 - 2017-02-23 11:56 - 00000000 ____D C:\Windows\system32\SSL
2017-02-23 11:53 - 2017-02-23 11:53 - 00000000 ____D C:\Users\Anna\AppData\Local\Clogeyreiwish
2017-02-20 00:00 - 2017-02-20 00:00 - 00254853 _____ C:\Users\Anna\Downloads\201704.pdf
2017-02-19 17:03 - 2017-02-19 17:03 - 00034627 _____ C:\Users\Anna\Downloads\the.magnificent.seven.(2016).dut.1cd.(6816834).zip
2017-02-18 19:13 - 2017-02-26 15:50 - 00000000 ____D C:\Users\Anna\AppData\LocalLow\uTorrent
2017-02-17 09:36 - 2017-02-17 09:36 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsigna4cc7bba0e5d7ea7
2017-02-17 09:36 - 2017-02-17 09:36 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign7182fc34e31e25b9
2017-02-17 09:36 - 2017-02-17 09:36 - 00000000 ____D C:\Users\Anna\AppData\Local\Tempzxpsign5105a8ef4492ce3a
2017-02-16 11:02 - 2017-02-16 11:02 - 00000000 ____D C:\Users\Anna\Documents\Mudbox
2017-02-16 09:28 - 2017-02-16 09:28 - 00001750 _____ C:\Users\Public\Desktop\Mudbox 2016.lnk
2017-02-16 09:28 - 2017-02-16 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Mudbox 2016
2017-02-16 09:22 - 2017-02-16 09:22 - 09260624 _____ C:\Users\Anna\Downloads\Autodesk_MBX_2016_English_French_German_Japanese_Win_64bit_wi_en-US_Setup.exe
2017-02-16 09:21 - 2017-02-16 09:21 - 00377840 _____ (Autodesk Inc.) C:\Users\Anna\Downloads\Autodesk_MBX_2016_English_French_German_Japanese_Win_64bit_wi_en-US_Setup_webinstall.exe
2017-02-16 09:21 - 2017-02-16 09:21 - 00000000 ____D C:\Program Files\Epic Games
2017-02-16 09:16 - 2017-02-16 09:51 - 00000000 ____D C:\Users\Anna\AppData\Local\UnrealEngine
2017-02-16 09:16 - 2017-02-16 09:17 - 00000000 ____D C:\ProgramData\Epic
2017-02-16 09:16 - 2017-02-16 09:16 - 00001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2017-02-16 09:16 - 2017-02-16 09:16 - 00001258 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2017-02-16 09:16 - 2017-02-16 09:16 - 00000000 ____D C:\Users\Anna\AppData\Local\UnrealEngineLauncher
2017-02-16 09:16 - 2017-02-16 09:16 - 00000000 ____D C:\Users\Anna\AppData\Local\EpicGamesLauncher
2017-02-16 09:16 - 2017-02-16 09:16 - 00000000 ____D C:\Program Files (x86)\Epic Games
2017-02-16 08:50 - 2017-02-16 08:50 - 00000000 ____D C:\Users\Anna\Documents\xgen
2017-02-16 08:50 - 2017-02-16 08:50 - 00000000 ____D C:\Users\Anna\Documents\maya
2017-02-13 16:21 - 2017-02-13 16:21 - 04899128 _____ (Cisco Systems, Inc.) C:\Users\Anna\Downloads\anyconnect-win-4.3.02039-web-deploy-k9.exe
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\Users\Anna\AppData\Local\Cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\Users\Anna\.cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\ProgramData\Cisco
2017-02-13 16:21 - 2017-02-13 16:21 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-02-13 16:21 - 2016-08-12 17:41 - 00238344 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2017-02-13 16:17 - 2017-02-13 16:17 - 00049006 _____ (TU Delft) C:\Users\Anna\Downloads\TUDelft_Maya_License_Installer-2016-win32_x64.exe
2017-02-13 16:12 - 2017-02-13 16:12 - 00000000 ____D C:\Users\Anna\Documents\Direct Connect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 18:06 - 2016-11-20 13:43 - 00000000 ____D C:\Users\Anna\AppData\Roaming\uTorrent
2017-03-14 17:59 - 2016-11-21 14:19 - 00000000 ____D C:\ProgramData\RevitInterProcess
2017-03-14 17:43 - 2016-11-20 13:32 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Spotify
2017-03-14 17:43 - 2016-11-19 22:21 - 01189102 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-14 17:38 - 2016-11-20 13:42 - 00000000 ___RD C:\Users\Anna\Google Drive
2017-03-14 17:38 - 2016-11-20 13:36 - 00000000 ___RD C:\Users\Anna\Dropbox
2017-03-14 17:38 - 2016-11-20 12:11 - 00000000 ___RD C:\Users\Anna\Creative Cloud Files
2017-03-14 17:38 - 2016-11-20 12:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-14 17:38 - 2016-11-20 12:01 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2017-03-14 17:37 - 2016-11-19 23:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-14 17:37 - 2016-11-19 22:13 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-14 17:37 - 2016-07-16 07:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-03-14 17:29 - 2016-11-19 22:17 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Adobe
2017-03-14 17:14 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-14 17:14 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-14 00:18 - 2016-11-19 22:13 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-13 14:20 - 2016-11-20 13:32 - 00000000 ____D C:\Users\Anna\AppData\Local\Spotify
2017-03-10 13:48 - 2016-11-20 11:58 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Mozilla
2017-03-10 10:10 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-09 12:29 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-09 12:28 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-09 12:27 - 2016-11-20 14:33 - 00000000 ____D C:\Program Files\Microsoft Office
2017-03-09 12:10 - 2016-11-20 13:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-07 11:59 - 2016-11-19 23:27 - 00000000 ____D C:\Users\Anna\AppData\Local\Google
2017-03-07 11:58 - 2016-11-19 23:27 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-07 11:39 - 2016-11-20 13:33 - 00000000 ____D C:\Users\Anna\AppData\Local\Dropbox
2017-03-03 10:08 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-03-02 23:53 - 2016-07-16 12:47 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-02 23:49 - 2016-11-19 22:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-02 23:46 - 2016-12-06 20:31 - 00002832 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 23:46 - 2016-11-20 13:49 - 00002700 _____ C:\Windows\System32\Tasks\WinZipBackGroundToolsTask
2017-03-02 23:39 - 2016-11-19 23:12 - 00000000 ____D C:\Windows\Panther
2017-03-02 20:11 - 2016-11-20 11:57 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-02 20:11 - 2016-11-20 11:56 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-02 20:11 - 2016-11-20 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-02 20:05 - 2016-11-20 12:07 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Autodesk
2017-03-02 20:05 - 2016-11-20 12:07 - 00000000 ____D C:\ProgramData\Autodesk
2017-03-02 18:58 - 2016-11-20 13:19 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-03-02 18:52 - 2016-11-20 13:14 - 00000000 ____D C:\Program Files\Autodesk
2017-03-02 18:42 - 2016-11-20 14:13 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-03-02 18:17 - 2016-11-20 12:06 - 00000000 ____D C:\Autodesk
2017-03-02 17:40 - 2016-11-20 12:24 - 00000000 ____D C:\Users\Anna\AppData\Local\ElevatedDiagnostics
2017-03-01 13:19 - 2016-11-20 13:31 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-03-01 13:16 - 2016-11-19 22:17 - 00000000 ____D C:\Users\Anna
2017-02-23 23:39 - 2016-11-19 22:56 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 23:36 - 2016-11-19 22:56 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:06 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-22 14:15 - 2016-11-19 22:17 - 00000000 ____D C:\Users\Anna\AppData\Local\Packages
2017-02-21 17:38 - 2016-11-20 12:40 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-02-19 12:07 - 2016-11-19 22:18 - 00002364 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-19 12:07 - 2016-11-19 22:18 - 00000000 ___RD C:\Users\Anna\OneDrive
2017-02-18 18:42 - 2017-01-16 11:56 - 00000000 ____D C:\Users\Anna\AppData\Roaming\vlc
2017-02-17 09:35 - 2016-11-20 13:57 - 00000033 _____ C:\Users\Anna\AppData\Roaming\AdobeWLCMCache.dat
2017-02-16 09:50 - 2016-11-19 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 08:50 - 2016-11-20 13:23 - 00000000 ____D C:\Users\Anna\AppData\Local\Autodesk
2017-02-14 10:27 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-11-20 13:57 - 2017-02-17 09:35 - 0000033 _____ () C:\Users\Anna\AppData\Roaming\AdobeWLCMCache.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-11 23:47

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Anna (14-03-2017 18:13:54)
Running from C:\Users\Anna\Desktop\FRST folder
Windows 10 Education Version 1607 (X64) (2016-11-19 21:16:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2868825116-2182603550-4240801961-500 - Administrator - Disabled)
Anna (S-1-5-21-2868825116-2182603550-4240801961-1001 - Administrator - Enabled) => C:\Users\Anna
DefaultAccount (S-1-5-21-2868825116-2182603550-4240801961-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2868825116-2182603550-4240801961-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2868825116-2182603550-4240801961-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACA & MEP 2017 Object Enabler (Version: 7.9.45.0 - Autodesk) Hidden
ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
AutoCAD 2017 - English (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden
AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden
Autodesk A360 Collaboration for Revit 2017 (HKLM\...\Autodesk A360 Collaboration for Revit 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk A360 Collaboration for Revit 2017 (Version: 17.0.416.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk)
Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk)
Autodesk BIM 360 Revit 2017 Add-in 64 bit (HKLM\...\{A26EBAD5-9591-407F-9D6C-C7A4F3DFE506}) (Version: 4.37.6853 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Featured Apps 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2017 (HKLM-x32\...\{360AC116-6CD4-4E7D-8174-28D47B05E898}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.0.1312.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.0.1312.0 - Autodesk) Hidden
Autodesk Maya 2016 SP1 (Version: 16.3.2006.0 - Autodesk) Hidden
Autodesk Maya 2016 SP2 (Version: 16.3.2006.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3 (HKLM\...\Autodesk Maya 2016 SP3) (Version: 16.3.2006.0 - Autodesk)
Autodesk Mudbox 2016 (HKLM\...\Autodesk Mudbox 2016) (Version: 10.0.0.166 - Autodesk)
Autodesk Mudbox 2016 (Version: 10.0.0.166 - Autodesk) Hidden
Autodesk ReCap 360 (HKLM\...\Autodesk ReCap 360) (Version: 3.0.0.52 - Autodesk)
Autodesk ReCap 360 (Version: 3.0.0.52 - Autodesk) Hidden
Autodesk Revit 2017 (HKLM\...\Autodesk Revit 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit 2017 (HKLM\...\Revit 2017) (Version:  - )
Autodesk Revit Content Libraries 2017 (HKLM\...\Autodesk Revit Content Libraries 2017) (Version: 17.0.416.0 - Autodesk)
Autodesk Revit Content Libraries 2017 (HKLM\...\Revit Content Libraries 2017) (Version:  - )
Autodesk Revit MEP Imperial Content v2.0 (HKLM\...\{F2538944-3E07-4E97-B41A-FC48AB53EE9D}) (Version: 2.0 - Autodesk)
Autodesk Revit MEP Metric Content v2.0 (HKLM\...\{DEF775C7-84BF-4730-976A-FE3747F1757C}) (Version: 2.0 - Autodesk)
Autodesk Workflows 2017 (HKLM\...\{23A13F78-5B67-441A-ABF9-48BE8B5455DB}) (Version: 15.11.13.0 - Autodesk, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
De Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dynamo 0.9.1 (HKLM\...\{85626FB3-CAF9-49C1-AA28-E3C75164BD6F}) (Version: 0.9.1.4062 - Autodesk)
Epic Games Launcher (HKLM-x32\...\{56C7F9B4-77A1-48C3-AE0A-E402992F1F9B}) (Version: 1.1.94.0 - Epic Games, Inc.)
f.lux (HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Flux) (Version:  - )
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 1.1.505.0 (64bit) (HKLM-x32\...\{8834451B-6209-4E02-9EF4-4EF9E3C1F70F}) (Version: 5.5.0.44203 - FARO Scanner Production)
FormIt 360 Converter For Revit 2017 (HKLM\...\{637211B6-D2E9-474A-BF06-4F61F1254104}) (Version: 1.9.0.0 - Autodesk)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
IronPython 2.7.3 (HKLM-x32\...\{1EBADAEA-1A0F-40E3-848C-0DD8C5E5A10D}) (Version: 2.7.31000.0 - IronPython Team)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 16.0.7870.2020 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 nl)) (Version: 52.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 362.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 147.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 147.00 - NVIDIA Corporation)
NVIDIA WMI 2.25.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.25.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7870.2020 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2020 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7766.2039 - Microsoft Corporation) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 16.0.1109.0 - Autodesk)
Personal Accelerator for Revit (Version: 16.0.1109.0 - Autodesk) Hidden
Revit 2017 (Version: 17.0.416.0 - Autodesk) Hidden
Revit Content Libraries 2017 (Version: 17.0.416.0 - Autodesk) Hidden
Rhinoceros 5 (64-bit) (HKLM\...\{8E59DD70-F23E-4CA2-85BC-3C77D74F054F}) (Version: 5.13.60913.21340 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{2CEDE3EF-B32F-456A-923F-75555C5BC541}) (Version: 5.13.60913.21340 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{514AE1DE-CCB8-4D34-A03F-B8AD8B356F94}) (Version: 5.6.31022.16390 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (en-US) (HKLM-x32\...\{C43B3604-80DA-40C7-AE72-9ADCF238474C}) (Version: 5.13.60913.21340 - Robert McNeel & Associates)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
SketchUp Import 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk)
Spotify (HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update_msi (HKLM-x32\...\{59B5A9CD-253D-4C41-A073-B387D4C9672D}) (Version: 1.0.0 - Default Company Name)
Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Volume Activation Management Tool 2.0 (HKLM-x32\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{36C065F3-1232-4BEF-9948-B47CD2ED68CF}) (Version:  - ) <==== ATTENTION
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}) (Version: 21.0.12288 - WinZip Computing, S.L. )
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D6D1089256BD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17A44B80-8202-4A81-941E-1F20A05D1B07} - System32\Tasks\{9369FDD9-AAC6-4D35-BD82-73BB8EF49BF7} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -c -remove -removeonly
Task: {17E22B8A-89B1-499D-AB2A-B4C545C9834F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
Task: {18F535E0-5D9C-498C-A630-D2E0FB140422} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-03-04] (Microsoft Corporation)
Task: {2AC2B877-32DF-49D0-AD03-341EA3555983} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-382V0VJ-Anna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {4711AA99-D9FE-4A3A-BE75-ED4F3F78F298} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] ()
Task: {47A45220-387E-4A8A-B191-CC8D445702AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {4A054D8C-5D6C-43CC-8005-2791561238A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-03-04] (Microsoft Corporation)
Task: {4BCB948C-4D30-4C03-8021-52AC32C99F68} - \g1QvdypTTe -> No File <==== ATTENTION
Task: {684021F9-4351-4869-AAE5-421DE6B63927} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-20] (Dropbox, Inc.)
Task: {8C97BADC-1B64-46FE-9649-7ED68B3A92A9} - \Shequlyqernily -> No File <==== ATTENTION
Task: {909DAB2F-F109-4686-A709-278FDA139CA9} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== ATTENTION
Task: {AB7A1317-7778-4C8A-BBB2-9A56BDF9B770} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {AD44AF5B-D720-410C-B826-6ED648E2CD6E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-04] (Microsoft Corporation)
Task: {C6626B44-C6C7-4C54-9AF9-717F79438355} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-20] (Dropbox, Inc.)
Task: {CB6938B0-A621-4140-B043-CAFCEBFE2E07} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-26] (WinZip Computing, S.L.)
Task: {E2ECD50C-C04C-4429-985E-5150BB0ADF36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-19] (Google Inc.)
Task: {E8059D92-0C07-4721-A80F-D9B64F259D92} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {FA7A94FB-477F-4A0C-8268-F020930A0BF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H
ShortcutWithArgument: C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Noflat\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1489510109&z=ed6be80d242fd247e33dea8g4zfb7t5w0gce7g7eeb&from=che0812&uid=SamsungXSSDX850XEVOX250GB_S21PNSAFC79652H

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 13:12 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-19 22:25 - 2016-06-10 11:50 - 03168824 _____ () C:\Windows\system32\nvwmi64.exe
2016-11-19 22:22 - 2016-06-10 07:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-23 17:04 - 2017-03-03 10:02 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-14 13:12 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-11-19 22:25 - 2016-06-10 11:50 - 00727488 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2016-11-19 22:45 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-13 09:33 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-20 13:50 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00059784 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qoauth_Ad_1.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00232328 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qjson_Ad_0.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00048520 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\QtSolutions_MFCMigrationFramework_Ad_2.dll
2015-04-21 12:44 - 2015-04-21 12:44 - 00922504 _____ () C:\Program Files\Autodesk\Personal Accelerator for Revit\qca_Ad_2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-12-23 19:11 - 2016-12-23 19:11 - 07012944 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\AdobePDFMakerX.dll
2016-11-20 15:14 - 2016-11-20 15:14 - 02210480 _____ () C:\Program Files\Microsoft Office\Root\Office16\tmpod.dll
2016-11-20 15:14 - 2017-03-03 04:04 - 01397448 _____ () C:\Program Files\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-12-23 19:11 - 2016-12-23 19:11 - 02862672 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\SendAsLinkX.dll
2017-03-07 15:04 - 2017-03-07 15:04 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.431.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-03-07 15:04 - 2017-03-07 15:04 - 00138752 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.431.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-01-13 09:33 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-13 09:33 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-13 09:33 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-13 09:33 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-13 09:33 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-12 18:20 - 2016-08-12 18:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-11-20 13:31 - 2016-07-01 07:39 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-11-20 13:31 - 2016-07-01 07:39 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2016-11-20 13:32 - 2017-03-10 10:18 - 67725936 _____ () C:\Users\Anna\AppData\Roaming\Spotify\libcef.dll
2016-11-20 13:32 - 2017-03-10 10:18 - 00110192 _____ () C:\Users\Anna\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-11-20 13:32 - 2017-03-10 10:18 - 01929840 _____ () C:\Users\Anna\AppData\Roaming\Spotify\libglesv2.dll
2016-11-20 13:32 - 2017-03-10 10:18 - 00087152 _____ () C:\Users\Anna\AppData\Roaming\Spotify\libegl.dll
2017-03-14 17:38 - 2017-03-14 17:38 - 00098816 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32api.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00110080 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\pywintypes27.dll
2017-03-14 17:38 - 2017-03-14 17:38 - 00364544 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\pythoncom27.dll
2017-03-14 17:38 - 2017-03-14 17:38 - 00320512 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32com.shell.shell.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00914432 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_hashlib.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 01176576 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._core_.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00806400 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._gdi_.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00816128 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._windows_.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 01067008 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._controls_.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00733184 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._misc_.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00682496 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\pysqlite2._sqlite.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00088064 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_ctypes.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00686080 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\unicodedata.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00119808 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32file.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00108544 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32security.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00007168 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\hashobjs_ext.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00017920 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\thumbnails_ext.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00088064 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\usb_ext.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00012800 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\common.time34.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00018432 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32event.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00167936 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32gui.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00046080 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_socket.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 01303552 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_ssl.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00128512 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_elementtree.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00127488 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\pyexpat.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00038912 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32inet.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00036864 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_psutil_windows.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00524248 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\windows._lib_cacheinvalidation.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00011264 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32crypt.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00123392 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._wizard.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00077312 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._html2.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00027648 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_multiprocessing.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00020480 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\_yappi.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00035840 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32process.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00078848 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\wx._animate.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00024064 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32pipe.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00010240 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\select.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00025600 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32pdh.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00017408 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32profile.pyd
2017-03-14 17:38 - 2017-03-14 17:38 - 00022528 ____R () C:\Users\Anna\AppData\Local\Temp\_MEI70042\win32ts.pyd
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-11-20 13:31 - 2013-09-23 18:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-11-20 13:31 - 2015-11-05 13:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-11-20 13:31 - 2015-11-05 13:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-11-20 13:31 - 2015-11-05 13:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-11-20 13:31 - 2016-07-01 07:05 - 00285120 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2016-11-20 13:31 - 2015-09-08 07:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-11-20 13:31 - 2014-09-03 01:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-11-20 13:31 - 2014-09-03 01:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2016-11-20 13:31 - 2014-09-03 01:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2017-03-09 12:10 - 2017-03-06 21:59 - 00807232 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-11-20 13:34 - 2017-02-09 03:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-11-20 13:34 - 2017-02-09 03:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-20 13:34 - 2017-02-09 03:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-11-20 13:34 - 2017-02-09 03:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-20 13:34 - 2017-02-09 03:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-09 12:10 - 2017-02-09 03:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-09 12:10 - 2017-02-09 03:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-09 12:10 - 2017-02-09 03:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-20 13:34 - 2017-02-09 03:22 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-09 12:10 - 2017-02-09 03:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-09 12:10 - 2017-02-09 03:22 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-20 13:34 - 2017-02-09 03:21 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-20 13:34 - 2017-02-09 03:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-28 14:10 - 2017-03-06 22:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 20:04 - 2017-03-06 22:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 20:04 - 2017-03-06 22:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 20:04 - 2017-03-06 22:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 20:04 - 2017-03-06 22:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 12:10 - 2017-02-09 03:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-09 12:10 - 2017-03-06 22:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-03-09 12:10 - 2016-12-02 22:44 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-03-09 12:10 - 2017-03-06 22:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-09 12:10 - 2017-02-09 03:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-09 12:10 - 2017-02-09 03:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-09 12:10 - 2017-03-06 22:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-20 13:34 - 2017-02-09 03:22 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-11-20 13:34 - 2017-03-06 22:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 12:10 - 2017-03-06 22:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-10-10 23:15 - 2016-10-10 23:15 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-10 23:17 - 2016-10-10 23:17 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-25 10:41 - 2016-10-25 10:41 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-10 23:14 - 2016-10-10 23:14 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2016-10-10 23:14 - 2016-10-10 23:14 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-12-14 13:12 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-03-14 17:49 - 2016-05-23 03:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2017-03-14 17:49 - 2016-05-23 03:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2017-03-14 17:49 - 2017-03-14 03:42 - 00105984 _____ () c:\programdata\vmware\vmware service\vmautostart.dll
2017-03-14 17:49 - 2017-03-14 03:42 - 00105984 _____ () C:\ProgramData\VMware\VMware Service\vmAutoStart.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_12C6C396F9F079F593189BD3E5EB8A5F"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{E0FD5142-018E-45B2-B279-B8B84B1434E9}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\anna\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{9F9A089D-A544-459A-ADCE-8A77CBC769D7}C:\users\anna\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\anna\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B9485180-EA65-4AED-9348-822E3AC0CCBA}] => (Block) C:\users\anna\appdata\local\akamai\netsession_win.exe
FirewallRules: [{786FD621-2BD0-4B5D-836C-D4EB498D062D}] => (Block) C:\users\anna\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{0309AF45-5626-4852-9E5B-19B0D8ADD94E}C:\users\anna\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anna\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6F7F5149-3768-4D5B-97F6-5CEC8223B870}C:\users\anna\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anna\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C50DA429-727E-4EBA-98E4-CB3143380755}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{9497A25E-6E60-4D63-B83F-A72D5DDC2A52}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{9FA0392F-576D-44BC-98C3-DDC7C4654682}] => (Allow) LPort=58815
FirewallRules: [{24864AF0-1F7E-4586-83DC-4A473BE526B2}] => (Allow) LPort=5000
FirewallRules: [{F51ACB49-5F74-4468-9365-1BC42BB2663F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{99EFE457-D3FD-435E-AF2E-73F2E18B319F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9B234A73-05F0-4D78-8573-B5ADE3829DB8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{CEDC952A-4DCB-4F96-B99C-67237027FDF8}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [UDP Query User{36CC2DD7-B362-4269-B67B-D002CC7F48C3}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [{1C6A33D3-C91F-4669-9856-D99451C1EBBD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5DE83B24-F165-4DFD-B69F-5681D8D9720A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DAD21E64-7C79-477E-9AFB-E49EF3F42103}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{F6543431-AA7C-4103-9942-8712E185B27C}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{124F06AC-47A4-4336-8D8E-2DBF841C4C75}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{E5D6C0AA-2625-4699-A9F7-E0C5726A2E52}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{C2E2B9B2-6ED4-4EF4-AE86-71339E40E3B5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{E1DD29FC-8262-4F7E-9E9E-5120B3914297}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{D669B5D9-3981-456E-821C-F3F9B644B2AF}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{82F7BF38-251A-4ED8-AE3E-CA9ADA416AB8}] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{9B91B165-D9C9-4DFE-A56F-9D502278262C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F4EA5114-FB8E-47DD-8DE2-BC3681CC3701}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5A8D6924-8E0E-4520-A389-48C231E4C447}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C61FD467-B162-4B5E-B0D1-7D887BB77E33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2CE32A1A-7CDC-481A-B591-A50FC12487DE}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{89D03DDD-13EF-44E4-B4E2-2EF04C4768B7}] => (Allow) C:\Program Files (x86)\Noflat\Application\chrome.exe

==================== Restore Points =========================

14-03-2017 00:18:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2017 05:53:40 PM) (Source: MsiInstaller) (EventID: 11723) (User: NT AUTHORITY)
Description: Product: Update_msi -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action _406F2359_86D5_429B_A359_03A481E00443, entry: load, library: C:\Windows\Installer\MSIDFB9.tmp

Error: (03/14/2017 05:50:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

Error: (03/14/2017 05:50:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\autodesk\revit 2017\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.408.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/14/2017 05:49:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Autodesk\WI\Autodesk Revit 2017\x64\RVT\Program Files\Autodesk\Root\FaroImporter.exe".
Dependent Assembly FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.408.2" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/14/2017 05:38:40 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-382V0VJ)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Anna\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (03/14/2017 05:38:22 PM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-382V0VJ)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Anna\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (03/14/2017 09:18:52 AM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-382V0VJ)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Anna\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (03/14/2017 09:18:36 AM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-382V0VJ)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Anna\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (03/14/2017 12:19:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-382V0VJ)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Anna\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (03/14/2017 12:19:26 AM) (Source: MsiInstaller) (EventID: 11310) (User: DESKTOP-382V0VJ)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Anna\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.


System errors:
=============
Error: (03/14/2017 06:02:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update Service(FirefoxU) service terminated unexpectedly. It has done this 1 time(s).

Error: (03/14/2017 05:59:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Kyubey service terminated unexpectedly. It has done this 1 time(s).

Error: (03/14/2017 05:55:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ed2k idle service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/14/2017 05:49:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The YAC Kit Driver service failed to start due to the following error:
The request is not supported.

Error: (03/14/2017 05:47:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ed2k idle service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/14/2017 05:43:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly. It has done this 3 time(s).

Error: (03/14/2017 05:43:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/14/2017 05:42:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/14/2017 05:39:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (03/14/2017 05:37:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-03-14 18:06:47.278
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 8142.35 MB
Available physical RAM: 4288.93 MB
Total Virtual: 13262.35 MB
Available Virtual: 8271.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:79.05 GB) NTFS
Drive d: (Data) (Fixed) (Total:465.76 GB) (Free:102.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F78500FF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8CFEB627)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 14 March 2017 - 12:37 PM

Anna:

 

Thank you for your post and the new FRST logs.  Did you run my "fixlist.txt" file - I do not see the "fixlog.txt" file copied and attached?  If you have not done so, please do so.  Copy and paste the contents of the "fixlog.txt" file into your next reply as soon as it is convenient.

 

I see, quickly looking at your new logs, that there are suspicious new entries, not present in the original FRST logs that I analyzed.  I will have to go through the new logs carefully and I will also remove the remnants of Akamai Netsession and µTorrent that remain, in my next "fixlist.txt" file.

 

Please do not make any further changes to your computer, as it greatly complicates the job of disinfecting it.  It is like trying to hit a moving target! :)

 

I apologize, but it will be tomorrow, I expect, before I will have completed analyzing and crafting a new "fixlist.txt" script for your computer.  I am helping other people on this Forum as well.  Thank you for your patience and understanding.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 avanbon

avanbon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 March 2017 - 03:54 PM

Hi Phil,

 

here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-03-2017
Ran by Anna (14-03-2017 21:37:31) Run:1
Running from C:\Users\Anna\Desktop\FRST folder
Loaded Profiles: Anna (Available Profiles: defaultuser0 & Anna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\...\Policies\Explorer: []
ShellExecuteHooks: No Name - {303DD29C-F44A-11E6-AAF0-64006A5CFC23} -  -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X]
Folder: C:\Users\Anna\AppData\Roaming\Kedaly
Folder: C:\Windows\system32\SSL
Folder: C:\Users\Anna\AppData\Local\Clogeyreiwish
CustomCLSID: HKU\S-1-5-21-2868825116-2182603550-4240801961-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D6D1089256BD}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {4BCB948C-4D30-4C03-8021-52AC32C99F68} - \g1QvdypTTe -> No File <==== ATTENTION
Task: {8C97BADC-1B64-46FE-9649-7ED68B3A92A9} - \Shequlyqernily -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2868825116-2182603550-4240801961-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{303DD29C-F44A-11E6-AAF0-64006A5CFC23} => value removed successfully
HKCR\CLSID\{303DD29C-F44A-11E6-AAF0-64006A5CFC23} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\STHDA => key removed successfully
STHDA => service removed successfully

========================= Folder: C:\Users\Anna\AppData\Roaming\Kedaly ========================


====== End of Folder: ======


========================= Folder: C:\Windows\system32\SSL ========================


====== End of Folder: ======


========================= Folder: C:\Users\Anna\AppData\Local\Clogeyreiwish ========================

2017-02-23 11:53 - 2017-02-22 14:18 - 0197046 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Certificate Revocation Lists
2017-02-23 11:53 - 2017-02-22 14:12 - 1048576 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CrashpadMetrics.pma
2017-02-23 11:53 - 2016-11-19 23:28 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\First Run
2017-02-23 11:53 - 2017-02-23 11:53 - 0088680 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Local State
2017-02-23 11:53 - 2017-02-19 16:51 - 0001388 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\nacl_validation_cache.bin
2017-02-23 11:53 - 2016-11-19 23:29 - 1807935 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\nl-NL-3-0.bdic
2017-02-23 11:53 - 2017-02-23 11:38 - 13540308 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Bloom
2017-02-23 11:53 - 2017-02-23 11:38 - 3331836 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Bloom Prefix Set
2017-02-23 11:53 - 2016-11-19 23:32 - 0005120 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Channel IDs
2017-02-23 11:53 - 2016-11-19 23:32 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Channel IDs-journal
2017-02-23 11:53 - 2017-02-23 11:51 - 0007168 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Cookies
2017-02-23 11:53 - 2017-02-23 11:51 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Cookies-journal
2017-02-23 11:53 - 2017-02-23 11:38 - 0128356 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Csd Whitelist
2017-02-23 11:53 - 2017-02-23 11:38 - 0296880 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Download
2017-02-23 11:53 - 2017-02-23 11:38 - 0022612 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Download Whitelist
2017-02-23 11:53 - 2017-02-23 11:38 - 0083620 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Extension Blacklist
2017-02-23 11:53 - 2017-02-23 11:38 - 0000156 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing IP Blacklist
2017-02-23 11:53 - 2017-02-23 11:38 - 0056664 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Module Whitelist
2017-02-23 11:53 - 2017-02-23 11:38 - 0001348 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing Resource Blacklist
2017-02-23 11:53 - 2017-02-23 11:38 - 1343292 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing UwS List
2017-02-23 11:53 - 2017-02-23 11:38 - 0329404 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\Safe Browsing UwS List Prefix Set
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311
2017-02-23 11:53 - 2017-02-21 21:06 - 0000066 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\manifest.fingerprint
2017-02-23 11:53 - 2017-02-20 14:14 - 0000067 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\manifest.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths
2017-02-23 11:53 - 2017-02-21 21:06 - 0000239 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000241 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000237 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000242 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth
2017-02-23 11:53 - 2017-02-18 14:11 - 0000239 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth
2017-02-23 11:53 - 2017-02-18 14:11 - 0000241 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000243 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000483 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000484 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000237 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000241 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth
2017-02-23 11:53 - 2017-02-18 14:11 - 0000242 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000238 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth
2017-02-23 11:53 - 2017-02-21 21:06 - 0000239 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\CertificateTransparency\311\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData
2017-02-23 11:53 - 2017-02-23 11:37 - 0007168 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Affiliation Database
2017-02-23 11:53 - 2017-02-23 11:37 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Affiliation Database-journal
2017-02-23 11:53 - 2017-02-23 11:06 - 0008477 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Bookmarks
2017-02-23 11:53 - 2017-02-22 09:50 - 0008104 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Bookmarks.bak
2017-02-23 11:53 - 2017-02-23 11:53 - 1081344 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Cookies
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Cookies-journal
2017-02-23 11:53 - 2017-02-23 11:52 - 0265853 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Current Session
2017-02-23 11:53 - 2017-02-23 11:52 - 0447043 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Current Tabs
2017-02-23 11:53 - 2017-02-23 11:50 - 0000335 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\DownloadMetadata
2017-02-23 11:53 - 2017-02-22 14:50 - 0007168 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Cookies
2017-02-23 11:53 - 2017-02-22 14:50 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Cookies-journal
2017-02-23 11:53 - 2017-02-23 11:50 - 3571712 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Favicons
2017-02-23 11:53 - 2017-02-23 11:50 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Favicons-journal
2017-02-23 11:53 - 2016-11-19 23:29 - 0012900 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Google Profile Picture.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0176873 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Google Profile.ico
2017-02-23 11:53 - 2017-02-23 11:52 - 4030464 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\History
2017-02-23 11:53 - 2017-02-23 11:52 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\History-journal
2017-02-23 11:53 - 2017-02-22 09:50 - 0069895 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Last Session
2017-02-23 11:53 - 2017-02-22 09:50 - 0013564 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Last Tabs
2017-02-23 11:53 - 2017-02-23 11:06 - 0077824 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Login Data
2017-02-23 11:53 - 2017-02-23 11:06 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Login Data-journal
2017-02-23 11:53 - 2017-02-23 11:50 - 0155648 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Network Action Predictor
2017-02-23 11:53 - 2017-02-23 11:50 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Network Action Predictor-journal
2017-02-23 11:53 - 2017-02-23 11:50 - 0000497 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Network Persistent State
2017-02-23 11:53 - 2017-02-16 11:18 - 0024576 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Origin Bound Certs
2017-02-23 11:53 - 2017-02-16 11:18 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Origin Bound Certs-journal
2017-02-23 11:53 - 2017-02-23 11:52 - 0219187 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Preferences
2017-02-23 11:53 - 2017-02-02 23:40 - 0012288 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\previews_opt_out.db
2017-02-23 11:53 - 2017-02-02 23:40 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\previews_opt_out.db-journal
2017-02-23 11:53 - 2017-02-23 11:50 - 0017408 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\QuotaManager
2017-02-23 11:53 - 2017-02-23 11:50 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\QuotaManager-journal
2017-02-23 11:53 - 2017-02-23 11:53 - 0066537 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Secure Preferences
2017-02-23 11:53 - 2017-02-23 11:52 - 0067745 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Secure Preferencesgoobackup
2017-02-23 11:53 - 2017-02-23 11:24 - 0069632 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Shortcuts
2017-02-23 11:53 - 2017-02-23 11:24 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Shortcuts-journal
2017-02-23 11:53 - 2017-02-23 11:53 - 1114112 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Top Sites
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Top Sites-journal
2017-02-23 11:53 - 2017-02-23 11:52 - 0063300 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\TransportSecurity
2017-02-23 11:53 - 2017-02-23 11:53 - 0131072 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Visited Links
2017-02-23 11:53 - 2017-02-23 11:21 - 0131072 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Web Data
2017-02-23 11:53 - 2017-02-23 11:21 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Web Data-journal
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Application Cache
2017-02-23 11:53 - 2017-02-23 11:45 - 0360448 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Application Cache\Index
2017-02-23 11:53 - 2017-02-23 11:45 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Application Cache\Index-journal
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb
2017-02-23 11:53 - 2016-11-19 23:28 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb\000003.log
2017-02-23 11:53 - 2016-11-19 23:28 - 0000016 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb\CURRENT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb\LOCK
2017-02-23 11:53 - 2017-02-23 11:53 - 0000344 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb\LOG
2017-02-23 11:53 - 2017-02-22 09:50 - 0000344 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb\LOG.old
2017-02-23 11:53 - 2016-11-19 23:28 - 0000041 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\data_reduction_proxy_leveldb\MANIFEST-000001
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\databases
2017-02-23 11:53 - 2016-11-28 10:56 - 0007168 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\databases\Databases.db
2017-02-23 11:53 - 2016-11-28 10:56 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\databases\Databases.db-journal
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\databases\https_calendar.google.com_0
2017-02-23 11:53 - 2017-02-23 11:32 - 0090112 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\databases\https_calendar.google.com_0\1
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules
2017-02-23 11:53 - 2017-02-22 09:50 - 0001330 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules\000003.log
2017-02-23 11:53 - 2016-11-19 23:28 - 0000016 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules\CURRENT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules\LOCK
2017-02-23 11:53 - 2017-02-22 09:50 - 0000321 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules\LOG
2017-02-23 11:53 - 2017-02-16 12:56 - 0000321 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules\LOG.old
2017-02-23 11:53 - 2016-11-19 23:28 - 0000041 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension Rules\MANIFEST-000001
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State
2017-02-23 11:53 - 2016-11-24 18:20 - 0406824 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\000005.ldb
2017-02-23 11:53 - 2017-02-23 11:53 - 3224594 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\000032.log
2017-02-23 11:53 - 2017-02-17 12:12 - 0000897 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\000034.ldb
2017-02-23 11:53 - 2016-11-19 23:28 - 0000016 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\CURRENT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000000 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\LOCK
2017-02-23 11:53 - 2017-02-22 14:12 - 0000322 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\LOG
2017-02-23 11:53 - 2017-02-22 09:50 - 0000322 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\LOG.old
2017-02-23 11:53 - 2017-02-17 12:12 - 0001716 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extension State\MANIFEST-000001
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
2017-02-23 11:53 - 2016-11-19 23:28 - 0003372 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png
2017-02-23 11:53 - 2016-11-19 23:28 - 0000160 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png
2017-02-23 11:53 - 2015-02-03 14:09 - 0000092 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html
2017-02-23 11:53 - 2015-02-03 14:09 - 0000095 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js
2017-02-23 11:53 - 2016-11-19 23:28 - 0000725 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar
2017-02-23 11:53 - 2016-11-19 23:28 - 0000257 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg
2017-02-23 11:53 - 2016-11-19 23:28 - 0000272 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca
2017-02-23 11:53 - 2016-11-19 23:28 - 0000224 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs
2017-02-23 11:53 - 2016-11-19 23:28 - 0000224 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da
2017-02-23 11:53 - 2016-11-19 23:28 - 0000224 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de
2017-02-23 11:53 - 2016-11-19 23:28 - 0000234 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el
2017-02-23 11:53 - 2016-11-19 23:28 - 0000274 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB
2017-02-23 11:53 - 2016-11-19 23:28 - 0000214 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US
2017-02-23 11:53 - 2016-11-19 23:28 - 0000215 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es
2017-02-23 11:53 - 2016-11-19 23:28 - 0000223 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et
2017-02-23 11:53 - 2016-11-19 23:28 - 0000214 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000217 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil
2017-02-23 11:53 - 2016-11-19 23:28 - 0000224 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000222 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he
2017-02-23 11:53 - 2016-11-19 23:28 - 0000225 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000291 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu
2017-02-23 11:53 - 2016-11-19 23:28 - 0000230 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id
2017-02-23 11:53 - 2016-11-19 23:28 - 0000208 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja
2017-02-23 11:53 - 2016-11-19 23:28 - 0000236 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko
2017-02-23 11:53 - 2016-11-19 23:28 - 0000230 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt
2017-02-23 11:53 - 2016-11-19 23:28 - 0000228 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000233 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms
2017-02-23 11:53 - 2016-11-19 23:28 - 0000210 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no
2017-02-23 11:53 - 2015-02-03 14:09 - 0000203 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000217 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR
2017-02-23 11:53 - 2016-11-19 23:28 - 0000222 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000224 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro
2017-02-23 11:53 - 2016-11-19 23:28 - 0000222 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru
2017-02-23 11:53 - 2016-11-19 23:28 - 0000272 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000227 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000223 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000260 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000226 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th
2017-02-23 11:53 - 2016-11-19 23:28 - 0000260 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000270 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000237 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN
2017-02-23 11:53 - 2016-11-19 23:28 - 0000215 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW
2017-02-23 11:53 - 2016-11-19 23:28 - 0000209 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata
2017-02-23 11:53 - 2016-11-19 23:28 - 0000352 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json
2017-02-23 11:53 - 2015-02-03 14:09 - 0011094 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
2017-02-23 11:53 - 2016-11-19 23:28 - 0003213 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png
2017-02-23 11:53 - 2016-11-19 23:28 - 0000143 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png
2017-02-23 11:53 - 2015-02-03 14:03 - 0000092 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html
2017-02-23 11:53 - 2015-02-03 14:03 - 0000091 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js
2017-02-23 11:53 - 2016-11-19 23:28 - 0000725 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar
2017-02-23 11:53 - 2016-11-19 23:28 - 0000246 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg
2017-02-23 11:53 - 2016-11-19 23:28 - 0000264 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca
2017-02-23 11:53 - 2016-11-19 23:28 - 0000207 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs
2017-02-23 11:53 - 2016-11-19 23:28 - 0000222 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da
2017-02-23 11:53 - 2016-11-19 23:28 - 0000216 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de
2017-02-23 11:53 - 2016-11-19 23:28 - 0000217 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el
2017-02-23 11:53 - 2016-11-19 23:28 - 0000260 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB
2017-02-23 11:53 - 2016-11-19 23:28 - 0000208 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US
2017-02-23 11:53 - 2016-11-19 23:28 - 0000209 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es
2017-02-23 11:53 - 2016-11-19 23:28 - 0000206 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419
2017-02-23 11:53 - 2016-11-19 23:28 - 0000206 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et
2017-02-23 11:53 - 2016-11-19 23:28 - 0000216 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000216 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil
2017-02-23 11:53 - 2016-11-19 23:28 - 0000219 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000215 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000279 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu
2017-02-23 11:53 - 2016-11-19 23:28 - 0000235 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id
2017-02-23 11:53 - 2016-11-19 23:28 - 0000209 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it
2017-02-23 11:53 - 2016-11-19 23:28 - 0000213 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko
2017-02-23 11:53 - 2016-11-19 23:28 - 0000218 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt
2017-02-23 11:53 - 2016-11-19 23:28 - 0000228 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000224 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms
2017-02-23 11:53 - 2016-11-19 23:28 - 0000207 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000217 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no
2017-02-23 11:53 - 2015-02-03 14:03 - 0000195 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000213 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR
2017-02-23 11:53 - 2016-11-19 23:28 - 0000206 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000208 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro
2017-02-23 11:53 - 2016-11-19 23:28 - 0000213 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru
2017-02-23 11:53 - 2016-11-19 23:28 - 0000266 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000218 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000248 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000214 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th
2017-02-23 11:53 - 2016-11-19 23:28 - 0000254 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000227 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000264 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000225 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN
2017-02-23 11:53 - 2016-11-19 23:28 - 0000206 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW
2017-02-23 11:53 - 2016-11-19 23:28 - 0000206 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata
2017-02-23 11:53 - 2016-11-19 23:28 - 0000352 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json
2017-02-23 11:53 - 2015-02-03 14:03 - 0011094 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
2017-02-23 11:53 - 2016-11-19 23:28 - 0006707 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png
2017-02-23 11:53 - 2016-11-19 23:28 - 0001004 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar
2017-02-23 11:53 - 2016-11-19 23:28 - 0000278 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg
2017-02-23 11:53 - 2016-11-19 23:28 - 0000319 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca
2017-02-23 11:53 - 2016-11-19 23:28 - 0000265 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs
2017-02-23 11:53 - 2016-11-19 23:28 - 0000259 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da
2017-02-23 11:53 - 2016-11-19 23:28 - 0000243 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de
2017-02-23 11:53 - 2016-11-19 23:28 - 0000256 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el
2017-02-23 11:53 - 2016-11-19 23:28 - 0000329 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB
2017-02-23 11:53 - 2016-11-19 23:28 - 0000249 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US
2017-02-23 11:53 - 2016-11-19 23:28 - 0000249 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es
2017-02-23 11:53 - 2016-11-19 23:28 - 0000259 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419
2017-02-23 11:53 - 2016-11-19 23:28 - 0000259 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et
2017-02-23 11:53 - 2016-11-19 23:28 - 0000251 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu
2017-02-23 11:53 - 2015-10-20 06:50 - 0000243 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000257 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil
2017-02-23 11:53 - 2016-11-19 23:28 - 0000260 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000252 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he
2017-02-23 11:53 - 2016-11-19 23:28 - 0000278 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000345 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000263 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu
2017-02-23 11:53 - 2016-11-19 23:28 - 0000264 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id
2017-02-23 11:53 - 2016-11-19 23:28 - 0000261 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it
2017-02-23 11:53 - 2016-11-19 23:28 - 0000258 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja
2017-02-23 11:53 - 2016-11-19 23:28 - 0000293 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko
2017-02-23 11:53 - 2016-11-19 23:28 - 0000281 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt
2017-02-23 11:53 - 2016-11-19 23:28 - 0000285 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000258 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms
2017-02-23 11:53 - 2016-11-19 23:28 - 0000254 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000242 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no
2017-02-23 11:53 - 2015-10-20 06:50 - 0000218 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000257 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR
2017-02-23 11:53 - 2016-11-19 23:28 - 0000246 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000264 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro
2017-02-23 11:53 - 2016-11-19 23:28 - 0000281 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru
2017-02-23 11:53 - 2016-11-19 23:28 - 0000338 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000274 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000268 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000287 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000253 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th
2017-02-23 11:53 - 2016-11-19 23:28 - 0000356 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000270 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000353 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000279 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN
2017-02-23 11:53 - 2016-11-19 23:28 - 0000273 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW
2017-02-23 11:53 - 2016-11-19 23:28 - 0000267 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata
2017-02-23 11:53 - 2015-10-20 06:50 - 0011221 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
2017-02-23 11:53 - 2016-11-19 23:28 - 0003406 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png
2017-02-23 11:53 - 2016-11-19 23:28 - 0000728 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no
2017-02-23 11:53 - 2015-09-21 06:52 - 0000159 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW
2017-02-23 11:53 - 2016-11-19 23:28 - 0000179 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata
2017-02-23 11:53 - 2015-09-23 12:46 - 0010089 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0
2017-02-23 11:53 - 2016-10-26 09:27 - 0002084 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\background.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0004383 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\common.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0002541 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\composer.html
2017-02-23 11:53 - 2016-10-26 09:27 - 0002334 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\composer.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003588 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\cssProperties.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0000748 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\devtools.html
2017-02-23 11:53 - 2016-10-26 09:27 - 0001025 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\devtools.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003293 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\devtools-panel.html
2017-02-23 11:53 - 2016-10-26 09:27 - 0004803 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\devtools-panel.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003970 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\firstRun.html
2017-02-23 11:53 - 2016-10-26 09:27 - 0003887 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\firstRun.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003958 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\i18n.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0014816 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\include.postload.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0016559 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\include.preload.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0000223 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\managed-storage-schema.json
2017-02-23 11:53 - 2016-11-19 23:29 - 0002241 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\manifest.json
2017-02-23 11:53 - 2016-10-26 09:27 - 0013455 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\messageResponder.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003345 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\notification.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0008994 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\options.html
2017-02-23 11:53 - 2016-10-26 09:27 - 0023672 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\options.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003657 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\popup.html
2017-02-23 11:53 - 2016-10-26 09:27 - 0005086 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\popup.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0004050 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\stats.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0005898 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\subscriptions.xml
2017-02-23 11:53 - 2016-10-26 09:27 - 0000871 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\utils.js
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\am
2017-02-23 11:53 - 2016-11-19 23:29 - 0001774 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\am\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ar
2017-02-23 11:53 - 2016-11-19 23:29 - 0014200 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ar\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\bg
2017-02-23 11:53 - 2016-11-19 23:29 - 0015372 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\bg\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\bn
2017-02-23 11:53 - 2016-11-19 23:29 - 0009622 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\bn\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ca
2017-02-23 11:53 - 2016-11-19 23:29 - 0012453 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ca\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\cs
2017-02-23 11:53 - 2016-11-19 23:29 - 0012299 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\cs\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\da
2017-02-23 11:53 - 2016-11-19 23:29 - 0011480 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\da\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\de
2017-02-23 11:53 - 2016-11-19 23:29 - 0012529 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\de\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\el
2017-02-23 11:53 - 2016-11-19 23:29 - 0016555 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\el\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\en_GB
2017-02-23 11:53 - 2016-11-19 23:29 - 0009255 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\en_GB\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\en_US
2017-02-23 11:53 - 2016-11-19 23:29 - 0013116 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\en_US\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\es
2017-02-23 11:53 - 2016-11-19 23:29 - 0012320 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\es\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\es_419
2017-02-23 11:53 - 2016-11-19 23:29 - 0012245 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\es_419\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\et
2017-02-23 11:53 - 2016-11-19 23:29 - 0010375 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\et\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fa
2017-02-23 11:53 - 2016-11-19 23:29 - 0014920 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fa\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fi
2017-02-23 11:53 - 2016-11-19 23:29 - 0011803 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fil
2017-02-23 11:53 - 2016-11-19 23:29 - 0005835 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fil\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fr
2017-02-23 11:53 - 2016-11-19 23:29 - 0012559 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\fr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\gu
2017-02-23 11:53 - 2016-11-19 23:29 - 0006943 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\gu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\he
2017-02-23 11:53 - 2016-11-19 23:29 - 0013310 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\he\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\hi
2017-02-23 11:53 - 2016-11-19 23:29 - 0009388 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\hi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\hr
2017-02-23 11:53 - 2016-11-19 23:29 - 0011871 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\hr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\hu
2017-02-23 11:53 - 2016-11-19 23:29 - 0012548 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\hu\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\id
2017-02-23 11:53 - 2016-11-19 23:29 - 0012184 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\id\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\it
2017-02-23 11:53 - 2016-11-19 23:29 - 0012348 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\it\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ja
2017-02-23 11:53 - 2016-11-19 23:29 - 0013051 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ja\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\kn
2017-02-23 11:53 - 2016-11-19 23:29 - 0008333 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\kn\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ko
2017-02-23 11:53 - 2016-11-19 23:29 - 0012172 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ko\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\lt
2017-02-23 11:53 - 2016-11-19 23:29 - 0011880 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\lt\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\lv
2017-02-23 11:53 - 2016-11-19 23:29 - 0011705 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\lv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ml
2017-02-23 11:53 - 2016-11-19 23:29 - 0004439 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ml\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ms
2017-02-23 11:53 - 2016-11-19 23:29 - 0011721 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ms\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\nb
2017-02-23 11:53 - 2016-11-19 23:29 - 0011932 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\nb\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\nl
2017-02-23 11:53 - 2016-11-19 23:29 - 0012004 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\nl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\pl
2017-02-23 11:53 - 2016-11-19 23:29 - 0012337 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\pl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\pt_BR
2017-02-23 11:53 - 2016-11-19 23:29 - 0012167 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\pt_BR\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\pt_PT
2017-02-23 11:53 - 2016-11-19 23:29 - 0012027 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\pt_PT\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ro
2017-02-23 11:53 - 2016-11-19 23:29 - 0012094 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ro\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ru
2017-02-23 11:53 - 2016-11-19 23:29 - 0015726 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ru\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sk
2017-02-23 11:53 - 2016-11-19 23:29 - 0011956 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sl
2017-02-23 11:53 - 2016-11-19 23:29 - 0011703 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sl\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sr
2017-02-23 11:53 - 2016-11-19 23:29 - 0014752 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sv
2017-02-23 11:53 - 2016-11-19 23:29 - 0011821 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sv\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sw
2017-02-23 11:53 - 2016-11-19 23:29 - 0003612 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\sw\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ta
2017-02-23 11:53 - 2016-11-19 23:29 - 0011679 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\ta\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\te
2017-02-23 11:53 - 2016-11-19 23:29 - 0007483 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\te\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\th
2017-02-23 11:53 - 2016-11-19 23:29 - 0015778 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\th\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\tr
2017-02-23 11:53 - 2016-11-19 23:29 - 0012487 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\tr\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\uk
2017-02-23 11:53 - 2016-11-19 23:29 - 0015364 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\uk\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\vi
2017-02-23 11:53 - 2016-11-19 23:29 - 0013327 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\vi\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\zh_CN
2017-02-23 11:53 - 2016-11-19 23:29 - 0011167 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\zh_CN\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\zh_TW
2017-02-23 11:53 - 2016-11-19 23:29 - 0011012 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_locales\zh_TW\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_metadata
2017-02-23 11:53 - 2016-11-19 23:29 - 0019194 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_metadata\computed_hashes.json
2017-02-23 11:53 - 2016-10-26 09:27 - 0025752 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\_metadata\verified_contents.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ext
2017-02-23 11:53 - 2016-10-26 09:27 - 0016252 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ext\background.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0001852 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ext\common.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0000795 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ext\content.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0000935 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ext\devtools.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0000462 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ext\popup.js
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons
2017-02-23 11:53 - 2016-11-19 23:29 - 0000527 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-16.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000249 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-16-notification-critical.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000358 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-16-notification-information.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000417 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-16-whitelisted.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0000647 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-19.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000270 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-19-notification-critical.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000382 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-19-notification-information.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000436 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-19-whitelisted.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0000762 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-20.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000457 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-20-notification-critical.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000500 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-20-notification-information.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000566 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-20-whitelisted.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0001108 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-32.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000348 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-32-notification-critical.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000574 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-32-notification-information.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000667 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-32-whitelisted.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0001264 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-38.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000441 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-38-notification-critical.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000718 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-38-notification-information.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000806 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-38-whitelisted.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0001417 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-40.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000488 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-40-notification-critical.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000629 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-40-notification-information.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000757 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\abp-40-whitelisted.png
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\detailed
2017-02-23 11:53 - 2016-11-19 23:29 - 0009025 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\detailed\abp-128.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0001487 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\detailed\abp-32.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0002663 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\detailed\abp-48.png
2017-02-23 11:53 - 2016-11-19 23:29 - 0003848 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\icons\detailed\abp-64.png
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness
2017-02-23 11:53 - 2016-10-26 09:27 - 0022785 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\jquery-ui-1.8.16.custom.css
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images
2017-02-23 11:53 - 2016-10-26 09:27 - 0000180 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_flat_0_aaaaaa_40x100.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000178 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_flat_75_ffffff_40x100.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000120 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_glass_55_fbf9ee_1x400.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000105 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_glass_65_ffffff_1x400.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000111 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_glass_75_dadada_1x400.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000110 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_glass_75_e6e6e6_1x400.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000119 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_glass_95_fef1ec_1x400.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000101 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-bg_highlight-soft_75_cccccc_1x100.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0004369 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-icons_222222_256x240.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0004369 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-icons_2e83ff_256x240.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0004369 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-icons_454545_256x240.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0004369 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-icons_888888_256x240.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0004369 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\css\smoothness\images\ui-icons_cd0a0a_256x240.png
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\js
2017-02-23 11:53 - 2016-10-26 09:27 - 0093868 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\js\jquery-1.7.1.min.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0030148 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\jquery-ui\js\jquery-ui-1.8.16.custom.min.js
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib
2017-02-23 11:53 - 2016-10-26 09:27 - 0216086 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\adblockplus.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0005171 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\compat.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0001670 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\info.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0150932 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\publicSuffixList.js
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\polyfills
2017-02-23 11:53 - 2016-10-26 09:27 - 0001972 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\polyfills\fetch.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0003683 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\polyfills\promise.js
2017-02-23 11:53 - 2016-10-26 09:27 - 0001825 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\lib\polyfills\url.js
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\qunit
2017-02-23 11:53 - 2016-10-26 09:27 - 0001116 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\qunit\index.html
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin
2017-02-23 11:53 - 2016-10-26 09:27 - 0001309 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\abb-logo.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0003208 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\ajax-loader.gif
2017-02-23 11:53 - 2016-10-26 09:27 - 0000162 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\background.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000163 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\background-main.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0000162 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\background-share.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0001388 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\common.css
2017-02-23 11:53 - 2016-10-26 09:27 - 0003434 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\devtools-panel.css
2017-02-23 11:53 - 2016-10-26 09:27 - 0000160 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\donate.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0007846 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\firstRun.css
2017-02-23 11:53 - 2016-10-26 09:27 - 0005389 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\popup.css
2017-02-23 11:53 - 2016-10-26 09:27 - 0003275 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\popup.png
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\fonts
2017-02-23 11:53 - 2016-10-26 09:27 - 0043152 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\fonts\CreteRound-Italic.otf
2017-02-23 11:53 - 2016-10-26 09:27 - 0040968 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\fonts\CreteRound-Regular.otf
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\social
2017-02-23 11:53 - 2016-10-26 09:27 - 0003861 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\social\facebook.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0004009 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\social\googleplus.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0002619 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\social\renren.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0003944 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\social\twitter.png
2017-02-23 11:53 - 2016-10-26 09:27 - 0003497 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\skin\social\weibo.png
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0
2017-02-23 11:53 - 2017-02-07 20:48 - 0142744 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\app.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0003256 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\app-already-open.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0000082 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\dummy.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0001083 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\file-picker.html
2017-02-23 11:53 - 2017-02-13 15:24 - 0002519 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\manifest.json
2017-02-23 11:53 - 2017-02-07 20:48 - 0003728 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\mini-controls.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0003914 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\pair.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0003248 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\parse-tester.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0022082 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\premium-checkout.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0000116 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\url-opener.html
2017-02-23 11:53 - 2017-02-07 20:48 - 0002797 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\videostream.nmf
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\da
2017-02-23 11:53 - 2017-02-13 15:24 - 0000113 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\da\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\de
2017-02-23 11:53 - 2017-02-13 15:24 - 0000139 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\de\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\en
2017-02-23 11:53 - 2017-02-13 15:24 - 0069528 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\en\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\es
2017-02-23 11:53 - 2017-02-13 15:24 - 0000126 _____ () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.207.0_0\_locales\es\messages.json
2017-02-23 11:53 - 2017-02-23 11:53 - 0000000 ____D () C:\Users\Anna\AppData\Local\Clogeyreiwish\ChromeDefaultData\Extensions\cnciopoikihiagdjbjpno

 

 

hope you have the time to look at it tomorrow

 

regards,

Anna



#8 avanbon

avanbon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 15 March 2017 - 06:41 AM

Hi Phil,
thought I should let you know that something keeps turning off my avira antivirus and Windows defender. I am almost at the point of just doing a complete re-install this weekend of my computer, since this is getting out of hand and i don't feel safe anymore. Would that remove all the stuff that's roaming around in my computer now?

Regards, Anna

#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 15 March 2017 - 07:38 AM

Anna:
 
Your new logs show signs of massive malware infestation affecting your browsers.  I only got part way through your new FRST logs yesterday.  The new logs showed new malware infections that were not present in your original logs.  Looks like some of it might be related to a download of YAC.  Whether you downloaded that, or other malware did, I don't know at this point.  That is one of the reasons why we ask users not to run any other tools other than those we request when we are attempting to disinfect a computer.
 
Also are you aware of this folder: C:\Users\Anna\AppData\Local\Clogeyreiwish.  As you can see from the last part of the FRST "fixlog.txt" file, it is full of Chrome extensions.  Is there a user on your computer with the login ID of "Clogeyreiwish" or a Chrome ID of that name?
 

I am almost at the point of just doing a complete re-install this weekend of my computer, since this is getting out of hand and i don't feel safe anymore. Would that remove all the stuff that's roaming around in my computer now?


A reinstall should get rid of most, if not all, of the malware, unless there is some persistent malware variants that decide to survive the clean install. It is unlikely, but it does happen; however, that said, we could run fresh FRST logs after the clean install, and see what remains, if anything.

I apologize for the lateness of this reply. I was sideswiped by the March Windows Updates this morning when I logged into my computer: see my post this morning in the Windows 10 Forum.  That took me a few hours to fully recover from that Windows Updates fiasco.

 

It is your decision whether you want to do a clean install.  I am prepared to continue analyzing your newest FRST logs and to craft a "fixlist.txt" script to remove what I am seeing in your newest FRST logs.

 

Please let me know what you decide as soon as possible, particularly if you are going to go the clean install route.  If you go that route, I will keep your topic open here, so you can submit fresh FRST logs after the clean install and I will have a look at them.

 

Awaiting your reply.  Thank you, Anna, and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 avanbon

avanbon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 15 March 2017 - 10:12 AM

Hi Phil,

I am going to do a clean install this weekend, trying to only use internet on my phone in the meantime. Completely​ done with the malware, want to normally use my laptop. It has been a while since I completely cleaned my computer so it would be about time anyway.

I will let you know when i finished the install.

Regards,
Anna

#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 15 March 2017 - 01:00 PM

Anna:

 

Thank you for your reply.  Sorry for being late acknowledging it.  It has been ONE of THOSE DAYS! :)

 

I will abandon the analysis of your newest FRST logs and hold your topic open until after you have done your clean install and run a new set of FRST logs.

 

Good luck with the clean install.  It is a lot of work but it sure does make a difference to the performance of a computer.  They do bog down over time with all of the program installs and uninstalls, file/folder deletions, etc.

 

Personally, I would have opted for the option that you have chosen, in your situation.

 

Please ensure that you do have a full system image of all of your partitions so that none of your personal data might be lost, before you commence the clean install.  I am sure that you already know that, but I just want to mention it.  I kept my old images for a year after I did clean installs of Windows 10 on both of my computers in December 2015.  It turned out that I had all of the bases covered, but it is easy to overlook things in the confusion of getting everything back in running shape.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 20 March 2017 - 01:07 PM

Anna:

 

How are you making out with the clean install?

 

Awaiting a new set of FRST logs when you have your computer all set up again.  Just checking in.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 24 March 2017 - 01:40 PM

Anna:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.  I know that you were planning on doing a clean install last weekend.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator and submit fresh FRST logs from your new install at your convenience.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:28 PM

Posted 26 March 2017 - 06:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users