Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log:Please Help Diagnose


  • This topic is locked This topic is locked
22 replies to this topic

#1 jhguitar1

jhguitar1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 21 April 2017 - 04:28 PM

Hello,

 

My computer is running horribly so I was guided to this forum. Multiple people use my computer so I'm not sure if it's infected. I did see many undesirable items on a hijack log from slim cleaner. Can someone please tell me if there is anything I can do or need to change?

Thank you very much!!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:15:28 PM, on 4/21/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18639)

FIREFOX: 52.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\john\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\john\Downloads\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b10c0317
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\d3dx9_322.dll
O2 - BHO: Groove GFS Browser Helper - {4A7263C7-70CC-2683-3C7E-5EB34AE948CD} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - Global Startup: NETGEAR WNDA3100v2 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/My%20Kingdom%20for%20the%20Princess/Images/armhelper.ocx
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: activeMARK Instant Service (AMInstantService) - GameHouse - C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 12969 bytes
 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 21 April 2017 - 05:28 PM

Hello jhguitar1 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


The program you ran is not used any more so I’ll need some newer ones to see what’s happening.

===================================================

Note: Please follow these instructions in the order given.

===================================================
 

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista/7/8/10, instead of double-clicking, right-mouse click JRT.exe and select ‘Run as Administrator’
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 jhguitar1

jhguitar1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 April 2017 - 08:52 AM

Thank you for your response. Please let me know if I did anything wrong as I'm not proficient on a computer.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2017
Ran by john (22-04-2017 08:46:18)
Running from C:\Users\john\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-06-30 21:57:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

1E8872683E574B869C7C (S-1-5-21-1151682749-726298257-2278553524-1006 - Limited - Enabled)
Administrator (S-1-5-21-1151682749-726298257-2278553524-500 - Administrator - Disabled)
Guest (S-1-5-21-1151682749-726298257-2278553524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1151682749-726298257-2278553524-1005 - Limited - Enabled)
john (S-1-5-21-1151682749-726298257-2278553524-1001 - Administrator - Enabled) => C:\Users\john
UpdatusUser (S-1-5-21-1151682749-726298257-2278553524-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BitTorrent (HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\BitTorrent) (Version: 7.9.5.41713 - BitTorrent Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\Dropbox) (Version: 23.4.18 - Dropbox, Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Games Manager (HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\GamesManager) (Version: 2.15.2.971 - iWin Inc.)
GoldWave v6.21 (HKLM\...\GoldWave v6.21) (Version: 6.21 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.14.41 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.6.14.19 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Online Plug-in (x32 Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Rescue Team 4 (HKLM-x32\...\e55e1cd4e5529d1632e08e4a4aba1c89) (Version:  - Zylom)
Rig Manager (HKLM\...\{AC70377B-F83B-484E-8F42-553FDE919848}) (Version: 2.0.17.12837 - Kemper GmbH)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Self-service Plug-in (x32 Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version:  - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D6C7754-DF90-45C1-A6A5-EF86D8321492} - \{184C56A0-C3E2-442E-A862-F599E4EADB5B} -> No File <==== ATTENTION
Task: {1865B619-F3A4-4E0E-A16B-0D168B78CC62} - \{025BAF31-693D-42E4-9751-3685D6E4BAE4} -> No File <==== ATTENTION
Task: {18997706-8B99-4678-B009-60B0D8D62EB0} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} - \{3F481316-3BDA-4DB7-A607-3902589DE710} -> No File <==== ATTENTION
Task: {1F032558-CC9E-43DE-A7CB-8286BD7FACAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {405B9123-065B-4D5B-9248-E455494B5D8E} - \ASC10_SkipUac_john -> No File <==== ATTENTION
Task: {42FDF028-EF57-442E-B11A-B4D02F136A66} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {4F0D0BBA-C148-4E64-A3C7-DA72253AF440} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {50218AC2-EB2C-4121-900D-54DCB77D7685} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} - \ServicePlan -> No File <==== ATTENTION
Task: {5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {5B38BC29-5F97-46AA-A078-D00157D9BF66} - \{2656970F-B297-4BDF-B6B0-F33AC426CE4A} -> No File <==== ATTENTION
Task: {5E157FC9-B788-47A1-93B4-49B51919F41D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1151682749-726298257-2278553524-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
Task: {5E2E4401-0395-409F-8A90-F74862ABC303} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {5F0E89B2-86AE-4E32-BB1E-A9D07B4E7C4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {62DE9D35-2333-40CC-A9AF-4DBC0C4A8BD5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001Core => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {747FA2DF-D71F-4FB2-9CC3-90A2A7DE4961} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1151682749-726298257-2278553524-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
Task: {74A8BC2B-A993-434F-8D3C-502FBD66F3A9} - \{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} -> No File <==== ATTENTION
Task: {86F962BD-A931-492C-B2C6-46985734F5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {9093F20B-7EF1-4D93-9848-9283BF4219A3} - \{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} -> No File <==== ATTENTION
Task: {96C2585D-1B0B-48CB-A420-F664A7FF1902} - \{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} -> No File <==== ATTENTION
Task: {9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} - \SidebarExecute -> No File <==== ATTENTION
Task: {A301682B-A2E6-400B-863C-93D375796FA2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001UA => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} - \{D824C271-A6E2-4C9F-888E-3E9F92EFD934} -> No File <==== ATTENTION
Task: {AC7CE4FC-A37A-4DAE-9B2C-BC928CDF5ECA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B74D63C6-C18A-4757-8DE0-048F995E5BD1} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {C1365946-5801-43B2-A116-FAFE0D1D436C} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {C36BD1E3-D0D6-4238-9A94-8AB293C7088B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-24] (HP Inc.)
Task: {C491A3E4-CDB7-413C-9E62-2DAFD28E460E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {C5D7AE00-8283-4F06-8AF9-6BE8C0F1FF57} - System32\Tasks\HPCeeScheduleForjohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {C91F53F5-DECC-4E66-AB14-1BD871AAE779} - \{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} -> No File <==== ATTENTION
Task: {CB3736ED-2C41-4515-BC94-BEB52D8FCEF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {CE967B34-0125-41CC-A7EB-60785DCF3E8C} - \ExtendedServicePlan -> No File <==== ATTENTION
Task: {DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} - \{30C93F67-CAFC-40C9-92F4-E68B488499FF} -> No File <==== ATTENTION
Task: {E37D055E-4FAC-461C-B493-594355FFFD7E} - \{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} -> No File <==== ATTENTION
Task: {F0A9F521-54A1-4C48-8778-3BC22E02B752} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} - \{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} -> No File <==== ATTENTION
Task: {F55D43D4-5001-482C-98FA-9BFB642F517D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F7216E9A-9E1E-4619-929B-427478F66A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001Core.job => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001UA.job => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\john\Desktop\Play iWin Games.lnk -> C:\Users\john\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2017-02-03 19:33 - 2015-01-30 19:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-17 22:53 - 2014-12-11 18:48 - 08397536 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2013-01-17 22:53 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-01-17 22:53 - 2014-07-22 10:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-01-17 22:53 - 2015-03-05 18:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData:gs5sys [13824]
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\Users\All Users:gs5sys [13824]
AlternateDataStreams: C:\Users\john:gs5sys [11264]
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [13824]
AlternateDataStreams: C:\ProgramData\Microsoft:B9xwA2h14JKte5pCL [2108]
AlternateDataStreams: C:\ProgramData\Microsoft:Xfs7bpoxDwey85FI [2078]
AlternateDataStreams: C:\ProgramData\Temp:00373BA4 [135]
AlternateDataStreams: C:\ProgramData\Temp:012BC84F [282]
AlternateDataStreams: C:\ProgramData\Temp:01312928 [146]
AlternateDataStreams: C:\ProgramData\Temp:028EA3FD [118]
AlternateDataStreams: C:\ProgramData\Temp:03F9B551 [270]
AlternateDataStreams: C:\ProgramData\Temp:04076B92 [137]
AlternateDataStreams: C:\ProgramData\Temp:041ED421 [138]
AlternateDataStreams: C:\ProgramData\Temp:04406D73 [376]
AlternateDataStreams: C:\ProgramData\Temp:050C0DEA [140]
AlternateDataStreams: C:\ProgramData\Temp:05BF1B63 [202]
AlternateDataStreams: C:\ProgramData\Temp:060A3B0B [244]
AlternateDataStreams: C:\ProgramData\Temp:06771D62 [125]
AlternateDataStreams: C:\ProgramData\Temp:06C34166 [128]
AlternateDataStreams: C:\ProgramData\Temp:08003876 [132]
AlternateDataStreams: C:\ProgramData\Temp:084612C9 [130]
AlternateDataStreams: C:\ProgramData\Temp:08A03B9E [654]
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD [230]
AlternateDataStreams: C:\ProgramData\Temp:0968E571 [244]
AlternateDataStreams: C:\ProgramData\Temp:09867A8B [141]
AlternateDataStreams: C:\ProgramData\Temp:0A2A7D18 [132]
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5 [260]
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F [107]
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B [310]
AlternateDataStreams: C:\ProgramData\Temp:0B11E9EE [143]
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A [276]
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47 [126]
AlternateDataStreams: C:\ProgramData\Temp:0D6F7BD4 [139]
AlternateDataStreams: C:\ProgramData\Temp:0DAE9980 [129]
AlternateDataStreams: C:\ProgramData\Temp:0DDDD3CD [133]
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [139]
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [141]
AlternateDataStreams: C:\ProgramData\Temp:0F0F9094 [127]
AlternateDataStreams: C:\ProgramData\Temp:104A718B [276]
AlternateDataStreams: C:\ProgramData\Temp:10516C76 [146]
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1 [284]
AlternateDataStreams: C:\ProgramData\Temp:10BBEFEF [746]
AlternateDataStreams: C:\ProgramData\Temp:11EF326F [139]
AlternateDataStreams: C:\ProgramData\Temp:127BB39D [140]
AlternateDataStreams: C:\ProgramData\Temp:12A012A1 [129]
AlternateDataStreams: C:\ProgramData\Temp:12A3FA49 [132]
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9 [240]
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0 [120]
AlternateDataStreams: C:\ProgramData\Temp:14050722 [132]
AlternateDataStreams: C:\ProgramData\Temp:149E8786 [282]
AlternateDataStreams: C:\ProgramData\Temp:15381DB9 [136]
AlternateDataStreams: C:\ProgramData\Temp:158AC5F5 [137]
AlternateDataStreams: C:\ProgramData\Temp:15FA1ECB [151]
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B [280]
AlternateDataStreams: C:\ProgramData\Temp:1656EE95 [246]
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6 [268]
AlternateDataStreams: C:\ProgramData\Temp:16A4620C [258]
AlternateDataStreams: C:\ProgramData\Temp:16D21E17 [288]
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F [132]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:18345E10 [144]
AlternateDataStreams: C:\ProgramData\Temp:1858B534 [112]
AlternateDataStreams: C:\ProgramData\Temp:18B35CC4 [113]
AlternateDataStreams: C:\ProgramData\Temp:18B5F839 [138]
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51 [272]
AlternateDataStreams: C:\ProgramData\Temp:19636FDD [262]
AlternateDataStreams: C:\ProgramData\Temp:1968990D [254]
AlternateDataStreams: C:\ProgramData\Temp:19D3BC34 [149]
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C [276]
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204 [284]
AlternateDataStreams: C:\ProgramData\Temp:1AE1D58D [288]
AlternateDataStreams: C:\ProgramData\Temp:1DEA36D6 [132]
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA [136]
AlternateDataStreams: C:\ProgramData\Temp:1F2F0F76 [119]
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F [144]
AlternateDataStreams: C:\ProgramData\Temp:20EB6823 [120]
AlternateDataStreams: C:\ProgramData\Temp:2216A431 [278]
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA [137]
AlternateDataStreams: C:\ProgramData\Temp:2532C28E [121]
AlternateDataStreams: C:\ProgramData\Temp:2556A8A0 [141]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [146]
AlternateDataStreams: C:\ProgramData\Temp:25EF6F01 [129]
AlternateDataStreams: C:\ProgramData\Temp:26FF37EB [144]
AlternateDataStreams: C:\ProgramData\Temp:2707D83A [286]
AlternateDataStreams: C:\ProgramData\Temp:27C59043 [104]
AlternateDataStreams: C:\ProgramData\Temp:2892289F [125]
AlternateDataStreams: C:\ProgramData\Temp:28C6BEBF [144]
AlternateDataStreams: C:\ProgramData\Temp:29B37860 [234]
AlternateDataStreams: C:\ProgramData\Temp:29C0641D [284]
AlternateDataStreams: C:\ProgramData\Temp:2A48233F [130]
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4 [276]
AlternateDataStreams: C:\ProgramData\Temp:2B856118 [268]
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [234]
AlternateDataStreams: C:\ProgramData\Temp:2BB2D50B [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:2CED8825 [138]
AlternateDataStreams: C:\ProgramData\Temp:2F539966 [294]
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD [135]
AlternateDataStreams: C:\ProgramData\Temp:300E36AB [149]
AlternateDataStreams: C:\ProgramData\Temp:309E3827 [125]
AlternateDataStreams: C:\ProgramData\Temp:317F7381 [126]
AlternateDataStreams: C:\ProgramData\Temp:3252A6BA [132]
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED [133]
AlternateDataStreams: C:\ProgramData\Temp:346337E3 [146]
AlternateDataStreams: C:\ProgramData\Temp:3469612C [270]
AlternateDataStreams: C:\ProgramData\Temp:34EFF1F2 [246]
AlternateDataStreams: C:\ProgramData\Temp:35629AE6 [286]
AlternateDataStreams: C:\ProgramData\Temp:3571475C [250]
AlternateDataStreams: C:\ProgramData\Temp:366B74CA [246]
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD [272]
AlternateDataStreams: C:\ProgramData\Temp:3895D488 [136]
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83 [141]
AlternateDataStreams: C:\ProgramData\Temp:38FF076E [132]
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7 [286]
AlternateDataStreams: C:\ProgramData\Temp:3A4A5185 [264]
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\Temp:3B12F2EC [146]
AlternateDataStreams: C:\ProgramData\Temp:3B84A3F1 [140]
AlternateDataStreams: C:\ProgramData\Temp:3BB073C2 [144]
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF [284]
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D [154]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [250]
AlternateDataStreams: C:\ProgramData\Temp:3E208EC8 [131]
AlternateDataStreams: C:\ProgramData\Temp:3E2A4708 [770]
AlternateDataStreams: C:\ProgramData\Temp:3E9452A9 [272]
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\Temp:41472405 [124]
AlternateDataStreams: C:\ProgramData\Temp:426CDD93 [756]
AlternateDataStreams: C:\ProgramData\Temp:432EC713 [141]
AlternateDataStreams: C:\ProgramData\Temp:434CFDCA [236]
AlternateDataStreams: C:\ProgramData\Temp:436BE28C [256]
AlternateDataStreams: C:\ProgramData\Temp:43E0EC8A [250]
AlternateDataStreams: C:\ProgramData\Temp:448E7C5B [133]
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\Temp:46C7F417 [242]
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\Temp:4911BB5C [214]
AlternateDataStreams: C:\ProgramData\Temp:4A10AFB7 [146]
AlternateDataStreams: C:\ProgramData\Temp:4B2A0356 [278]
AlternateDataStreams: C:\ProgramData\Temp:4B2E08FB [244]
AlternateDataStreams: C:\ProgramData\Temp:4B325725 [70]
AlternateDataStreams: C:\ProgramData\Temp:4B4D7EF3 [155]
AlternateDataStreams: C:\ProgramData\Temp:4BC514A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5 [129]
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B [132]
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D [125]
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B [125]
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8 [139]
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E [136]
AlternateDataStreams: C:\ProgramData\Temp:4D348522 [132]
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8 [140]
AlternateDataStreams: C:\ProgramData\Temp:517EFA90 [135]
AlternateDataStreams: C:\ProgramData\Temp:51E05A3A [230]
AlternateDataStreams: C:\ProgramData\Temp:52329B88 [146]
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF [137]
AlternateDataStreams: C:\ProgramData\Temp:54531C7D [256]
AlternateDataStreams: C:\ProgramData\Temp:54C1075C [147]
AlternateDataStreams: C:\ProgramData\Temp:54F257C0 [194]
AlternateDataStreams: C:\ProgramData\Temp:56A74E89 [130]
AlternateDataStreams: C:\ProgramData\Temp:57173DB4 [137]
AlternateDataStreams: C:\ProgramData\Temp:574311A1 [130]
AlternateDataStreams: C:\ProgramData\Temp:57B374AB [276]
AlternateDataStreams: C:\ProgramData\Temp:57CFEA7A [144]
AlternateDataStreams: C:\ProgramData\Temp:581ECF22 [112]
AlternateDataStreams: C:\ProgramData\Temp:58A7E801 [234]
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB [128]
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B [280]
AlternateDataStreams: C:\ProgramData\Temp:5C818B5D [141]
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE [154]
AlternateDataStreams: C:\ProgramData\Temp:5D4F063C [292]
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B [138]
AlternateDataStreams: C:\ProgramData\Temp:5FEAB2C8 [379]
AlternateDataStreams: C:\ProgramData\Temp:602EC63C [262]
AlternateDataStreams: C:\ProgramData\Temp:607A99D7 [133]
AlternateDataStreams: C:\ProgramData\Temp:616A2A70 [118]
AlternateDataStreams: C:\ProgramData\Temp:619F147E [159]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [140]
AlternateDataStreams: C:\ProgramData\Temp:624A80FD [192]
AlternateDataStreams: C:\ProgramData\Temp:6271B518 [122]
AlternateDataStreams: C:\ProgramData\Temp:62AF0D82 [129]
AlternateDataStreams: C:\ProgramData\Temp:6358B2F7 [135]
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9 [296]
AlternateDataStreams: C:\ProgramData\Temp:63E88FD4 [141]
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF [144]
AlternateDataStreams: C:\ProgramData\Temp:6423D635 [242]
AlternateDataStreams: C:\ProgramData\Temp:6447E3B5 [238]
AlternateDataStreams: C:\ProgramData\Temp:6468C896 [272]
AlternateDataStreams: C:\ProgramData\Temp:64BDD821 [226]
AlternateDataStreams: C:\ProgramData\Temp:65621319 [145]
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A [124]
AlternateDataStreams: C:\ProgramData\Temp:67396145 [154]
AlternateDataStreams: C:\ProgramData\Temp:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA [118]
AlternateDataStreams: C:\ProgramData\Temp:680086AB [114]
AlternateDataStreams: C:\ProgramData\Temp:68198EE3 [135]
AlternateDataStreams: C:\ProgramData\Temp:68C21E42 [304]
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7 [136]
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F [750]
AlternateDataStreams: C:\ProgramData\Temp:69ED1286 [286]
AlternateDataStreams: C:\ProgramData\Temp:6A609C67 [128]
AlternateDataStreams: C:\ProgramData\Temp:6B251180 [288]
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4 [135]
AlternateDataStreams: C:\ProgramData\Temp:6BF6CA71 [133]
AlternateDataStreams: C:\ProgramData\Temp:6C718587 [246]
AlternateDataStreams: C:\ProgramData\Temp:6CCDA168 [112]
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2 [147]
AlternateDataStreams: C:\ProgramData\Temp:6DC537DB [308]
AlternateDataStreams: C:\ProgramData\Temp:6DCC0E34 [274]
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746 [256]
AlternateDataStreams: C:\ProgramData\Temp:6E271126 [117]
AlternateDataStreams: C:\ProgramData\Temp:6EC8F6C5 [210]
AlternateDataStreams: C:\ProgramData\Temp:6F0C95A1 [290]
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1 [286]
AlternateDataStreams: C:\ProgramData\Temp:6F84C4DE [131]
AlternateDataStreams: C:\ProgramData\Temp:6F998753 [145]
AlternateDataStreams: C:\ProgramData\Temp:6F9C57B9 [146]
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6FA918FA [145]
AlternateDataStreams: C:\ProgramData\Temp:701B92FB [242]
AlternateDataStreams: C:\ProgramData\Temp:70BDB805 [127]
AlternateDataStreams: C:\ProgramData\Temp:70FD4407 [272]
AlternateDataStreams: C:\ProgramData\Temp:7109C24A [141]
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A [228]
AlternateDataStreams: C:\ProgramData\Temp:73879882 [280]
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96 [119]
AlternateDataStreams: C:\ProgramData\Temp:73B78E79 [128]
AlternateDataStreams: C:\ProgramData\Temp:7455D6E6 [144]
AlternateDataStreams: C:\ProgramData\Temp:74A0E249 [152]
AlternateDataStreams: C:\ProgramData\Temp:74E256F6 [133]
AlternateDataStreams: C:\ProgramData\Temp:751D6870 [146]
AlternateDataStreams: C:\ProgramData\Temp:757BA6A5 [154]
AlternateDataStreams: C:\ProgramData\Temp:75CEDFA5 [117]
AlternateDataStreams: C:\ProgramData\Temp:77066415 [760]
AlternateDataStreams: C:\ProgramData\Temp:77E239B1 [127]
AlternateDataStreams: C:\ProgramData\Temp:77E927FC [136]
AlternateDataStreams: C:\ProgramData\Temp:7804B508 [124]
AlternateDataStreams: C:\ProgramData\Temp:7890F666 [314]
AlternateDataStreams: C:\ProgramData\Temp:796EE7C8 [120]
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE [130]
AlternateDataStreams: C:\ProgramData\Temp:7A51F685 [290]
AlternateDataStreams: C:\ProgramData\Temp:7ACF38DE [246]
AlternateDataStreams: C:\ProgramData\Temp:7D288858 [141]
AlternateDataStreams: C:\ProgramData\Temp:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA [464]
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621 [128]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [266]
AlternateDataStreams: C:\ProgramData\Temp:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\Temp:81E0F9D0 [146]
AlternateDataStreams: C:\ProgramData\Temp:81F65F60 [748]
AlternateDataStreams: C:\ProgramData\Temp:82111599 [244]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [256]
AlternateDataStreams: C:\ProgramData\Temp:84618038 [133]
AlternateDataStreams: C:\ProgramData\Temp:84D1C282 [130]
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7 [148]
AlternateDataStreams: C:\ProgramData\Temp:85376176 [121]
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3 [133]
AlternateDataStreams: C:\ProgramData\Temp:87E3D720 [147]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [146]
AlternateDataStreams: C:\ProgramData\Temp:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\Temp:8967C154 [126]
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44 [132]
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB [152]
AlternateDataStreams: C:\ProgramData\Temp:89FED318 [286]
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E [109]
AlternateDataStreams: C:\ProgramData\Temp:8AC20936 [129]
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3 [135]
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD [145]
AlternateDataStreams: C:\ProgramData\Temp:8C49003C [145]
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3 [122]
AlternateDataStreams: C:\ProgramData\Temp:8D634113 [732]
AlternateDataStreams: C:\ProgramData\Temp:8D9C24E0 [260]
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71 [115]
AlternateDataStreams: C:\ProgramData\Temp:902C848D [250]
AlternateDataStreams: C:\ProgramData\Temp:9083C3AD [123]
AlternateDataStreams: C:\ProgramData\Temp:90C320E1 [250]
AlternateDataStreams: C:\ProgramData\Temp:91244A8F [118]
AlternateDataStreams: C:\ProgramData\Temp:9124663C [128]
AlternateDataStreams: C:\ProgramData\Temp:92421EF9 [123]
AlternateDataStreams: C:\ProgramData\Temp:927EC486 [256]
AlternateDataStreams: C:\ProgramData\Temp:928DF32E [286]
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9 [292]
AlternateDataStreams: C:\ProgramData\Temp:947107AC [124]
AlternateDataStreams: C:\ProgramData\Temp:9491C9C7 [276]
AlternateDataStreams: C:\ProgramData\Temp:95198126 [100]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [252]
AlternateDataStreams: C:\ProgramData\Temp:972E051C [248]
AlternateDataStreams: C:\ProgramData\Temp:973DCFFF [780]
AlternateDataStreams: C:\ProgramData\Temp:97B3B270 [278]
AlternateDataStreams: C:\ProgramData\Temp:97ECE74A [150]
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6 [131]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203 [127]
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6 [140]
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C [119]
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [288]
AlternateDataStreams: C:\ProgramData\Temp:9BF0C425 [280]
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE [280]
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6 [133]
AlternateDataStreams: C:\ProgramData\Temp:9D03192E [118]
AlternateDataStreams: C:\ProgramData\Temp:9D60BE91 [276]
AlternateDataStreams: C:\ProgramData\Temp:9D91E651 [126]
AlternateDataStreams: C:\ProgramData\Temp:9DDABE44 [278]
AlternateDataStreams: C:\ProgramData\Temp:9DF24CB2 [140]
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0 [122]
AlternateDataStreams: C:\ProgramData\Temp:9E4F05ED [128]
AlternateDataStreams: C:\ProgramData\Temp:9F38BF31 [143]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [126]
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9 [116]
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F [252]
AlternateDataStreams: C:\ProgramData\Temp:A103830F [133]
AlternateDataStreams: C:\ProgramData\Temp:A22AF60D [138]
AlternateDataStreams: C:\ProgramData\Temp:A279C25A [136]
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B [126]
AlternateDataStreams: C:\ProgramData\Temp:A43B789A [139]
AlternateDataStreams: C:\ProgramData\Temp:A44008FA [250]
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F [278]
AlternateDataStreams: C:\ProgramData\Temp:A5948878 [132]
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80 [152]
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF [123]
AlternateDataStreams: C:\ProgramData\Temp:A8606E6E [292]
AlternateDataStreams: C:\ProgramData\Temp:A899E64E [141]
AlternateDataStreams: C:\ProgramData\Temp:A89B3FB8 [722]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2 [153]
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF [118]
AlternateDataStreams: C:\ProgramData\Temp:A9BB1126 [258]
AlternateDataStreams: C:\ProgramData\Temp:AA559E17 [136]
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB [134]
AlternateDataStreams: C:\ProgramData\Temp:AE289451 [145]
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA [139]
AlternateDataStreams: C:\ProgramData\Temp:B02249C3 [124]
AlternateDataStreams: C:\ProgramData\Temp:B059B88E [147]
AlternateDataStreams: C:\ProgramData\Temp:B0B6C3E8 [187]
AlternateDataStreams: C:\ProgramData\Temp:B0BD7797 [272]
AlternateDataStreams: C:\ProgramData\Temp:B162D6FD [138]
AlternateDataStreams: C:\ProgramData\Temp:B1EED3AD [130]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [103]
AlternateDataStreams: C:\ProgramData\Temp:B243953E [134]
AlternateDataStreams: C:\ProgramData\Temp:B285A50E [268]
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4 [754]
AlternateDataStreams: C:\ProgramData\Temp:B3550AA2 [280]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [126]
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE [256]
AlternateDataStreams: C:\ProgramData\Temp:B3A4FEE1 [129]
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C [148]
AlternateDataStreams: C:\ProgramData\Temp:B445A124 [133]
AlternateDataStreams: C:\ProgramData\Temp:B4F7687B [278]
AlternateDataStreams: C:\ProgramData\Temp:B53DCFC9 [127]
AlternateDataStreams: C:\ProgramData\Temp:B5F623E4 [248]
AlternateDataStreams: C:\ProgramData\Temp:B615ABD3 [137]
AlternateDataStreams: C:\ProgramData\Temp:B65E763D [139]
AlternateDataStreams: C:\ProgramData\Temp:B6C1A5F4 [266]
AlternateDataStreams: C:\ProgramData\Temp:B779C113 [252]
AlternateDataStreams: C:\ProgramData\Temp:B790962B [128]
AlternateDataStreams: C:\ProgramData\Temp:B7E52658 [119]
AlternateDataStreams: C:\ProgramData\Temp:B8428FE1 [137]
AlternateDataStreams: C:\ProgramData\Temp:B86642C5 [152]
AlternateDataStreams: C:\ProgramData\Temp:B86927F0 [149]
AlternateDataStreams: C:\ProgramData\Temp:B88DC997 [278]
AlternateDataStreams: C:\ProgramData\Temp:B9433D0F [129]
AlternateDataStreams: C:\ProgramData\Temp:B9BD98A8 [246]
AlternateDataStreams: C:\ProgramData\Temp:B9E36774 [141]
AlternateDataStreams: C:\ProgramData\Temp:BA5938AB [278]
AlternateDataStreams: C:\ProgramData\Temp:BB004A7D [114]
AlternateDataStreams: C:\ProgramData\Temp:BB718C46 [282]
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:BD659567 [153]
AlternateDataStreams: C:\ProgramData\Temp:C07829DC [258]
AlternateDataStreams: C:\ProgramData\Temp:C085F80B [280]
AlternateDataStreams: C:\ProgramData\Temp:C0DFB793 [139]
AlternateDataStreams: C:\ProgramData\Temp:C0EFBD3F [132]
AlternateDataStreams: C:\ProgramData\Temp:C178954A [135]
AlternateDataStreams: C:\ProgramData\Temp:C1DBE635 [140]
AlternateDataStreams: C:\ProgramData\Temp:C1FF1B01 [132]
AlternateDataStreams: C:\ProgramData\Temp:C356A185 [294]
AlternateDataStreams: C:\ProgramData\Temp:C37283B5 [272]
AlternateDataStreams: C:\ProgramData\Temp:C3C72D5F [128]
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A [134]
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6 [152]
AlternateDataStreams: C:\ProgramData\Temp:C52EF004 [246]
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57 [136]
AlternateDataStreams: C:\ProgramData\Temp:C5B1FE54 [133]
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8 [125]
AlternateDataStreams: C:\ProgramData\Temp:C7857F06 [238]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [118]
AlternateDataStreams: C:\ProgramData\Temp:C8182692 [228]
AlternateDataStreams: C:\ProgramData\Temp:C82210DD [135]
AlternateDataStreams: C:\ProgramData\Temp:C91C214D [268]
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06 [262]
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592 [136]
AlternateDataStreams: C:\ProgramData\Temp:CA4FAE31 [135]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [102]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [268]
AlternateDataStreams: C:\ProgramData\Temp:CC45913B [135]
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8 [236]
AlternateDataStreams: C:\ProgramData\Temp:CCFB0FDD [119]
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC [246]
AlternateDataStreams: C:\ProgramData\Temp:CD95E2C9 [138]
AlternateDataStreams: C:\ProgramData\Temp:CE253B51 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE707633 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3 [270]
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0 [278]
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06 [276]
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB [268]
AlternateDataStreams: C:\ProgramData\Temp:D0DCD8D7 [117]
AlternateDataStreams: C:\ProgramData\Temp:D1094629 [146]
AlternateDataStreams: C:\ProgramData\Temp:D1787194 [368]
AlternateDataStreams: C:\ProgramData\Temp:D22B04C3 [760]
AlternateDataStreams: C:\ProgramData\Temp:D2397415 [127]
AlternateDataStreams: C:\ProgramData\Temp:D254266B [300]
AlternateDataStreams: C:\ProgramData\Temp:D2972D66 [140]
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB [132]
AlternateDataStreams: C:\ProgramData\Temp:D36E068F [129]
AlternateDataStreams: C:\ProgramData\Temp:D414289B [135]
AlternateDataStreams: C:\ProgramData\Temp:D478F292 [135]
AlternateDataStreams: C:\ProgramData\Temp:D5458F6B [242]
AlternateDataStreams: C:\ProgramData\Temp:D59DE356 [130]
AlternateDataStreams: C:\ProgramData\Temp:D5B149F6 [131]
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D [130]
AlternateDataStreams: C:\ProgramData\Temp:D696AA12 [286]
AlternateDataStreams: C:\ProgramData\Temp:D6F7008C [216]
AlternateDataStreams: C:\ProgramData\Temp:D7DDEF83 [129]
AlternateDataStreams: C:\ProgramData\Temp:D8936165 [312]
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1 [140]
AlternateDataStreams: C:\ProgramData\Temp:D9243D84 [122]
AlternateDataStreams: C:\ProgramData\Temp:DA2268D5 [143]
AlternateDataStreams: C:\ProgramData\Temp:DA6DA9A1 [134]
AlternateDataStreams: C:\ProgramData\Temp:DBF7208A [782]
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3 [118]
AlternateDataStreams: C:\ProgramData\Temp:DCC6EDE9 [138]
AlternateDataStreams: C:\ProgramData\Temp:DD780579 [264]
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9 [250]
AlternateDataStreams: C:\ProgramData\Temp:DE33A453 [266]
AlternateDataStreams: C:\ProgramData\Temp:DE813CDD [242]
AlternateDataStreams: C:\ProgramData\Temp:DE8F2B8B [149]
AlternateDataStreams: C:\ProgramData\Temp:DEEA54A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:DF19F127 [244]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:E0553E73 [258]
AlternateDataStreams: C:\ProgramData\Temp:E21413B8 [238]
AlternateDataStreams: C:\ProgramData\Temp:E2295807 [145]
AlternateDataStreams: C:\ProgramData\Temp:E24659F6 [141]
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1 [163]
AlternateDataStreams: C:\ProgramData\Temp:E397CC9D [131]
AlternateDataStreams: C:\ProgramData\Temp:E44513D0 [123]
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41 [135]
AlternateDataStreams: C:\ProgramData\Temp:E5B07840 [266]
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD [147]
AlternateDataStreams: C:\ProgramData\Temp:E62BD5C1 [268]
AlternateDataStreams: C:\ProgramData\Temp:E6537A16 [125]
AlternateDataStreams: C:\ProgramData\Temp:E67D0FCB [120]
AlternateDataStreams: C:\ProgramData\Temp:E6A94369 [138]
AlternateDataStreams: C:\ProgramData\Temp:E6A96BE9 [284]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [139]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [104]
AlternateDataStreams: C:\ProgramData\Temp:E7614E1F [128]
AlternateDataStreams: C:\ProgramData\Temp:E8B61305 [286]
AlternateDataStreams: C:\ProgramData\Temp:E96D894A [238]
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C [139]
AlternateDataStreams: C:\ProgramData\Temp:E9D68B36 [302]
AlternateDataStreams: C:\ProgramData\Temp:EA149D25 [133]
AlternateDataStreams: C:\ProgramData\Temp:EA17702A [120]
AlternateDataStreams: C:\ProgramData\Temp:EABCC64A [290]
AlternateDataStreams: C:\ProgramData\Temp:EB4FEEF5 [274]
AlternateDataStreams: C:\ProgramData\Temp:EB5574AF [150]
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55 [122]
AlternateDataStreams: C:\ProgramData\Temp:EC0BE05C [143]
AlternateDataStreams: C:\ProgramData\Temp:EC1B2CAA [146]
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923 [121]
AlternateDataStreams: C:\ProgramData\Temp:EC46FC9D [278]
AlternateDataStreams: C:\ProgramData\Temp:EC752217 [145]
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83 [144]
AlternateDataStreams: C:\ProgramData\Temp:ED98A153 [124]
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC [133]
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44 [131]
AlternateDataStreams: C:\ProgramData\Temp:EE0B4216 [141]
AlternateDataStreams: C:\ProgramData\Temp:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1 [134]
AlternateDataStreams: C:\ProgramData\Temp:F131B2B8 [146]
AlternateDataStreams: C:\ProgramData\Temp:F2B0ABCC [137]
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB [145]
AlternateDataStreams: C:\ProgramData\Temp:F399A6E7 [262]
AlternateDataStreams: C:\ProgramData\Temp:F41E8853 [124]
AlternateDataStreams: C:\ProgramData\Temp:F4362715 [138]
AlternateDataStreams: C:\ProgramData\Temp:F49A2655 [270]
AlternateDataStreams: C:\ProgramData\Temp:F4BE8180 [134]
AlternateDataStreams: C:\ProgramData\Temp:F53B274A [298]
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A [149]
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE [266]
AlternateDataStreams: C:\ProgramData\Temp:F72306CC [120]
AlternateDataStreams: C:\ProgramData\Temp:F7370879 [236]
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF [268]
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93 [131]
AlternateDataStreams: C:\ProgramData\Temp:F83B9C51 [802]
AlternateDataStreams: C:\ProgramData\Temp:F875BF80 [262]
AlternateDataStreams: C:\ProgramData\Temp:F919FD4E [129]
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 [282]
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72 [130]
AlternateDataStreams: C:\ProgramData\Temp:FA65E745 [130]
AlternateDataStreams: C:\ProgramData\Temp:FB29EC2F [248]
AlternateDataStreams: C:\ProgramData\Temp:FB749AFB [762]
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6 [274]
AlternateDataStreams: C:\ProgramData\Temp:FBA79096 [250]
AlternateDataStreams: C:\ProgramData\Temp:FC414D14 [129]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [146]
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61 [113]
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A [135]
AlternateDataStreams: C:\ProgramData\Temp:FCDCCA12 [125]
AlternateDataStreams: C:\ProgramData\Temp:FD38E906 [146]
AlternateDataStreams: C:\ProgramData\Temp:FD7E32B5 [284]
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08 [278]
AlternateDataStreams: C:\ProgramData\Temp:FDF70DCD [149]
AlternateDataStreams: C:\ProgramData\Temp:FEB4D048 [146]
AlternateDataStreams: C:\ProgramData\Temp:FEE8782C [290]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3840]
AlternateDataStreams: C:\Users\john\Application Data:gs5sys [11520]
AlternateDataStreams: C:\Users\john\Cookies:gs5sys [12288]
AlternateDataStreams: C:\Users\john\Local Settings:gs5sys [45058]
AlternateDataStreams: C:\Users\john\Local Settings:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\Templates:gs5sys [46082]
AlternateDataStreams: C:\Users\john\Desktop\desktop.ini:gs5sys [9728]
AlternateDataStreams: C:\Users\john\Downloads\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\john\AppData\Local:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Roaming:gs5sys [11520]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Local\History:gs5sys [47106]
AlternateDataStreams: C:\Users\john\AppData\Local\Temp:GMlFSYKkVXJlnoN1JqpFASL [2390]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\desktop.ini:gs5sys [47106]
AlternateDataStreams: C:\Users\john\Documents\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [11520]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more sites.

IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-01-18 20:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\john\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AMInstantService => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1278001768\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IObit Security 360 => "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: LightScribe Control Panel =>
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RESTART_STICKY_NOTES =>
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2944E753-3962-414F-AAA1-467F9643787B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7B388EA9-8270-4B1C-811B-945B1005B8DC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CD87E23E-683E-490A-B8FE-1530CB39F95D}] => (Allow) svchost.exe
FirewallRules: [{B65B38E9-D968-4AB8-BB24-221E4D1C229D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{6A8D917B-924C-4E6B-82B5-32CBBA7A6AB4}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{BE5906A5-3D08-4CC9-9763-08984FDEC0A0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{55F2D688-E4BF-4AA0-9C05-240A348FCF07}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{8E3F62B6-1ABB-4548-BD6D-F58CFCFE1F36}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{FD956562-7ABB-411A-BED2-DD84DC10A18B}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{792802D1-F19A-4AF1-9A26-F22CBAE4D010}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{30F5C4D8-F5E7-4E72-8FB4-D26738C1EAAB}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{A8BA3BD7-91F7-4EEE-B7C5-89AF23125113}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{F15A0A0A-4D32-4638-8AC7-580629164952}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{5396D14A-F894-44FF-A5A1-E2BEECEAD4EA}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A8B38F89-C9B7-4753-BD94-74BB2B7350CA}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{752EAD38-5F12-47F1-9029-6C5C42A34240}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{10629FD0-1FE9-462A-8AC8-B3734EAF61F8}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{CDCB524A-ABF9-456F-BC36-37238B71F8C0}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{8EE69670-EEFE-4204-9C74-29E6D508D01A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{AA53262F-B2FE-46DA-A753-3D088A22E288}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1F517E3F-47B3-475F-9FD8-CF1114352FE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0008906B-3803-4E70-A359-5439B5F72B5E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{32A26467-706B-441B-844E-F9C3245138EA}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2902ABDE-995C-438B-810E-F6DB1DD730C9}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A58BB494-C40C-4A44-AB96-4A09B00CACBB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0776B845-65B6-4B73-8CAE-C3D1DBEE8959}] => (Allow) LPort=2869
FirewallRules: [{A4206999-43D8-431D-B8AC-A5C306A087D9}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{1D3D5A37-7C36-4824-8364-7D68B32B6E54}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E3368B20-9617-4767-BEED-840D3ACBBAC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F0B1EDB-0C27-4DEE-A811-4D8D9671A4C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD833030-287C-4819-8376-6A5CE69826F0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{A5D9E1CC-F8A8-4587-91B8-CE7D0F429D5F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{7E2D34F3-9F3E-4923-9450-B3307DF62501}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{0CDB08A7-529A-41F4-B9A9-F9898102006C}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F7BC7B7C-F3E5-40CF-A636-B5F415DA36E1}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{06B2B08A-A494-4AAF-9812-BBD16454F439}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{D23774E8-1F8D-4FC3-9328-8CA1793BD50D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{758EEA4E-4D22-430C-864E-640E6C86C5D8}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{867E1EBD-F7D6-440C-A429-13BCEFFD0BC0}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{DAA49D28-66FB-4748-8459-59370C995A5A}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{FB6513CC-FC93-44D6-B628-53963F41DFF8}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{6F10812E-0A3F-4A61-A60D-F2B6AA84F7E4}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{178394D2-4E93-4050-80CF-49077CEBCF43}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{E1A4DCE9-2156-4002-8C32-92EEEA9F39EB}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{D752AA03-0840-4080-BAE5-602C017ACCAC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{0937177A-12F7-4014-A2B4-509AB87F8F67}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{B3DA719B-7BC2-4A9C-BCED-B1B736F1CADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A9DECB3-2D2E-43A9-B83F-F21B162DC855}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F760019-6D7E-46C1-9C3F-50CBBA8A0ABD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{560CB8C4-9634-41CE-85F9-3A3AF38ED387}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{891C8D11-2748-4C56-ABFB-94E42249DC68}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{A092E8DA-4CCE-4464-8E4E-D8ED4843E624}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{602250A8-5489-4316-831D-9D589616E5BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{DC118D4D-332E-4CC9-A17D-47DCAA93DA47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BFBE4B21-B639-4956-B8E4-70E0871B771B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{118B121C-F3D8-4607-A6C3-49DDD5F7994B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D2D1E8C9-AE2F-4D84-BD81-C7B7093F4163}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{27EB8DDE-4CC6-4D3B-A3AB-AEB28990E138}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{39DB5551-3724-4B91-8C5F-2D0F178E9D6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E8CE0759-DFF5-4309-9756-9AD1A5956DAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{86AEFDFC-71F5-48B1-A3A5-ED060AF395F8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{655C0132-F129-43B0-A8AA-36882302CD40}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{60349F67-4C9E-4335-A5D0-A79F56E52D32}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{C9D0E8AA-0441-48CE-9BF7-25FA7CB90194}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{598EA2EE-94E3-4963-BCBB-638A63A9B3EC}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{61CED4DF-E6DE-4E60-A74E-2F0E50316401}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F219AFD7-0FE6-4AE0-8A7C-501E0CCC63D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B75379B4-4D97-4E22-BBE9-A67BC50FB32A}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9D708C9-0CF9-443C-B810-FD4A052A5686}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5B48789A-714E-4D79-AC61-E7C5459F1062}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{24ABCCC8-3A31-41A4-AAED-BCF5372E9E2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EAC048EF-BBAF-4A00-B2B5-BEAEDA4D8272}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFE38C9A-7D94-4331-AD5F-9429FDF89170}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA916AC4-8F31-493B-B3D6-84A90ADD7808}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{780750F7-AB85-4E0F-BEB5-D1E35B74B40A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{20A27B8A-9E88-4A7D-B771-967AE2E26547}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{ADD9CC78-559F-424B-B59B-5B079832E673}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{63FA9FB4-4909-4922-8F82-58BE5C17C204}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe] => Enabled:wbxcOIEx
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\WebEx\Connect\widget.exe] => Enabled:widget
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\WebEx\Connect\connect.exe] => Enabled:WebEx Connect

==================== Restore Points =========================

18-04-2017 05:45:06 Windows Update
22-04-2017 08:29:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2017 08:09:56 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/21/2017 08:09:56 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{3db303a6-215f-11df-8049-806e6f6e6963} - 0000000000000130,0x0053c010,00000000003B3FB0,0,000000000038EAC0,4096,[0]).


Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (04/16/2017 07:16:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ole32.dll, version: 6.1.7601.23714, time stamp: 0x58bf899a
Exception code: 0xc0000005
Fault offset: 0x0000000000042ca7
Faulting process id: 0xe40
Faulting application start time: 0x01d2b6ca6f73e140
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: 2bbde220-2303-11e7-b8b8-00038a000015

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/12/2017 03:38:23 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:23 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/12/2017 03:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/22/2017 08:36:41 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:36:32 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:30:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2017 08:25:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (04/22/2017 08:10:45 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:10:23 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:09:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/22/2017 08:09:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/22/2017 08:09:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/22/2017 08:08:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.


CodeIntegrity:
===================================
  Date: 2013-01-18 19:53:18.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-18 19:53:18.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-13 12:39:16.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-13 12:39:16.816
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 24%
Total physical RAM: 9983.3 MB
Available physical RAM: 7556.32 MB
Total Virtual: 19964.79 MB
Available Virtual: 17461.14 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:314.29 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KODAKCD) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2017
Ran by john (administrator) on JOHN-PC (22-04-2017 08:44:49)
Running from C:\Users\john\Downloads
Loaded Profiles: john & UpdatusUser (Available Profiles: john & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1151682749-726298257-2278553524-1007\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-03-27]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0EE6B626-BB89-44F4-9958-CABCCBF91DF6}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{F5B9C702-8895-415E-AECB-2339F5F9D3BC}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F638F202-F4AD-4902-AB8B-5C793FAC2981}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b10c0317
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b10c0317
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1151682749-726298257-2278553524-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/CQDSK/1
HKU\S-1-5-21-1151682749-726298257-2278553524-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQDSK/1
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {96E44610-527E-4900-8145-49370B34A28F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2013-12-14] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL => No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-12-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-03] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/stg_drm.ocx
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/My%20Kingdom%20for%20the%20Princess/Images/armhelper.ocx
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: dq9i52vz.default-1366116906046
FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\dq9i52vz.default-1366116906046 [2017-04-22]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\dq9i52vz.default-1366116906046\features\{90f30dff-c22b-461e-b274-9b0a43167890}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\dq9i52vz.default-1366116906046\features\{90f30dff-c22b-461e-b274-9b0a43167890}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{10E4285F-D79B-4147-9447-81DFF109A394}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-01-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @alawar.com/npapi -> C:\Windows\npapi.dll [2013-09-12] (Alawar)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-01-18] (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=17.0.4.61 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-01-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.7.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-12-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.7.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-12-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.7.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-12-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.4.61 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-01-21] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-12-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-01-21] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-10-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-10-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-10-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-10-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-10-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-01-21] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll [2007-07-18] (Tamarack Software, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (RealPlayer Downloader) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-30] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (RealNetworks, Inc.)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-01-18] (Alcatel-Lucent) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-12-14] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-01-21] (RealNetworks, Inc.)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2013-12-16] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-05-11] (Realtek Semiconductor)
S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-30] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-03-30] (Avira Operations GmbH & Co. KG)
S3 DIGERDFUWDM; C:\Windows\System32\DRIVERS\DigidesignElevenRack_DFU.sys [46096 2009-08-11] (Avid Technology, Inc.)
S3 ELEVENRACK; C:\Windows\System32\DRIVERS\DigidesignElevenRack.sys [116240 2009-08-11] (Avid Technology, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-03-17] (EldoS Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX™)
S3 kemper; C:\Windows\System32\DRIVERS\kemper.sys [75984 2016-07-08] (Kemper GmbH)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [103272 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
U3 DfSdkS; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 08:44 - 2017-04-22 08:45 - 00028283 _____ C:\Users\john\Downloads\FRST.txt
2017-04-22 08:43 - 2017-04-22 08:44 - 00000000 ____D C:\FRST
2017-04-22 08:42 - 2017-04-22 08:42 - 02425344 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2017-04-22 08:39 - 2017-04-22 08:39 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1151682749-726298257-2278553524-1001
2017-04-22 08:39 - 2017-04-22 08:39 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1151682749-726298257-2278553524-1001
2017-04-22 08:34 - 2017-04-22 08:34 - 00006255 _____ C:\Users\john\Documents\JRT.txt
2017-04-22 08:33 - 2017-04-22 08:33 - 00006255 _____ C:\Users\john\Desktop\JRT.txt
2017-04-22 08:17 - 2017-04-22 08:17 - 01663672 _____ (Malwarebytes) C:\Users\john\Downloads\JRT.exe
2017-04-22 08:06 - 2017-04-22 08:09 - 00000000 ____D C:\AdwCleaner
2017-04-22 08:05 - 2017-04-22 08:05 - 04089296 _____ C:\Users\john\Downloads\adwcleaner_6.045.exe
2017-04-21 16:09 - 2017-04-21 16:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\john\Downloads\HijackThis(1).exe
2017-04-13 09:50 - 2017-04-13 09:50 - 00000158 _____ C:\Users\john\Desktop\GameHouse.URL
2017-04-13 09:50 - 2017-04-13 09:50 - 00000000 ____D C:\Program Files (x86)\GameHouse Games
2017-04-13 09:49 - 2017-04-13 09:49 - 00958704 _____ (GameHouse) C:\Users\john\Downloads\viking-brothers-2 (1).exe
2017-04-11 19:16 - 2017-04-11 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kemper Amps
2017-04-11 18:56 - 2017-04-11 19:06 - 120206491 _____ C:\Users\john\Downloads\Rig_Manager_2_0_17.zip
2017-04-11 18:48 - 2017-03-27 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-11 18:48 - 2017-03-27 12:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-11 18:48 - 2017-03-25 14:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-11 18:48 - 2017-03-25 14:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-11 18:48 - 2017-03-25 14:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-11 18:48 - 2017-03-25 13:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-11 18:48 - 2017-03-25 13:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-11 18:48 - 2017-03-25 13:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-11 18:48 - 2017-03-25 13:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-11 18:48 - 2017-03-25 13:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-11 18:48 - 2017-03-25 13:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-11 18:48 - 2017-03-25 13:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-11 18:48 - 2017-03-25 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-11 18:48 - 2017-03-25 13:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-11 18:48 - 2017-03-25 13:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-11 18:48 - 2017-03-25 13:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-11 18:48 - 2017-03-25 13:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-11 18:48 - 2017-03-25 13:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-11 18:48 - 2017-03-25 13:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-11 18:48 - 2017-03-25 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-11 18:48 - 2017-03-25 13:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-11 18:48 - 2017-03-25 13:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-11 18:48 - 2017-03-25 13:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-11 18:48 - 2017-03-25 13:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-11 18:48 - 2017-03-25 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-11 18:48 - 2017-03-25 13:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-11 18:48 - 2017-03-25 13:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-11 18:48 - 2017-03-25 13:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-11 18:48 - 2017-03-25 13:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-11 18:48 - 2017-03-25 13:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-11 18:48 - 2017-03-25 13:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-11 18:48 - 2017-03-25 13:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-11 18:48 - 2017-03-25 12:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-11 18:48 - 2017-03-25 12:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-11 18:48 - 2017-03-25 12:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-11 18:48 - 2017-03-25 12:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-11 18:48 - 2017-03-25 12:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-11 18:48 - 2017-03-25 12:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-11 18:48 - 2017-03-25 12:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-11 18:48 - 2017-03-25 12:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-11 18:48 - 2017-03-25 12:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-11 18:48 - 2017-03-25 12:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-11 18:48 - 2017-03-25 12:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-11 18:48 - 2017-03-25 12:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-11 18:48 - 2017-03-25 12:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-11 18:48 - 2017-03-25 12:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-11 18:48 - 2017-03-25 12:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-11 18:48 - 2017-03-25 12:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-11 18:48 - 2017-03-25 12:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-11 18:48 - 2017-03-25 12:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-11 18:48 - 2017-03-25 12:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-11 18:48 - 2017-03-25 11:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-11 18:48 - 2017-03-25 11:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-11 18:48 - 2017-03-25 11:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-11 18:48 - 2017-03-25 11:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-11 18:48 - 2017-03-25 11:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-11 18:48 - 2017-03-25 11:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-11 18:48 - 2017-03-25 11:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-11 18:48 - 2017-03-25 11:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-11 18:48 - 2017-03-24 17:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-11 18:48 - 2017-03-24 17:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-11 18:48 - 2017-03-22 10:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-11 18:48 - 2017-03-22 10:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-11 18:48 - 2017-03-22 10:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-11 18:48 - 2017-03-22 10:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-11 18:48 - 2017-03-22 10:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-11 18:48 - 2017-03-22 10:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-11 18:48 - 2017-03-22 10:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-11 18:48 - 2017-03-22 10:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-11 18:48 - 2017-03-22 10:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-11 18:48 - 2017-03-22 10:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-11 18:48 - 2017-03-22 10:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-11 18:48 - 2017-03-22 10:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-11 18:48 - 2017-03-22 10:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-11 18:48 - 2017-03-22 10:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-11 18:48 - 2017-03-22 10:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-11 18:48 - 2017-03-22 10:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-11 18:48 - 2017-03-14 10:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-11 18:48 - 2017-03-14 10:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-11 18:48 - 2017-03-14 10:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-11 18:48 - 2017-03-10 11:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-11 18:48 - 2017-03-10 11:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-11 18:48 - 2017-03-10 11:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-11 18:48 - 2017-03-10 11:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-11 18:48 - 2017-03-10 11:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-11 18:48 - 2017-03-10 11:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-11 18:48 - 2017-03-10 11:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-11 18:48 - 2017-03-10 11:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-11 18:48 - 2017-03-10 11:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-11 18:48 - 2017-03-10 11:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-11 18:48 - 2017-03-10 10:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-11 18:48 - 2017-03-08 15:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-11 18:48 - 2017-03-08 15:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-11 18:48 - 2017-03-07 23:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-11 18:48 - 2017-03-07 23:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-11 18:48 - 2017-03-07 23:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-11 18:48 - 2017-03-07 23:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-11 18:48 - 2017-03-07 23:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-11 18:48 - 2017-03-07 23:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-11 18:48 - 2017-03-07 23:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-11 18:48 - 2017-03-07 23:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-11 18:48 - 2017-03-07 23:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 23:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-11 18:48 - 2017-03-07 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-11 18:48 - 2017-03-07 23:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-11 18:48 - 2017-03-07 23:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-11 18:48 - 2017-03-07 23:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-11 18:48 - 2017-03-07 22:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-11 18:48 - 2017-03-07 22:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-11 18:48 - 2017-03-07 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-11 18:48 - 2017-03-07 22:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-11 18:48 - 2017-03-07 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-11 18:48 - 2017-03-07 22:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-11 18:48 - 2017-03-07 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-11 18:48 - 2017-03-07 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-11 18:48 - 2017-03-07 22:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-11 18:48 - 2017-03-07 22:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-11 18:48 - 2017-03-07 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-11 18:48 - 2017-03-07 22:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-11 18:48 - 2017-03-07 22:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 22:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-11 18:48 - 2017-03-07 11:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-11 18:48 - 2017-03-07 11:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-11 18:48 - 2017-03-07 09:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-11 18:48 - 2017-03-03 20:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-11 18:48 - 2017-03-03 20:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-11 18:48 - 2017-03-03 20:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-11 18:48 - 2017-03-03 20:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-11 18:48 - 2017-02-14 11:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-11 18:48 - 2017-02-14 11:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-11 18:48 - 2017-02-11 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-11 18:48 - 2017-02-11 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-11 18:48 - 2017-02-09 11:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-11 18:48 - 2017-02-09 11:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-11 18:48 - 2017-02-09 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-11 18:48 - 2017-01-18 10:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-11 18:48 - 2016-03-23 17:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-11 18:48 - 2016-03-23 17:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-08 08:44 - 2017-04-08 08:45 - 21875784 _____ C:\Users\john\Downloads\RogueKiller.exe
2017-04-08 08:29 - 2017-04-08 08:29 - 09274608 _____ (Piriform Ltd) C:\Users\john\Downloads\ccsetup528.exe
2017-04-08 08:29 - 2017-04-08 08:29 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-08 08:29 - 2017-04-08 08:29 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-08 08:29 - 2017-04-08 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-08 08:29 - 2017-04-08 08:29 - 00000000 ____D C:\Program Files\CCleaner
2017-04-07 22:35 - 2017-04-07 22:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\john\Downloads\HijackThis.exe
2017-04-07 18:00 - 2017-04-07 18:00 - 00132192 _____ (iWin inc.) C:\Users\john\Downloads\fables-of-the-kingdom-ii-platinum-editionSetup(1).exe
2017-04-07 16:34 - 2017-04-07 16:34 - 00958704 _____ (GameHouse) C:\Users\john\Downloads\fables-of-the-kingdom-ii-platinum-edition(1).exe
2017-04-07 16:33 - 2017-04-07 16:33 - 00958704 _____ (GameHouse) C:\Users\john\Downloads\fables-of-the-kingdom-ii-platinum-edition.exe
2017-04-07 16:24 - 2017-04-07 16:24 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-06 17:36 - 2017-04-06 17:36 - 00001866 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\More Great Games.lnk
2017-04-06 17:34 - 2017-04-06 17:35 - 142413792 _____ (Owl Studio ) C:\Users\john\Downloads\fablesofthekingdomiiplatinumedition_at.exe
2017-04-05 16:23 - 2017-04-05 16:23 - 00132192 _____ (iWin inc.) C:\Users\john\Downloads\fables-of-the-kingdom-ii-platinum-editionSetup.exe
2017-04-05 16:23 - 2017-04-05 16:23 - 00002136 _____ C:\Users\john\Desktop\Play iWin Games.lnk
2017-04-03 17:27 - 2017-04-03 17:27 - 00958704 _____ (GameHouse) C:\Users\john\Downloads\viking-brothers-2(1).exe
2017-04-03 17:26 - 2017-04-03 17:26 - 00958704 _____ (GameHouse) C:\Users\john\Downloads\viking-brothers-2.exe
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\john\AppData\LocalLow\Whalebox Studio
2017-03-30 12:07 - 2017-03-30 12:07 - 04959448 _____ (GameFools ) C:\Users\john\Downloads\VikingBrothers2Installer.exe
2017-03-26 19:13 - 2017-04-20 19:18 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForjohn
2017-03-26 19:13 - 2017-04-20 19:18 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForjohn.job
2017-03-25 18:38 - 2017-03-25 18:38 - 00001264 _____ C:\Users\Public\Desktop\More Great Games.lnk
2017-03-25 14:44 - 2017-03-25 14:44 - 00000690 _____ C:\Users\john\Downloads\download.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 08:43 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-22 08:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-04-22 08:41 - 2016-11-16 18:18 - 00000000 ____D C:\Users\john\AppData\LocalLow\Mozilla
2017-04-22 08:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 08:27 - 2016-08-31 13:35 - 00218624 ___SH C:\Users\john\Documents\Thumbs.db
2017-04-22 08:27 - 2013-01-10 11:34 - 07881216 ___SH C:\Users\john\Downloads\Thumbs.db
2017-04-22 08:20 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-22 08:20 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-21 18:00 - 2017-02-03 19:33 - 00000000 ____D C:\Users\UpdatusUser
2017-04-21 16:04 - 2016-11-15 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-18 17:19 - 2016-09-25 10:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 04:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-04-12 03:30 - 2009-07-13 23:45 - 00390392 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 03:10 - 2013-03-14 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-12 03:10 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-12 03:10 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-12 03:09 - 2013-07-13 03:00 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 03:06 - 2010-07-03 21:53 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 03:02 - 2013-04-13 14:44 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-11 20:29 - 2015-07-12 14:18 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 20:29 - 2012-06-04 12:44 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 20:29 - 2011-11-14 17:45 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 20:29 - 2011-07-25 18:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 20:29 - 2010-01-07 21:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 19:15 - 2015-08-23 10:23 - 00000000 ____D C:\Program Files\Kemper Amps
2017-04-10 16:43 - 2015-07-15 17:52 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-10 16:43 - 2015-07-15 17:52 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-09 17:53 - 2013-03-30 17:42 - 00000000 ____D C:\Games
2017-04-09 10:31 - 2015-10-03 08:55 - 00000000 ____D C:\Program Files (x86)\GameFools
2017-04-09 10:28 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-09 10:25 - 2015-11-07 08:26 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2017-04-09 10:25 - 2010-06-30 17:54 - 00000000 ____D C:\Users\john\AppData\Roaming\WildTangent
2017-04-09 10:25 - 2010-01-07 21:42 - 00000000 ____D C:\ProgramData\WildTangent
2017-04-09 10:10 - 2015-07-18 22:55 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001UA.job
2017-04-09 10:10 - 2015-07-18 22:55 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001Core.job
2017-04-08 08:34 - 2016-09-04 07:30 - 00003416 _____ C:\Windows\System32\Tasks\SmartDefrag_Defrag
2017-04-08 08:34 - 2016-06-16 17:28 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-08 08:34 - 2016-06-16 17:28 - 00003010 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2017-04-08 08:33 - 2015-07-18 22:55 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001UA
2017-04-08 08:33 - 2015-07-18 22:55 - 00003498 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001Core
2017-04-07 18:00 - 2017-02-11 09:33 - 00000000 ____D C:\Users\john\AppData\Local\GamesManager
2017-04-07 16:25 - 2010-07-06 15:44 - 00000000 ____D C:\Users\john\AppData\Roaming\Dropbox
2017-04-06 17:36 - 2012-06-22 13:34 - 00000000 ____D C:\ProgramData\Licenses
2017-04-05 16:28 - 2015-03-01 14:51 - 00000000 ____D C:\Users\john\AppData\Roaming\OWL Studio
2017-04-05 15:32 - 2011-02-20 13:35 - 00002161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 15:32 - 2011-02-20 13:35 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 13:57 - 2015-06-19 12:54 - 00000000 ____D C:\Users\john\AppData\Local\Dropbox
2017-04-02 13:57 - 2010-07-06 15:45 - 00000000 ___RD C:\Users\john\Documents\My Dropbox
2017-03-30 17:25 - 2017-02-11 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-30 17:24 - 2017-02-11 15:42 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-30 17:24 - 2017-02-11 15:42 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-30 17:24 - 2017-02-11 15:42 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-30 17:24 - 2017-02-11 15:42 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-30 17:24 - 2017-02-11 15:42 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-30 12:30 - 2010-07-02 06:49 - 00000000 ____D C:\Users\john\AppData\Local\Adobe
2017-03-29 16:44 - 2013-04-03 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-25 18:47 - 2010-01-07 21:21 - 00000000 ____D C:\ProgramData\Temp
2017-03-25 18:16 - 2013-07-12 15:19 - 00000000 ____D C:\BigFishCache

==================== Files in the root of some directories =======

2011-07-06 15:51 - 2014-04-04 11:40 - 1544192 ____H () C:\Users\john\AppData\Roaming\base_en.db
2011-06-27 15:46 - 2011-09-25 19:07 - 0001854 _____ () C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
2016-08-02 16:39 - 2016-10-19 16:38 - 0000011 _____ () C:\Users\john\AppData\Roaming\log.txt
2014-06-25 17:30 - 2014-06-25 17:30 - 0000095 _____ () C:\Users\john\AppData\Roaming\settings.xml
2013-04-18 09:25 - 2013-04-18 09:56 - 0247455 _____ () C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
2010-06-30 17:58 - 2013-01-28 10:21 - 0001050 _____ () C:\Users\john\AppData\Roaming\wklnhst.dat
2015-12-26 22:50 - 2017-02-09 21:37 - 0006144 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 22:11 - 2012-08-20 22:11 - 0027520 _____ () C:\Users\john\AppData\Local\dt.dat
2016-07-22 17:03 - 2016-09-13 08:58 - 0003072 _____ () C:\Users\john\AppData\Local\file__0.localstorage
2016-07-22 17:03 - 2016-07-22 17:03 - 0003072 _____ () C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
2016-08-02 08:13 - 2016-08-02 08:13 - 0000000 _____ () C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
2013-10-08 22:07 - 2014-11-22 10:53 - 0003075 _____ () C:\ProgramData\hpzinstall.log
2010-07-02 15:36 - 2010-07-08 11:31 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-13 00:49

==================== End of FRST.txt ============================

 

# AdwCleaner v6.045 - Logfile created 22/04/2017 at 08:09:07
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-22.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : john - JOHN-PC
# Running from : C:\Users\john\Downloads\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: DrvAgent64


***** [ Folders ] *****

[-] Folder deleted: C:\Users\john\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\john\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\john\AppData\LocalLow\Browse2Save
[-] Folder deleted: C:\Users\john\AppData\LocalLow\HPAppData
[-] Folder deleted: C:\Users\john\AppData\LocalLow\MyPlayCity
[-] Folder deleted: C:\Users\john\AppData\LocalLow\Toolbar4
[-] Folder deleted: C:\Users\john\AppData\LocalLow\IObit\Advanced SystemCare
[-] Folder deleted: C:\Users\john\AppData\Roaming\quickclick
[-] Folder deleted: C:\Users\john\AppData\Roaming\Auslogics
[-] Folder deleted: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder deleted: C:\Users\john\AppData\Local\VirtualStore\Program Files (x86)\iwin games
[-] Folder deleted: C:\Users\john\AppData\Local\VirtualStore\Program Files (x86)\Pogo Games
[-] Folder deleted: C:\ProgramData\iwin games
[-] Folder deleted: C:\ProgramData\Trymedia
[-] Folder deleted: C:\ProgramData\Viewpoint
[#] Folder deleted on reboot: C:\ProgramData\Application Data\iwin games
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Trymedia
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Viewpoint
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\Viewpoint
[-] Folder deleted: C:\Program Files (x86)\SlimCleaner
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
[-] Folder deleted: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
[-] Folder deleted: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen


***** [ Files ] *****

[-] File deleted: C:\Users\john\Downloads\SysInfo.exe
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File deleted: C:\user.js
[-] File deleted: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\dq9i52vz.default-1366116906046\invalidprefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: SlimCleaner Run
[-] Task deleted: ASC10_PerformanceMonitor


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\TV3D65.TVMiniMesh
[-] Key deleted: HKLM\SOFTWARE\Classes\TV3D65.TVMiniMesh.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TV3D65.TVMiniMesh
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TV3D65.TVMiniMesh.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\PogoDGC
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\DriverTuner
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\DriverTuner_Init
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\eSupport.com
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\PogoDGC
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\DriverTuner
[#] Key deleted on reboot: HKCU\Software\DriverTuner_Init
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\Auslogics
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Web Assistant
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\DriverTuner
[#] Key deleted on reboot: [x64] HKCU\Software\DriverTuner_Init
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\ImInstaller
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\Auslogics
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: [x64] HKLM\SOFTWARE\Web Assistant
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect


***** [ Web browsers ] *****

[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fopdddcinljmpmioaklghcalngfhbaen
[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gkcefkcdkepgkpbgncjchhbjgoanleod


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12349 Bytes] - [22/04/2017 08:09:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [11746 Bytes] - [22/04/2017 08:07:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12497 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by john (Administrator) on Sat 04/22/2017 at  8:29:36.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 37

Successfully deleted: C:\ProgramData\112020111717243944 (Folder)
Successfully deleted: C:\ProgramData\alawar (Folder)
Successfully deleted: C:\ProgramData\alawarentertainment (Folder)
Successfully deleted: C:\ProgramData\alawarwrapper (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\john\AppData\Local\alawarwrapper (Folder)
Successfully deleted: C:\Users\john\AppData\Roaming\alawar (Folder)
Successfully deleted: C:\Users\john\AppData\Roaming\alawarentertainment (Folder)
Successfully deleted: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\dq9i52vz.default-1366116906046\searchplugins\bing powered search.xml (File)
Successfully deleted: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\dq9i52vz.default-1366116906046\user.js (File)
Successfully deleted: C:\Users\john\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\users\Public\Documents\alawarwrapper (Folder)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_john (Task)
Successfully deleted: C:\Program Files (x86)\alawar (Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15JVNTSD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O9VUQLK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0BPFODR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJDBVGP0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXRJF0CN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDG7WDQV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVDG4FDU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPLJS43X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIP3DVK4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF1CE50F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15JVNTSD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O9VUQLK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0BPFODR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJDBVGP0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXRJF0CN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDG7WDQV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVDG4FDU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPLJS43X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XIP3DVK4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF1CE50F (Temporary Internet Files Folder)



Registry: 6

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{390C7E87-153C-12DB-2EA6-0BB301EB26E9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A7263C7-70CC-2683-3C7E-5EB34AE948CD} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{390C7E87-153C-12DB-2EA6-0BB301EB26E9} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A7263C7-70CC-2683-3C7E-5EB34AE948CD} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/22/2017 at  8:33:07.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 



#4 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 22 April 2017 - 09:58 AM

Thank you for the logs, (and you did them fine :thumbup2: ).

 

It will take time to go through them and I'm busy for a few hours but will get back to you as soon as I can.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 22 April 2017 - 04:51 PM

You have a fair amount of rubbish on here so you will have to be patient.


P2P - I see you have P2P software, (BitTorrent and uTorrent), on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

As your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Registry cleaners

I see you are using a ‘Registry Cleaner’ and have had others installed. It's not a good idea to use registry cleaners/boosters.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of SlimCleaner and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other  computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another from quietman7 here

===================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

Satchfan

 

Attached Files


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 jhguitar1

jhguitar1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 April 2017 - 06:57 PM

I have a feeling there are going to be many things on my computer I'm not aware of, p2p being one of them. I do run the cleaners, but never as a registry fix. I've been told to never touch the registry especially being uneducated to all of that like myself.

 

I have the new logs on my desktop, but seem to be having trouble including them in my response. How do I do it?

 

Thank You



#7 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 22 April 2017 - 07:36 PM

If you double-click on them they should open in Notepad and then you can copy/paste them into your next post. If you don't understand how to do that please let me know and I'll give more instructions.

 

It is 1:30am here in the UK and I'm off now so won't reply again tonight.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 jhguitar1

jhguitar1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 22 April 2017 - 08:56 PM

I hope these are correct. I would like to thank you for your time in helping me. It's truly appreciated!

 

 

 

CloseProcesses:
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {96E44610-527E-4900-8145-49370B34A28F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
U3 DfSdkS; no ImagePath
2017-03-25 14:44 - 2017-03-25 14:44 - 00000690 _____ C:\Users\john\Downloads\download.dat
2017-04-08 08:34 - 2016-09-04 07:30 - 00003416 _____ C:\Windows\System32\Tasks\SmartDefrag_Defrag
2017-04-08 08:34 - 2016-06-16 17:28 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-08 08:34 - 2016-06-16 17:28 - 00003010 _____ C:\Windows\System32\Tasks\SmartDefrag_Update

2011-07-06 15:51 - 2014-04-04 11:40 - 1544192 ____H () C:\Users\john\AppData\Roaming\base_en.db
2011-06-27 15:46 - 2011-09-25 19:07 - 0001854 _____ () C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
2016-08-02 16:39 - 2016-10-19 16:38 - 0000011 _____ () C:\Users\john\AppData\Roaming\log.txt
2014-06-25 17:30 - 2014-06-25 17:30 - 0000095 _____ () C:\Users\john\AppData\Roaming\settings.xml
2013-04-18 09:25 - 2013-04-18 09:56 - 0247455 _____ () C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
2010-06-30 17:58 - 2013-01-28 10:21 - 0001050 _____ () C:\Users\john\AppData\Roaming\wklnhst.dat
2015-12-26 22:50 - 2017-02-09 21:37 - 0006144 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 22:11 - 2012-08-20 22:11 - 0027520 _____ () C:\Users\john\AppData\Local\dt.dat
2016-07-22 17:03 - 2016-09-13 08:58 - 0003072 _____ () C:\Users\john\AppData\Local\file__0.localstorage
2016-07-22 17:03 - 2016-07-22 17:03 - 0003072 _____ () C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
2016-08-02 08:13 - 2016-08-02 08:13 - 0000000 _____ () C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
2013-10-08 22:07 - 2014-11-22 10:53 - 0003075 _____ () C:\ProgramData\hpzinstall.log
2010-07-02 15:36 - 2010-07-08 11:31 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Task: {0D6C7754-DF90-45C1-A6A5-EF86D8321492} - \{184C56A0-C3E2-442E-A862-F599E4EADB5B} -> No File <==== ATTENTION
Task: {1865B619-F3A4-4E0E-A16B-0D168B78CC62} - \{025BAF31-693D-42E4-9751-3685D6E4BAE4} -> No File <==== ATTENTION
Task: {18997706-8B99-4678-B009-60B0D8D62EB0} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} - \{3F481316-3BDA-4DB7-A607-3902589DE710} -> No File <==== ATTENTION
Task: {405B9123-065B-4D5B-9248-E455494B5D8E} - \ASC10_SkipUac_john -> No File <==== ATTENTION
Task: {42FDF028-EF57-442E-B11A-B4D02F136A66} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {50218AC2-EB2C-4121-900D-54DCB77D7685} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} - \ServicePlan -> No File <==== ATTENTION
Task: {5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {5B38BC29-5F97-46AA-A078-D00157D9BF66} - \{2656970F-B297-4BDF-B6B0-F33AC426CE4A} -> No File <==== ATTENTION
Task: {74A8BC2B-A993-434F-8D3C-502FBD66F3A9} - \{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} -> No File <==== ATTENTION
Task: {86F962BD-A931-492C-B2C6-46985734F5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {9093F20B-7EF1-4D93-9848-9283BF4219A3} - \{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} -> No File <==== ATTENTION
Task: {96C2585D-1B0B-48CB-A420-F664A7FF1902} - \{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} -> No File <==== ATTENTION
Task: {9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} - \SidebarExecute -> No File <==== ATTENTION
Task: {A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} - \{D824C271-A6E2-4C9F-888E-3E9F92EFD934} -> No File <==== ATTENTION
Task: {AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B74D63C6-C18A-4757-8DE0-048F995E5BD1} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {C1365946-5801-43B2-A116-FAFE0D1D436C} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {C91F53F5-DECC-4E66-AB14-1BD871AAE779} - \{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} -> No File <==== ATTENTION
Task: {CE967B34-0125-41CC-A7EB-60785DCF3E8C} - \ExtendedServicePlan -> No File <==== ATTENTION
Task: {DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} - \{30C93F67-CAFC-40C9-92F4-E68B488499FF} -> No File <==== ATTENTION
Task: {E37D055E-4FAC-461C-B493-594355FFFD7E} - \{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} -> No File <==== ATTENTION
Task: {F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} - \{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} -> No File <==== ATTENTION
Task: {F7216E9A-9E1E-4619-929B-427478F66A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData:gs5sys [13824]
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\Users\All Users:gs5sys [13824]
AlternateDataStreams: C:\Users\john:gs5sys [11264]
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [13824]
AlternateDataStreams: C:\ProgramData\Microsoft:B9xwA2h14JKte5pCL [2108]
AlternateDataStreams: C:\ProgramData\Microsoft:Xfs7bpoxDwey85FI [2078]
AlternateDataStreams: C:\ProgramData\Temp:00373BA4 [135]
AlternateDataStreams: C:\ProgramData\Temp:012BC84F [282]
AlternateDataStreams: C:\ProgramData\Temp:01312928 [146]
AlternateDataStreams: C:\ProgramData\Temp:028EA3FD [118]
AlternateDataStreams: C:\ProgramData\Temp:03F9B551 [270]
AlternateDataStreams: C:\ProgramData\Temp:04076B92 [137]
AlternateDataStreams: C:\ProgramData\Temp:041ED421 [138]
AlternateDataStreams: C:\ProgramData\Temp:04406D73 [376]
AlternateDataStreams: C:\ProgramData\Temp:050C0DEA [140]
AlternateDataStreams: C:\ProgramData\Temp:05BF1B63 [202]
AlternateDataStreams: C:\ProgramData\Temp:060A3B0B [244]
AlternateDataStreams: C:\ProgramData\Temp:06771D62 [125]
AlternateDataStreams: C:\ProgramData\Temp:06C34166 [128]
AlternateDataStreams: C:\ProgramData\Temp:08003876 [132]
AlternateDataStreams: C:\ProgramData\Temp:084612C9 [130]
AlternateDataStreams: C:\ProgramData\Temp:08A03B9E [654]
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD [230]
AlternateDataStreams: C:\ProgramData\Temp:0968E571 [244]
AlternateDataStreams: C:\ProgramData\Temp:09867A8B [141]
AlternateDataStreams: C:\ProgramData\Temp:0A2A7D18 [132]
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5 [260]
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F [107]
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B [310]
AlternateDataStreams: C:\ProgramData\Temp:0B11E9EE [143]
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A [276]
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47 [126]
AlternateDataStreams: C:\ProgramData\Temp:0D6F7BD4 [139]
AlternateDataStreams: C:\ProgramData\Temp:0DAE9980 [129]
AlternateDataStreams: C:\ProgramData\Temp:0DDDD3CD [133]
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [139]
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [141]
AlternateDataStreams: C:\ProgramData\Temp:0F0F9094 [127]
AlternateDataStreams: C:\ProgramData\Temp:104A718B [276]
AlternateDataStreams: C:\ProgramData\Temp:10516C76 [146]
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1 [284]
AlternateDataStreams: C:\ProgramData\Temp:10BBEFEF [746]
AlternateDataStreams: C:\ProgramData\Temp:11EF326F [139]
AlternateDataStreams: C:\ProgramData\Temp:127BB39D [140]
AlternateDataStreams: C:\ProgramData\Temp:12A012A1 [129]
AlternateDataStreams: C:\ProgramData\Temp:12A3FA49 [132]
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9 [240]
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0 [120]
AlternateDataStreams: C:\ProgramData\Temp:14050722 [132]
AlternateDataStreams: C:\ProgramData\Temp:149E8786 [282]
AlternateDataStreams: C:\ProgramData\Temp:15381DB9 [136]
AlternateDataStreams: C:\ProgramData\Temp:158AC5F5 [137]
AlternateDataStreams: C:\ProgramData\Temp:15FA1ECB [151]
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B [280]
AlternateDataStreams: C:\ProgramData\Temp:1656EE95 [246]
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6 [268]
AlternateDataStreams: C:\ProgramData\Temp:16A4620C [258]
AlternateDataStreams: C:\ProgramData\Temp:16D21E17 [288]
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F [132]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:18345E10 [144]
AlternateDataStreams: C:\ProgramData\Temp:1858B534 [112]
AlternateDataStreams: C:\ProgramData\Temp:18B35CC4 [113]
AlternateDataStreams: C:\ProgramData\Temp:18B5F839 [138]
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51 [272]
AlternateDataStreams: C:\ProgramData\Temp:19636FDD [262]
AlternateDataStreams: C:\ProgramData\Temp:1968990D [254]
AlternateDataStreams: C:\ProgramData\Temp:19D3BC34 [149]
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C [276]
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204 [284]
AlternateDataStreams: C:\ProgramData\Temp:1AE1D58D [288]
AlternateDataStreams: C:\ProgramData\Temp:1DEA36D6 [132]
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA [136]
AlternateDataStreams: C:\ProgramData\Temp:1F2F0F76 [119]
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F [144]
AlternateDataStreams: C:\ProgramData\Temp:20EB6823 [120]
AlternateDataStreams: C:\ProgramData\Temp:2216A431 [278]
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA [137]
AlternateDataStreams: C:\ProgramData\Temp:2532C28E [121]
AlternateDataStreams: C:\ProgramData\Temp:2556A8A0 [141]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [146]
AlternateDataStreams: C:\ProgramData\Temp:25EF6F01 [129]
AlternateDataStreams: C:\ProgramData\Temp:26FF37EB [144]
AlternateDataStreams: C:\ProgramData\Temp:2707D83A [286]
AlternateDataStreams: C:\ProgramData\Temp:27C59043 [104]
AlternateDataStreams: C:\ProgramData\Temp:2892289F [125]
AlternateDataStreams: C:\ProgramData\Temp:28C6BEBF [144]
AlternateDataStreams: C:\ProgramData\Temp:29B37860 [234]
AlternateDataStreams: C:\ProgramData\Temp:29C0641D [284]
AlternateDataStreams: C:\ProgramData\Temp:2A48233F [130]
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4 [276]
AlternateDataStreams: C:\ProgramData\Temp:2B856118 [268]
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [234]
AlternateDataStreams: C:\ProgramData\Temp:2BB2D50B [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:2CED8825 [138]
AlternateDataStreams: C:\ProgramData\Temp:2F539966 [294]
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD [135]
AlternateDataStreams: C:\ProgramData\Temp:300E36AB [149]
AlternateDataStreams: C:\ProgramData\Temp:309E3827 [125]
AlternateDataStreams: C:\ProgramData\Temp:317F7381 [126]
AlternateDataStreams: C:\ProgramData\Temp:3252A6BA [132]
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED [133]
AlternateDataStreams: C:\ProgramData\Temp:346337E3 [146]
AlternateDataStreams: C:\ProgramData\Temp:3469612C [270]
AlternateDataStreams: C:\ProgramData\Temp:34EFF1F2 [246]
AlternateDataStreams: C:\ProgramData\Temp:35629AE6 [286]
AlternateDataStreams: C:\ProgramData\Temp:3571475C [250]
AlternateDataStreams: C:\ProgramData\Temp:366B74CA [246]
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD [272]
AlternateDataStreams: C:\ProgramData\Temp:3895D488 [136]
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83 [141]
AlternateDataStreams: C:\ProgramData\Temp:38FF076E [132]
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7 [286]
AlternateDataStreams: C:\ProgramData\Temp:3A4A5185 [264]
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\Temp:3B12F2EC [146]
AlternateDataStreams: C:\ProgramData\Temp:3B84A3F1 [140]
AlternateDataStreams: C:\ProgramData\Temp:3BB073C2 [144]
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF [284]
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D [154]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [250]
AlternateDataStreams: C:\ProgramData\Temp:3E208EC8 [131]
AlternateDataStreams: C:\ProgramData\Temp:3E2A4708 [770]
AlternateDataStreams: C:\ProgramData\Temp:3E9452A9 [272]
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\Temp:41472405 [124]
AlternateDataStreams: C:\ProgramData\Temp:426CDD93 [756]
AlternateDataStreams: C:\ProgramData\Temp:432EC713 [141]
AlternateDataStreams: C:\ProgramData\Temp:434CFDCA [236]
AlternateDataStreams: C:\ProgramData\Temp:436BE28C [256]
AlternateDataStreams: C:\ProgramData\Temp:43E0EC8A [250]
AlternateDataStreams: C:\ProgramData\Temp:448E7C5B [133]
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\Temp:46C7F417 [242]
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\Temp:4911BB5C [214]
AlternateDataStreams: C:\ProgramData\Temp:4A10AFB7 [146]
AlternateDataStreams: C:\ProgramData\Temp:4B2A0356 [278]
AlternateDataStreams: C:\ProgramData\Temp:4B2E08FB [244]
AlternateDataStreams: C:\ProgramData\Temp:4B325725 [70]
AlternateDataStreams: C:\ProgramData\Temp:4B4D7EF3 [155]
AlternateDataStreams: C:\ProgramData\Temp:4BC514A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5 [129]
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B [132]
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D [125]
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B [125]
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8 [139]
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E [136]
AlternateDataStreams: C:\ProgramData\Temp:4D348522 [132]
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8 [140]
AlternateDataStreams: C:\ProgramData\Temp:517EFA90 [135]
AlternateDataStreams: C:\ProgramData\Temp:51E05A3A [230]
AlternateDataStreams: C:\ProgramData\Temp:52329B88 [146]
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF [137]
AlternateDataStreams: C:\ProgramData\Temp:54531C7D [256]
AlternateDataStreams: C:\ProgramData\Temp:54C1075C [147]
AlternateDataStreams: C:\ProgramData\Temp:54F257C0 [194]
AlternateDataStreams: C:\ProgramData\Temp:56A74E89 [130]
AlternateDataStreams: C:\ProgramData\Temp:57173DB4 [137]
AlternateDataStreams: C:\ProgramData\Temp:574311A1 [130]
AlternateDataStreams: C:\ProgramData\Temp:57B374AB [276]
AlternateDataStreams: C:\ProgramData\Temp:57CFEA7A [144]
AlternateDataStreams: C:\ProgramData\Temp:581ECF22 [112]
AlternateDataStreams: C:\ProgramData\Temp:58A7E801 [234]
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB [128]
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B [280]
AlternateDataStreams: C:\ProgramData\Temp:5C818B5D [141]
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE [154]
AlternateDataStreams: C:\ProgramData\Temp:5D4F063C [292]
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B [138]
AlternateDataStreams: C:\ProgramData\Temp:5FEAB2C8 [379]
AlternateDataStreams: C:\ProgramData\Temp:602EC63C [262]
AlternateDataStreams: C:\ProgramData\Temp:607A99D7 [133]
AlternateDataStreams: C:\ProgramData\Temp:616A2A70 [118]
AlternateDataStreams: C:\ProgramData\Temp:619F147E [159]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [140]
AlternateDataStreams: C:\ProgramData\Temp:624A80FD [192]
AlternateDataStreams: C:\ProgramData\Temp:6271B518 [122]
AlternateDataStreams: C:\ProgramData\Temp:62AF0D82 [129]
AlternateDataStreams: C:\ProgramData\Temp:6358B2F7 [135]
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9 [296]
AlternateDataStreams: C:\ProgramData\Temp:63E88FD4 [141]
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF [144]
AlternateDataStreams: C:\ProgramData\Temp:6423D635 [242]
AlternateDataStreams: C:\ProgramData\Temp:6447E3B5 [238]
AlternateDataStreams: C:\ProgramData\Temp:6468C896 [272]
AlternateDataStreams: C:\ProgramData\Temp:64BDD821 [226]
AlternateDataStreams: C:\ProgramData\Temp:65621319 [145]
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A [124]
AlternateDataStreams: C:\ProgramData\Temp:67396145 [154]
AlternateDataStreams: C:\ProgramData\Temp:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA [118]
AlternateDataStreams: C:\ProgramData\Temp:680086AB [114]
AlternateDataStreams: C:\ProgramData\Temp:68198EE3 [135]
AlternateDataStreams: C:\ProgramData\Temp:68C21E42 [304]
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7 [136]
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F [750]
AlternateDataStreams: C:\ProgramData\Temp:69ED1286 [286]
AlternateDataStreams: C:\ProgramData\Temp:6A609C67 [128]
AlternateDataStreams: C:\ProgramData\Temp:6B251180 [288]
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4 [135]
AlternateDataStreams: C:\ProgramData\Temp:6BF6CA71 [133]
AlternateDataStreams: C:\ProgramData\Temp:6C718587 [246]
AlternateDataStreams: C:\ProgramData\Temp:6CCDA168 [112]
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2 [147]
AlternateDataStreams: C:\ProgramData\Temp:6DC537DB [308]
AlternateDataStreams: C:\ProgramData\Temp:6DCC0E34 [274]
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746 [256]
AlternateDataStreams: C:\ProgramData\Temp:6E271126 [117]
AlternateDataStreams: C:\ProgramData\Temp:6EC8F6C5 [210]
AlternateDataStreams: C:\ProgramData\Temp:6F0C95A1 [290]
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1 [286]
AlternateDataStreams: C:\ProgramData\Temp:6F84C4DE [131]
AlternateDataStreams: C:\ProgramData\Temp:6F998753 [145]
AlternateDataStreams: C:\ProgramData\Temp:6F9C57B9 [146]
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6FA918FA [145]
AlternateDataStreams: C:\ProgramData\Temp:701B92FB [242]
AlternateDataStreams: C:\ProgramData\Temp:70BDB805 [127]
AlternateDataStreams: C:\ProgramData\Temp:70FD4407 [272]
AlternateDataStreams: C:\ProgramData\Temp:7109C24A [141]
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A [228]
AlternateDataStreams: C:\ProgramData\Temp:73879882 [280]
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96 [119]
AlternateDataStreams: C:\ProgramData\Temp:73B78E79 [128]
AlternateDataStreams: C:\ProgramData\Temp:7455D6E6 [144]
AlternateDataStreams: C:\ProgramData\Temp:74A0E249 [152]
AlternateDataStreams: C:\ProgramData\Temp:74E256F6 [133]
AlternateDataStreams: C:\ProgramData\Temp:751D6870 [146]
AlternateDataStreams: C:\ProgramData\Temp:757BA6A5 [154]
AlternateDataStreams: C:\ProgramData\Temp:75CEDFA5 [117]
AlternateDataStreams: C:\ProgramData\Temp:77066415 [760]
AlternateDataStreams: C:\ProgramData\Temp:77E239B1 [127]
AlternateDataStreams: C:\ProgramData\Temp:77E927FC [136]
AlternateDataStreams: C:\ProgramData\Temp:7804B508 [124]
AlternateDataStreams: C:\ProgramData\Temp:7890F666 [314]
AlternateDataStreams: C:\ProgramData\Temp:796EE7C8 [120]
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE [130]
AlternateDataStreams: C:\ProgramData\Temp:7A51F685 [290]
AlternateDataStreams: C:\ProgramData\Temp:7ACF38DE [246]
AlternateDataStreams: C:\ProgramData\Temp:7D288858 [141]
AlternateDataStreams: C:\ProgramData\Temp:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA [464]
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621 [128]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [266]
AlternateDataStreams: C:\ProgramData\Temp:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\Temp:81E0F9D0 [146]
AlternateDataStreams: C:\ProgramData\Temp:81F65F60 [748]
AlternateDataStreams: C:\ProgramData\Temp:82111599 [244]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [256]
AlternateDataStreams: C:\ProgramData\Temp:84618038 [133]
AlternateDataStreams: C:\ProgramData\Temp:84D1C282 [130]
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7 [148]
AlternateDataStreams: C:\ProgramData\Temp:85376176 [121]
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3 [133]
AlternateDataStreams: C:\ProgramData\Temp:87E3D720 [147]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [146]
AlternateDataStreams: C:\ProgramData\Temp:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\Temp:8967C154 [126]
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44 [132]
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB [152]
AlternateDataStreams: C:\ProgramData\Temp:89FED318 [286]
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E [109]
AlternateDataStreams: C:\ProgramData\Temp:8AC20936 [129]
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3 [135]
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD [145]
AlternateDataStreams: C:\ProgramData\Temp:8C49003C [145]
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3 [122]
AlternateDataStreams: C:\ProgramData\Temp:8D634113 [732]
AlternateDataStreams: C:\ProgramData\Temp:8D9C24E0 [260]
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71 [115]
AlternateDataStreams: C:\ProgramData\Temp:902C848D [250]
AlternateDataStreams: C:\ProgramData\Temp:9083C3AD [123]
AlternateDataStreams: C:\ProgramData\Temp:90C320E1 [250]
AlternateDataStreams: C:\ProgramData\Temp:91244A8F [118]
AlternateDataStreams: C:\ProgramData\Temp:9124663C [128]
AlternateDataStreams: C:\ProgramData\Temp:92421EF9 [123]
AlternateDataStreams: C:\ProgramData\Temp:927EC486 [256]
AlternateDataStreams: C:\ProgramData\Temp:928DF32E [286]
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9 [292]
AlternateDataStreams: C:\ProgramData\Temp:947107AC [124]
AlternateDataStreams: C:\ProgramData\Temp:9491C9C7 [276]
AlternateDataStreams: C:\ProgramData\Temp:95198126 [100]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [252]
AlternateDataStreams: C:\ProgramData\Temp:972E051C [248]
AlternateDataStreams: C:\ProgramData\Temp:973DCFFF [780]
AlternateDataStreams: C:\ProgramData\Temp:97B3B270 [278]
AlternateDataStreams: C:\ProgramData\Temp:97ECE74A [150]
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6 [131]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203 [127]
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6 [140]
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C [119]
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [288]
AlternateDataStreams: C:\ProgramData\Temp:9BF0C425 [280]
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE [280]
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6 [133]
AlternateDataStreams: C:\ProgramData\Temp:9D03192E [118]
AlternateDataStreams: C:\ProgramData\Temp:9D60BE91 [276]
AlternateDataStreams: C:\ProgramData\Temp:9D91E651 [126]
AlternateDataStreams: C:\ProgramData\Temp:9DDABE44 [278]
AlternateDataStreams: C:\ProgramData\Temp:9DF24CB2 [140]
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0 [122]
AlternateDataStreams: C:\ProgramData\Temp:9E4F05ED [128]
AlternateDataStreams: C:\ProgramData\Temp:9F38BF31 [143]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [126]
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9 [116]
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F [252]
AlternateDataStreams: C:\ProgramData\Temp:A103830F [133]
AlternateDataStreams: C:\ProgramData\Temp:A22AF60D [138]
AlternateDataStreams: C:\ProgramData\Temp:A279C25A [136]
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B [126]
AlternateDataStreams: C:\ProgramData\Temp:A43B789A [139]
AlternateDataStreams: C:\ProgramData\Temp:A44008FA [250]
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F [278]
AlternateDataStreams: C:\ProgramData\Temp:A5948878 [132]
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80 [152]
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF [123]
AlternateDataStreams: C:\ProgramData\Temp:A8606E6E [292]
AlternateDataStreams: C:\ProgramData\Temp:A899E64E [141]
AlternateDataStreams: C:\ProgramData\Temp:A89B3FB8 [722]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2 [153]
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF [118]
AlternateDataStreams: C:\ProgramData\Temp:A9BB1126 [258]
AlternateDataStreams: C:\ProgramData\Temp:AA559E17 [136]
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB [134]
AlternateDataStreams: C:\ProgramData\Temp:AE289451 [145]
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA [139]
AlternateDataStreams: C:\ProgramData\Temp:B02249C3 [124]
AlternateDataStreams: C:\ProgramData\Temp:B059B88E [147]
AlternateDataStreams: C:\ProgramData\Temp:B0B6C3E8 [187]
AlternateDataStreams: C:\ProgramData\Temp:B0BD7797 [272]
AlternateDataStreams: C:\ProgramData\Temp:B162D6FD [138]
AlternateDataStreams: C:\ProgramData\Temp:B1EED3AD [130]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [103]
AlternateDataStreams: C:\ProgramData\Temp:B243953E [134]
AlternateDataStreams: C:\ProgramData\Temp:B285A50E [268]
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4 [754]
AlternateDataStreams: C:\ProgramData\Temp:B3550AA2 [280]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [126]
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE [256]
AlternateDataStreams: C:\ProgramData\Temp:B3A4FEE1 [129]
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C [148]
AlternateDataStreams: C:\ProgramData\Temp:B445A124 [133]
AlternateDataStreams: C:\ProgramData\Temp:B4F7687B [278]
AlternateDataStreams: C:\ProgramData\Temp:B53DCFC9 [127]
AlternateDataStreams: C:\ProgramData\Temp:B5F623E4 [248]
AlternateDataStreams: C:\ProgramData\Temp:B615ABD3 [137]
AlternateDataStreams: C:\ProgramData\Temp:B65E763D [139]
AlternateDataStreams: C:\ProgramData\Temp:B6C1A5F4 [266]
AlternateDataStreams: C:\ProgramData\Temp:B779C113 [252]
AlternateDataStreams: C:\ProgramData\Temp:B790962B [128]
AlternateDataStreams: C:\ProgramData\Temp:B7E52658 [119]
AlternateDataStreams: C:\ProgramData\Temp:B8428FE1 [137]
AlternateDataStreams: C:\ProgramData\Temp:B86642C5 [152]
AlternateDataStreams: C:\ProgramData\Temp:B86927F0 [149]
AlternateDataStreams: C:\ProgramData\Temp:B88DC997 [278]
AlternateDataStreams: C:\ProgramData\Temp:B9433D0F [129]
AlternateDataStreams: C:\ProgramData\Temp:B9BD98A8 [246]
AlternateDataStreams: C:\ProgramData\Temp:B9E36774 [141]
AlternateDataStreams: C:\ProgramData\Temp:BA5938AB [278]
AlternateDataStreams: C:\ProgramData\Temp:BB004A7D [114]
AlternateDataStreams: C:\ProgramData\Temp:BB718C46 [282]
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:BD659567 [153]
AlternateDataStreams: C:\ProgramData\Temp:C07829DC [258]
AlternateDataStreams: C:\ProgramData\Temp:C085F80B [280]
AlternateDataStreams: C:\ProgramData\Temp:C0DFB793 [139]
AlternateDataStreams: C:\ProgramData\Temp:C0EFBD3F [132]
AlternateDataStreams: C:\ProgramData\Temp:C178954A [135]
AlternateDataStreams: C:\ProgramData\Temp:C1DBE635 [140]
AlternateDataStreams: C:\ProgramData\Temp:C1FF1B01 [132]
AlternateDataStreams: C:\ProgramData\Temp:C356A185 [294]
AlternateDataStreams: C:\ProgramData\Temp:C37283B5 [272]
AlternateDataStreams: C:\ProgramData\Temp:C3C72D5F [128]
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A [134]
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6 [152]
AlternateDataStreams: C:\ProgramData\Temp:C52EF004 [246]
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57 [136]
AlternateDataStreams: C:\ProgramData\Temp:C5B1FE54 [133]
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8 [125]
AlternateDataStreams: C:\ProgramData\Temp:C7857F06 [238]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [118]
AlternateDataStreams: C:\ProgramData\Temp:C8182692 [228]
AlternateDataStreams: C:\ProgramData\Temp:C82210DD [135]
AlternateDataStreams: C:\ProgramData\Temp:C91C214D [268]
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06 [262]
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592 [136]
AlternateDataStreams: C:\ProgramData\Temp:CA4FAE31 [135]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [102]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [268]
AlternateDataStreams: C:\ProgramData\Temp:CC45913B [135]
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8 [236]
AlternateDataStreams: C:\ProgramData\Temp:CCFB0FDD [119]
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC [246]
AlternateDataStreams: C:\ProgramData\Temp:CD95E2C9 [138]
AlternateDataStreams: C:\ProgramData\Temp:CE253B51 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE707633 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3 [270]
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0 [278]
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06 [276]
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB [268]
AlternateDataStreams: C:\ProgramData\Temp:D0DCD8D7 [117]
AlternateDataStreams: C:\ProgramData\Temp:D1094629 [146]
AlternateDataStreams: C:\ProgramData\Temp:D1787194 [368]
AlternateDataStreams: C:\ProgramData\Temp:D22B04C3 [760]
AlternateDataStreams: C:\ProgramData\Temp:D2397415 [127]
AlternateDataStreams: C:\ProgramData\Temp:D254266B [300]
AlternateDataStreams: C:\ProgramData\Temp:D2972D66 [140]
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB [132]
AlternateDataStreams: C:\ProgramData\Temp:D36E068F [129]
AlternateDataStreams: C:\ProgramData\Temp:D414289B [135]
AlternateDataStreams: C:\ProgramData\Temp:D478F292 [135]
AlternateDataStreams: C:\ProgramData\Temp:D5458F6B [242]
AlternateDataStreams: C:\ProgramData\Temp:D59DE356 [130]
AlternateDataStreams: C:\ProgramData\Temp:D5B149F6 [131]
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D [130]
AlternateDataStreams: C:\ProgramData\Temp:D696AA12 [286]
AlternateDataStreams: C:\ProgramData\Temp:D6F7008C [216]
AlternateDataStreams: C:\ProgramData\Temp:D7DDEF83 [129]
AlternateDataStreams: C:\ProgramData\Temp:D8936165 [312]
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1 [140]
AlternateDataStreams: C:\ProgramData\Temp:D9243D84 [122]
AlternateDataStreams: C:\ProgramData\Temp:DA2268D5 [143]
AlternateDataStreams: C:\ProgramData\Temp:DA6DA9A1 [134]
AlternateDataStreams: C:\ProgramData\Temp:DBF7208A [782]
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3 [118]
AlternateDataStreams: C:\ProgramData\Temp:DCC6EDE9 [138]
AlternateDataStreams: C:\ProgramData\Temp:DD780579 [264]
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9 [250]
AlternateDataStreams: C:\ProgramData\Temp:DE33A453 [266]
AlternateDataStreams: C:\ProgramData\Temp:DE813CDD [242]
AlternateDataStreams: C:\ProgramData\Temp:DE8F2B8B [149]
AlternateDataStreams: C:\ProgramData\Temp:DEEA54A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:DF19F127 [244]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:E0553E73 [258]
AlternateDataStreams: C:\ProgramData\Temp:E21413B8 [238]
AlternateDataStreams: C:\ProgramData\Temp:E2295807 [145]
AlternateDataStreams: C:\ProgramData\Temp:E24659F6 [141]
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1 [163]
AlternateDataStreams: C:\ProgramData\Temp:E397CC9D [131]
AlternateDataStreams: C:\ProgramData\Temp:E44513D0 [123]
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41 [135]
AlternateDataStreams: C:\ProgramData\Temp:E5B07840 [266]
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD [147]
AlternateDataStreams: C:\ProgramData\Temp:E62BD5C1 [268]
AlternateDataStreams: C:\ProgramData\Temp:E6537A16 [125]
AlternateDataStreams: C:\ProgramData\Temp:E67D0FCB [120]
AlternateDataStreams: C:\ProgramData\Temp:E6A94369 [138]
AlternateDataStreams: C:\ProgramData\Temp:E6A96BE9 [284]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [139]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [104]
AlternateDataStreams: C:\ProgramData\Temp:E7614E1F [128]
AlternateDataStreams: C:\ProgramData\Temp:E8B61305 [286]
AlternateDataStreams: C:\ProgramData\Temp:E96D894A [238]
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C [139]
AlternateDataStreams: C:\ProgramData\Temp:E9D68B36 [302]
AlternateDataStreams: C:\ProgramData\Temp:EA149D25 [133]
AlternateDataStreams: C:\ProgramData\Temp:EA17702A [120]
AlternateDataStreams: C:\ProgramData\Temp:EABCC64A [290]
AlternateDataStreams: C:\ProgramData\Temp:EB4FEEF5 [274]
AlternateDataStreams: C:\ProgramData\Temp:EB5574AF [150]
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55 [122]
AlternateDataStreams: C:\ProgramData\Temp:EC0BE05C [143]
AlternateDataStreams: C:\ProgramData\Temp:EC1B2CAA [146]
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923 [121]
AlternateDataStreams: C:\ProgramData\Temp:EC46FC9D [278]
AlternateDataStreams: C:\ProgramData\Temp:EC752217 [145]
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83 [144]
AlternateDataStreams: C:\ProgramData\Temp:ED98A153 [124]
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC [133]
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44 [131]
AlternateDataStreams: C:\ProgramData\Temp:EE0B4216 [141]
AlternateDataStreams: C:\ProgramData\Temp:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1 [134]
AlternateDataStreams: C:\ProgramData\Temp:F131B2B8 [146]
AlternateDataStreams: C:\ProgramData\Temp:F2B0ABCC [137]
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB [145]
AlternateDataStreams: C:\ProgramData\Temp:F399A6E7 [262]
AlternateDataStreams: C:\ProgramData\Temp:F41E8853 [124]
AlternateDataStreams: C:\ProgramData\Temp:F4362715 [138]
AlternateDataStreams: C:\ProgramData\Temp:F49A2655 [270]
AlternateDataStreams: C:\ProgramData\Temp:F4BE8180 [134]
AlternateDataStreams: C:\ProgramData\Temp:F53B274A [298]
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A [149]
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE [266]
AlternateDataStreams: C:\ProgramData\Temp:F72306CC [120]
AlternateDataStreams: C:\ProgramData\Temp:F7370879 [236]
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF [268]
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93 [131]
AlternateDataStreams: C:\ProgramData\Temp:F83B9C51 [802]
AlternateDataStreams: C:\ProgramData\Temp:F875BF80 [262]
AlternateDataStreams: C:\ProgramData\Temp:F919FD4E [129]
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 [282]
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72 [130]
AlternateDataStreams: C:\ProgramData\Temp:FA65E745 [130]
AlternateDataStreams: C:\ProgramData\Temp:FB29EC2F [248]
AlternateDataStreams: C:\ProgramData\Temp:FB749AFB [762]
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6 [274]
AlternateDataStreams: C:\ProgramData\Temp:FBA79096 [250]
AlternateDataStreams: C:\ProgramData\Temp:FC414D14 [129]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [146]
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61 [113]
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A [135]
AlternateDataStreams: C:\ProgramData\Temp:FCDCCA12 [125]
AlternateDataStreams: C:\ProgramData\Temp:FD38E906 [146]
AlternateDataStreams: C:\ProgramData\Temp:FD7E32B5 [284]
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08 [278]
AlternateDataStreams: C:\ProgramData\Temp:FDF70DCD [149]
AlternateDataStreams: C:\ProgramData\Temp:FEB4D048 [146]
AlternateDataStreams: C:\ProgramData\Temp:FEE8782C [290]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3840]
AlternateDataStreams: C:\Users\john\Application Data:gs5sys [11520]
AlternateDataStreams: C:\Users\john\Cookies:gs5sys [12288]
AlternateDataStreams: C:\Users\john\Local Settings:gs5sys [45058]
AlternateDataStreams: C:\Users\john\Local Settings:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\Templates:gs5sys [46082]
AlternateDataStreams: C:\Users\john\Desktop\desktop.ini:gs5sys [9728]
AlternateDataStreams: C:\Users\john\Downloads\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\john\AppData\Local:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Roaming:gs5sys [11520]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Local\History:gs5sys [47106]
AlternateDataStreams: C:\Users\john\AppData\Local\Temp:GMlFSYKkVXJlnoN1JqpFASL [2390]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\desktop.ini:gs5sys [47106]
AlternateDataStreams: C:\Users\john\Documents\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [11520]
FirewallRules: [TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{598EA2EE-94E3-4963-BCBB-638A63A9B3EC}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA916AC4-8F31-493B-B3D6-84A90ADD7808}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{780750F7-AB85-4E0F-BEB5-D1E35B74B40A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
C:\Program Files (x86)\IObit
C:\Windows\System32\Drivers\SmartDefragDriver.sys
C:\Users\john\AppData\Roaming\base_en.db
C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
C:\Users\john\AppData\Roaming\log.txt
C:\Users\john\AppData\Roaming\settings.xml
C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
C:\Users\john\AppData\Roaming\wklnhst.dat
C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\john\AppData\Local\dt.dat
C:\Users\john\AppData\Local\file__0.localstorage
C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
C:\ProgramData\hpzinstall.log
C:\ProgramData\PKP_DLdu.DAT
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\program files (x86)\utorrent
C:\Users\john\AppData\Roaming\BitTorrent
Hosts:
EmptyTemp:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017
Ran by john (22-04-2017 18:42:39)
Running from C:\Users\john\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-06-30 21:57:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

1E8872683E574B869C7C (S-1-5-21-1151682749-726298257-2278553524-1006 - Limited - Enabled)
Administrator (S-1-5-21-1151682749-726298257-2278553524-500 - Administrator - Disabled)
Guest (S-1-5-21-1151682749-726298257-2278553524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1151682749-726298257-2278553524-1005 - Limited - Enabled)
john (S-1-5-21-1151682749-726298257-2278553524-1001 - Administrator - Enabled) => C:\Users\john
UpdatusUser (S-1-5-21-1151682749-726298257-2278553524-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\Dropbox) (Version: 23.4.18 - Dropbox, Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Games Manager (HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\GamesManager) (Version: 2.15.2.971 - iWin Inc.)
GoldWave v6.21 (HKLM\...\GoldWave v6.21) (Version: 6.21 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.14.41 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.6.14.19 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Online Plug-in (x32 Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 1.7.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Rescue Team 4 (HKLM-x32\...\e55e1cd4e5529d1632e08e4a4aba1c89) (Version:  - Zylom)
Rig Manager (HKLM\...\{AC70377B-F83B-484E-8F42-553FDE919848}) (Version: 2.0.17.12837 - Kemper GmbH)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Self-service Plug-in (x32 Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version:  - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1151682749-726298257-2278553524-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D6C7754-DF90-45C1-A6A5-EF86D8321492} - \{184C56A0-C3E2-442E-A862-F599E4EADB5B} -> No File <==== ATTENTION
Task: {1865B619-F3A4-4E0E-A16B-0D168B78CC62} - \{025BAF31-693D-42E4-9751-3685D6E4BAE4} -> No File <==== ATTENTION
Task: {18997706-8B99-4678-B009-60B0D8D62EB0} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} - \{3F481316-3BDA-4DB7-A607-3902589DE710} -> No File <==== ATTENTION
Task: {1F032558-CC9E-43DE-A7CB-8286BD7FACAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {405B9123-065B-4D5B-9248-E455494B5D8E} - \ASC10_SkipUac_john -> No File <==== ATTENTION
Task: {42FDF028-EF57-442E-B11A-B4D02F136A66} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {4F0D0BBA-C148-4E64-A3C7-DA72253AF440} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {50218AC2-EB2C-4121-900D-54DCB77D7685} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} - \ServicePlan -> No File <==== ATTENTION
Task: {5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {5B38BC29-5F97-46AA-A078-D00157D9BF66} - \{2656970F-B297-4BDF-B6B0-F33AC426CE4A} -> No File <==== ATTENTION
Task: {5E2E4401-0395-409F-8A90-F74862ABC303} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {5F0E89B2-86AE-4E32-BB1E-A9D07B4E7C4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {62DE9D35-2333-40CC-A9AF-4DBC0C4A8BD5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001Core => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {74A8BC2B-A993-434F-8D3C-502FBD66F3A9} - \{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} -> No File <==== ATTENTION
Task: {86F962BD-A931-492C-B2C6-46985734F5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {9093F20B-7EF1-4D93-9848-9283BF4219A3} - \{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} -> No File <==== ATTENTION
Task: {96C2585D-1B0B-48CB-A420-F664A7FF1902} - \{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} -> No File <==== ATTENTION
Task: {9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} - \SidebarExecute -> No File <==== ATTENTION
Task: {A301682B-A2E6-400B-863C-93D375796FA2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001UA => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} - \{D824C271-A6E2-4C9F-888E-3E9F92EFD934} -> No File <==== ATTENTION
Task: {AC7CE4FC-A37A-4DAE-9B2C-BC928CDF5ECA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B74D63C6-C18A-4757-8DE0-048F995E5BD1} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {C1365946-5801-43B2-A116-FAFE0D1D436C} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {C36BD1E3-D0D6-4238-9A94-8AB293C7088B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-24] (HP Inc.)
Task: {C491A3E4-CDB7-413C-9E62-2DAFD28E460E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {C5D7AE00-8283-4F06-8AF9-6BE8C0F1FF57} - System32\Tasks\HPCeeScheduleForjohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {C91F53F5-DECC-4E66-AB14-1BD871AAE779} - \{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} -> No File <==== ATTENTION
Task: {CB3736ED-2C41-4515-BC94-BEB52D8FCEF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {CE967B34-0125-41CC-A7EB-60785DCF3E8C} - \ExtendedServicePlan -> No File <==== ATTENTION
Task: {D77F101F-79B5-43BC-9E54-21B35CD69FEE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1151682749-726298257-2278553524-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
Task: {DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} - \{30C93F67-CAFC-40C9-92F4-E68B488499FF} -> No File <==== ATTENTION
Task: {E37D055E-4FAC-461C-B493-594355FFFD7E} - \{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} -> No File <==== ATTENTION
Task: {E7702CC7-56AA-4B59-BAD4-3CC33D0D3C67} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1151682749-726298257-2278553524-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-12-16] (RealNetworks, Inc.)
Task: {F0A9F521-54A1-4C48-8778-3BC22E02B752} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} - \{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} -> No File <==== ATTENTION
Task: {F55D43D4-5001-482C-98FA-9BFB642F517D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F7216E9A-9E1E-4619-929B-427478F66A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001Core.job => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1151682749-726298257-2278553524-1001UA.job => C:\Users\john\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForjohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\john\Desktop\Play iWin Games.lnk -> C:\Users\john\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2017-02-03 19:33 - 2015-01-30 19:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-17 22:53 - 2014-12-11 18:48 - 08397536 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2013-01-17 22:53 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-01-17 22:53 - 2014-07-22 10:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-01-17 22:53 - 2015-03-05 18:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2017-04-11 20:29 - 2017-04-11 20:29 - 19700312 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData:gs5sys [13824]
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\Users\All Users:gs5sys [13824]
AlternateDataStreams: C:\Users\john:gs5sys [11264]
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [13824]
AlternateDataStreams: C:\ProgramData\Microsoft:B9xwA2h14JKte5pCL [2108]
AlternateDataStreams: C:\ProgramData\Microsoft:Xfs7bpoxDwey85FI [2078]
AlternateDataStreams: C:\ProgramData\Temp:00373BA4 [135]
AlternateDataStreams: C:\ProgramData\Temp:012BC84F [282]
AlternateDataStreams: C:\ProgramData\Temp:01312928 [146]
AlternateDataStreams: C:\ProgramData\Temp:028EA3FD [118]
AlternateDataStreams: C:\ProgramData\Temp:03F9B551 [270]
AlternateDataStreams: C:\ProgramData\Temp:04076B92 [137]
AlternateDataStreams: C:\ProgramData\Temp:041ED421 [138]
AlternateDataStreams: C:\ProgramData\Temp:04406D73 [376]
AlternateDataStreams: C:\ProgramData\Temp:050C0DEA [140]
AlternateDataStreams: C:\ProgramData\Temp:05BF1B63 [202]
AlternateDataStreams: C:\ProgramData\Temp:060A3B0B [244]
AlternateDataStreams: C:\ProgramData\Temp:06771D62 [125]
AlternateDataStreams: C:\ProgramData\Temp:06C34166 [128]
AlternateDataStreams: C:\ProgramData\Temp:08003876 [132]
AlternateDataStreams: C:\ProgramData\Temp:084612C9 [130]
AlternateDataStreams: C:\ProgramData\Temp:08A03B9E [654]
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD [230]
AlternateDataStreams: C:\ProgramData\Temp:0968E571 [244]
AlternateDataStreams: C:\ProgramData\Temp:09867A8B [141]
AlternateDataStreams: C:\ProgramData\Temp:0A2A7D18 [132]
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5 [260]
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F [107]
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B [310]
AlternateDataStreams: C:\ProgramData\Temp:0B11E9EE [143]
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A [276]
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47 [126]
AlternateDataStreams: C:\ProgramData\Temp:0D6F7BD4 [139]
AlternateDataStreams: C:\ProgramData\Temp:0DAE9980 [129]
AlternateDataStreams: C:\ProgramData\Temp:0DDDD3CD [133]
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [139]
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [141]
AlternateDataStreams: C:\ProgramData\Temp:0F0F9094 [127]
AlternateDataStreams: C:\ProgramData\Temp:104A718B [276]
AlternateDataStreams: C:\ProgramData\Temp:10516C76 [146]
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1 [284]
AlternateDataStreams: C:\ProgramData\Temp:10BBEFEF [746]
AlternateDataStreams: C:\ProgramData\Temp:11EF326F [139]
AlternateDataStreams: C:\ProgramData\Temp:127BB39D [140]
AlternateDataStreams: C:\ProgramData\Temp:12A012A1 [129]
AlternateDataStreams: C:\ProgramData\Temp:12A3FA49 [132]
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9 [240]
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0 [120]
AlternateDataStreams: C:\ProgramData\Temp:14050722 [132]
AlternateDataStreams: C:\ProgramData\Temp:149E8786 [282]
AlternateDataStreams: C:\ProgramData\Temp:15381DB9 [136]
AlternateDataStreams: C:\ProgramData\Temp:158AC5F5 [137]
AlternateDataStreams: C:\ProgramData\Temp:15FA1ECB [151]
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B [280]
AlternateDataStreams: C:\ProgramData\Temp:1656EE95 [246]
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6 [268]
AlternateDataStreams: C:\ProgramData\Temp:16A4620C [258]
AlternateDataStreams: C:\ProgramData\Temp:16D21E17 [288]
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F [132]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:18345E10 [144]
AlternateDataStreams: C:\ProgramData\Temp:1858B534 [112]
AlternateDataStreams: C:\ProgramData\Temp:18B35CC4 [113]
AlternateDataStreams: C:\ProgramData\Temp:18B5F839 [138]
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51 [272]
AlternateDataStreams: C:\ProgramData\Temp:19636FDD [262]
AlternateDataStreams: C:\ProgramData\Temp:1968990D [254]
AlternateDataStreams: C:\ProgramData\Temp:19D3BC34 [149]
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C [276]
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204 [284]
AlternateDataStreams: C:\ProgramData\Temp:1AE1D58D [288]
AlternateDataStreams: C:\ProgramData\Temp:1DEA36D6 [132]
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA [136]
AlternateDataStreams: C:\ProgramData\Temp:1F2F0F76 [119]
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F [144]
AlternateDataStreams: C:\ProgramData\Temp:20EB6823 [120]
AlternateDataStreams: C:\ProgramData\Temp:2216A431 [278]
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA [137]
AlternateDataStreams: C:\ProgramData\Temp:2532C28E [121]
AlternateDataStreams: C:\ProgramData\Temp:2556A8A0 [141]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [146]
AlternateDataStreams: C:\ProgramData\Temp:25EF6F01 [129]
AlternateDataStreams: C:\ProgramData\Temp:26FF37EB [144]
AlternateDataStreams: C:\ProgramData\Temp:2707D83A [286]
AlternateDataStreams: C:\ProgramData\Temp:27C59043 [104]
AlternateDataStreams: C:\ProgramData\Temp:2892289F [125]
AlternateDataStreams: C:\ProgramData\Temp:28C6BEBF [144]
AlternateDataStreams: C:\ProgramData\Temp:29B37860 [234]
AlternateDataStreams: C:\ProgramData\Temp:29C0641D [284]
AlternateDataStreams: C:\ProgramData\Temp:2A48233F [130]
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4 [276]
AlternateDataStreams: C:\ProgramData\Temp:2B856118 [268]
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [234]
AlternateDataStreams: C:\ProgramData\Temp:2BB2D50B [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:2CED8825 [138]
AlternateDataStreams: C:\ProgramData\Temp:2F539966 [294]
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD [135]
AlternateDataStreams: C:\ProgramData\Temp:300E36AB [149]
AlternateDataStreams: C:\ProgramData\Temp:309E3827 [125]
AlternateDataStreams: C:\ProgramData\Temp:317F7381 [126]
AlternateDataStreams: C:\ProgramData\Temp:3252A6BA [132]
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED [133]
AlternateDataStreams: C:\ProgramData\Temp:346337E3 [146]
AlternateDataStreams: C:\ProgramData\Temp:3469612C [270]
AlternateDataStreams: C:\ProgramData\Temp:34EFF1F2 [246]
AlternateDataStreams: C:\ProgramData\Temp:35629AE6 [286]
AlternateDataStreams: C:\ProgramData\Temp:3571475C [250]
AlternateDataStreams: C:\ProgramData\Temp:366B74CA [246]
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD [272]
AlternateDataStreams: C:\ProgramData\Temp:3895D488 [136]
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83 [141]
AlternateDataStreams: C:\ProgramData\Temp:38FF076E [132]
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7 [286]
AlternateDataStreams: C:\ProgramData\Temp:3A4A5185 [264]
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\Temp:3B12F2EC [146]
AlternateDataStreams: C:\ProgramData\Temp:3B84A3F1 [140]
AlternateDataStreams: C:\ProgramData\Temp:3BB073C2 [144]
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF [284]
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D [154]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [250]
AlternateDataStreams: C:\ProgramData\Temp:3E208EC8 [131]
AlternateDataStreams: C:\ProgramData\Temp:3E2A4708 [770]
AlternateDataStreams: C:\ProgramData\Temp:3E9452A9 [272]
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\Temp:41472405 [124]
AlternateDataStreams: C:\ProgramData\Temp:426CDD93 [756]
AlternateDataStreams: C:\ProgramData\Temp:432EC713 [141]
AlternateDataStreams: C:\ProgramData\Temp:434CFDCA [236]
AlternateDataStreams: C:\ProgramData\Temp:436BE28C [256]
AlternateDataStreams: C:\ProgramData\Temp:43E0EC8A [250]
AlternateDataStreams: C:\ProgramData\Temp:448E7C5B [133]
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\Temp:46C7F417 [242]
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\Temp:4911BB5C [214]
AlternateDataStreams: C:\ProgramData\Temp:4A10AFB7 [146]
AlternateDataStreams: C:\ProgramData\Temp:4B2A0356 [278]
AlternateDataStreams: C:\ProgramData\Temp:4B2E08FB [244]
AlternateDataStreams: C:\ProgramData\Temp:4B325725 [70]
AlternateDataStreams: C:\ProgramData\Temp:4B4D7EF3 [155]
AlternateDataStreams: C:\ProgramData\Temp:4BC514A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5 [129]
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B [132]
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D [125]
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B [125]
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8 [139]
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E [136]
AlternateDataStreams: C:\ProgramData\Temp:4D348522 [132]
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8 [140]
AlternateDataStreams: C:\ProgramData\Temp:517EFA90 [135]
AlternateDataStreams: C:\ProgramData\Temp:51E05A3A [230]
AlternateDataStreams: C:\ProgramData\Temp:52329B88 [146]
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF [137]
AlternateDataStreams: C:\ProgramData\Temp:54531C7D [256]
AlternateDataStreams: C:\ProgramData\Temp:54C1075C [147]
AlternateDataStreams: C:\ProgramData\Temp:54F257C0 [194]
AlternateDataStreams: C:\ProgramData\Temp:56A74E89 [130]
AlternateDataStreams: C:\ProgramData\Temp:57173DB4 [137]
AlternateDataStreams: C:\ProgramData\Temp:574311A1 [130]
AlternateDataStreams: C:\ProgramData\Temp:57B374AB [276]
AlternateDataStreams: C:\ProgramData\Temp:57CFEA7A [144]
AlternateDataStreams: C:\ProgramData\Temp:581ECF22 [112]
AlternateDataStreams: C:\ProgramData\Temp:58A7E801 [234]
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB [128]
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B [280]
AlternateDataStreams: C:\ProgramData\Temp:5C818B5D [141]
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE [154]
AlternateDataStreams: C:\ProgramData\Temp:5D4F063C [292]
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B [138]
AlternateDataStreams: C:\ProgramData\Temp:5FEAB2C8 [379]
AlternateDataStreams: C:\ProgramData\Temp:602EC63C [262]
AlternateDataStreams: C:\ProgramData\Temp:607A99D7 [133]
AlternateDataStreams: C:\ProgramData\Temp:616A2A70 [118]
AlternateDataStreams: C:\ProgramData\Temp:619F147E [159]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [140]
AlternateDataStreams: C:\ProgramData\Temp:624A80FD [192]
AlternateDataStreams: C:\ProgramData\Temp:6271B518 [122]
AlternateDataStreams: C:\ProgramData\Temp:62AF0D82 [129]
AlternateDataStreams: C:\ProgramData\Temp:6358B2F7 [135]
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9 [296]
AlternateDataStreams: C:\ProgramData\Temp:63E88FD4 [141]
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF [144]
AlternateDataStreams: C:\ProgramData\Temp:6423D635 [242]
AlternateDataStreams: C:\ProgramData\Temp:6447E3B5 [238]
AlternateDataStreams: C:\ProgramData\Temp:6468C896 [272]
AlternateDataStreams: C:\ProgramData\Temp:64BDD821 [226]
AlternateDataStreams: C:\ProgramData\Temp:65621319 [145]
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A [124]
AlternateDataStreams: C:\ProgramData\Temp:67396145 [154]
AlternateDataStreams: C:\ProgramData\Temp:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA [118]
AlternateDataStreams: C:\ProgramData\Temp:680086AB [114]
AlternateDataStreams: C:\ProgramData\Temp:68198EE3 [135]
AlternateDataStreams: C:\ProgramData\Temp:68C21E42 [304]
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7 [136]
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F [750]
AlternateDataStreams: C:\ProgramData\Temp:69ED1286 [286]
AlternateDataStreams: C:\ProgramData\Temp:6A609C67 [128]
AlternateDataStreams: C:\ProgramData\Temp:6B251180 [288]
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4 [135]
AlternateDataStreams: C:\ProgramData\Temp:6BF6CA71 [133]
AlternateDataStreams: C:\ProgramData\Temp:6C718587 [246]
AlternateDataStreams: C:\ProgramData\Temp:6CCDA168 [112]
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2 [147]
AlternateDataStreams: C:\ProgramData\Temp:6DC537DB [308]
AlternateDataStreams: C:\ProgramData\Temp:6DCC0E34 [274]
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746 [256]
AlternateDataStreams: C:\ProgramData\Temp:6E271126 [117]
AlternateDataStreams: C:\ProgramData\Temp:6EC8F6C5 [210]
AlternateDataStreams: C:\ProgramData\Temp:6F0C95A1 [290]
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1 [286]
AlternateDataStreams: C:\ProgramData\Temp:6F84C4DE [131]
AlternateDataStreams: C:\ProgramData\Temp:6F998753 [145]
AlternateDataStreams: C:\ProgramData\Temp:6F9C57B9 [146]
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6FA918FA [145]
AlternateDataStreams: C:\ProgramData\Temp:701B92FB [242]
AlternateDataStreams: C:\ProgramData\Temp:70BDB805 [127]
AlternateDataStreams: C:\ProgramData\Temp:70FD4407 [272]
AlternateDataStreams: C:\ProgramData\Temp:7109C24A [141]
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A [228]
AlternateDataStreams: C:\ProgramData\Temp:73879882 [280]
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96 [119]
AlternateDataStreams: C:\ProgramData\Temp:73B78E79 [128]
AlternateDataStreams: C:\ProgramData\Temp:7455D6E6 [144]
AlternateDataStreams: C:\ProgramData\Temp:74A0E249 [152]
AlternateDataStreams: C:\ProgramData\Temp:74E256F6 [133]
AlternateDataStreams: C:\ProgramData\Temp:751D6870 [146]
AlternateDataStreams: C:\ProgramData\Temp:757BA6A5 [154]
AlternateDataStreams: C:\ProgramData\Temp:75CEDFA5 [117]
AlternateDataStreams: C:\ProgramData\Temp:77066415 [760]
AlternateDataStreams: C:\ProgramData\Temp:77E239B1 [127]
AlternateDataStreams: C:\ProgramData\Temp:77E927FC [136]
AlternateDataStreams: C:\ProgramData\Temp:7804B508 [124]
AlternateDataStreams: C:\ProgramData\Temp:7890F666 [314]
AlternateDataStreams: C:\ProgramData\Temp:796EE7C8 [120]
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE [130]
AlternateDataStreams: C:\ProgramData\Temp:7A51F685 [290]
AlternateDataStreams: C:\ProgramData\Temp:7ACF38DE [246]
AlternateDataStreams: C:\ProgramData\Temp:7D288858 [141]
AlternateDataStreams: C:\ProgramData\Temp:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA [464]
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621 [128]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [266]
AlternateDataStreams: C:\ProgramData\Temp:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\Temp:81E0F9D0 [146]
AlternateDataStreams: C:\ProgramData\Temp:81F65F60 [748]
AlternateDataStreams: C:\ProgramData\Temp:82111599 [244]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [256]
AlternateDataStreams: C:\ProgramData\Temp:84618038 [133]
AlternateDataStreams: C:\ProgramData\Temp:84D1C282 [130]
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7 [148]
AlternateDataStreams: C:\ProgramData\Temp:85376176 [121]
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3 [133]
AlternateDataStreams: C:\ProgramData\Temp:87E3D720 [147]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [146]
AlternateDataStreams: C:\ProgramData\Temp:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\Temp:8967C154 [126]
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44 [132]
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB [152]
AlternateDataStreams: C:\ProgramData\Temp:89FED318 [286]
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E [109]
AlternateDataStreams: C:\ProgramData\Temp:8AC20936 [129]
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3 [135]
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD [145]
AlternateDataStreams: C:\ProgramData\Temp:8C49003C [145]
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3 [122]
AlternateDataStreams: C:\ProgramData\Temp:8D634113 [732]
AlternateDataStreams: C:\ProgramData\Temp:8D9C24E0 [260]
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71 [115]
AlternateDataStreams: C:\ProgramData\Temp:902C848D [250]
AlternateDataStreams: C:\ProgramData\Temp:9083C3AD [123]
AlternateDataStreams: C:\ProgramData\Temp:90C320E1 [250]
AlternateDataStreams: C:\ProgramData\Temp:91244A8F [118]
AlternateDataStreams: C:\ProgramData\Temp:9124663C [128]
AlternateDataStreams: C:\ProgramData\Temp:92421EF9 [123]
AlternateDataStreams: C:\ProgramData\Temp:927EC486 [256]
AlternateDataStreams: C:\ProgramData\Temp:928DF32E [286]
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9 [292]
AlternateDataStreams: C:\ProgramData\Temp:947107AC [124]
AlternateDataStreams: C:\ProgramData\Temp:9491C9C7 [276]
AlternateDataStreams: C:\ProgramData\Temp:95198126 [100]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [252]
AlternateDataStreams: C:\ProgramData\Temp:972E051C [248]
AlternateDataStreams: C:\ProgramData\Temp:973DCFFF [780]
AlternateDataStreams: C:\ProgramData\Temp:97B3B270 [278]
AlternateDataStreams: C:\ProgramData\Temp:97ECE74A [150]
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6 [131]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203 [127]
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6 [140]
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C [119]
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [288]
AlternateDataStreams: C:\ProgramData\Temp:9BF0C425 [280]
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE [280]
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6 [133]
AlternateDataStreams: C:\ProgramData\Temp:9D03192E [118]
AlternateDataStreams: C:\ProgramData\Temp:9D60BE91 [276]
AlternateDataStreams: C:\ProgramData\Temp:9D91E651 [126]
AlternateDataStreams: C:\ProgramData\Temp:9DDABE44 [278]
AlternateDataStreams: C:\ProgramData\Temp:9DF24CB2 [140]
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0 [122]
AlternateDataStreams: C:\ProgramData\Temp:9E4F05ED [128]
AlternateDataStreams: C:\ProgramData\Temp:9F38BF31 [143]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [126]
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9 [116]
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F [252]
AlternateDataStreams: C:\ProgramData\Temp:A103830F [133]
AlternateDataStreams: C:\ProgramData\Temp:A22AF60D [138]
AlternateDataStreams: C:\ProgramData\Temp:A279C25A [136]
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B [126]
AlternateDataStreams: C:\ProgramData\Temp:A43B789A [139]
AlternateDataStreams: C:\ProgramData\Temp:A44008FA [250]
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F [278]
AlternateDataStreams: C:\ProgramData\Temp:A5948878 [132]
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80 [152]
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF [123]
AlternateDataStreams: C:\ProgramData\Temp:A8606E6E [292]
AlternateDataStreams: C:\ProgramData\Temp:A899E64E [141]
AlternateDataStreams: C:\ProgramData\Temp:A89B3FB8 [722]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2 [153]
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF [118]
AlternateDataStreams: C:\ProgramData\Temp:A9BB1126 [258]
AlternateDataStreams: C:\ProgramData\Temp:AA559E17 [136]
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB [134]
AlternateDataStreams: C:\ProgramData\Temp:AE289451 [145]
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA [139]
AlternateDataStreams: C:\ProgramData\Temp:B02249C3 [124]
AlternateDataStreams: C:\ProgramData\Temp:B059B88E [147]
AlternateDataStreams: C:\ProgramData\Temp:B0B6C3E8 [187]
AlternateDataStreams: C:\ProgramData\Temp:B0BD7797 [272]
AlternateDataStreams: C:\ProgramData\Temp:B162D6FD [138]
AlternateDataStreams: C:\ProgramData\Temp:B1EED3AD [130]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [103]
AlternateDataStreams: C:\ProgramData\Temp:B243953E [134]
AlternateDataStreams: C:\ProgramData\Temp:B285A50E [268]
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4 [754]
AlternateDataStreams: C:\ProgramData\Temp:B3550AA2 [280]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [126]
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE [256]
AlternateDataStreams: C:\ProgramData\Temp:B3A4FEE1 [129]
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C [148]
AlternateDataStreams: C:\ProgramData\Temp:B445A124 [133]
AlternateDataStreams: C:\ProgramData\Temp:B4F7687B [278]
AlternateDataStreams: C:\ProgramData\Temp:B53DCFC9 [127]
AlternateDataStreams: C:\ProgramData\Temp:B5F623E4 [248]
AlternateDataStreams: C:\ProgramData\Temp:B615ABD3 [137]
AlternateDataStreams: C:\ProgramData\Temp:B65E763D [139]
AlternateDataStreams: C:\ProgramData\Temp:B6C1A5F4 [266]
AlternateDataStreams: C:\ProgramData\Temp:B779C113 [252]
AlternateDataStreams: C:\ProgramData\Temp:B790962B [128]
AlternateDataStreams: C:\ProgramData\Temp:B7E52658 [119]
AlternateDataStreams: C:\ProgramData\Temp:B8428FE1 [137]
AlternateDataStreams: C:\ProgramData\Temp:B86642C5 [152]
AlternateDataStreams: C:\ProgramData\Temp:B86927F0 [149]
AlternateDataStreams: C:\ProgramData\Temp:B88DC997 [278]
AlternateDataStreams: C:\ProgramData\Temp:B9433D0F [129]
AlternateDataStreams: C:\ProgramData\Temp:B9BD98A8 [246]
AlternateDataStreams: C:\ProgramData\Temp:B9E36774 [141]
AlternateDataStreams: C:\ProgramData\Temp:BA5938AB [278]
AlternateDataStreams: C:\ProgramData\Temp:BB004A7D [114]
AlternateDataStreams: C:\ProgramData\Temp:BB718C46 [282]
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:BD659567 [153]
AlternateDataStreams: C:\ProgramData\Temp:C07829DC [258]
AlternateDataStreams: C:\ProgramData\Temp:C085F80B [280]
AlternateDataStreams: C:\ProgramData\Temp:C0DFB793 [139]
AlternateDataStreams: C:\ProgramData\Temp:C0EFBD3F [132]
AlternateDataStreams: C:\ProgramData\Temp:C178954A [135]
AlternateDataStreams: C:\ProgramData\Temp:C1DBE635 [140]
AlternateDataStreams: C:\ProgramData\Temp:C1FF1B01 [132]
AlternateDataStreams: C:\ProgramData\Temp:C356A185 [294]
AlternateDataStreams: C:\ProgramData\Temp:C37283B5 [272]
AlternateDataStreams: C:\ProgramData\Temp:C3C72D5F [128]
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A [134]
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6 [152]
AlternateDataStreams: C:\ProgramData\Temp:C52EF004 [246]
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57 [136]
AlternateDataStreams: C:\ProgramData\Temp:C5B1FE54 [133]
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8 [125]
AlternateDataStreams: C:\ProgramData\Temp:C7857F06 [238]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [118]
AlternateDataStreams: C:\ProgramData\Temp:C8182692 [228]
AlternateDataStreams: C:\ProgramData\Temp:C82210DD [135]
AlternateDataStreams: C:\ProgramData\Temp:C91C214D [268]
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06 [262]
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592 [136]
AlternateDataStreams: C:\ProgramData\Temp:CA4FAE31 [135]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [102]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [268]
AlternateDataStreams: C:\ProgramData\Temp:CC45913B [135]
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8 [236]
AlternateDataStreams: C:\ProgramData\Temp:CCFB0FDD [119]
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC [246]
AlternateDataStreams: C:\ProgramData\Temp:CD95E2C9 [138]
AlternateDataStreams: C:\ProgramData\Temp:CE253B51 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE707633 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3 [270]
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0 [278]
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06 [276]
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB [268]
AlternateDataStreams: C:\ProgramData\Temp:D0DCD8D7 [117]
AlternateDataStreams: C:\ProgramData\Temp:D1094629 [146]
AlternateDataStreams: C:\ProgramData\Temp:D1787194 [368]
AlternateDataStreams: C:\ProgramData\Temp:D22B04C3 [760]
AlternateDataStreams: C:\ProgramData\Temp:D2397415 [127]
AlternateDataStreams: C:\ProgramData\Temp:D254266B [300]
AlternateDataStreams: C:\ProgramData\Temp:D2972D66 [140]
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB [132]
AlternateDataStreams: C:\ProgramData\Temp:D36E068F [129]
AlternateDataStreams: C:\ProgramData\Temp:D414289B [135]
AlternateDataStreams: C:\ProgramData\Temp:D478F292 [135]
AlternateDataStreams: C:\ProgramData\Temp:D5458F6B [242]
AlternateDataStreams: C:\ProgramData\Temp:D59DE356 [130]
AlternateDataStreams: C:\ProgramData\Temp:D5B149F6 [131]
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D [130]
AlternateDataStreams: C:\ProgramData\Temp:D696AA12 [286]
AlternateDataStreams: C:\ProgramData\Temp:D6F7008C [216]
AlternateDataStreams: C:\ProgramData\Temp:D7DDEF83 [129]
AlternateDataStreams: C:\ProgramData\Temp:D8936165 [312]
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1 [140]
AlternateDataStreams: C:\ProgramData\Temp:D9243D84 [122]
AlternateDataStreams: C:\ProgramData\Temp:DA2268D5 [143]
AlternateDataStreams: C:\ProgramData\Temp:DA6DA9A1 [134]
AlternateDataStreams: C:\ProgramData\Temp:DBF7208A [782]
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3 [118]
AlternateDataStreams: C:\ProgramData\Temp:DCC6EDE9 [138]
AlternateDataStreams: C:\ProgramData\Temp:DD780579 [264]
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9 [250]
AlternateDataStreams: C:\ProgramData\Temp:DE33A453 [266]
AlternateDataStreams: C:\ProgramData\Temp:DE813CDD [242]
AlternateDataStreams: C:\ProgramData\Temp:DE8F2B8B [149]
AlternateDataStreams: C:\ProgramData\Temp:DEEA54A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:DF19F127 [244]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:E0553E73 [258]
AlternateDataStreams: C:\ProgramData\Temp:E21413B8 [238]
AlternateDataStreams: C:\ProgramData\Temp:E2295807 [145]
AlternateDataStreams: C:\ProgramData\Temp:E24659F6 [141]
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1 [163]
AlternateDataStreams: C:\ProgramData\Temp:E397CC9D [131]
AlternateDataStreams: C:\ProgramData\Temp:E44513D0 [123]
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41 [135]
AlternateDataStreams: C:\ProgramData\Temp:E5B07840 [266]
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD [147]
AlternateDataStreams: C:\ProgramData\Temp:E62BD5C1 [268]
AlternateDataStreams: C:\ProgramData\Temp:E6537A16 [125]
AlternateDataStreams: C:\ProgramData\Temp:E67D0FCB [120]
AlternateDataStreams: C:\ProgramData\Temp:E6A94369 [138]
AlternateDataStreams: C:\ProgramData\Temp:E6A96BE9 [284]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [139]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [104]
AlternateDataStreams: C:\ProgramData\Temp:E7614E1F [128]
AlternateDataStreams: C:\ProgramData\Temp:E8B61305 [286]
AlternateDataStreams: C:\ProgramData\Temp:E96D894A [238]
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C [139]
AlternateDataStreams: C:\ProgramData\Temp:E9D68B36 [302]
AlternateDataStreams: C:\ProgramData\Temp:EA149D25 [133]
AlternateDataStreams: C:\ProgramData\Temp:EA17702A [120]
AlternateDataStreams: C:\ProgramData\Temp:EABCC64A [290]
AlternateDataStreams: C:\ProgramData\Temp:EB4FEEF5 [274]
AlternateDataStreams: C:\ProgramData\Temp:EB5574AF [150]
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55 [122]
AlternateDataStreams: C:\ProgramData\Temp:EC0BE05C [143]
AlternateDataStreams: C:\ProgramData\Temp:EC1B2CAA [146]
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923 [121]
AlternateDataStreams: C:\ProgramData\Temp:EC46FC9D [278]
AlternateDataStreams: C:\ProgramData\Temp:EC752217 [145]
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83 [144]
AlternateDataStreams: C:\ProgramData\Temp:ED98A153 [124]
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC [133]
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44 [131]
AlternateDataStreams: C:\ProgramData\Temp:EE0B4216 [141]
AlternateDataStreams: C:\ProgramData\Temp:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1 [134]
AlternateDataStreams: C:\ProgramData\Temp:F131B2B8 [146]
AlternateDataStreams: C:\ProgramData\Temp:F2B0ABCC [137]
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB [145]
AlternateDataStreams: C:\ProgramData\Temp:F399A6E7 [262]
AlternateDataStreams: C:\ProgramData\Temp:F41E8853 [124]
AlternateDataStreams: C:\ProgramData\Temp:F4362715 [138]
AlternateDataStreams: C:\ProgramData\Temp:F49A2655 [270]
AlternateDataStreams: C:\ProgramData\Temp:F4BE8180 [134]
AlternateDataStreams: C:\ProgramData\Temp:F53B274A [298]
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A [149]
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE [266]
AlternateDataStreams: C:\ProgramData\Temp:F72306CC [120]
AlternateDataStreams: C:\ProgramData\Temp:F7370879 [236]
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF [268]
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93 [131]
AlternateDataStreams: C:\ProgramData\Temp:F83B9C51 [802]
AlternateDataStreams: C:\ProgramData\Temp:F875BF80 [262]
AlternateDataStreams: C:\ProgramData\Temp:F919FD4E [129]
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 [282]
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72 [130]
AlternateDataStreams: C:\ProgramData\Temp:FA65E745 [130]
AlternateDataStreams: C:\ProgramData\Temp:FB29EC2F [248]
AlternateDataStreams: C:\ProgramData\Temp:FB749AFB [762]
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6 [274]
AlternateDataStreams: C:\ProgramData\Temp:FBA79096 [250]
AlternateDataStreams: C:\ProgramData\Temp:FC414D14 [129]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [146]
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61 [113]
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A [135]
AlternateDataStreams: C:\ProgramData\Temp:FCDCCA12 [125]
AlternateDataStreams: C:\ProgramData\Temp:FD38E906 [146]
AlternateDataStreams: C:\ProgramData\Temp:FD7E32B5 [284]
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08 [278]
AlternateDataStreams: C:\ProgramData\Temp:FDF70DCD [149]
AlternateDataStreams: C:\ProgramData\Temp:FEB4D048 [146]
AlternateDataStreams: C:\ProgramData\Temp:FEE8782C [290]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3840]
AlternateDataStreams: C:\Users\john\Application Data:gs5sys [11520]
AlternateDataStreams: C:\Users\john\Cookies:gs5sys [12288]
AlternateDataStreams: C:\Users\john\Local Settings:gs5sys [45058]
AlternateDataStreams: C:\Users\john\Local Settings:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\Templates:gs5sys [46082]
AlternateDataStreams: C:\Users\john\Desktop\desktop.ini:gs5sys [9728]
AlternateDataStreams: C:\Users\john\Downloads\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\john\AppData\Local:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Roaming:gs5sys [11520]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Local\History:gs5sys [47106]
AlternateDataStreams: C:\Users\john\AppData\Local\Temp:GMlFSYKkVXJlnoN1JqpFASL [2390]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\desktop.ini:gs5sys [47106]
AlternateDataStreams: C:\Users\john\Documents\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [11520]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more sites.

IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1151682749-726298257-2278553524-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-01-18 20:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\john\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AMInstantService => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1278001768\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IObit Security 360 => "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => c:\program files (x86)\itunes\ituneshelper.exe
MSCONFIG\startupreg: LightScribe Control Panel =>
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RESTART_STICKY_NOTES =>
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2944E753-3962-414F-AAA1-467F9643787B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{7B388EA9-8270-4B1C-811B-945B1005B8DC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CD87E23E-683E-490A-B8FE-1530CB39F95D}] => (Allow) svchost.exe
FirewallRules: [{B65B38E9-D968-4AB8-BB24-221E4D1C229D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{6A8D917B-924C-4E6B-82B5-32CBBA7A6AB4}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{BE5906A5-3D08-4CC9-9763-08984FDEC0A0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{55F2D688-E4BF-4AA0-9C05-240A348FCF07}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{8E3F62B6-1ABB-4548-BD6D-F58CFCFE1F36}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{FD956562-7ABB-411A-BED2-DD84DC10A18B}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{792802D1-F19A-4AF1-9A26-F22CBAE4D010}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{30F5C4D8-F5E7-4E72-8FB4-D26738C1EAAB}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{A8BA3BD7-91F7-4EEE-B7C5-89AF23125113}] => (Allow) C:\Program Files (x86)\AOL 9.5\waol.exe
FirewallRules: [{F15A0A0A-4D32-4638-8AC7-580629164952}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{5396D14A-F894-44FF-A5A1-E2BEECEAD4EA}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A8B38F89-C9B7-4753-BD94-74BB2B7350CA}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{752EAD38-5F12-47F1-9029-6C5C42A34240}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{10629FD0-1FE9-462A-8AC8-B3734EAF61F8}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{CDCB524A-ABF9-456F-BC36-37238B71F8C0}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{8EE69670-EEFE-4204-9C74-29E6D508D01A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{AA53262F-B2FE-46DA-A753-3D088A22E288}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1F517E3F-47B3-475F-9FD8-CF1114352FE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0008906B-3803-4E70-A359-5439B5F72B5E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{32A26467-706B-441B-844E-F9C3245138EA}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2902ABDE-995C-438B-810E-F6DB1DD730C9}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A58BB494-C40C-4A44-AB96-4A09B00CACBB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0776B845-65B6-4B73-8CAE-C3D1DBEE8959}] => (Allow) LPort=2869
FirewallRules: [{A4206999-43D8-431D-B8AC-A5C306A087D9}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{1D3D5A37-7C36-4824-8364-7D68B32B6E54}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E3368B20-9617-4767-BEED-840D3ACBBAC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F0B1EDB-0C27-4DEE-A811-4D8D9671A4C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD833030-287C-4819-8376-6A5CE69826F0}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{A5D9E1CC-F8A8-4587-91B8-CE7D0F429D5F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{7E2D34F3-9F3E-4923-9450-B3307DF62501}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{0CDB08A7-529A-41F4-B9A9-F9898102006C}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{F7BC7B7C-F3E5-40CF-A636-B5F415DA36E1}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{06B2B08A-A494-4AAF-9812-BBD16454F439}] => (Allow) C:\Program Files (x86)\Common Files\aol\1278001768\ee\aolsoftware.exe
FirewallRules: [{D23774E8-1F8D-4FC3-9328-8CA1793BD50D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{758EEA4E-4D22-430C-864E-640E6C86C5D8}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{867E1EBD-F7D6-440C-A429-13BCEFFD0BC0}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{DAA49D28-66FB-4748-8459-59370C995A5A}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{FB6513CC-FC93-44D6-B628-53963F41DFF8}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{6F10812E-0A3F-4A61-A60D-F2B6AA84F7E4}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{178394D2-4E93-4050-80CF-49077CEBCF43}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{E1A4DCE9-2156-4002-8C32-92EEEA9F39EB}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{D752AA03-0840-4080-BAE5-602C017ACCAC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{0937177A-12F7-4014-A2B4-509AB87F8F67}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{B3DA719B-7BC2-4A9C-BCED-B1B736F1CADC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A9DECB3-2D2E-43A9-B83F-F21B162DC855}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F760019-6D7E-46C1-9C3F-50CBBA8A0ABD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{560CB8C4-9634-41CE-85F9-3A3AF38ED387}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{891C8D11-2748-4C56-ABFB-94E42249DC68}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{A092E8DA-4CCE-4464-8E4E-D8ED4843E624}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{602250A8-5489-4316-831D-9D589616E5BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{DC118D4D-332E-4CC9-A17D-47DCAA93DA47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BFBE4B21-B639-4956-B8E4-70E0871B771B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{118B121C-F3D8-4607-A6C3-49DDD5F7994B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D2D1E8C9-AE2F-4D84-BD81-C7B7093F4163}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{27EB8DDE-4CC6-4D3B-A3AB-AEB28990E138}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{39DB5551-3724-4B91-8C5F-2D0F178E9D6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E8CE0759-DFF5-4309-9756-9AD1A5956DAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{86AEFDFC-71F5-48B1-A3A5-ED060AF395F8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{655C0132-F129-43B0-A8AA-36882302CD40}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{60349F67-4C9E-4335-A5D0-A79F56E52D32}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{C9D0E8AA-0441-48CE-9BF7-25FA7CB90194}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{598EA2EE-94E3-4963-BCBB-638A63A9B3EC}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{61CED4DF-E6DE-4E60-A74E-2F0E50316401}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F219AFD7-0FE6-4AE0-8A7C-501E0CCC63D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B75379B4-4D97-4E22-BBE9-A67BC50FB32A}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9D708C9-0CF9-443C-B810-FD4A052A5686}] => (Allow) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{5B48789A-714E-4D79-AC61-E7C5459F1062}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{24ABCCC8-3A31-41A4-AAED-BCF5372E9E2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EAC048EF-BBAF-4A00-B2B5-BEAEDA4D8272}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFE38C9A-7D94-4331-AD5F-9429FDF89170}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA916AC4-8F31-493B-B3D6-84A90ADD7808}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{780750F7-AB85-4E0F-BEB5-D1E35B74B40A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{20A27B8A-9E88-4A7D-B771-967AE2E26547}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{ADD9CC78-559F-424B-B59B-5B079832E673}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{63FA9FB4-4909-4922-8F82-58BE5C17C204}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe] => Enabled:wbxcOIEx
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\WebEx\Connect\widget.exe] => Enabled:widget
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\WebEx\Connect\connect.exe] => Enabled:WebEx Connect

==================== Restore Points =========================

18-04-2017 05:45:06 Windows Update
22-04-2017 08:29:40 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2017 08:09:56 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (04/21/2017 08:09:56 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{3db303a6-215f-11df-8049-806e6f6e6963} - 0000000000000130,0x0053c010,00000000003B3FB0,0,000000000038EAC0,4096,[0]).


Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (04/16/2017 07:16:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ole32.dll, version: 6.1.7601.23714, time stamp: 0x58bf899a
Exception code: 0xc0000005
Fault offset: 0x0000000000042ca7
Faulting process id: 0xe40
Faulting application start time: 0x01d2b6ca6f73e140
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\system32\ole32.dll
Report Id: 2bbde220-2303-11e7-b8b8-00038a000015

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/12/2017 03:38:23 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/12/2017 03:38:23 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/12/2017 03:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/22/2017 06:22:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 06:22:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:36:41 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:36:32 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:30:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/22/2017 08:25:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (04/22/2017 08:10:45 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:10:23 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/22/2017 08:09:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/22/2017 08:09:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll


CodeIntegrity:
===================================
  Date: 2013-01-18 19:53:18.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-18 19:53:18.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-13 12:39:16.957
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-13 12:39:16.816
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 240 Processor
Percentage of memory in use: 25%
Total physical RAM: 9983.3 MB
Available physical RAM: 7422.38 MB
Total Virtual: 19964.79 MB
Available Virtual: 17244.77 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:314.33 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (KODAKCD) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

CloseProcesses:
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {96E44610-527E-4900-8145-49370B34A28F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
U3 DfSdkS; no ImagePath
2017-03-25 14:44 - 2017-03-25 14:44 - 00000690 _____ C:\Users\john\Downloads\download.dat
2017-04-08 08:34 - 2016-09-04 07:30 - 00003416 _____ C:\Windows\System32\Tasks\SmartDefrag_Defrag
2017-04-08 08:34 - 2016-06-16 17:28 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-08 08:34 - 2016-06-16 17:28 - 00003010 _____ C:\Windows\System32\Tasks\SmartDefrag_Update

2011-07-06 15:51 - 2014-04-04 11:40 - 1544192 ____H () C:\Users\john\AppData\Roaming\base_en.db
2011-06-27 15:46 - 2011-09-25 19:07 - 0001854 _____ () C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
2016-08-02 16:39 - 2016-10-19 16:38 - 0000011 _____ () C:\Users\john\AppData\Roaming\log.txt
2014-06-25 17:30 - 2014-06-25 17:30 - 0000095 _____ () C:\Users\john\AppData\Roaming\settings.xml
2013-04-18 09:25 - 2013-04-18 09:56 - 0247455 _____ () C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
2010-06-30 17:58 - 2013-01-28 10:21 - 0001050 _____ () C:\Users\john\AppData\Roaming\wklnhst.dat
2015-12-26 22:50 - 2017-02-09 21:37 - 0006144 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 22:11 - 2012-08-20 22:11 - 0027520 _____ () C:\Users\john\AppData\Local\dt.dat
2016-07-22 17:03 - 2016-09-13 08:58 - 0003072 _____ () C:\Users\john\AppData\Local\file__0.localstorage
2016-07-22 17:03 - 2016-07-22 17:03 - 0003072 _____ () C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
2016-08-02 08:13 - 2016-08-02 08:13 - 0000000 _____ () C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
2013-10-08 22:07 - 2014-11-22 10:53 - 0003075 _____ () C:\ProgramData\hpzinstall.log
2010-07-02 15:36 - 2010-07-08 11:31 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Task: {0D6C7754-DF90-45C1-A6A5-EF86D8321492} - \{184C56A0-C3E2-442E-A862-F599E4EADB5B} -> No File <==== ATTENTION
Task: {1865B619-F3A4-4E0E-A16B-0D168B78CC62} - \{025BAF31-693D-42E4-9751-3685D6E4BAE4} -> No File <==== ATTENTION
Task: {18997706-8B99-4678-B009-60B0D8D62EB0} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} - \{3F481316-3BDA-4DB7-A607-3902589DE710} -> No File <==== ATTENTION
Task: {405B9123-065B-4D5B-9248-E455494B5D8E} - \ASC10_SkipUac_john -> No File <==== ATTENTION
Task: {42FDF028-EF57-442E-B11A-B4D02F136A66} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {50218AC2-EB2C-4121-900D-54DCB77D7685} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} - \ServicePlan -> No File <==== ATTENTION
Task: {5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {5B38BC29-5F97-46AA-A078-D00157D9BF66} - \{2656970F-B297-4BDF-B6B0-F33AC426CE4A} -> No File <==== ATTENTION
Task: {74A8BC2B-A993-434F-8D3C-502FBD66F3A9} - \{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} -> No File <==== ATTENTION
Task: {86F962BD-A931-492C-B2C6-46985734F5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {9093F20B-7EF1-4D93-9848-9283BF4219A3} - \{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} -> No File <==== ATTENTION
Task: {96C2585D-1B0B-48CB-A420-F664A7FF1902} - \{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} -> No File <==== ATTENTION
Task: {9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} - \SidebarExecute -> No File <==== ATTENTION
Task: {A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} - \{D824C271-A6E2-4C9F-888E-3E9F92EFD934} -> No File <==== ATTENTION
Task: {AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B74D63C6-C18A-4757-8DE0-048F995E5BD1} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {C1365946-5801-43B2-A116-FAFE0D1D436C} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {C91F53F5-DECC-4E66-AB14-1BD871AAE779} - \{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} -> No File <==== ATTENTION
Task: {CE967B34-0125-41CC-A7EB-60785DCF3E8C} - \ExtendedServicePlan -> No File <==== ATTENTION
Task: {DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} - \{30C93F67-CAFC-40C9-92F4-E68B488499FF} -> No File <==== ATTENTION
Task: {E37D055E-4FAC-461C-B493-594355FFFD7E} - \{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} -> No File <==== ATTENTION
Task: {F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} - \{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} -> No File <==== ATTENTION
Task: {F7216E9A-9E1E-4619-929B-427478F66A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData:gs5sys [13824]
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\Users\All Users:gs5sys [13824]
AlternateDataStreams: C:\Users\john:gs5sys [11264]
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [13824]
AlternateDataStreams: C:\ProgramData\Microsoft:B9xwA2h14JKte5pCL [2108]
AlternateDataStreams: C:\ProgramData\Microsoft:Xfs7bpoxDwey85FI [2078]
AlternateDataStreams: C:\ProgramData\Temp:00373BA4 [135]
AlternateDataStreams: C:\ProgramData\Temp:012BC84F [282]
AlternateDataStreams: C:\ProgramData\Temp:01312928 [146]
AlternateDataStreams: C:\ProgramData\Temp:028EA3FD [118]
AlternateDataStreams: C:\ProgramData\Temp:03F9B551 [270]
AlternateDataStreams: C:\ProgramData\Temp:04076B92 [137]
AlternateDataStreams: C:\ProgramData\Temp:041ED421 [138]
AlternateDataStreams: C:\ProgramData\Temp:04406D73 [376]
AlternateDataStreams: C:\ProgramData\Temp:050C0DEA [140]
AlternateDataStreams: C:\ProgramData\Temp:05BF1B63 [202]
AlternateDataStreams: C:\ProgramData\Temp:060A3B0B [244]
AlternateDataStreams: C:\ProgramData\Temp:06771D62 [125]
AlternateDataStreams: C:\ProgramData\Temp:06C34166 [128]
AlternateDataStreams: C:\ProgramData\Temp:08003876 [132]
AlternateDataStreams: C:\ProgramData\Temp:084612C9 [130]
AlternateDataStreams: C:\ProgramData\Temp:08A03B9E [654]
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD [230]
AlternateDataStreams: C:\ProgramData\Temp:0968E571 [244]
AlternateDataStreams: C:\ProgramData\Temp:09867A8B [141]
AlternateDataStreams: C:\ProgramData\Temp:0A2A7D18 [132]
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5 [260]
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F [107]
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B [310]
AlternateDataStreams: C:\ProgramData\Temp:0B11E9EE [143]
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A [276]
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47 [126]
AlternateDataStreams: C:\ProgramData\Temp:0D6F7BD4 [139]
AlternateDataStreams: C:\ProgramData\Temp:0DAE9980 [129]
AlternateDataStreams: C:\ProgramData\Temp:0DDDD3CD [133]
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [139]
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [141]
AlternateDataStreams: C:\ProgramData\Temp:0F0F9094 [127]
AlternateDataStreams: C:\ProgramData\Temp:104A718B [276]
AlternateDataStreams: C:\ProgramData\Temp:10516C76 [146]
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1 [284]
AlternateDataStreams: C:\ProgramData\Temp:10BBEFEF [746]
AlternateDataStreams: C:\ProgramData\Temp:11EF326F [139]
AlternateDataStreams: C:\ProgramData\Temp:127BB39D [140]
AlternateDataStreams: C:\ProgramData\Temp:12A012A1 [129]
AlternateDataStreams: C:\ProgramData\Temp:12A3FA49 [132]
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9 [240]
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0 [120]
AlternateDataStreams: C:\ProgramData\Temp:14050722 [132]
AlternateDataStreams: C:\ProgramData\Temp:149E8786 [282]
AlternateDataStreams: C:\ProgramData\Temp:15381DB9 [136]
AlternateDataStreams: C:\ProgramData\Temp:158AC5F5 [137]
AlternateDataStreams: C:\ProgramData\Temp:15FA1ECB [151]
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B [280]
AlternateDataStreams: C:\ProgramData\Temp:1656EE95 [246]
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6 [268]
AlternateDataStreams: C:\ProgramData\Temp:16A4620C [258]
AlternateDataStreams: C:\ProgramData\Temp:16D21E17 [288]
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F [132]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:18345E10 [144]
AlternateDataStreams: C:\ProgramData\Temp:1858B534 [112]
AlternateDataStreams: C:\ProgramData\Temp:18B35CC4 [113]
AlternateDataStreams: C:\ProgramData\Temp:18B5F839 [138]
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51 [272]
AlternateDataStreams: C:\ProgramData\Temp:19636FDD [262]
AlternateDataStreams: C:\ProgramData\Temp:1968990D [254]
AlternateDataStreams: C:\ProgramData\Temp:19D3BC34 [149]
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C [276]
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204 [284]
AlternateDataStreams: C:\ProgramData\Temp:1AE1D58D [288]
AlternateDataStreams: C:\ProgramData\Temp:1DEA36D6 [132]
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA [136]
AlternateDataStreams: C:\ProgramData\Temp:1F2F0F76 [119]
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F [144]
AlternateDataStreams: C:\ProgramData\Temp:20EB6823 [120]
AlternateDataStreams: C:\ProgramData\Temp:2216A431 [278]
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA [137]
AlternateDataStreams: C:\ProgramData\Temp:2532C28E [121]
AlternateDataStreams: C:\ProgramData\Temp:2556A8A0 [141]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [146]
AlternateDataStreams: C:\ProgramData\Temp:25EF6F01 [129]
AlternateDataStreams: C:\ProgramData\Temp:26FF37EB [144]
AlternateDataStreams: C:\ProgramData\Temp:2707D83A [286]
AlternateDataStreams: C:\ProgramData\Temp:27C59043 [104]
AlternateDataStreams: C:\ProgramData\Temp:2892289F [125]
AlternateDataStreams: C:\ProgramData\Temp:28C6BEBF [144]
AlternateDataStreams: C:\ProgramData\Temp:29B37860 [234]
AlternateDataStreams: C:\ProgramData\Temp:29C0641D [284]
AlternateDataStreams: C:\ProgramData\Temp:2A48233F [130]
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4 [276]
AlternateDataStreams: C:\ProgramData\Temp:2B856118 [268]
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [234]
AlternateDataStreams: C:\ProgramData\Temp:2BB2D50B [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:2CED8825 [138]
AlternateDataStreams: C:\ProgramData\Temp:2F539966 [294]
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD [135]
AlternateDataStreams: C:\ProgramData\Temp:300E36AB [149]
AlternateDataStreams: C:\ProgramData\Temp:309E3827 [125]
AlternateDataStreams: C:\ProgramData\Temp:317F7381 [126]
AlternateDataStreams: C:\ProgramData\Temp:3252A6BA [132]
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED [133]
AlternateDataStreams: C:\ProgramData\Temp:346337E3 [146]
AlternateDataStreams: C:\ProgramData\Temp:3469612C [270]
AlternateDataStreams: C:\ProgramData\Temp:34EFF1F2 [246]
AlternateDataStreams: C:\ProgramData\Temp:35629AE6 [286]
AlternateDataStreams: C:\ProgramData\Temp:3571475C [250]
AlternateDataStreams: C:\ProgramData\Temp:366B74CA [246]
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD [272]
AlternateDataStreams: C:\ProgramData\Temp:3895D488 [136]
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83 [141]
AlternateDataStreams: C:\ProgramData\Temp:38FF076E [132]
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7 [286]
AlternateDataStreams: C:\ProgramData\Temp:3A4A5185 [264]
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\Temp:3B12F2EC [146]
AlternateDataStreams: C:\ProgramData\Temp:3B84A3F1 [140]
AlternateDataStreams: C:\ProgramData\Temp:3BB073C2 [144]
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF [284]
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D [154]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [250]
AlternateDataStreams: C:\ProgramData\Temp:3E208EC8 [131]
AlternateDataStreams: C:\ProgramData\Temp:3E2A4708 [770]
AlternateDataStreams: C:\ProgramData\Temp:3E9452A9 [272]
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\Temp:41472405 [124]
AlternateDataStreams: C:\ProgramData\Temp:426CDD93 [756]
AlternateDataStreams: C:\ProgramData\Temp:432EC713 [141]
AlternateDataStreams: C:\ProgramData\Temp:434CFDCA [236]
AlternateDataStreams: C:\ProgramData\Temp:436BE28C [256]
AlternateDataStreams: C:\ProgramData\Temp:43E0EC8A [250]
AlternateDataStreams: C:\ProgramData\Temp:448E7C5B [133]
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\Temp:46C7F417 [242]
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\Temp:4911BB5C [214]
AlternateDataStreams: C:\ProgramData\Temp:4A10AFB7 [146]
AlternateDataStreams: C:\ProgramData\Temp:4B2A0356 [278]
AlternateDataStreams: C:\ProgramData\Temp:4B2E08FB [244]
AlternateDataStreams: C:\ProgramData\Temp:4B325725 [70]
AlternateDataStreams: C:\ProgramData\Temp:4B4D7EF3 [155]
AlternateDataStreams: C:\ProgramData\Temp:4BC514A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5 [129]
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B [132]
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D [125]
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B [125]
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8 [139]
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E [136]
AlternateDataStreams: C:\ProgramData\Temp:4D348522 [132]
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8 [140]
AlternateDataStreams: C:\ProgramData\Temp:517EFA90 [135]
AlternateDataStreams: C:\ProgramData\Temp:51E05A3A [230]
AlternateDataStreams: C:\ProgramData\Temp:52329B88 [146]
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF [137]
AlternateDataStreams: C:\ProgramData\Temp:54531C7D [256]
AlternateDataStreams: C:\ProgramData\Temp:54C1075C [147]
AlternateDataStreams: C:\ProgramData\Temp:54F257C0 [194]
AlternateDataStreams: C:\ProgramData\Temp:56A74E89 [130]
AlternateDataStreams: C:\ProgramData\Temp:57173DB4 [137]
AlternateDataStreams: C:\ProgramData\Temp:574311A1 [130]
AlternateDataStreams: C:\ProgramData\Temp:57B374AB [276]
AlternateDataStreams: C:\ProgramData\Temp:57CFEA7A [144]
AlternateDataStreams: C:\ProgramData\Temp:581ECF22 [112]
AlternateDataStreams: C:\ProgramData\Temp:58A7E801 [234]
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB [128]
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B [280]
AlternateDataStreams: C:\ProgramData\Temp:5C818B5D [141]
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE [154]
AlternateDataStreams: C:\ProgramData\Temp:5D4F063C [292]
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B [138]
AlternateDataStreams: C:\ProgramData\Temp:5FEAB2C8 [379]
AlternateDataStreams: C:\ProgramData\Temp:602EC63C [262]
AlternateDataStreams: C:\ProgramData\Temp:607A99D7 [133]
AlternateDataStreams: C:\ProgramData\Temp:616A2A70 [118]
AlternateDataStreams: C:\ProgramData\Temp:619F147E [159]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [140]
AlternateDataStreams: C:\ProgramData\Temp:624A80FD [192]
AlternateDataStreams: C:\ProgramData\Temp:6271B518 [122]
AlternateDataStreams: C:\ProgramData\Temp:62AF0D82 [129]
AlternateDataStreams: C:\ProgramData\Temp:6358B2F7 [135]
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9 [296]
AlternateDataStreams: C:\ProgramData\Temp:63E88FD4 [141]
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF [144]
AlternateDataStreams: C:\ProgramData\Temp:6423D635 [242]
AlternateDataStreams: C:\ProgramData\Temp:6447E3B5 [238]
AlternateDataStreams: C:\ProgramData\Temp:6468C896 [272]
AlternateDataStreams: C:\ProgramData\Temp:64BDD821 [226]
AlternateDataStreams: C:\ProgramData\Temp:65621319 [145]
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A [124]
AlternateDataStreams: C:\ProgramData\Temp:67396145 [154]
AlternateDataStreams: C:\ProgramData\Temp:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA [118]
AlternateDataStreams: C:\ProgramData\Temp:680086AB [114]
AlternateDataStreams: C:\ProgramData\Temp:68198EE3 [135]
AlternateDataStreams: C:\ProgramData\Temp:68C21E42 [304]
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7 [136]
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F [750]
AlternateDataStreams: C:\ProgramData\Temp:69ED1286 [286]
AlternateDataStreams: C:\ProgramData\Temp:6A609C67 [128]
AlternateDataStreams: C:\ProgramData\Temp:6B251180 [288]
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4 [135]
AlternateDataStreams: C:\ProgramData\Temp:6BF6CA71 [133]
AlternateDataStreams: C:\ProgramData\Temp:6C718587 [246]
AlternateDataStreams: C:\ProgramData\Temp:6CCDA168 [112]
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2 [147]
AlternateDataStreams: C:\ProgramData\Temp:6DC537DB [308]
AlternateDataStreams: C:\ProgramData\Temp:6DCC0E34 [274]
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746 [256]
AlternateDataStreams: C:\ProgramData\Temp:6E271126 [117]
AlternateDataStreams: C:\ProgramData\Temp:6EC8F6C5 [210]
AlternateDataStreams: C:\ProgramData\Temp:6F0C95A1 [290]
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1 [286]
AlternateDataStreams: C:\ProgramData\Temp:6F84C4DE [131]
AlternateDataStreams: C:\ProgramData\Temp:6F998753 [145]
AlternateDataStreams: C:\ProgramData\Temp:6F9C57B9 [146]
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6FA918FA [145]
AlternateDataStreams: C:\ProgramData\Temp:701B92FB [242]
AlternateDataStreams: C:\ProgramData\Temp:70BDB805 [127]
AlternateDataStreams: C:\ProgramData\Temp:70FD4407 [272]
AlternateDataStreams: C:\ProgramData\Temp:7109C24A [141]
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A [228]
AlternateDataStreams: C:\ProgramData\Temp:73879882 [280]
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96 [119]
AlternateDataStreams: C:\ProgramData\Temp:73B78E79 [128]
AlternateDataStreams: C:\ProgramData\Temp:7455D6E6 [144]
AlternateDataStreams: C:\ProgramData\Temp:74A0E249 [152]
AlternateDataStreams: C:\ProgramData\Temp:74E256F6 [133]
AlternateDataStreams: C:\ProgramData\Temp:751D6870 [146]
AlternateDataStreams: C:\ProgramData\Temp:757BA6A5 [154]
AlternateDataStreams: C:\ProgramData\Temp:75CEDFA5 [117]
AlternateDataStreams: C:\ProgramData\Temp:77066415 [760]
AlternateDataStreams: C:\ProgramData\Temp:77E239B1 [127]
AlternateDataStreams: C:\ProgramData\Temp:77E927FC [136]
AlternateDataStreams: C:\ProgramData\Temp:7804B508 [124]
AlternateDataStreams: C:\ProgramData\Temp:7890F666 [314]
AlternateDataStreams: C:\ProgramData\Temp:796EE7C8 [120]
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE [130]
AlternateDataStreams: C:\ProgramData\Temp:7A51F685 [290]
AlternateDataStreams: C:\ProgramData\Temp:7ACF38DE [246]
AlternateDataStreams: C:\ProgramData\Temp:7D288858 [141]
AlternateDataStreams: C:\ProgramData\Temp:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA [464]
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621 [128]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [266]
AlternateDataStreams: C:\ProgramData\Temp:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\Temp:81E0F9D0 [146]
AlternateDataStreams: C:\ProgramData\Temp:81F65F60 [748]
AlternateDataStreams: C:\ProgramData\Temp:82111599 [244]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [256]
AlternateDataStreams: C:\ProgramData\Temp:84618038 [133]
AlternateDataStreams: C:\ProgramData\Temp:84D1C282 [130]
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7 [148]
AlternateDataStreams: C:\ProgramData\Temp:85376176 [121]
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3 [133]
AlternateDataStreams: C:\ProgramData\Temp:87E3D720 [147]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [146]
AlternateDataStreams: C:\ProgramData\Temp:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\Temp:8967C154 [126]
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44 [132]
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB [152]
AlternateDataStreams: C:\ProgramData\Temp:89FED318 [286]
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E [109]
AlternateDataStreams: C:\ProgramData\Temp:8AC20936 [129]
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3 [135]
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD [145]
AlternateDataStreams: C:\ProgramData\Temp:8C49003C [145]
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3 [122]
AlternateDataStreams: C:\ProgramData\Temp:8D634113 [732]
AlternateDataStreams: C:\ProgramData\Temp:8D9C24E0 [260]
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71 [115]
AlternateDataStreams: C:\ProgramData\Temp:902C848D [250]
AlternateDataStreams: C:\ProgramData\Temp:9083C3AD [123]
AlternateDataStreams: C:\ProgramData\Temp:90C320E1 [250]
AlternateDataStreams: C:\ProgramData\Temp:91244A8F [118]
AlternateDataStreams: C:\ProgramData\Temp:9124663C [128]
AlternateDataStreams: C:\ProgramData\Temp:92421EF9 [123]
AlternateDataStreams: C:\ProgramData\Temp:927EC486 [256]
AlternateDataStreams: C:\ProgramData\Temp:928DF32E [286]
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9 [292]
AlternateDataStreams: C:\ProgramData\Temp:947107AC [124]
AlternateDataStreams: C:\ProgramData\Temp:9491C9C7 [276]
AlternateDataStreams: C:\ProgramData\Temp:95198126 [100]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [252]
AlternateDataStreams: C:\ProgramData\Temp:972E051C [248]
AlternateDataStreams: C:\ProgramData\Temp:973DCFFF [780]
AlternateDataStreams: C:\ProgramData\Temp:97B3B270 [278]
AlternateDataStreams: C:\ProgramData\Temp:97ECE74A [150]
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6 [131]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203 [127]
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6 [140]
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C [119]
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [288]
AlternateDataStreams: C:\ProgramData\Temp:9BF0C425 [280]
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE [280]
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6 [133]
AlternateDataStreams: C:\ProgramData\Temp:9D03192E [118]
AlternateDataStreams: C:\ProgramData\Temp:9D60BE91 [276]
AlternateDataStreams: C:\ProgramData\Temp:9D91E651 [126]
AlternateDataStreams: C:\ProgramData\Temp:9DDABE44 [278]
AlternateDataStreams: C:\ProgramData\Temp:9DF24CB2 [140]
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0 [122]
AlternateDataStreams: C:\ProgramData\Temp:9E4F05ED [128]
AlternateDataStreams: C:\ProgramData\Temp:9F38BF31 [143]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [126]
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9 [116]
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F [252]
AlternateDataStreams: C:\ProgramData\Temp:A103830F [133]
AlternateDataStreams: C:\ProgramData\Temp:A22AF60D [138]
AlternateDataStreams: C:\ProgramData\Temp:A279C25A [136]
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B [126]
AlternateDataStreams: C:\ProgramData\Temp:A43B789A [139]
AlternateDataStreams: C:\ProgramData\Temp:A44008FA [250]
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F [278]
AlternateDataStreams: C:\ProgramData\Temp:A5948878 [132]
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80 [152]
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF [123]
AlternateDataStreams: C:\ProgramData\Temp:A8606E6E [292]
AlternateDataStreams: C:\ProgramData\Temp:A899E64E [141]
AlternateDataStreams: C:\ProgramData\Temp:A89B3FB8 [722]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2 [153]
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF [118]
AlternateDataStreams: C:\ProgramData\Temp:A9BB1126 [258]
AlternateDataStreams: C:\ProgramData\Temp:AA559E17 [136]
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB [134]
AlternateDataStreams: C:\ProgramData\Temp:AE289451 [145]
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA [139]
AlternateDataStreams: C:\ProgramData\Temp:B02249C3 [124]
AlternateDataStreams: C:\ProgramData\Temp:B059B88E [147]
AlternateDataStreams: C:\ProgramData\Temp:B0B6C3E8 [187]
AlternateDataStreams: C:\ProgramData\Temp:B0BD7797 [272]
AlternateDataStreams: C:\ProgramData\Temp:B162D6FD [138]
AlternateDataStreams: C:\ProgramData\Temp:B1EED3AD [130]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [103]
AlternateDataStreams: C:\ProgramData\Temp:B243953E [134]
AlternateDataStreams: C:\ProgramData\Temp:B285A50E [268]
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4 [754]
AlternateDataStreams: C:\ProgramData\Temp:B3550AA2 [280]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [126]
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE [256]
AlternateDataStreams: C:\ProgramData\Temp:B3A4FEE1 [129]
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C [148]
AlternateDataStreams: C:\ProgramData\Temp:B445A124 [133]
AlternateDataStreams: C:\ProgramData\Temp:B4F7687B [278]
AlternateDataStreams: C:\ProgramData\Temp:B53DCFC9 [127]
AlternateDataStreams: C:\ProgramData\Temp:B5F623E4 [248]
AlternateDataStreams: C:\ProgramData\Temp:B615ABD3 [137]
AlternateDataStreams: C:\ProgramData\Temp:B65E763D [139]
AlternateDataStreams: C:\ProgramData\Temp:B6C1A5F4 [266]
AlternateDataStreams: C:\ProgramData\Temp:B779C113 [252]
AlternateDataStreams: C:\ProgramData\Temp:B790962B [128]
AlternateDataStreams: C:\ProgramData\Temp:B7E52658 [119]
AlternateDataStreams: C:\ProgramData\Temp:B8428FE1 [137]
AlternateDataStreams: C:\ProgramData\Temp:B86642C5 [152]
AlternateDataStreams: C:\ProgramData\Temp:B86927F0 [149]
AlternateDataStreams: C:\ProgramData\Temp:B88DC997 [278]
AlternateDataStreams: C:\ProgramData\Temp:B9433D0F [129]
AlternateDataStreams: C:\ProgramData\Temp:B9BD98A8 [246]
AlternateDataStreams: C:\ProgramData\Temp:B9E36774 [141]
AlternateDataStreams: C:\ProgramData\Temp:BA5938AB [278]
AlternateDataStreams: C:\ProgramData\Temp:BB004A7D [114]
AlternateDataStreams: C:\ProgramData\Temp:BB718C46 [282]
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:BD659567 [153]
AlternateDataStreams: C:\ProgramData\Temp:C07829DC [258]
AlternateDataStreams: C:\ProgramData\Temp:C085F80B [280]
AlternateDataStreams: C:\ProgramData\Temp:C0DFB793 [139]
AlternateDataStreams: C:\ProgramData\Temp:C0EFBD3F [132]
AlternateDataStreams: C:\ProgramData\Temp:C178954A [135]
AlternateDataStreams: C:\ProgramData\Temp:C1DBE635 [140]
AlternateDataStreams: C:\ProgramData\Temp:C1FF1B01 [132]
AlternateDataStreams: C:\ProgramData\Temp:C356A185 [294]
AlternateDataStreams: C:\ProgramData\Temp:C37283B5 [272]
AlternateDataStreams: C:\ProgramData\Temp:C3C72D5F [128]
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A [134]
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6 [152]
AlternateDataStreams: C:\ProgramData\Temp:C52EF004 [246]
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57 [136]
AlternateDataStreams: C:\ProgramData\Temp:C5B1FE54 [133]
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8 [125]
AlternateDataStreams: C:\ProgramData\Temp:C7857F06 [238]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [118]
AlternateDataStreams: C:\ProgramData\Temp:C8182692 [228]
AlternateDataStreams: C:\ProgramData\Temp:C82210DD [135]
AlternateDataStreams: C:\ProgramData\Temp:C91C214D [268]
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06 [262]
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592 [136]
AlternateDataStreams: C:\ProgramData\Temp:CA4FAE31 [135]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [102]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [268]
AlternateDataStreams: C:\ProgramData\Temp:CC45913B [135]
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8 [236]
AlternateDataStreams: C:\ProgramData\Temp:CCFB0FDD [119]
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC [246]
AlternateDataStreams: C:\ProgramData\Temp:CD95E2C9 [138]
AlternateDataStreams: C:\ProgramData\Temp:CE253B51 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE707633 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3 [270]
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0 [278]
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06 [276]
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB [268]
AlternateDataStreams: C:\ProgramData\Temp:D0DCD8D7 [117]
AlternateDataStreams: C:\ProgramData\Temp:D1094629 [146]
AlternateDataStreams: C:\ProgramData\Temp:D1787194 [368]
AlternateDataStreams: C:\ProgramData\Temp:D22B04C3 [760]
AlternateDataStreams: C:\ProgramData\Temp:D2397415 [127]
AlternateDataStreams: C:\ProgramData\Temp:D254266B [300]
AlternateDataStreams: C:\ProgramData\Temp:D2972D66 [140]
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB [132]
AlternateDataStreams: C:\ProgramData\Temp:D36E068F [129]
AlternateDataStreams: C:\ProgramData\Temp:D414289B [135]
AlternateDataStreams: C:\ProgramData\Temp:D478F292 [135]
AlternateDataStreams: C:\ProgramData\Temp:D5458F6B [242]
AlternateDataStreams: C:\ProgramData\Temp:D59DE356 [130]
AlternateDataStreams: C:\ProgramData\Temp:D5B149F6 [131]
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D [130]
AlternateDataStreams: C:\ProgramData\Temp:D696AA12 [286]
AlternateDataStreams: C:\ProgramData\Temp:D6F7008C [216]
AlternateDataStreams: C:\ProgramData\Temp:D7DDEF83 [129]
AlternateDataStreams: C:\ProgramData\Temp:D8936165 [312]
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1 [140]
AlternateDataStreams: C:\ProgramData\Temp:D9243D84 [122]
AlternateDataStreams: C:\ProgramData\Temp:DA2268D5 [143]
AlternateDataStreams: C:\ProgramData\Temp:DA6DA9A1 [134]
AlternateDataStreams: C:\ProgramData\Temp:DBF7208A [782]
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3 [118]
AlternateDataStreams: C:\ProgramData\Temp:DCC6EDE9 [138]
AlternateDataStreams: C:\ProgramData\Temp:DD780579 [264]
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9 [250]
AlternateDataStreams: C:\ProgramData\Temp:DE33A453 [266]
AlternateDataStreams: C:\ProgramData\Temp:DE813CDD [242]
AlternateDataStreams: C:\ProgramData\Temp:DE8F2B8B [149]
AlternateDataStreams: C:\ProgramData\Temp:DEEA54A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:DF19F127 [244]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:E0553E73 [258]
AlternateDataStreams: C:\ProgramData\Temp:E21413B8 [238]
AlternateDataStreams: C:\ProgramData\Temp:E2295807 [145]
AlternateDataStreams: C:\ProgramData\Temp:E24659F6 [141]
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1 [163]
AlternateDataStreams: C:\ProgramData\Temp:E397CC9D [131]
AlternateDataStreams: C:\ProgramData\Temp:E44513D0 [123]
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41 [135]
AlternateDataStreams: C:\ProgramData\Temp:E5B07840 [266]
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD [147]
AlternateDataStreams: C:\ProgramData\Temp:E62BD5C1 [268]
AlternateDataStreams: C:\ProgramData\Temp:E6537A16 [125]
AlternateDataStreams: C:\ProgramData\Temp:E67D0FCB [120]
AlternateDataStreams: C:\ProgramData\Temp:E6A94369 [138]
AlternateDataStreams: C:\ProgramData\Temp:E6A96BE9 [284]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [139]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [104]
AlternateDataStreams: C:\ProgramData\Temp:E7614E1F [128]
AlternateDataStreams: C:\ProgramData\Temp:E8B61305 [286]
AlternateDataStreams: C:\ProgramData\Temp:E96D894A [238]
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C [139]
AlternateDataStreams: C:\ProgramData\Temp:E9D68B36 [302]
AlternateDataStreams: C:\ProgramData\Temp:EA149D25 [133]
AlternateDataStreams: C:\ProgramData\Temp:EA17702A [120]
AlternateDataStreams: C:\ProgramData\Temp:EABCC64A [290]
AlternateDataStreams: C:\ProgramData\Temp:EB4FEEF5 [274]
AlternateDataStreams: C:\ProgramData\Temp:EB5574AF [150]
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55 [122]
AlternateDataStreams: C:\ProgramData\Temp:EC0BE05C [143]
AlternateDataStreams: C:\ProgramData\Temp:EC1B2CAA [146]
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923 [121]
AlternateDataStreams: C:\ProgramData\Temp:EC46FC9D [278]
AlternateDataStreams: C:\ProgramData\Temp:EC752217 [145]
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83 [144]
AlternateDataStreams: C:\ProgramData\Temp:ED98A153 [124]
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC [133]
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44 [131]
AlternateDataStreams: C:\ProgramData\Temp:EE0B4216 [141]
AlternateDataStreams: C:\ProgramData\Temp:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1 [134]
AlternateDataStreams: C:\ProgramData\Temp:F131B2B8 [146]
AlternateDataStreams: C:\ProgramData\Temp:F2B0ABCC [137]
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB [145]
AlternateDataStreams: C:\ProgramData\Temp:F399A6E7 [262]
AlternateDataStreams: C:\ProgramData\Temp:F41E8853 [124]
AlternateDataStreams: C:\ProgramData\Temp:F4362715 [138]
AlternateDataStreams: C:\ProgramData\Temp:F49A2655 [270]
AlternateDataStreams: C:\ProgramData\Temp:F4BE8180 [134]
AlternateDataStreams: C:\ProgramData\Temp:F53B274A [298]
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A [149]
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE [266]
AlternateDataStreams: C:\ProgramData\Temp:F72306CC [120]
AlternateDataStreams: C:\ProgramData\Temp:F7370879 [236]
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF [268]
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93 [131]
AlternateDataStreams: C:\ProgramData\Temp:F83B9C51 [802]
AlternateDataStreams: C:\ProgramData\Temp:F875BF80 [262]
AlternateDataStreams: C:\ProgramData\Temp:F919FD4E [129]
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 [282]
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72 [130]
AlternateDataStreams: C:\ProgramData\Temp:FA65E745 [130]
AlternateDataStreams: C:\ProgramData\Temp:FB29EC2F [248]
AlternateDataStreams: C:\ProgramData\Temp:FB749AFB [762]
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6 [274]
AlternateDataStreams: C:\ProgramData\Temp:FBA79096 [250]
AlternateDataStreams: C:\ProgramData\Temp:FC414D14 [129]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [146]
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61 [113]
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A [135]
AlternateDataStreams: C:\ProgramData\Temp:FCDCCA12 [125]
AlternateDataStreams: C:\ProgramData\Temp:FD38E906 [146]
AlternateDataStreams: C:\ProgramData\Temp:FD7E32B5 [284]
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08 [278]
AlternateDataStreams: C:\ProgramData\Temp:FDF70DCD [149]
AlternateDataStreams: C:\ProgramData\Temp:FEB4D048 [146]
AlternateDataStreams: C:\ProgramData\Temp:FEE8782C [290]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3840]
AlternateDataStreams: C:\Users\john\Application Data:gs5sys [11520]
AlternateDataStreams: C:\Users\john\Cookies:gs5sys [12288]
AlternateDataStreams: C:\Users\john\Local Settings:gs5sys [45058]
AlternateDataStreams: C:\Users\john\Local Settings:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\Templates:gs5sys [46082]
AlternateDataStreams: C:\Users\john\Desktop\desktop.ini:gs5sys [9728]
AlternateDataStreams: C:\Users\john\Downloads\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\john\AppData\Local:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Roaming:gs5sys [11520]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Local\History:gs5sys [47106]
AlternateDataStreams: C:\Users\john\AppData\Local\Temp:GMlFSYKkVXJlnoN1JqpFASL [2390]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\desktop.ini:gs5sys [47106]
AlternateDataStreams: C:\Users\john\Documents\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [11520]
FirewallRules: [TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{598EA2EE-94E3-4963-BCBB-638A63A9B3EC}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA916AC4-8F31-493B-B3D6-84A90ADD7808}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{780750F7-AB85-4E0F-BEB5-D1E35B74B40A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
C:\Program Files (x86)\IObit
C:\Windows\System32\Drivers\SmartDefragDriver.sys
C:\Users\john\AppData\Roaming\base_en.db
C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
C:\Users\john\AppData\Roaming\log.txt
C:\Users\john\AppData\Roaming\settings.xml
C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
C:\Users\john\AppData\Roaming\wklnhst.dat
C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\john\AppData\Local\dt.dat
C:\Users\john\AppData\Local\file__0.localstorage
C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
C:\ProgramData\hpzinstall.log
C:\ProgramData\PKP_DLdu.DAT
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\program files (x86)\utorrent
C:\Users\john\AppData\Roaming\BitTorrent
Hosts:
EmptyTemp:
 

 

 



#9 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 23 April 2017 - 04:18 AM

The 'fix' doesn't appear to have been carried out as the same entries are still in the new log.

Please run it again this way.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {96E44610-527E-4900-8145-49370B34A28F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
U3 DfSdkS; no ImagePath
2017-03-25 14:44 - 2017-03-25 14:44 - 00000690 _____ C:\Users\john\Downloads\download.dat
2017-04-08 08:34 - 2016-09-04 07:30 - 00003416 _____ C:\Windows\System32\Tasks\SmartDefrag_Defrag
2017-04-08 08:34 - 2016-06-16 17:28 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-08 08:34 - 2016-06-16 17:28 - 00003010 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2011-07-06 15:51 - 2014-04-04 11:40 - 1544192 ____H () C:\Users\john\AppData\Roaming\base_en.db
2011-06-27 15:46 - 2011-09-25 19:07 - 0001854 _____ () C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
2016-08-02 16:39 - 2016-10-19 16:38 - 0000011 _____ () C:\Users\john\AppData\Roaming\log.txt
2014-06-25 17:30 - 2014-06-25 17:30 - 0000095 _____ () C:\Users\john\AppData\Roaming\settings.xml
2013-04-18 09:25 - 2013-04-18 09:56 - 0247455 _____ () C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
2010-06-30 17:58 - 2013-01-28 10:21 - 0001050 _____ () C:\Users\john\AppData\Roaming\wklnhst.dat
2015-12-26 22:50 - 2017-02-09 21:37 - 0006144 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 22:11 - 2012-08-20 22:11 - 0027520 _____ () C:\Users\john\AppData\Local\dt.dat
2016-07-22 17:03 - 2016-09-13 08:58 - 0003072 _____ () C:\Users\john\AppData\Local\file__0.localstorage
2016-07-22 17:03 - 2016-07-22 17:03 - 0003072 _____ () C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
2016-08-02 08:13 - 2016-08-02 08:13 - 0000000 _____ () C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
2013-10-08 22:07 - 2014-11-22 10:53 - 0003075 _____ () C:\ProgramData\hpzinstall.log
2010-07-02 15:36 - 2010-07-08 11:31 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Task: {0D6C7754-DF90-45C1-A6A5-EF86D8321492} - \{184C56A0-C3E2-442E-A862-F599E4EADB5B} -> No File <==== ATTENTION
Task: {1865B619-F3A4-4E0E-A16B-0D168B78CC62} - \{025BAF31-693D-42E4-9751-3685D6E4BAE4} -> No File <==== ATTENTION
Task: {18997706-8B99-4678-B009-60B0D8D62EB0} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} - \{3F481316-3BDA-4DB7-A607-3902589DE710} -> No File <==== ATTENTION
Task: {405B9123-065B-4D5B-9248-E455494B5D8E} - \ASC10_SkipUac_john -> No File <==== ATTENTION
Task: {42FDF028-EF57-442E-B11A-B4D02F136A66} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {50218AC2-EB2C-4121-900D-54DCB77D7685} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} - \ServicePlan -> No File <==== ATTENTION
Task: {5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {5B38BC29-5F97-46AA-A078-D00157D9BF66} - \{2656970F-B297-4BDF-B6B0-F33AC426CE4A} -> No File <==== ATTENTION
Task: {74A8BC2B-A993-434F-8D3C-502FBD66F3A9} - \{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} -> No File <==== ATTENTION
Task: {86F962BD-A931-492C-B2C6-46985734F5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {9093F20B-7EF1-4D93-9848-9283BF4219A3} - \{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} -> No File <==== ATTENTION
Task: {96C2585D-1B0B-48CB-A420-F664A7FF1902} - \{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} -> No File <==== ATTENTION
Task: {9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} - \SidebarExecute -> No File <==== ATTENTION
Task: {A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} - \{D824C271-A6E2-4C9F-888E-3E9F92EFD934} -> No File <==== ATTENTION
Task: {AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B74D63C6-C18A-4757-8DE0-048F995E5BD1} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {C1365946-5801-43B2-A116-FAFE0D1D436C} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {C91F53F5-DECC-4E66-AB14-1BD871AAE779} - \{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} -> No File <==== ATTENTION
Task: {CE967B34-0125-41CC-A7EB-60785DCF3E8C} - \ExtendedServicePlan -> No File <==== ATTENTION
Task: {DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} - \{30C93F67-CAFC-40C9-92F4-E68B488499FF} -> No File <==== ATTENTION
Task: {E37D055E-4FAC-461C-B493-594355FFFD7E} - \{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} -> No File <==== ATTENTION
Task: {F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} - \{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} -> No File <==== ATTENTION
Task: {F7216E9A-9E1E-4619-929B-427478F66A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData:gs5sys [13824]
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\Users\All Users:gs5sys [13824]
AlternateDataStreams: C:\Users\john:gs5sys [11264]
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [13824]
AlternateDataStreams: C:\ProgramData\Microsoft:B9xwA2h14JKte5pCL [2108]
AlternateDataStreams: C:\ProgramData\Microsoft:Xfs7bpoxDwey85FI [2078]
AlternateDataStreams: C:\ProgramData\Temp:00373BA4 [135]
AlternateDataStreams: C:\ProgramData\Temp:012BC84F [282]
AlternateDataStreams: C:\ProgramData\Temp:01312928 [146]
AlternateDataStreams: C:\ProgramData\Temp:028EA3FD [118]
AlternateDataStreams: C:\ProgramData\Temp:03F9B551 [270]
AlternateDataStreams: C:\ProgramData\Temp:04076B92 [137]
AlternateDataStreams: C:\ProgramData\Temp:041ED421 [138]
AlternateDataStreams: C:\ProgramData\Temp:04406D73 [376]
AlternateDataStreams: C:\ProgramData\Temp:050C0DEA [140]
AlternateDataStreams: C:\ProgramData\Temp:05BF1B63 [202]
AlternateDataStreams: C:\ProgramData\Temp:060A3B0B [244]
AlternateDataStreams: C:\ProgramData\Temp:06771D62 [125]
AlternateDataStreams: C:\ProgramData\Temp:06C34166 [128]
AlternateDataStreams: C:\ProgramData\Temp:08003876 [132]
AlternateDataStreams: C:\ProgramData\Temp:084612C9 [130]
AlternateDataStreams: C:\ProgramData\Temp:08A03B9E [654]
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD [230]
AlternateDataStreams: C:\ProgramData\Temp:0968E571 [244]
AlternateDataStreams: C:\ProgramData\Temp:09867A8B [141]
AlternateDataStreams: C:\ProgramData\Temp:0A2A7D18 [132]
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5 [260]
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F [107]
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B [310]
AlternateDataStreams: C:\ProgramData\Temp:0B11E9EE [143]
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A [276]
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47 [126]
AlternateDataStreams: C:\ProgramData\Temp:0D6F7BD4 [139]
AlternateDataStreams: C:\ProgramData\Temp:0DAE9980 [129]
AlternateDataStreams: C:\ProgramData\Temp:0DDDD3CD [133]
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [139]
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [141]
AlternateDataStreams: C:\ProgramData\Temp:0F0F9094 [127]
AlternateDataStreams: C:\ProgramData\Temp:104A718B [276]
AlternateDataStreams: C:\ProgramData\Temp:10516C76 [146]
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1 [284]
AlternateDataStreams: C:\ProgramData\Temp:10BBEFEF [746]
AlternateDataStreams: C:\ProgramData\Temp:11EF326F [139]
AlternateDataStreams: C:\ProgramData\Temp:127BB39D [140]
AlternateDataStreams: C:\ProgramData\Temp:12A012A1 [129]
AlternateDataStreams: C:\ProgramData\Temp:12A3FA49 [132]
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9 [240]
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0 [120]
AlternateDataStreams: C:\ProgramData\Temp:14050722 [132]
AlternateDataStreams: C:\ProgramData\Temp:149E8786 [282]
AlternateDataStreams: C:\ProgramData\Temp:15381DB9 [136]
AlternateDataStreams: C:\ProgramData\Temp:158AC5F5 [137]
AlternateDataStreams: C:\ProgramData\Temp:15FA1ECB [151]
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B [280]
AlternateDataStreams: C:\ProgramData\Temp:1656EE95 [246]
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6 [268]
AlternateDataStreams: C:\ProgramData\Temp:16A4620C [258]
AlternateDataStreams: C:\ProgramData\Temp:16D21E17 [288]
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F [132]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:18345E10 [144]
AlternateDataStreams: C:\ProgramData\Temp:1858B534 [112]
AlternateDataStreams: C:\ProgramData\Temp:18B35CC4 [113]
AlternateDataStreams: C:\ProgramData\Temp:18B5F839 [138]
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51 [272]
AlternateDataStreams: C:\ProgramData\Temp:19636FDD [262]
AlternateDataStreams: C:\ProgramData\Temp:1968990D [254]
AlternateDataStreams: C:\ProgramData\Temp:19D3BC34 [149]
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C [276]
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204 [284]
AlternateDataStreams: C:\ProgramData\Temp:1AE1D58D [288]
AlternateDataStreams: C:\ProgramData\Temp:1DEA36D6 [132]
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA [136]
AlternateDataStreams: C:\ProgramData\Temp:1F2F0F76 [119]
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F [144]
AlternateDataStreams: C:\ProgramData\Temp:20EB6823 [120]
AlternateDataStreams: C:\ProgramData\Temp:2216A431 [278]
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA [137]
AlternateDataStreams: C:\ProgramData\Temp:2532C28E [121]
AlternateDataStreams: C:\ProgramData\Temp:2556A8A0 [141]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [146]
AlternateDataStreams: C:\ProgramData\Temp:25EF6F01 [129]
AlternateDataStreams: C:\ProgramData\Temp:26FF37EB [144]
AlternateDataStreams: C:\ProgramData\Temp:2707D83A [286]
AlternateDataStreams: C:\ProgramData\Temp:27C59043 [104]
AlternateDataStreams: C:\ProgramData\Temp:2892289F [125]
AlternateDataStreams: C:\ProgramData\Temp:28C6BEBF [144]
AlternateDataStreams: C:\ProgramData\Temp:29B37860 [234]
AlternateDataStreams: C:\ProgramData\Temp:29C0641D [284]
AlternateDataStreams: C:\ProgramData\Temp:2A48233F [130]
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4 [276]
AlternateDataStreams: C:\ProgramData\Temp:2B856118 [268]
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [234]
AlternateDataStreams: C:\ProgramData\Temp:2BB2D50B [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:2CED8825 [138]
AlternateDataStreams: C:\ProgramData\Temp:2F539966 [294]
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD [135]
AlternateDataStreams: C:\ProgramData\Temp:300E36AB [149]
AlternateDataStreams: C:\ProgramData\Temp:309E3827 [125]
AlternateDataStreams: C:\ProgramData\Temp:317F7381 [126]
AlternateDataStreams: C:\ProgramData\Temp:3252A6BA [132]
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED [133]
AlternateDataStreams: C:\ProgramData\Temp:346337E3 [146]
AlternateDataStreams: C:\ProgramData\Temp:3469612C [270]
AlternateDataStreams: C:\ProgramData\Temp:34EFF1F2 [246]
AlternateDataStreams: C:\ProgramData\Temp:35629AE6 [286]
AlternateDataStreams: C:\ProgramData\Temp:3571475C [250]
AlternateDataStreams: C:\ProgramData\Temp:366B74CA [246]
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD [272]
AlternateDataStreams: C:\ProgramData\Temp:3895D488 [136]
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83 [141]
AlternateDataStreams: C:\ProgramData\Temp:38FF076E [132]
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7 [286]
AlternateDataStreams: C:\ProgramData\Temp:3A4A5185 [264]
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\Temp:3B12F2EC [146]
AlternateDataStreams: C:\ProgramData\Temp:3B84A3F1 [140]
AlternateDataStreams: C:\ProgramData\Temp:3BB073C2 [144]
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF [284]
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D [154]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [250]
AlternateDataStreams: C:\ProgramData\Temp:3E208EC8 [131]
AlternateDataStreams: C:\ProgramData\Temp:3E2A4708 [770]
AlternateDataStreams: C:\ProgramData\Temp:3E9452A9 [272]
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\Temp:41472405 [124]
AlternateDataStreams: C:\ProgramData\Temp:426CDD93 [756]
AlternateDataStreams: C:\ProgramData\Temp:432EC713 [141]
AlternateDataStreams: C:\ProgramData\Temp:434CFDCA [236]
AlternateDataStreams: C:\ProgramData\Temp:436BE28C [256]
AlternateDataStreams: C:\ProgramData\Temp:43E0EC8A [250]
AlternateDataStreams: C:\ProgramData\Temp:448E7C5B [133]
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\Temp:46C7F417 [242]
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\Temp:4911BB5C [214]
AlternateDataStreams: C:\ProgramData\Temp:4A10AFB7 [146]
AlternateDataStreams: C:\ProgramData\Temp:4B2A0356 [278]
AlternateDataStreams: C:\ProgramData\Temp:4B2E08FB [244]
AlternateDataStreams: C:\ProgramData\Temp:4B325725 [70]
AlternateDataStreams: C:\ProgramData\Temp:4B4D7EF3 [155]
AlternateDataStreams: C:\ProgramData\Temp:4BC514A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5 [129]
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B [132]
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D [125]
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B [125]
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8 [139]
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E [136]
AlternateDataStreams: C:\ProgramData\Temp:4D348522 [132]
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8 [140]
AlternateDataStreams: C:\ProgramData\Temp:517EFA90 [135]
AlternateDataStreams: C:\ProgramData\Temp:51E05A3A [230]
AlternateDataStreams: C:\ProgramData\Temp:52329B88 [146]
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF [137]
AlternateDataStreams: C:\ProgramData\Temp:54531C7D [256]
AlternateDataStreams: C:\ProgramData\Temp:54C1075C [147]
AlternateDataStreams: C:\ProgramData\Temp:54F257C0 [194]
AlternateDataStreams: C:\ProgramData\Temp:56A74E89 [130]
AlternateDataStreams: C:\ProgramData\Temp:57173DB4 [137]
AlternateDataStreams: C:\ProgramData\Temp:574311A1 [130]
AlternateDataStreams: C:\ProgramData\Temp:57B374AB [276]
AlternateDataStreams: C:\ProgramData\Temp:57CFEA7A [144]
AlternateDataStreams: C:\ProgramData\Temp:581ECF22 [112]
AlternateDataStreams: C:\ProgramData\Temp:58A7E801 [234]
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB [128]
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B [280]
AlternateDataStreams: C:\ProgramData\Temp:5C818B5D [141]
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE [154]
AlternateDataStreams: C:\ProgramData\Temp:5D4F063C [292]
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B [138]
AlternateDataStreams: C:\ProgramData\Temp:5FEAB2C8 [379]
AlternateDataStreams: C:\ProgramData\Temp:602EC63C [262]
AlternateDataStreams: C:\ProgramData\Temp:607A99D7 [133]
AlternateDataStreams: C:\ProgramData\Temp:616A2A70 [118]
AlternateDataStreams: C:\ProgramData\Temp:619F147E [159]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [140]
AlternateDataStreams: C:\ProgramData\Temp:624A80FD [192]
AlternateDataStreams: C:\ProgramData\Temp:6271B518 [122]
AlternateDataStreams: C:\ProgramData\Temp:62AF0D82 [129]
AlternateDataStreams: C:\ProgramData\Temp:6358B2F7 [135]
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9 [296]
AlternateDataStreams: C:\ProgramData\Temp:63E88FD4 [141]
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF [144]
AlternateDataStreams: C:\ProgramData\Temp:6423D635 [242]
AlternateDataStreams: C:\ProgramData\Temp:6447E3B5 [238]
AlternateDataStreams: C:\ProgramData\Temp:6468C896 [272]
AlternateDataStreams: C:\ProgramData\Temp:64BDD821 [226]
AlternateDataStreams: C:\ProgramData\Temp:65621319 [145]
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A [124]
AlternateDataStreams: C:\ProgramData\Temp:67396145 [154]
AlternateDataStreams: C:\ProgramData\Temp:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA [118]
AlternateDataStreams: C:\ProgramData\Temp:680086AB [114]
AlternateDataStreams: C:\ProgramData\Temp:68198EE3 [135]
AlternateDataStreams: C:\ProgramData\Temp:68C21E42 [304]
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7 [136]
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F [750]
AlternateDataStreams: C:\ProgramData\Temp:69ED1286 [286]
AlternateDataStreams: C:\ProgramData\Temp:6A609C67 [128]
AlternateDataStreams: C:\ProgramData\Temp:6B251180 [288]
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4 [135]
AlternateDataStreams: C:\ProgramData\Temp:6BF6CA71 [133]
AlternateDataStreams: C:\ProgramData\Temp:6C718587 [246]
AlternateDataStreams: C:\ProgramData\Temp:6CCDA168 [112]
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2 [147]
AlternateDataStreams: C:\ProgramData\Temp:6DC537DB [308]
AlternateDataStreams: C:\ProgramData\Temp:6DCC0E34 [274]
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746 [256]
AlternateDataStreams: C:\ProgramData\Temp:6E271126 [117]
AlternateDataStreams: C:\ProgramData\Temp:6EC8F6C5 [210]
AlternateDataStreams: C:\ProgramData\Temp:6F0C95A1 [290]
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1 [286]
AlternateDataStreams: C:\ProgramData\Temp:6F84C4DE [131]
AlternateDataStreams: C:\ProgramData\Temp:6F998753 [145]
AlternateDataStreams: C:\ProgramData\Temp:6F9C57B9 [146]
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6FA918FA [145]
AlternateDataStreams: C:\ProgramData\Temp:701B92FB [242]
AlternateDataStreams: C:\ProgramData\Temp:70BDB805 [127]
AlternateDataStreams: C:\ProgramData\Temp:70FD4407 [272]
AlternateDataStreams: C:\ProgramData\Temp:7109C24A [141]
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A [228]
AlternateDataStreams: C:\ProgramData\Temp:73879882 [280]
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96 [119]
AlternateDataStreams: C:\ProgramData\Temp:73B78E79 [128]
AlternateDataStreams: C:\ProgramData\Temp:7455D6E6 [144]
AlternateDataStreams: C:\ProgramData\Temp:74A0E249 [152]
AlternateDataStreams: C:\ProgramData\Temp:74E256F6 [133]
AlternateDataStreams: C:\ProgramData\Temp:751D6870 [146]
AlternateDataStreams: C:\ProgramData\Temp:757BA6A5 [154]
AlternateDataStreams: C:\ProgramData\Temp:75CEDFA5 [117]
AlternateDataStreams: C:\ProgramData\Temp:77066415 [760]
AlternateDataStreams: C:\ProgramData\Temp:77E239B1 [127]
AlternateDataStreams: C:\ProgramData\Temp:77E927FC [136]
AlternateDataStreams: C:\ProgramData\Temp:7804B508 [124]
AlternateDataStreams: C:\ProgramData\Temp:7890F666 [314]
AlternateDataStreams: C:\ProgramData\Temp:796EE7C8 [120]
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE [130]
AlternateDataStreams: C:\ProgramData\Temp:7A51F685 [290]
AlternateDataStreams: C:\ProgramData\Temp:7ACF38DE [246]
AlternateDataStreams: C:\ProgramData\Temp:7D288858 [141]
AlternateDataStreams: C:\ProgramData\Temp:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA [464]
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621 [128]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [266]
AlternateDataStreams: C:\ProgramData\Temp:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\Temp:81E0F9D0 [146]
AlternateDataStreams: C:\ProgramData\Temp:81F65F60 [748]
AlternateDataStreams: C:\ProgramData\Temp:82111599 [244]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [256]
AlternateDataStreams: C:\ProgramData\Temp:84618038 [133]
AlternateDataStreams: C:\ProgramData\Temp:84D1C282 [130]
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7 [148]
AlternateDataStreams: C:\ProgramData\Temp:85376176 [121]
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3 [133]
AlternateDataStreams: C:\ProgramData\Temp:87E3D720 [147]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [146]
AlternateDataStreams: C:\ProgramData\Temp:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\Temp:8967C154 [126]
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44 [132]
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB [152]
AlternateDataStreams: C:\ProgramData\Temp:89FED318 [286]
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E [109]
AlternateDataStreams: C:\ProgramData\Temp:8AC20936 [129]
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3 [135]
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD [145]
AlternateDataStreams: C:\ProgramData\Temp:8C49003C [145]
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3 [122]
AlternateDataStreams: C:\ProgramData\Temp:8D634113 [732]
AlternateDataStreams: C:\ProgramData\Temp:8D9C24E0 [260]
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71 [115]
AlternateDataStreams: C:\ProgramData\Temp:902C848D [250]
AlternateDataStreams: C:\ProgramData\Temp:9083C3AD [123]
AlternateDataStreams: C:\ProgramData\Temp:90C320E1 [250]
AlternateDataStreams: C:\ProgramData\Temp:91244A8F [118]
AlternateDataStreams: C:\ProgramData\Temp:9124663C [128]
AlternateDataStreams: C:\ProgramData\Temp:92421EF9 [123]
AlternateDataStreams: C:\ProgramData\Temp:927EC486 [256]
AlternateDataStreams: C:\ProgramData\Temp:928DF32E [286]
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9 [292]
AlternateDataStreams: C:\ProgramData\Temp:947107AC [124]
AlternateDataStreams: C:\ProgramData\Temp:9491C9C7 [276]
AlternateDataStreams: C:\ProgramData\Temp:95198126 [100]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [252]
AlternateDataStreams: C:\ProgramData\Temp:972E051C [248]
AlternateDataStreams: C:\ProgramData\Temp:973DCFFF [780]
AlternateDataStreams: C:\ProgramData\Temp:97B3B270 [278]
AlternateDataStreams: C:\ProgramData\Temp:97ECE74A [150]
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6 [131]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203 [127]
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6 [140]
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C [119]
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [288]
AlternateDataStreams: C:\ProgramData\Temp:9BF0C425 [280]
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE [280]
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6 [133]
AlternateDataStreams: C:\ProgramData\Temp:9D03192E [118]
AlternateDataStreams: C:\ProgramData\Temp:9D60BE91 [276]
AlternateDataStreams: C:\ProgramData\Temp:9D91E651 [126]
AlternateDataStreams: C:\ProgramData\Temp:9DDABE44 [278]
AlternateDataStreams: C:\ProgramData\Temp:9DF24CB2 [140]
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0 [122]
AlternateDataStreams: C:\ProgramData\Temp:9E4F05ED [128]
AlternateDataStreams: C:\ProgramData\Temp:9F38BF31 [143]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [126]
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9 [116]
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F [252]
AlternateDataStreams: C:\ProgramData\Temp:A103830F [133]
AlternateDataStreams: C:\ProgramData\Temp:A22AF60D [138]
AlternateDataStreams: C:\ProgramData\Temp:A279C25A [136]
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B [126]
AlternateDataStreams: C:\ProgramData\Temp:A43B789A [139]
AlternateDataStreams: C:\ProgramData\Temp:A44008FA [250]
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F [278]
AlternateDataStreams: C:\ProgramData\Temp:A5948878 [132]
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80 [152]
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF [123]
AlternateDataStreams: C:\ProgramData\Temp:A8606E6E [292]
AlternateDataStreams: C:\ProgramData\Temp:A899E64E [141]
AlternateDataStreams: C:\ProgramData\Temp:A89B3FB8 [722]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2 [153]
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF [118]
AlternateDataStreams: C:\ProgramData\Temp:A9BB1126 [258]
AlternateDataStreams: C:\ProgramData\Temp:AA559E17 [136]
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB [134]
AlternateDataStreams: C:\ProgramData\Temp:AE289451 [145]
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA [139]
AlternateDataStreams: C:\ProgramData\Temp:B02249C3 [124]
AlternateDataStreams: C:\ProgramData\Temp:B059B88E [147]
AlternateDataStreams: C:\ProgramData\Temp:B0B6C3E8 [187]
AlternateDataStreams: C:\ProgramData\Temp:B0BD7797 [272]
AlternateDataStreams: C:\ProgramData\Temp:B162D6FD [138]
AlternateDataStreams: C:\ProgramData\Temp:B1EED3AD [130]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [103]
AlternateDataStreams: C:\ProgramData\Temp:B243953E [134]
AlternateDataStreams: C:\ProgramData\Temp:B285A50E [268]
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4 [754]
AlternateDataStreams: C:\ProgramData\Temp:B3550AA2 [280]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [126]
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE [256]
AlternateDataStreams: C:\ProgramData\Temp:B3A4FEE1 [129]
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C [148]
AlternateDataStreams: C:\ProgramData\Temp:B445A124 [133]
AlternateDataStreams: C:\ProgramData\Temp:B4F7687B [278]
AlternateDataStreams: C:\ProgramData\Temp:B53DCFC9 [127]
AlternateDataStreams: C:\ProgramData\Temp:B5F623E4 [248]
AlternateDataStreams: C:\ProgramData\Temp:B615ABD3 [137]
AlternateDataStreams: C:\ProgramData\Temp:B65E763D [139]
AlternateDataStreams: C:\ProgramData\Temp:B6C1A5F4 [266]
AlternateDataStreams: C:\ProgramData\Temp:B779C113 [252]
AlternateDataStreams: C:\ProgramData\Temp:B790962B [128]
AlternateDataStreams: C:\ProgramData\Temp:B7E52658 [119]
AlternateDataStreams: C:\ProgramData\Temp:B8428FE1 [137]
AlternateDataStreams: C:\ProgramData\Temp:B86642C5 [152]
AlternateDataStreams: C:\ProgramData\Temp:B86927F0 [149]
AlternateDataStreams: C:\ProgramData\Temp:B88DC997 [278]
AlternateDataStreams: C:\ProgramData\Temp:B9433D0F [129]
AlternateDataStreams: C:\ProgramData\Temp:B9BD98A8 [246]
AlternateDataStreams: C:\ProgramData\Temp:B9E36774 [141]
AlternateDataStreams: C:\ProgramData\Temp:BA5938AB [278]
AlternateDataStreams: C:\ProgramData\Temp:BB004A7D [114]
AlternateDataStreams: C:\ProgramData\Temp:BB718C46 [282]
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:BD659567 [153]
AlternateDataStreams: C:\ProgramData\Temp:C07829DC [258]
AlternateDataStreams: C:\ProgramData\Temp:C085F80B [280]
AlternateDataStreams: C:\ProgramData\Temp:C0DFB793 [139]
AlternateDataStreams: C:\ProgramData\Temp:C0EFBD3F [132]
AlternateDataStreams: C:\ProgramData\Temp:C178954A [135]
AlternateDataStreams: C:\ProgramData\Temp:C1DBE635 [140]
AlternateDataStreams: C:\ProgramData\Temp:C1FF1B01 [132]
AlternateDataStreams: C:\ProgramData\Temp:C356A185 [294]
AlternateDataStreams: C:\ProgramData\Temp:C37283B5 [272]
AlternateDataStreams: C:\ProgramData\Temp:C3C72D5F [128]
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A [134]
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6 [152]
AlternateDataStreams: C:\ProgramData\Temp:C52EF004 [246]
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57 [136]
AlternateDataStreams: C:\ProgramData\Temp:C5B1FE54 [133]
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8 [125]
AlternateDataStreams: C:\ProgramData\Temp:C7857F06 [238]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [118]
AlternateDataStreams: C:\ProgramData\Temp:C8182692 [228]
AlternateDataStreams: C:\ProgramData\Temp:C82210DD [135]
AlternateDataStreams: C:\ProgramData\Temp:C91C214D [268]
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06 [262]
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592 [136]
AlternateDataStreams: C:\ProgramData\Temp:CA4FAE31 [135]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [102]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [268]
AlternateDataStreams: C:\ProgramData\Temp:CC45913B [135]
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8 [236]
AlternateDataStreams: C:\ProgramData\Temp:CCFB0FDD [119]
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC [246]
AlternateDataStreams: C:\ProgramData\Temp:CD95E2C9 [138]
AlternateDataStreams: C:\ProgramData\Temp:CE253B51 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE707633 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3 [270]
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0 [278]
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06 [276]
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB [268]
AlternateDataStreams: C:\ProgramData\Temp:D0DCD8D7 [117]
AlternateDataStreams: C:\ProgramData\Temp:D1094629 [146]
AlternateDataStreams: C:\ProgramData\Temp:D1787194 [368]
AlternateDataStreams: C:\ProgramData\Temp:D22B04C3 [760]
AlternateDataStreams: C:\ProgramData\Temp:D2397415 [127]
AlternateDataStreams: C:\ProgramData\Temp:D254266B [300]
AlternateDataStreams: C:\ProgramData\Temp:D2972D66 [140]
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB [132]
AlternateDataStreams: C:\ProgramData\Temp:D36E068F [129]
AlternateDataStreams: C:\ProgramData\Temp:D414289B [135]
AlternateDataStreams: C:\ProgramData\Temp:D478F292 [135]
AlternateDataStreams: C:\ProgramData\Temp:D5458F6B [242]
AlternateDataStreams: C:\ProgramData\Temp:D59DE356 [130]
AlternateDataStreams: C:\ProgramData\Temp:D5B149F6 [131]
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D [130]
AlternateDataStreams: C:\ProgramData\Temp:D696AA12 [286]
AlternateDataStreams: C:\ProgramData\Temp:D6F7008C [216]
AlternateDataStreams: C:\ProgramData\Temp:D7DDEF83 [129]
AlternateDataStreams: C:\ProgramData\Temp:D8936165 [312]
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1 [140]
AlternateDataStreams: C:\ProgramData\Temp:D9243D84 [122]
AlternateDataStreams: C:\ProgramData\Temp:DA2268D5 [143]
AlternateDataStreams: C:\ProgramData\Temp:DA6DA9A1 [134]
AlternateDataStreams: C:\ProgramData\Temp:DBF7208A [782]
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3 [118]
AlternateDataStreams: C:\ProgramData\Temp:DCC6EDE9 [138]
AlternateDataStreams: C:\ProgramData\Temp:DD780579 [264]
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9 [250]
AlternateDataStreams: C:\ProgramData\Temp:DE33A453 [266]
AlternateDataStreams: C:\ProgramData\Temp:DE813CDD [242]
AlternateDataStreams: C:\ProgramData\Temp:DE8F2B8B [149]
AlternateDataStreams: C:\ProgramData\Temp:DEEA54A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:DF19F127 [244]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:E0553E73 [258]
AlternateDataStreams: C:\ProgramData\Temp:E21413B8 [238]
AlternateDataStreams: C:\ProgramData\Temp:E2295807 [145]
AlternateDataStreams: C:\ProgramData\Temp:E24659F6 [141]
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1 [163]
AlternateDataStreams: C:\ProgramData\Temp:E397CC9D [131]
AlternateDataStreams: C:\ProgramData\Temp:E44513D0 [123]
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41 [135]
AlternateDataStreams: C:\ProgramData\Temp:E5B07840 [266]
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD [147]
AlternateDataStreams: C:\ProgramData\Temp:E62BD5C1 [268]
AlternateDataStreams: C:\ProgramData\Temp:E6537A16 [125]
AlternateDataStreams: C:\ProgramData\Temp:E67D0FCB [120]
AlternateDataStreams: C:\ProgramData\Temp:E6A94369 [138]
AlternateDataStreams: C:\ProgramData\Temp:E6A96BE9 [284]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [139]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [104]
AlternateDataStreams: C:\ProgramData\Temp:E7614E1F [128]
AlternateDataStreams: C:\ProgramData\Temp:E8B61305 [286]
AlternateDataStreams: C:\ProgramData\Temp:E96D894A [238]
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C [139]
AlternateDataStreams: C:\ProgramData\Temp:E9D68B36 [302]
AlternateDataStreams: C:\ProgramData\Temp:EA149D25 [133]
AlternateDataStreams: C:\ProgramData\Temp:EA17702A [120]
AlternateDataStreams: C:\ProgramData\Temp:EABCC64A [290]
AlternateDataStreams: C:\ProgramData\Temp:EB4FEEF5 [274]
AlternateDataStreams: C:\ProgramData\Temp:EB5574AF [150]
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55 [122]
AlternateDataStreams: C:\ProgramData\Temp:EC0BE05C [143]
AlternateDataStreams: C:\ProgramData\Temp:EC1B2CAA [146]
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923 [121]
AlternateDataStreams: C:\ProgramData\Temp:EC46FC9D [278]
AlternateDataStreams: C:\ProgramData\Temp:EC752217 [145]
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83 [144]
AlternateDataStreams: C:\ProgramData\Temp:ED98A153 [124]
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC [133]
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44 [131]
AlternateDataStreams: C:\ProgramData\Temp:EE0B4216 [141]
AlternateDataStreams: C:\ProgramData\Temp:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1 [134]
AlternateDataStreams: C:\ProgramData\Temp:F131B2B8 [146]
AlternateDataStreams: C:\ProgramData\Temp:F2B0ABCC [137]
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB [145]
AlternateDataStreams: C:\ProgramData\Temp:F399A6E7 [262]
AlternateDataStreams: C:\ProgramData\Temp:F41E8853 [124]
AlternateDataStreams: C:\ProgramData\Temp:F4362715 [138]
AlternateDataStreams: C:\ProgramData\Temp:F49A2655 [270]
AlternateDataStreams: C:\ProgramData\Temp:F4BE8180 [134]
AlternateDataStreams: C:\ProgramData\Temp:F53B274A [298]
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A [149]
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE [266]
AlternateDataStreams: C:\ProgramData\Temp:F72306CC [120]
AlternateDataStreams: C:\ProgramData\Temp:F7370879 [236]
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF [268]
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93 [131]
AlternateDataStreams: C:\ProgramData\Temp:F83B9C51 [802]
AlternateDataStreams: C:\ProgramData\Temp:F875BF80 [262]
AlternateDataStreams: C:\ProgramData\Temp:F919FD4E [129]
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 [282]
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72 [130]
AlternateDataStreams: C:\ProgramData\Temp:FA65E745 [130]
AlternateDataStreams: C:\ProgramData\Temp:FB29EC2F [248]
AlternateDataStreams: C:\ProgramData\Temp:FB749AFB [762]
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6 [274]
AlternateDataStreams: C:\ProgramData\Temp:FBA79096 [250]
AlternateDataStreams: C:\ProgramData\Temp:FC414D14 [129]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [146]
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61 [113]
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A [135]
AlternateDataStreams: C:\ProgramData\Temp:FCDCCA12 [125]
AlternateDataStreams: C:\ProgramData\Temp:FD38E906 [146]
AlternateDataStreams: C:\ProgramData\Temp:FD7E32B5 [284]
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08 [278]
AlternateDataStreams: C:\ProgramData\Temp:FDF70DCD [149]
AlternateDataStreams: C:\ProgramData\Temp:FEB4D048 [146]
AlternateDataStreams: C:\ProgramData\Temp:FEE8782C [290]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3840]
AlternateDataStreams: C:\Users\john\Application Data:gs5sys [11520]
AlternateDataStreams: C:\Users\john\Cookies:gs5sys [12288]
AlternateDataStreams: C:\Users\john\Local Settings:gs5sys [45058]
AlternateDataStreams: C:\Users\john\Local Settings:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\Templates:gs5sys [46082]
AlternateDataStreams: C:\Users\john\Desktop\desktop.ini:gs5sys [9728]
AlternateDataStreams: C:\Users\john\Downloads\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\john\AppData\Local:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Roaming:gs5sys [11520]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Local\History:gs5sys [47106]
AlternateDataStreams: C:\Users\john\AppData\Local\Temp:GMlFSYKkVXJlnoN1JqpFASL [2390]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\desktop.ini:gs5sys [47106]
AlternateDataStreams: C:\Users\john\Documents\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [11520]
FirewallRules: [TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{598EA2EE-94E3-4963-BCBB-638A63A9B3EC}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA916AC4-8F31-493B-B3D6-84A90ADD7808}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{780750F7-AB85-4E0F-BEB5-D1E35B74B40A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
C:\Program Files (x86)\IObit
C:\Windows\System32\Drivers\SmartDefragDriver.sys
C:\Users\john\AppData\Roaming\base_en.db
C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
C:\Users\john\AppData\Roaming\log.txt
C:\Users\john\AppData\Roaming\settings.xml
C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
C:\Users\john\AppData\Roaming\wklnhst.dat
C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\john\AppData\Local\dt.dat
C:\Users\john\AppData\Local\file__0.localstorage
C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
C:\ProgramData\hpzinstall.log
C:\ProgramData\PKP_DLdu.DAT
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\program files (x86)\utorrent
C:\Users\john\AppData\Roaming\BitTorrent
Hosts:
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.
================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 24 April 2017 - 03:31 PM

Hello jhguitar1

 

I usually leave replies for longer but I'm a bit concerned that you may be having problems following my instructions.

 

You do have infections on your computer so please let me know if you need more detailed help and I'll send renewed instructions.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 jhguitar1

jhguitar1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 24 April 2017 - 05:30 PM

Hi. I'm having a hard time getting the logs to copy and paste They are supposed to go right to the desktop, correct? They are going to another folder in my documents

 



#12 jhguitar1

jhguitar1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 24 April 2017 - 06:10 PM

I definitely need help as I'm not computer savvy. Thank you for your patience!



#13 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 25 April 2017 - 02:57 AM

The easiest way is for you to use the attachment instead of copy/paste.

I've attached the file again. You need to click on the attached file and it should automatically open in Notepad.
 

  • with it open, click on File, Save As

Save%20as%20text%20file.gif

 

  • replace the asterisk, (*.txt), by typing in 'Fixlist'
  • in the top left window click on Desktop

Save%20to%20Desktop.gif

you should now have 'Fixlist' and FRST on your desktop

  • open FRST by double-clicking on it then press the Fix button just once and wait.

If for some reason FRST needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how that goes and if anything else needs more explanation.

Satchfan

 

Attached Files


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 jhguitar1

jhguitar1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 26 April 2017 - 07:23 PM

Ran by john (26-04-2017 18:56:17) Run:1
Running from C:\Users\john\Desktop
Loaded Profiles: john & UpdatusUser (Available Profiles: john & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM -> {96E44610-527E-4900-8145-49370B34A28F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-b10c0317&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-1151682749-726298257-2278553524-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
U3 DfSdkS; no ImagePath
2017-03-25 14:44 - 2017-03-25 14:44 - 00000690 _____ C:\Users\john\Downloads\download.dat
2017-04-08 08:34 - 2016-09-04 07:30 - 00003416 _____ C:\Windows\System32\Tasks\SmartDefrag_Defrag
2017-04-08 08:34 - 2016-06-16 17:28 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-08 08:34 - 2016-06-16 17:28 - 00003010 _____ C:\Windows\System32\Tasks\SmartDefrag_Update

2011-07-06 15:51 - 2014-04-04 11:40 - 1544192 ____H () C:\Users\john\AppData\Roaming\base_en.db
2011-06-27 15:46 - 2011-09-25 19:07 - 0001854 _____ () C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
2016-08-02 16:39 - 2016-10-19 16:38 - 0000011 _____ () C:\Users\john\AppData\Roaming\log.txt
2014-06-25 17:30 - 2014-06-25 17:30 - 0000095 _____ () C:\Users\john\AppData\Roaming\settings.xml
2013-04-18 09:25 - 2013-04-18 09:56 - 0247455 _____ () C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
2010-06-30 17:58 - 2013-01-28 10:21 - 0001050 _____ () C:\Users\john\AppData\Roaming\wklnhst.dat
2015-12-26 22:50 - 2017-02-09 21:37 - 0006144 _____ () C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 22:11 - 2012-08-20 22:11 - 0027520 _____ () C:\Users\john\AppData\Local\dt.dat
2016-07-22 17:03 - 2016-09-13 08:58 - 0003072 _____ () C:\Users\john\AppData\Local\file__0.localstorage
2016-07-22 17:03 - 2016-07-22 17:03 - 0003072 _____ () C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
2016-08-02 08:13 - 2016-08-02 08:13 - 0000000 _____ () C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
2013-10-08 22:07 - 2014-11-22 10:53 - 0003075 _____ () C:\ProgramData\hpzinstall.log
2010-07-02 15:36 - 2010-07-08 11:31 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Task: {0D6C7754-DF90-45C1-A6A5-EF86D8321492} - \{184C56A0-C3E2-442E-A862-F599E4EADB5B} -> No File <==== ATTENTION
Task: {1865B619-F3A4-4E0E-A16B-0D168B78CC62} - \{025BAF31-693D-42E4-9751-3685D6E4BAE4} -> No File <==== ATTENTION
Task: {18997706-8B99-4678-B009-60B0D8D62EB0} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} - \{3F481316-3BDA-4DB7-A607-3902589DE710} -> No File <==== ATTENTION
Task: {405B9123-065B-4D5B-9248-E455494B5D8E} - \ASC10_SkipUac_john -> No File <==== ATTENTION
Task: {42FDF028-EF57-442E-B11A-B4D02F136A66} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {50218AC2-EB2C-4121-900D-54DCB77D7685} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-06-01] (IObit)
Task: {549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} - \ServicePlan -> No File <==== ATTENTION
Task: {5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} - \Game_Booster_Startup -> No File <==== ATTENTION
Task: {5B38BC29-5F97-46AA-A078-D00157D9BF66} - \{2656970F-B297-4BDF-B6B0-F33AC426CE4A} -> No File <==== ATTENTION
Task: {74A8BC2B-A993-434F-8D3C-502FBD66F3A9} - \{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} -> No File <==== ATTENTION
Task: {86F962BD-A931-492C-B2C6-46985734F5F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} - System32\Tasks\SmartDefrag_Defrag => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-06-13] (IObit)
Task: {9093F20B-7EF1-4D93-9848-9283BF4219A3} - \{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} -> No File <==== ATTENTION
Task: {96C2585D-1B0B-48CB-A420-F664A7FF1902} - \{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} -> No File <==== ATTENTION
Task: {9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} - \SidebarExecute -> No File <==== ATTENTION
Task: {A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} - \{D824C271-A6E2-4C9F-888E-3E9F92EFD934} -> No File <==== ATTENTION
Task: {AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B74D63C6-C18A-4757-8DE0-048F995E5BD1} - \RecoveryCDWin7 -> No File <==== ATTENTION
Task: {C1365946-5801-43B2-A116-FAFE0D1D436C} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {C91F53F5-DECC-4E66-AB14-1BD871AAE779} - \{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} -> No File <==== ATTENTION
Task: {CE967B34-0125-41CC-A7EB-60785DCF3E8C} - \ExtendedServicePlan -> No File <==== ATTENTION
Task: {DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} - \{30C93F67-CAFC-40C9-92F4-E68B488499FF} -> No File <==== ATTENTION
Task: {E37D055E-4FAC-461C-B493-594355FFFD7E} - \{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} -> No File <==== ATTENTION
Task: {F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} - \{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} -> No File <==== ATTENTION
Task: {F7216E9A-9E1E-4619-929B-427478F66A81} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData:gs5sys [13824]
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\Users\All Users:gs5sys [13824]
AlternateDataStreams: C:\Users\john:gs5sys [11264]
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [13824]
AlternateDataStreams: C:\ProgramData\Microsoft:B9xwA2h14JKte5pCL [2108]
AlternateDataStreams: C:\ProgramData\Microsoft:Xfs7bpoxDwey85FI [2078]
AlternateDataStreams: C:\ProgramData\Temp:00373BA4 [135]
AlternateDataStreams: C:\ProgramData\Temp:012BC84F [282]
AlternateDataStreams: C:\ProgramData\Temp:01312928 [146]
AlternateDataStreams: C:\ProgramData\Temp:028EA3FD [118]
AlternateDataStreams: C:\ProgramData\Temp:03F9B551 [270]
AlternateDataStreams: C:\ProgramData\Temp:04076B92 [137]
AlternateDataStreams: C:\ProgramData\Temp:041ED421 [138]
AlternateDataStreams: C:\ProgramData\Temp:04406D73 [376]
AlternateDataStreams: C:\ProgramData\Temp:050C0DEA [140]
AlternateDataStreams: C:\ProgramData\Temp:05BF1B63 [202]
AlternateDataStreams: C:\ProgramData\Temp:060A3B0B [244]
AlternateDataStreams: C:\ProgramData\Temp:06771D62 [125]
AlternateDataStreams: C:\ProgramData\Temp:06C34166 [128]
AlternateDataStreams: C:\ProgramData\Temp:08003876 [132]
AlternateDataStreams: C:\ProgramData\Temp:084612C9 [130]
AlternateDataStreams: C:\ProgramData\Temp:08A03B9E [654]
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD [230]
AlternateDataStreams: C:\ProgramData\Temp:0968E571 [244]
AlternateDataStreams: C:\ProgramData\Temp:09867A8B [141]
AlternateDataStreams: C:\ProgramData\Temp:0A2A7D18 [132]
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5 [260]
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F [107]
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B [310]
AlternateDataStreams: C:\ProgramData\Temp:0B11E9EE [143]
AlternateDataStreams: C:\ProgramData\Temp:0BBF232A [276]
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47 [126]
AlternateDataStreams: C:\ProgramData\Temp:0D6F7BD4 [139]
AlternateDataStreams: C:\ProgramData\Temp:0DAE9980 [129]
AlternateDataStreams: C:\ProgramData\Temp:0DDDD3CD [133]
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB [139]
AlternateDataStreams: C:\ProgramData\Temp:0E61938B [141]
AlternateDataStreams: C:\ProgramData\Temp:0F0F9094 [127]
AlternateDataStreams: C:\ProgramData\Temp:104A718B [276]
AlternateDataStreams: C:\ProgramData\Temp:10516C76 [146]
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1 [284]
AlternateDataStreams: C:\ProgramData\Temp:10BBEFEF [746]
AlternateDataStreams: C:\ProgramData\Temp:11EF326F [139]
AlternateDataStreams: C:\ProgramData\Temp:127BB39D [140]
AlternateDataStreams: C:\ProgramData\Temp:12A012A1 [129]
AlternateDataStreams: C:\ProgramData\Temp:12A3FA49 [132]
AlternateDataStreams: C:\ProgramData\Temp:131C0EE9 [240]
AlternateDataStreams: C:\ProgramData\Temp:13CDB0E0 [120]
AlternateDataStreams: C:\ProgramData\Temp:14050722 [132]
AlternateDataStreams: C:\ProgramData\Temp:149E8786 [282]
AlternateDataStreams: C:\ProgramData\Temp:15381DB9 [136]
AlternateDataStreams: C:\ProgramData\Temp:158AC5F5 [137]
AlternateDataStreams: C:\ProgramData\Temp:15FA1ECB [151]
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B [280]
AlternateDataStreams: C:\ProgramData\Temp:1656EE95 [246]
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6 [268]
AlternateDataStreams: C:\ProgramData\Temp:16A4620C [258]
AlternateDataStreams: C:\ProgramData\Temp:16D21E17 [288]
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F [132]
AlternateDataStreams: C:\ProgramData\Temp:1709732A [246]
AlternateDataStreams: C:\ProgramData\Temp:18345E10 [144]
AlternateDataStreams: C:\ProgramData\Temp:1858B534 [112]
AlternateDataStreams: C:\ProgramData\Temp:18B35CC4 [113]
AlternateDataStreams: C:\ProgramData\Temp:18B5F839 [138]
AlternateDataStreams: C:\ProgramData\Temp:18DEBC51 [272]
AlternateDataStreams: C:\ProgramData\Temp:19636FDD [262]
AlternateDataStreams: C:\ProgramData\Temp:1968990D [254]
AlternateDataStreams: C:\ProgramData\Temp:19D3BC34 [149]
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C [276]
AlternateDataStreams: C:\ProgramData\Temp:1A4BF204 [284]
AlternateDataStreams: C:\ProgramData\Temp:1AE1D58D [288]
AlternateDataStreams: C:\ProgramData\Temp:1DEA36D6 [132]
AlternateDataStreams: C:\ProgramData\Temp:1E6EDDAA [136]
AlternateDataStreams: C:\ProgramData\Temp:1F2F0F76 [119]
AlternateDataStreams: C:\ProgramData\Temp:20C1C66F [144]
AlternateDataStreams: C:\ProgramData\Temp:20EB6823 [120]
AlternateDataStreams: C:\ProgramData\Temp:2216A431 [278]
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA [137]
AlternateDataStreams: C:\ProgramData\Temp:2532C28E [121]
AlternateDataStreams: C:\ProgramData\Temp:2556A8A0 [141]
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B [146]
AlternateDataStreams: C:\ProgramData\Temp:25EF6F01 [129]
AlternateDataStreams: C:\ProgramData\Temp:26FF37EB [144]
AlternateDataStreams: C:\ProgramData\Temp:2707D83A [286]
AlternateDataStreams: C:\ProgramData\Temp:27C59043 [104]
AlternateDataStreams: C:\ProgramData\Temp:2892289F [125]
AlternateDataStreams: C:\ProgramData\Temp:28C6BEBF [144]
AlternateDataStreams: C:\ProgramData\Temp:29B37860 [234]
AlternateDataStreams: C:\ProgramData\Temp:29C0641D [284]
AlternateDataStreams: C:\ProgramData\Temp:2A48233F [130]
AlternateDataStreams: C:\ProgramData\Temp:2ABB51D4 [276]
AlternateDataStreams: C:\ProgramData\Temp:2B856118 [268]
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8 [234]
AlternateDataStreams: C:\ProgramData\Temp:2BB2D50B [246]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:2CED8825 [138]
AlternateDataStreams: C:\ProgramData\Temp:2F539966 [294]
AlternateDataStreams: C:\ProgramData\Temp:2F5A06FD [135]
AlternateDataStreams: C:\ProgramData\Temp:300E36AB [149]
AlternateDataStreams: C:\ProgramData\Temp:309E3827 [125]
AlternateDataStreams: C:\ProgramData\Temp:317F7381 [126]
AlternateDataStreams: C:\ProgramData\Temp:3252A6BA [132]
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED [133]
AlternateDataStreams: C:\ProgramData\Temp:346337E3 [146]
AlternateDataStreams: C:\ProgramData\Temp:3469612C [270]
AlternateDataStreams: C:\ProgramData\Temp:34EFF1F2 [246]
AlternateDataStreams: C:\ProgramData\Temp:35629AE6 [286]
AlternateDataStreams: C:\ProgramData\Temp:3571475C [250]
AlternateDataStreams: C:\ProgramData\Temp:366B74CA [246]
AlternateDataStreams: C:\ProgramData\Temp:384AA0FD [272]
AlternateDataStreams: C:\ProgramData\Temp:3895D488 [136]
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83 [141]
AlternateDataStreams: C:\ProgramData\Temp:38FF076E [132]
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7 [286]
AlternateDataStreams: C:\ProgramData\Temp:3A4A5185 [264]
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\Temp:3B12F2EC [146]
AlternateDataStreams: C:\ProgramData\Temp:3B84A3F1 [140]
AlternateDataStreams: C:\ProgramData\Temp:3BB073C2 [144]
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF [284]
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D [154]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [250]
AlternateDataStreams: C:\ProgramData\Temp:3E208EC8 [131]
AlternateDataStreams: C:\ProgramData\Temp:3E2A4708 [770]
AlternateDataStreams: C:\ProgramData\Temp:3E9452A9 [272]
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\Temp:41472405 [124]
AlternateDataStreams: C:\ProgramData\Temp:426CDD93 [756]
AlternateDataStreams: C:\ProgramData\Temp:432EC713 [141]
AlternateDataStreams: C:\ProgramData\Temp:434CFDCA [236]
AlternateDataStreams: C:\ProgramData\Temp:436BE28C [256]
AlternateDataStreams: C:\ProgramData\Temp:43E0EC8A [250]
AlternateDataStreams: C:\ProgramData\Temp:448E7C5B [133]
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\Temp:46C7F417 [242]
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\Temp:4911BB5C [214]
AlternateDataStreams: C:\ProgramData\Temp:4A10AFB7 [146]
AlternateDataStreams: C:\ProgramData\Temp:4B2A0356 [278]
AlternateDataStreams: C:\ProgramData\Temp:4B2E08FB [244]
AlternateDataStreams: C:\ProgramData\Temp:4B325725 [70]
AlternateDataStreams: C:\ProgramData\Temp:4B4D7EF3 [155]
AlternateDataStreams: C:\ProgramData\Temp:4BC514A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5 [129]
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B [132]
AlternateDataStreams: C:\ProgramData\Temp:4C4BD66D [125]
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B [125]
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8 [139]
AlternateDataStreams: C:\ProgramData\Temp:4D2F454E [136]
AlternateDataStreams: C:\ProgramData\Temp:4D348522 [132]
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8 [140]
AlternateDataStreams: C:\ProgramData\Temp:517EFA90 [135]
AlternateDataStreams: C:\ProgramData\Temp:51E05A3A [230]
AlternateDataStreams: C:\ProgramData\Temp:52329B88 [146]
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF [137]
AlternateDataStreams: C:\ProgramData\Temp:54531C7D [256]
AlternateDataStreams: C:\ProgramData\Temp:54C1075C [147]
AlternateDataStreams: C:\ProgramData\Temp:54F257C0 [194]
AlternateDataStreams: C:\ProgramData\Temp:56A74E89 [130]
AlternateDataStreams: C:\ProgramData\Temp:57173DB4 [137]
AlternateDataStreams: C:\ProgramData\Temp:574311A1 [130]
AlternateDataStreams: C:\ProgramData\Temp:57B374AB [276]
AlternateDataStreams: C:\ProgramData\Temp:57CFEA7A [144]
AlternateDataStreams: C:\ProgramData\Temp:581ECF22 [112]
AlternateDataStreams: C:\ProgramData\Temp:58A7E801 [234]
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB [128]
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B [280]
AlternateDataStreams: C:\ProgramData\Temp:5C818B5D [141]
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE [154]
AlternateDataStreams: C:\ProgramData\Temp:5D4F063C [292]
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B [138]
AlternateDataStreams: C:\ProgramData\Temp:5FEAB2C8 [379]
AlternateDataStreams: C:\ProgramData\Temp:602EC63C [262]
AlternateDataStreams: C:\ProgramData\Temp:607A99D7 [133]
AlternateDataStreams: C:\ProgramData\Temp:616A2A70 [118]
AlternateDataStreams: C:\ProgramData\Temp:619F147E [159]
AlternateDataStreams: C:\ProgramData\Temp:6212DF7A [140]
AlternateDataStreams: C:\ProgramData\Temp:624A80FD [192]
AlternateDataStreams: C:\ProgramData\Temp:6271B518 [122]
AlternateDataStreams: C:\ProgramData\Temp:62AF0D82 [129]
AlternateDataStreams: C:\ProgramData\Temp:6358B2F7 [135]
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9 [296]
AlternateDataStreams: C:\ProgramData\Temp:63E88FD4 [141]
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF [144]
AlternateDataStreams: C:\ProgramData\Temp:6423D635 [242]
AlternateDataStreams: C:\ProgramData\Temp:6447E3B5 [238]
AlternateDataStreams: C:\ProgramData\Temp:6468C896 [272]
AlternateDataStreams: C:\ProgramData\Temp:64BDD821 [226]
AlternateDataStreams: C:\ProgramData\Temp:65621319 [145]
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A [124]
AlternateDataStreams: C:\ProgramData\Temp:67396145 [154]
AlternateDataStreams: C:\ProgramData\Temp:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\Temp:67D43EFA [118]
AlternateDataStreams: C:\ProgramData\Temp:680086AB [114]
AlternateDataStreams: C:\ProgramData\Temp:68198EE3 [135]
AlternateDataStreams: C:\ProgramData\Temp:68C21E42 [304]
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7 [136]
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F [750]
AlternateDataStreams: C:\ProgramData\Temp:69ED1286 [286]
AlternateDataStreams: C:\ProgramData\Temp:6A609C67 [128]
AlternateDataStreams: C:\ProgramData\Temp:6B251180 [288]
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4 [135]
AlternateDataStreams: C:\ProgramData\Temp:6BF6CA71 [133]
AlternateDataStreams: C:\ProgramData\Temp:6C718587 [246]
AlternateDataStreams: C:\ProgramData\Temp:6CCDA168 [112]
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2 [147]
AlternateDataStreams: C:\ProgramData\Temp:6DC537DB [308]
AlternateDataStreams: C:\ProgramData\Temp:6DCC0E34 [274]
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746 [256]
AlternateDataStreams: C:\ProgramData\Temp:6E271126 [117]
AlternateDataStreams: C:\ProgramData\Temp:6EC8F6C5 [210]
AlternateDataStreams: C:\ProgramData\Temp:6F0C95A1 [290]
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1 [286]
AlternateDataStreams: C:\ProgramData\Temp:6F84C4DE [131]
AlternateDataStreams: C:\ProgramData\Temp:6F998753 [145]
AlternateDataStreams: C:\ProgramData\Temp:6F9C57B9 [146]
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6FA918FA [145]
AlternateDataStreams: C:\ProgramData\Temp:701B92FB [242]
AlternateDataStreams: C:\ProgramData\Temp:70BDB805 [127]
AlternateDataStreams: C:\ProgramData\Temp:70FD4407 [272]
AlternateDataStreams: C:\ProgramData\Temp:7109C24A [141]
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A [228]
AlternateDataStreams: C:\ProgramData\Temp:73879882 [280]
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96 [119]
AlternateDataStreams: C:\ProgramData\Temp:73B78E79 [128]
AlternateDataStreams: C:\ProgramData\Temp:7455D6E6 [144]
AlternateDataStreams: C:\ProgramData\Temp:74A0E249 [152]
AlternateDataStreams: C:\ProgramData\Temp:74E256F6 [133]
AlternateDataStreams: C:\ProgramData\Temp:751D6870 [146]
AlternateDataStreams: C:\ProgramData\Temp:757BA6A5 [154]
AlternateDataStreams: C:\ProgramData\Temp:75CEDFA5 [117]
AlternateDataStreams: C:\ProgramData\Temp:77066415 [760]
AlternateDataStreams: C:\ProgramData\Temp:77E239B1 [127]
AlternateDataStreams: C:\ProgramData\Temp:77E927FC [136]
AlternateDataStreams: C:\ProgramData\Temp:7804B508 [124]
AlternateDataStreams: C:\ProgramData\Temp:7890F666 [314]
AlternateDataStreams: C:\ProgramData\Temp:796EE7C8 [120]
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE [130]
AlternateDataStreams: C:\ProgramData\Temp:7A51F685 [290]
AlternateDataStreams: C:\ProgramData\Temp:7ACF38DE [246]
AlternateDataStreams: C:\ProgramData\Temp:7D288858 [141]
AlternateDataStreams: C:\ProgramData\Temp:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA [464]
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621 [128]
AlternateDataStreams: C:\ProgramData\Temp:800FE171 [266]
AlternateDataStreams: C:\ProgramData\Temp:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\Temp:81E0F9D0 [146]
AlternateDataStreams: C:\ProgramData\Temp:81F65F60 [748]
AlternateDataStreams: C:\ProgramData\Temp:82111599 [244]
AlternateDataStreams: C:\ProgramData\Temp:834DD57E [256]
AlternateDataStreams: C:\ProgramData\Temp:84618038 [133]
AlternateDataStreams: C:\ProgramData\Temp:84D1C282 [130]
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7 [148]
AlternateDataStreams: C:\ProgramData\Temp:85376176 [121]
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3 [133]
AlternateDataStreams: C:\ProgramData\Temp:87E3D720 [147]
AlternateDataStreams: C:\ProgramData\Temp:884C7316 [146]
AlternateDataStreams: C:\ProgramData\Temp:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\Temp:8967C154 [126]
AlternateDataStreams: C:\ProgramData\Temp:89CC3B44 [132]
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB [152]
AlternateDataStreams: C:\ProgramData\Temp:89FED318 [286]
AlternateDataStreams: C:\ProgramData\Temp:8AB2162E [109]
AlternateDataStreams: C:\ProgramData\Temp:8AC20936 [129]
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3 [135]
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD [145]
AlternateDataStreams: C:\ProgramData\Temp:8C49003C [145]
AlternateDataStreams: C:\ProgramData\Temp:8C6D2EC3 [122]
AlternateDataStreams: C:\ProgramData\Temp:8D634113 [732]
AlternateDataStreams: C:\ProgramData\Temp:8D9C24E0 [260]
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71 [115]
AlternateDataStreams: C:\ProgramData\Temp:902C848D [250]
AlternateDataStreams: C:\ProgramData\Temp:9083C3AD [123]
AlternateDataStreams: C:\ProgramData\Temp:90C320E1 [250]
AlternateDataStreams: C:\ProgramData\Temp:91244A8F [118]
AlternateDataStreams: C:\ProgramData\Temp:9124663C [128]
AlternateDataStreams: C:\ProgramData\Temp:92421EF9 [123]
AlternateDataStreams: C:\ProgramData\Temp:927EC486 [256]
AlternateDataStreams: C:\ProgramData\Temp:928DF32E [286]
AlternateDataStreams: C:\ProgramData\Temp:93F3E4C9 [292]
AlternateDataStreams: C:\ProgramData\Temp:947107AC [124]
AlternateDataStreams: C:\ProgramData\Temp:9491C9C7 [276]
AlternateDataStreams: C:\ProgramData\Temp:95198126 [100]
AlternateDataStreams: C:\ProgramData\Temp:9603033A [252]
AlternateDataStreams: C:\ProgramData\Temp:972E051C [248]
AlternateDataStreams: C:\ProgramData\Temp:973DCFFF [780]
AlternateDataStreams: C:\ProgramData\Temp:97B3B270 [278]
AlternateDataStreams: C:\ProgramData\Temp:97ECE74A [150]
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6 [131]
AlternateDataStreams: C:\ProgramData\Temp:99AC3203 [127]
AlternateDataStreams: C:\ProgramData\Temp:99F8C0E6 [140]
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C [119]
AlternateDataStreams: C:\ProgramData\Temp:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [288]
AlternateDataStreams: C:\ProgramData\Temp:9BF0C425 [280]
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE [280]
AlternateDataStreams: C:\ProgramData\Temp:9C6014C6 [133]
AlternateDataStreams: C:\ProgramData\Temp:9D03192E [118]
AlternateDataStreams: C:\ProgramData\Temp:9D60BE91 [276]
AlternateDataStreams: C:\ProgramData\Temp:9D91E651 [126]
AlternateDataStreams: C:\ProgramData\Temp:9DDABE44 [278]
AlternateDataStreams: C:\ProgramData\Temp:9DF24CB2 [140]
AlternateDataStreams: C:\ProgramData\Temp:9E05DEB0 [122]
AlternateDataStreams: C:\ProgramData\Temp:9E4F05ED [128]
AlternateDataStreams: C:\ProgramData\Temp:9F38BF31 [143]
AlternateDataStreams: C:\ProgramData\Temp:9F50A55A [126]
AlternateDataStreams: C:\ProgramData\Temp:9FB9D3B9 [116]
AlternateDataStreams: C:\ProgramData\Temp:9FD2057F [252]
AlternateDataStreams: C:\ProgramData\Temp:A103830F [133]
AlternateDataStreams: C:\ProgramData\Temp:A22AF60D [138]
AlternateDataStreams: C:\ProgramData\Temp:A279C25A [136]
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B [126]
AlternateDataStreams: C:\ProgramData\Temp:A43B789A [139]
AlternateDataStreams: C:\ProgramData\Temp:A44008FA [250]
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F [278]
AlternateDataStreams: C:\ProgramData\Temp:A5948878 [132]
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80 [152]
AlternateDataStreams: C:\ProgramData\Temp:A700ABC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF [123]
AlternateDataStreams: C:\ProgramData\Temp:A8606E6E [292]
AlternateDataStreams: C:\ProgramData\Temp:A899E64E [141]
AlternateDataStreams: C:\ProgramData\Temp:A89B3FB8 [722]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2 [153]
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF [118]
AlternateDataStreams: C:\ProgramData\Temp:A9BB1126 [258]
AlternateDataStreams: C:\ProgramData\Temp:AA559E17 [136]
AlternateDataStreams: C:\ProgramData\Temp:ACE7A9BB [134]
AlternateDataStreams: C:\ProgramData\Temp:AE289451 [145]
AlternateDataStreams: C:\ProgramData\Temp:AE75CCC8 [238]
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA [139]
AlternateDataStreams: C:\ProgramData\Temp:B02249C3 [124]
AlternateDataStreams: C:\ProgramData\Temp:B059B88E [147]
AlternateDataStreams: C:\ProgramData\Temp:B0B6C3E8 [187]
AlternateDataStreams: C:\ProgramData\Temp:B0BD7797 [272]
AlternateDataStreams: C:\ProgramData\Temp:B162D6FD [138]
AlternateDataStreams: C:\ProgramData\Temp:B1EED3AD [130]
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09 [103]
AlternateDataStreams: C:\ProgramData\Temp:B243953E [134]
AlternateDataStreams: C:\ProgramData\Temp:B285A50E [268]
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4 [754]
AlternateDataStreams: C:\ProgramData\Temp:B3550AA2 [280]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [126]
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE [256]
AlternateDataStreams: C:\ProgramData\Temp:B3A4FEE1 [129]
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C [148]
AlternateDataStreams: C:\ProgramData\Temp:B445A124 [133]
AlternateDataStreams: C:\ProgramData\Temp:B4F7687B [278]
AlternateDataStreams: C:\ProgramData\Temp:B53DCFC9 [127]
AlternateDataStreams: C:\ProgramData\Temp:B5F623E4 [248]
AlternateDataStreams: C:\ProgramData\Temp:B615ABD3 [137]
AlternateDataStreams: C:\ProgramData\Temp:B65E763D [139]
AlternateDataStreams: C:\ProgramData\Temp:B6C1A5F4 [266]
AlternateDataStreams: C:\ProgramData\Temp:B779C113 [252]
AlternateDataStreams: C:\ProgramData\Temp:B790962B [128]
AlternateDataStreams: C:\ProgramData\Temp:B7E52658 [119]
AlternateDataStreams: C:\ProgramData\Temp:B8428FE1 [137]
AlternateDataStreams: C:\ProgramData\Temp:B86642C5 [152]
AlternateDataStreams: C:\ProgramData\Temp:B86927F0 [149]
AlternateDataStreams: C:\ProgramData\Temp:B88DC997 [278]
AlternateDataStreams: C:\ProgramData\Temp:B9433D0F [129]
AlternateDataStreams: C:\ProgramData\Temp:B9BD98A8 [246]
AlternateDataStreams: C:\ProgramData\Temp:B9E36774 [141]
AlternateDataStreams: C:\ProgramData\Temp:BA5938AB [278]
AlternateDataStreams: C:\ProgramData\Temp:BB004A7D [114]
AlternateDataStreams: C:\ProgramData\Temp:BB718C46 [282]
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5 [112]
AlternateDataStreams: C:\ProgramData\Temp:BD659567 [153]
AlternateDataStreams: C:\ProgramData\Temp:C07829DC [258]
AlternateDataStreams: C:\ProgramData\Temp:C085F80B [280]
AlternateDataStreams: C:\ProgramData\Temp:C0DFB793 [139]
AlternateDataStreams: C:\ProgramData\Temp:C0EFBD3F [132]
AlternateDataStreams: C:\ProgramData\Temp:C178954A [135]
AlternateDataStreams: C:\ProgramData\Temp:C1DBE635 [140]
AlternateDataStreams: C:\ProgramData\Temp:C1FF1B01 [132]
AlternateDataStreams: C:\ProgramData\Temp:C356A185 [294]
AlternateDataStreams: C:\ProgramData\Temp:C37283B5 [272]
AlternateDataStreams: C:\ProgramData\Temp:C3C72D5F [128]
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A [134]
AlternateDataStreams: C:\ProgramData\Temp:C4CB6EA6 [152]
AlternateDataStreams: C:\ProgramData\Temp:C52EF004 [246]
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57 [136]
AlternateDataStreams: C:\ProgramData\Temp:C5B1FE54 [133]
AlternateDataStreams: C:\ProgramData\Temp:C611D6C8 [125]
AlternateDataStreams: C:\ProgramData\Temp:C7857F06 [238]
AlternateDataStreams: C:\ProgramData\Temp:C78DADEA [118]
AlternateDataStreams: C:\ProgramData\Temp:C8182692 [228]
AlternateDataStreams: C:\ProgramData\Temp:C82210DD [135]
AlternateDataStreams: C:\ProgramData\Temp:C91C214D [268]
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06 [262]
AlternateDataStreams: C:\ProgramData\Temp:C9BC8592 [136]
AlternateDataStreams: C:\ProgramData\Temp:CA4FAE31 [135]
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [102]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [268]
AlternateDataStreams: C:\ProgramData\Temp:CC45913B [135]
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8 [236]
AlternateDataStreams: C:\ProgramData\Temp:CCFB0FDD [119]
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC [246]
AlternateDataStreams: C:\ProgramData\Temp:CD95E2C9 [138]
AlternateDataStreams: C:\ProgramData\Temp:CE253B51 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE707633 [300]
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3 [270]
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0 [278]
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06 [276]
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB [268]
AlternateDataStreams: C:\ProgramData\Temp:D0DCD8D7 [117]
AlternateDataStreams: C:\ProgramData\Temp:D1094629 [146]
AlternateDataStreams: C:\ProgramData\Temp:D1787194 [368]
AlternateDataStreams: C:\ProgramData\Temp:D22B04C3 [760]
AlternateDataStreams: C:\ProgramData\Temp:D2397415 [127]
AlternateDataStreams: C:\ProgramData\Temp:D254266B [300]
AlternateDataStreams: C:\ProgramData\Temp:D2972D66 [140]
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB [132]
AlternateDataStreams: C:\ProgramData\Temp:D36E068F [129]
AlternateDataStreams: C:\ProgramData\Temp:D414289B [135]
AlternateDataStreams: C:\ProgramData\Temp:D478F292 [135]
AlternateDataStreams: C:\ProgramData\Temp:D5458F6B [242]
AlternateDataStreams: C:\ProgramData\Temp:D59DE356 [130]
AlternateDataStreams: C:\ProgramData\Temp:D5B149F6 [131]
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D [130]
AlternateDataStreams: C:\ProgramData\Temp:D696AA12 [286]
AlternateDataStreams: C:\ProgramData\Temp:D6F7008C [216]
AlternateDataStreams: C:\ProgramData\Temp:D7DDEF83 [129]
AlternateDataStreams: C:\ProgramData\Temp:D8936165 [312]
AlternateDataStreams: C:\ProgramData\Temp:D8AE9DD1 [140]
AlternateDataStreams: C:\ProgramData\Temp:D9243D84 [122]
AlternateDataStreams: C:\ProgramData\Temp:DA2268D5 [143]
AlternateDataStreams: C:\ProgramData\Temp:DA6DA9A1 [134]
AlternateDataStreams: C:\ProgramData\Temp:DBF7208A [782]
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3 [118]
AlternateDataStreams: C:\ProgramData\Temp:DCC6EDE9 [138]
AlternateDataStreams: C:\ProgramData\Temp:DD780579 [264]
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9 [250]
AlternateDataStreams: C:\ProgramData\Temp:DE33A453 [266]
AlternateDataStreams: C:\ProgramData\Temp:DE813CDD [242]
AlternateDataStreams: C:\ProgramData\Temp:DE8F2B8B [149]
AlternateDataStreams: C:\ProgramData\Temp:DEEA54A4 [146]
AlternateDataStreams: C:\ProgramData\Temp:DF19F127 [244]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:E0553E73 [258]
AlternateDataStreams: C:\ProgramData\Temp:E21413B8 [238]
AlternateDataStreams: C:\ProgramData\Temp:E2295807 [145]
AlternateDataStreams: C:\ProgramData\Temp:E24659F6 [141]
AlternateDataStreams: C:\ProgramData\Temp:E326D1D1 [163]
AlternateDataStreams: C:\ProgramData\Temp:E397CC9D [131]
AlternateDataStreams: C:\ProgramData\Temp:E44513D0 [123]
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41 [135]
AlternateDataStreams: C:\ProgramData\Temp:E5B07840 [266]
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD [147]
AlternateDataStreams: C:\ProgramData\Temp:E62BD5C1 [268]
AlternateDataStreams: C:\ProgramData\Temp:E6537A16 [125]
AlternateDataStreams: C:\ProgramData\Temp:E67D0FCB [120]
AlternateDataStreams: C:\ProgramData\Temp:E6A94369 [138]
AlternateDataStreams: C:\ProgramData\Temp:E6A96BE9 [284]
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B [139]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [104]
AlternateDataStreams: C:\ProgramData\Temp:E7614E1F [128]
AlternateDataStreams: C:\ProgramData\Temp:E8B61305 [286]
AlternateDataStreams: C:\ProgramData\Temp:E96D894A [238]
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C [139]
AlternateDataStreams: C:\ProgramData\Temp:E9D68B36 [302]
AlternateDataStreams: C:\ProgramData\Temp:EA149D25 [133]
AlternateDataStreams: C:\ProgramData\Temp:EA17702A [120]
AlternateDataStreams: C:\ProgramData\Temp:EABCC64A [290]
AlternateDataStreams: C:\ProgramData\Temp:EB4FEEF5 [274]
AlternateDataStreams: C:\ProgramData\Temp:EB5574AF [150]
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55 [122]
AlternateDataStreams: C:\ProgramData\Temp:EC0BE05C [143]
AlternateDataStreams: C:\ProgramData\Temp:EC1B2CAA [146]
AlternateDataStreams: C:\ProgramData\Temp:EC3A9923 [121]
AlternateDataStreams: C:\ProgramData\Temp:EC46FC9D [278]
AlternateDataStreams: C:\ProgramData\Temp:EC752217 [145]
AlternateDataStreams: C:\ProgramData\Temp:ED6B6C83 [144]
AlternateDataStreams: C:\ProgramData\Temp:ED98A153 [124]
AlternateDataStreams: C:\ProgramData\Temp:EDE28CFC [133]
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44 [131]
AlternateDataStreams: C:\ProgramData\Temp:EE0B4216 [141]
AlternateDataStreams: C:\ProgramData\Temp:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\Temp:F001F3C1 [134]
AlternateDataStreams: C:\ProgramData\Temp:F131B2B8 [146]
AlternateDataStreams: C:\ProgramData\Temp:F2B0ABCC [137]
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB [145]
AlternateDataStreams: C:\ProgramData\Temp:F399A6E7 [262]
AlternateDataStreams: C:\ProgramData\Temp:F41E8853 [124]
AlternateDataStreams: C:\ProgramData\Temp:F4362715 [138]
AlternateDataStreams: C:\ProgramData\Temp:F49A2655 [270]
AlternateDataStreams: C:\ProgramData\Temp:F4BE8180 [134]
AlternateDataStreams: C:\ProgramData\Temp:F53B274A [298]
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A [149]
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE [266]
AlternateDataStreams: C:\ProgramData\Temp:F72306CC [120]
AlternateDataStreams: C:\ProgramData\Temp:F7370879 [236]
AlternateDataStreams: C:\ProgramData\Temp:F7401CCF [268]
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93 [131]
AlternateDataStreams: C:\ProgramData\Temp:F83B9C51 [802]
AlternateDataStreams: C:\ProgramData\Temp:F875BF80 [262]
AlternateDataStreams: C:\ProgramData\Temp:F919FD4E [129]
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67 [282]
AlternateDataStreams: C:\ProgramData\Temp:FA09FC72 [130]
AlternateDataStreams: C:\ProgramData\Temp:FA65E745 [130]
AlternateDataStreams: C:\ProgramData\Temp:FB29EC2F [248]
AlternateDataStreams: C:\ProgramData\Temp:FB749AFB [762]
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6 [274]
AlternateDataStreams: C:\ProgramData\Temp:FBA79096 [250]
AlternateDataStreams: C:\ProgramData\Temp:FC414D14 [129]
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A [146]
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61 [113]
AlternateDataStreams: C:\ProgramData\Temp:FC89CE5A [135]
AlternateDataStreams: C:\ProgramData\Temp:FCDCCA12 [125]
AlternateDataStreams: C:\ProgramData\Temp:FD38E906 [146]
AlternateDataStreams: C:\ProgramData\Temp:FD7E32B5 [284]
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08 [278]
AlternateDataStreams: C:\ProgramData\Temp:FDF70DCD [149]
AlternateDataStreams: C:\ProgramData\Temp:FEB4D048 [146]
AlternateDataStreams: C:\ProgramData\Temp:FEE8782C [290]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3840]
AlternateDataStreams: C:\Users\john\Application Data:gs5sys [11520]
AlternateDataStreams: C:\Users\john\Cookies:gs5sys [12288]
AlternateDataStreams: C:\Users\john\Local Settings:gs5sys [45058]
AlternateDataStreams: C:\Users\john\Local Settings:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\Templates:gs5sys [46082]
AlternateDataStreams: C:\Users\john\Desktop\desktop.ini:gs5sys [9728]
AlternateDataStreams: C:\Users\john\Downloads\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\john\AppData\Local:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Roaming:gs5sys [11520]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:gs5sys [45058]
AlternateDataStreams: C:\Users\john\AppData\Local\Application Data:kTmWDtabfrNV0NAWrjHI [2296]
AlternateDataStreams: C:\Users\john\AppData\Local\History:gs5sys [47106]
AlternateDataStreams: C:\Users\john\AppData\Local\Temp:GMlFSYKkVXJlnoN1JqpFASL [2390]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2012 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\john\Documents\2013 & 2014 W2's.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\john\Documents\desktop.ini:gs5sys [47106]
AlternateDataStreams: C:\Users\john\Documents\Landslide-Wedding 2013.mp4:com.dropbox.attributes [416]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [11520]
FirewallRules: [TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{598EA2EE-94E3-4963-BCBB-638A63A9B3EC}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3}] => (Allow) C:\Users\john\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DA916AC4-8F31-493B-B3D6-84A90ADD7808}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{780750F7-AB85-4E0F-BEB5-D1E35B74B40A}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
C:\Program Files (x86)\IObit
C:\Windows\System32\Drivers\SmartDefragDriver.sys
C:\Users\john\AppData\Roaming\base_en.db
C:\Users\john\AppData\Roaming\GhostObjGAFix.xml
C:\Users\john\AppData\Roaming\log.txt
C:\Users\john\AppData\Roaming\settings.xml
C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt
C:\Users\john\AppData\Roaming\wklnhst.dat
C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\john\AppData\Local\dt.dat
C:\Users\john\AppData\Local\file__0.localstorage
C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage
C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}
C:\ProgramData\hpzinstall.log
C:\ProgramData\PKP_DLdu.DAT
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\program files (x86)\utorrent
C:\Users\john\AppData\Roaming\BitTorrent
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96E44610-527E-4900-8145-49370B34A28F} => key removed successfully
HKCR\CLSID\{96E44610-527E-4900-8145-49370B34A28F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value removed successfully
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => key not found.
HKU\S-1-5-21-1151682749-726298257-2278553524-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\System\CurrentControlSet\Services\IObitUnSvr => key removed successfully
IObitUnSvr => service removed successfully
SmartDefragDriver => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SmartDefragDriver => key removed successfully
SmartDefragDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\DfSdkS => key removed successfully
DfSdkS => service removed successfully
C:\Users\john\Downloads\download.dat => moved successfully
C:\Windows\System32\Tasks\SmartDefrag_Defrag => moved successfully
C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze => moved successfully
C:\Windows\System32\Tasks\SmartDefrag_Update => moved successfully
C:\Users\john\AppData\Roaming\base_en.db => moved successfully
C:\Users\john\AppData\Roaming\GhostObjGAFix.xml => moved successfully
C:\Users\john\AppData\Roaming\log.txt => moved successfully
C:\Users\john\AppData\Roaming\settings.xml => moved successfully
C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt => moved successfully
C:\Users\john\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\john\AppData\Local\dt.dat => moved successfully
C:\Users\john\AppData\Local\file__0.localstorage => moved successfully
C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage => moved successfully
C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E} => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\PKP_DLdu.DAT => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D6C7754-DF90-45C1-A6A5-EF86D8321492} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D6C7754-DF90-45C1-A6A5-EF86D8321492} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{184C56A0-C3E2-442E-A862-F599E4EADB5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1865B619-F3A4-4E0E-A16B-0D168B78CC62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1865B619-F3A4-4E0E-A16B-0D168B78CC62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{025BAF31-693D-42E4-9751-3685D6E4BAE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18997706-8B99-4678-B009-60B0D8D62EB0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18997706-8B99-4678-B009-60B0D8D62EB0} => key removed successfully
C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_AutoAnalyze => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A5A85F3-66E2-4BBD-A54C-313E629B7DA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3F481316-3BDA-4DB7-A607-3902589DE710} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{405B9123-065B-4D5B-9248-E455494B5D8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{405B9123-065B-4D5B-9248-E455494B5D8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_john => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42FDF028-EF57-442E-B11A-B4D02F136A66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42FDF028-EF57-442E-B11A-B4D02F136A66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50218AC2-EB2C-4121-900D-54DCB77D7685} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50218AC2-EB2C-4121-900D-54DCB77D7685} => key removed successfully
C:\Windows\System32\Tasks\SmartDefrag_Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{549A3EC7-9BB3-4AE3-B5B1-1CE4E0F85395} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ServicePlan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE99C7F-5F37-4580-AADF-CFB7E0DC96B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_Startup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B38BC29-5F97-46AA-A078-D00157D9BF66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B38BC29-5F97-46AA-A078-D00157D9BF66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2656970F-B297-4BDF-B6B0-F33AC426CE4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74A8BC2B-A993-434F-8D3C-502FBD66F3A9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74A8BC2B-A993-434F-8D3C-502FBD66F3A9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D1CEDBF9-93DA-4342-90A3-D46A858ABA86} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86F962BD-A931-492C-B2C6-46985734F5F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F962BD-A931-492C-B2C6-46985734F5F4} => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AEB4A49-2B64-4C83-BDD7-9FDAAC462E8C} => key removed successfully
C:\Windows\System32\Tasks\SmartDefrag_Defrag => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Defrag => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9093F20B-7EF1-4D93-9848-9283BF4219A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9093F20B-7EF1-4D93-9848-9283BF4219A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D572F1B6-7A61-4806-BC66-E68C34E0CBC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96C2585D-1B0B-48CB-A420-F664A7FF1902} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96C2585D-1B0B-48CB-A420-F664A7FF1902} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{00AA181B-31B0-4D8D-AB9E-A63E476BEB38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E3A045C-9A7B-4E0E-8C07-30B3AA6B903F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A311D8CE-C2E8-41F1-8B48-81BA8AAFBE46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D824C271-A6E2-4C9F-888E-3E9F92EFD934} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF45F5BF-B0E9-419A-846D-3739D3EBC5B6} => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B74D63C6-C18A-4757-8DE0-048F995E5BD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B74D63C6-C18A-4757-8DE0-048F995E5BD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RecoveryCDWin7 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1365946-5801-43B2-A116-FAFE0D1D436C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1365946-5801-43B2-A116-FAFE0D1D436C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C91F53F5-DECC-4E66-AB14-1BD871AAE779} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C91F53F5-DECC-4E66-AB14-1BD871AAE779} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A89B60B-A88D-49B3-A37A-37A99C6C11AC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE967B34-0125-41CC-A7EB-60785DCF3E8C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE967B34-0125-41CC-A7EB-60785DCF3E8C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ExtendedServicePlan => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDD43F8E-9D00-4DDE-99E4-1F4CC25EBB26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30C93F67-CAFC-40C9-92F4-E68B488499FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E37D055E-4FAC-461C-B493-594355FFFD7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E37D055E-4FAC-461C-B493-594355FFFD7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DD179DEF-888F-41A6-87C9-A5B40B0A2CD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4EF7FB6-0BF8-4CA6-A3BA-247DC8AB3639} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC6EE9E9-5CB9-47E8-9D82-190DB9C15D6A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7216E9A-9E1E-4619-929B-427478F66A81} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7216E9A-9E1E-4619-929B-427478F66A81} => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key removed successfully
"C:\ProgramData:$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK [172]" => not found.
C:\ProgramData => ":gs5sys" ADS removed successfully.
C:\Users\All Users => ":$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\john => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_PVF2V6GKMV89K8NYTKBRVDNJCM1RXET9UHDTH2K1LVKLCWEFBHEKLPF25B3KDVJ7EVV9VKVVBVV4VK" ADS not found.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Microsoft => ":B9xwA2h14JKte5pCL" ADS removed successfully.
C:\ProgramData\Microsoft => ":Xfs7bpoxDwey85FI" ADS removed successfully.
C:\ProgramData\Temp => ":00373BA4" ADS removed successfully.
C:\ProgramData\Temp => ":012BC84F" ADS removed successfully.
C:\ProgramData\Temp => ":01312928" ADS removed successfully.
C:\ProgramData\Temp => ":028EA3FD" ADS removed successfully.
C:\ProgramData\Temp => ":03F9B551" ADS removed successfully.
C:\ProgramData\Temp => ":04076B92" ADS removed successfully.
C:\ProgramData\Temp => ":041ED421" ADS removed successfully.
C:\ProgramData\Temp => ":04406D73" ADS removed successfully.
C:\ProgramData\Temp => ":050C0DEA" ADS removed successfully.
C:\ProgramData\Temp => ":05BF1B63" ADS removed successfully.
C:\ProgramData\Temp => ":060A3B0B" ADS removed successfully.
C:\ProgramData\Temp => ":06771D62" ADS removed successfully.
C:\ProgramData\Temp => ":06C34166" ADS removed successfully.
C:\ProgramData\Temp => ":08003876" ADS removed successfully.
C:\ProgramData\Temp => ":084612C9" ADS removed successfully.
C:\ProgramData\Temp => ":08A03B9E" ADS removed successfully.
C:\ProgramData\Temp => ":092DD1DD" ADS removed successfully.
C:\ProgramData\Temp => ":0968E571" ADS removed successfully.
C:\ProgramData\Temp => ":09867A8B" ADS removed successfully.
C:\ProgramData\Temp => ":0A2A7D18" ADS removed successfully.
C:\ProgramData\Temp => ":0ACF1AF5" ADS removed successfully.
C:\ProgramData\Temp => ":0AE2C68F" ADS removed successfully.
C:\ProgramData\Temp => ":0AF6266B" ADS removed successfully.
C:\ProgramData\Temp => ":0B11E9EE" ADS removed successfully.
C:\ProgramData\Temp => ":0BBF232A" ADS removed successfully.
C:\ProgramData\Temp => ":0BF4DA47" ADS removed successfully.
C:\ProgramData\Temp => ":0D6F7BD4" ADS removed successfully.
C:\ProgramData\Temp => ":0DAE9980" ADS removed successfully.
C:\ProgramData\Temp => ":0DDDD3CD" ADS removed successfully.
C:\ProgramData\Temp => ":0E22C5DB" ADS removed successfully.
C:\ProgramData\Temp => ":0E61938B" ADS removed successfully.
C:\ProgramData\Temp => ":0F0F9094" ADS removed successfully.
C:\ProgramData\Temp => ":104A718B" ADS removed successfully.
C:\ProgramData\Temp => ":10516C76" ADS removed successfully.
C:\ProgramData\Temp => ":1095ECE1" ADS removed successfully.
C:\ProgramData\Temp => ":10BBEFEF" ADS removed successfully.
C:\ProgramData\Temp => ":11EF326F" ADS removed successfully.
C:\ProgramData\Temp => ":127BB39D" ADS removed successfully.
C:\ProgramData\Temp => ":12A012A1" ADS removed successfully.
C:\ProgramData\Temp => ":12A3FA49" ADS removed successfully.
C:\ProgramData\Temp => ":131C0EE9" ADS removed successfully.
C:\ProgramData\Temp => ":13CDB0E0" ADS removed successfully.
C:\ProgramData\Temp => ":14050722" ADS removed successfully.
C:\ProgramData\Temp => ":149E8786" ADS removed successfully.
C:\ProgramData\Temp => ":15381DB9" ADS removed successfully.
C:\ProgramData\Temp => ":158AC5F5" ADS removed successfully.
C:\ProgramData\Temp => ":15FA1ECB" ADS removed successfully.
C:\ProgramData\Temp => ":160ADF0B" ADS removed successfully.
C:\ProgramData\Temp => ":1656EE95" ADS removed successfully.
C:\ProgramData\Temp => ":165AF2C6" ADS removed successfully.
C:\ProgramData\Temp => ":16A4620C" ADS removed successfully.
C:\ProgramData\Temp => ":16D21E17" ADS removed successfully.
C:\ProgramData\Temp => ":16F42F1F" ADS removed successfully.
C:\ProgramData\Temp => ":1709732A" ADS removed successfully.
C:\ProgramData\Temp => ":18345E10" ADS removed successfully.
C:\ProgramData\Temp => ":1858B534" ADS removed successfully.
C:\ProgramData\Temp => ":18B35CC4" ADS removed successfully.
C:\ProgramData\Temp => ":18B5F839" ADS removed successfully.
C:\ProgramData\Temp => ":18DEBC51" ADS removed successfully.
C:\ProgramData\Temp => ":19636FDD" ADS removed successfully.
C:\ProgramData\Temp => ":1968990D" ADS removed successfully.
C:\ProgramData\Temp => ":19D3BC34" ADS removed successfully.
C:\ProgramData\Temp => ":1A24F93C" ADS removed successfully.
C:\ProgramData\Temp => ":1A4BF204" ADS removed successfully.
C:\ProgramData\Temp => ":1AE1D58D" ADS removed successfully.
C:\ProgramData\Temp => ":1DEA36D6" ADS removed successfully.
C:\ProgramData\Temp => ":1E6EDDAA" ADS removed successfully.
C:\ProgramData\Temp => ":1F2F0F76" ADS removed successfully.
C:\ProgramData\Temp => ":20C1C66F" ADS removed successfully.
C:\ProgramData\Temp => ":20EB6823" ADS removed successfully.
C:\ProgramData\Temp => ":2216A431" ADS removed successfully.
C:\ProgramData\Temp => ":2487D1DA" ADS removed successfully.
C:\ProgramData\Temp => ":2532C28E" ADS removed successfully.
C:\ProgramData\Temp => ":2556A8A0" ADS removed successfully.
C:\ProgramData\Temp => ":258D2F8B" ADS removed successfully.
C:\ProgramData\Temp => ":25EF6F01" ADS removed successfully.
C:\ProgramData\Temp => ":26FF37EB" ADS removed successfully.
C:\ProgramData\Temp => ":2707D83A" ADS removed successfully.
C:\ProgramData\Temp => ":27C59043" ADS removed successfully.
C:\ProgramData\Temp => ":2892289F" ADS removed successfully.
C:\ProgramData\Temp => ":28C6BEBF" ADS removed successfully.
C:\ProgramData\Temp => ":29B37860" ADS removed successfully.
C:\ProgramData\Temp => ":29C0641D" ADS removed successfully.
C:\ProgramData\Temp => ":2A48233F" ADS removed successfully.
C:\ProgramData\Temp => ":2ABB51D4" ADS removed successfully.
C:\ProgramData\Temp => ":2B856118" ADS removed successfully.
C:\ProgramData\Temp => ":2B9555D8" ADS removed successfully.
C:\ProgramData\Temp => ":2BB2D50B" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":2CED8825" ADS removed successfully.
C:\ProgramData\Temp => ":2F539966" ADS removed successfully.
C:\ProgramData\Temp => ":2F5A06FD" ADS removed successfully.
C:\ProgramData\Temp => ":300E36AB" ADS removed successfully.
C:\ProgramData\Temp => ":309E3827" ADS removed successfully.
C:\ProgramData\Temp => ":317F7381" ADS removed successfully.
C:\ProgramData\Temp => ":3252A6BA" ADS removed successfully.
C:\ProgramData\Temp => ":32AA69ED" ADS removed successfully.
C:\ProgramData\Temp => ":346337E3" ADS removed successfully.
C:\ProgramData\Temp => ":3469612C" ADS removed successfully.
C:\ProgramData\Temp => ":34EFF1F2" ADS removed successfully.
C:\ProgramData\Temp => ":35629AE6" ADS removed successfully.
C:\ProgramData\Temp => ":3571475C" ADS removed successfully.
C:\ProgramData\Temp => ":366B74CA" ADS removed successfully.
C:\ProgramData\Temp => ":384AA0FD" ADS removed successfully.
C:\ProgramData\Temp => ":3895D488" ADS removed successfully.
C:\ProgramData\Temp => ":38D2EA83" ADS removed successfully.
C:\ProgramData\Temp => ":38FF076E" ADS removed successfully.
C:\ProgramData\Temp => ":3A4676D7" ADS removed successfully.
C:\ProgramData\Temp => ":3A4A5185" ADS removed successfully.
C:\ProgramData\Temp => ":3AC0ED43" ADS removed successfully.
C:\ProgramData\Temp => ":3B12F2EC" ADS removed successfully.
C:\ProgramData\Temp => ":3B84A3F1" ADS removed successfully.
C:\ProgramData\Temp => ":3BB073C2" ADS removed successfully.
C:\ProgramData\Temp => ":3C0887BF" ADS removed successfully.
C:\ProgramData\Temp => ":3C0F646D" ADS removed successfully.
C:\ProgramData\Temp => ":3CAE2A70" ADS removed successfully.
C:\ProgramData\Temp => ":3E208EC8" ADS removed successfully.
C:\ProgramData\Temp => ":3E2A4708" ADS removed successfully.
C:\ProgramData\Temp => ":3E9452A9" ADS removed successfully.
C:\ProgramData\Temp => ":3FE1A827" ADS removed successfully.
C:\ProgramData\Temp => ":41472405" ADS removed successfully.
C:\ProgramData\Temp => ":426CDD93" ADS removed successfully.
C:\ProgramData\Temp => ":432EC713" ADS removed successfully.
C:\ProgramData\Temp => ":434CFDCA" ADS removed successfully.
C:\ProgramData\Temp => ":436BE28C" ADS removed successfully.
C:\ProgramData\Temp => ":43E0EC8A" ADS removed successfully.
C:\ProgramData\Temp => ":448E7C5B" ADS removed successfully.
C:\ProgramData\Temp => ":46A2F27B" ADS removed successfully.
C:\ProgramData\Temp => ":46C7F417" ADS removed successfully.
C:\ProgramData\Temp => ":479B1CF9" ADS removed successfully.
C:\ProgramData\Temp => ":4911BB5C" ADS removed successfully.
C:\ProgramData\Temp => ":4A10AFB7" ADS removed successfully.
C:\ProgramData\Temp => ":4B2A0356" ADS removed successfully.
C:\ProgramData\Temp => ":4B2E08FB" ADS removed successfully.
C:\ProgramData\Temp => ":4B325725" ADS removed successfully.
C:\ProgramData\Temp => ":4B4D7EF3" ADS removed successfully.
C:\ProgramData\Temp => ":4BC514A4" ADS removed successfully.
C:\ProgramData\Temp => ":4C3504B5" ADS removed successfully.
C:\ProgramData\Temp => ":4C3D5A8B" ADS removed successfully.
C:\ProgramData\Temp => ":4C4BD66D" ADS removed successfully.
C:\ProgramData\Temp => ":4C71A42B" ADS removed successfully.
C:\ProgramData\Temp => ":4C96DCB8" ADS removed successfully.
C:\ProgramData\Temp => ":4D2F454E" ADS removed successfully.
C:\ProgramData\Temp => ":4D348522" ADS removed successfully.
C:\ProgramData\Temp => ":4E79C4F8" ADS removed successfully.
C:\ProgramData\Temp => ":517EFA90" ADS removed successfully.
C:\ProgramData\Temp => ":51E05A3A" ADS removed successfully.
C:\ProgramData\Temp => ":52329B88" ADS removed successfully.
C:\ProgramData\Temp => ":5279F7BF" ADS removed successfully.
C:\ProgramData\Temp => ":54531C7D" ADS removed successfully.
C:\ProgramData\Temp => ":54C1075C" ADS removed successfully.
C:\ProgramData\Temp => ":54F257C0" ADS removed successfully.
C:\ProgramData\Temp => ":56A74E89" ADS removed successfully.
C:\ProgramData\Temp => ":57173DB4" ADS removed successfully.
C:\ProgramData\Temp => ":574311A1" ADS removed successfully.
C:\ProgramData\Temp => ":57B374AB" ADS removed successfully.
C:\ProgramData\Temp => ":57CFEA7A" ADS removed successfully.
C:\ProgramData\Temp => ":581ECF22" ADS removed successfully.
C:\ProgramData\Temp => ":58A7E801" ADS removed successfully.
C:\ProgramData\Temp => ":5C3ED5BB" ADS removed successfully.
C:\ProgramData\Temp => ":5C4A588B" ADS removed successfully.
C:\ProgramData\Temp => ":5C818B5D" ADS removed successfully.
C:\ProgramData\Temp => ":5D1BA9DE" ADS removed successfully.
C:\ProgramData\Temp => ":5D4F063C" ADS removed successfully.
C:\ProgramData\Temp => ":5E05F78B" ADS removed successfully.
C:\ProgramData\Temp => ":5FEAB2C8" ADS removed successfully.
C:\ProgramData\Temp => ":602EC63C" ADS removed successfully.
C:\ProgramData\Temp => ":607A99D7" ADS removed successfully.
C:\ProgramData\Temp => ":616A2A70" ADS removed successfully.
C:\ProgramData\Temp => ":619F147E" ADS removed successfully.
C:\ProgramData\Temp => ":6212DF7A" ADS removed successfully.
C:\ProgramData\Temp => ":624A80FD" ADS removed successfully.
C:\ProgramData\Temp => ":6271B518" ADS removed successfully.
C:\ProgramData\Temp => ":62AF0D82" ADS removed successfully.
C:\ProgramData\Temp => ":6358B2F7" ADS removed successfully.
C:\ProgramData\Temp => ":639BB5E9" ADS removed successfully.
C:\ProgramData\Temp => ":63E88FD4" ADS removed successfully.
C:\ProgramData\Temp => ":640DDEFF" ADS removed successfully.
C:\ProgramData\Temp => ":6423D635" ADS removed successfully.
C:\ProgramData\Temp => ":6447E3B5" ADS removed successfully.
C:\ProgramData\Temp => ":6468C896" ADS removed successfully.
C:\ProgramData\Temp => ":64BDD821" ADS removed successfully.
C:\ProgramData\Temp => ":65621319" ADS removed successfully.
C:\ProgramData\Temp => ":65C4D44A" ADS removed successfully.
C:\ProgramData\Temp => ":67396145" ADS removed successfully.
C:\ProgramData\Temp => ":67842DB7" ADS removed successfully.
C:\ProgramData\Temp => ":67D43EFA" ADS removed successfully.
C:\ProgramData\Temp => ":680086AB" ADS removed successfully.
C:\ProgramData\Temp => ":68198EE3" ADS removed successfully.
C:\ProgramData\Temp => ":68C21E42" ADS removed successfully.
C:\ProgramData\Temp => ":696F7DA7" ADS removed successfully.
C:\ProgramData\Temp => ":69BAF25F" ADS removed successfully.
C:\ProgramData\Temp => ":69ED1286" ADS removed successfully.
C:\ProgramData\Temp => ":6A609C67" ADS removed successfully.
C:\ProgramData\Temp => ":6B251180" ADS removed successfully.
C:\ProgramData\Temp => ":6B7447D4" ADS removed successfully.
C:\ProgramData\Temp => ":6BF6CA71" ADS removed successfully.
C:\ProgramData\Temp => ":6C718587" ADS removed successfully.
C:\ProgramData\Temp => ":6CCDA168" ADS removed successfully.
C:\ProgramData\Temp => ":6CF828C2" ADS removed successfully.
C:\ProgramData\Temp => ":6DC537DB" ADS removed successfully.
C:\ProgramData\Temp => ":6DCC0E34" ADS removed successfully.
C:\ProgramData\Temp => ":6DDFD746" ADS removed successfully.
C:\ProgramData\Temp => ":6E271126" ADS removed successfully.
C:\ProgramData\Temp => ":6EC8F6C5" ADS removed successfully.
C:\ProgramData\Temp => ":6F0C95A1" ADS removed successfully.
C:\ProgramData\Temp => ":6F57F1D1" ADS removed successfully.
C:\ProgramData\Temp => ":6F84C4DE" ADS removed successfully.
C:\ProgramData\Temp => ":6F998753" ADS removed successfully.
C:\ProgramData\Temp => ":6F9C57B9" ADS removed successfully.
C:\ProgramData\Temp => ":6FA346B6" ADS removed successfully.
C:\ProgramData\Temp => ":6FA918FA" ADS removed successfully.
C:\ProgramData\Temp => ":701B92FB" ADS removed successfully.
C:\ProgramData\Temp => ":70BDB805" ADS removed successfully.
C:\ProgramData\Temp => ":70FD4407" ADS removed successfully.
C:\ProgramData\Temp => ":7109C24A" ADS removed successfully.
C:\ProgramData\Temp => ":72A1B66A" ADS removed successfully.
C:\ProgramData\Temp => ":73879882" ADS removed successfully.
C:\ProgramData\Temp => ":73AFBB96" ADS removed successfully.
C:\ProgramData\Temp => ":73B78E79" ADS removed successfully.
C:\ProgramData\Temp => ":7455D6E6" ADS removed successfully.
C:\ProgramData\Temp => ":74A0E249" ADS removed successfully.
C:\ProgramData\Temp => ":74E256F6" ADS removed successfully.
C:\ProgramData\Temp => ":751D6870" ADS removed successfully.
C:\ProgramData\Temp => ":757BA6A5" ADS removed successfully.
C:\ProgramData\Temp => ":75CEDFA5" ADS removed successfully.
C:\ProgramData\Temp => ":77066415" ADS removed successfully.
C:\ProgramData\Temp => ":77E239B1" ADS removed successfully.
C:\ProgramData\Temp => ":77E927FC" ADS removed successfully.
C:\ProgramData\Temp => ":7804B508" ADS removed successfully.
C:\ProgramData\Temp => ":7890F666" ADS removed successfully.
C:\ProgramData\Temp => ":796EE7C8" ADS removed successfully.
C:\ProgramData\Temp => ":79C6A9CE" ADS removed successfully.
C:\ProgramData\Temp => ":7A51F685" ADS removed successfully.
C:\ProgramData\Temp => ":7ACF38DE" ADS removed successfully.
C:\ProgramData\Temp => ":7D288858" ADS removed successfully.
C:\ProgramData\Temp => ":7DEE2F6C" ADS removed successfully.
C:\ProgramData\Temp => ":7E4E56EA" ADS removed successfully.
C:\ProgramData\Temp => ":7ECD9621" ADS removed successfully.
C:\ProgramData\Temp => ":800FE171" ADS removed successfully.
C:\ProgramData\Temp => ":81563BC7" ADS removed successfully.
C:\ProgramData\Temp => ":81E0F9D0" ADS removed successfully.
C:\ProgramData\Temp => ":81F65F60" ADS removed successfully.
C:\ProgramData\Temp => ":82111599" ADS removed successfully.
C:\ProgramData\Temp => ":834DD57E" ADS removed successfully.
C:\ProgramData\Temp => ":84618038" ADS removed successfully.
C:\ProgramData\Temp => ":84D1C282" ADS removed successfully.
C:\ProgramData\Temp => ":84FA02E7" ADS removed successfully.
C:\ProgramData\Temp => ":85376176" ADS removed successfully.
C:\ProgramData\Temp => ":8634D9A3" ADS removed successfully.
C:\ProgramData\Temp => ":87E3D720" ADS removed successfully.
C:\ProgramData\Temp => ":884C7316" ADS removed successfully.
C:\ProgramData\Temp => ":88E8CC2E" ADS removed successfully.
C:\ProgramData\Temp => ":8967C154" ADS removed successfully.
C:\ProgramData\Temp => ":89CC3B44" ADS removed successfully.
C:\ProgramData\Temp => ":89FC8EEB" ADS removed successfully.
C:\ProgramData\Temp => ":89FED318" ADS removed successfully.
C:\ProgramData\Temp => ":8AB2162E" ADS removed successfully.
C:\ProgramData\Temp => ":8AC20936" ADS removed successfully.
C:\ProgramData\Temp => ":8B69E3C3" ADS removed successfully.
C:\ProgramData\Temp => ":8C12CFCD" ADS removed successfully.
C:\ProgramData\Temp => ":8C49003C" ADS removed successfully.
C:\ProgramData\Temp => ":8C6D2EC3" ADS removed successfully.
C:\ProgramData\Temp => ":8D634113" ADS removed successfully.
C:\ProgramData\Temp => ":8D9C24E0" ADS removed successfully.
C:\ProgramData\Temp => ":8DD36B71" ADS removed successfully.
C:\ProgramData\Temp => ":902C848D" ADS removed successfully.
C:\ProgramData\Temp => ":9083C3AD" ADS removed successfully.
C:\ProgramData\Temp => ":90C320E1" ADS removed successfully.
C:\ProgramData\Temp => ":91244A8F" ADS removed successfully.
C:\ProgramData\Temp => ":9124663C" ADS removed successfully.
C:\ProgramData\Temp => ":92421EF9" ADS removed successfully.
C:\ProgramData\Temp => ":927EC486" ADS removed successfully.
C:\ProgramData\Temp => ":928DF32E" ADS removed successfully.
C:\ProgramData\Temp => ":93F3E4C9" ADS removed successfully.
C:\ProgramData\Temp => ":947107AC" ADS removed successfully.
C:\ProgramData\Temp => ":9491C9C7" ADS removed successfully.
C:\ProgramData\Temp => ":95198126" ADS removed successfully.
C:\ProgramData\Temp => ":9603033A" ADS removed successfully.
C:\ProgramData\Temp => ":972E051C" ADS removed successfully.
C:\ProgramData\Temp => ":973DCFFF" ADS removed successfully.
C:\ProgramData\Temp => ":97B3B270" ADS removed successfully.
C:\ProgramData\Temp => ":97ECE74A" ADS removed successfully.
C:\ProgramData\Temp => ":993C3DF6" ADS removed successfully.
C:\ProgramData\Temp => ":99AC3203" ADS removed successfully.
C:\ProgramData\Temp => ":99F8C0E6" ADS removed successfully.
C:\ProgramData\Temp => ":9A842F5C" ADS removed successfully.
C:\ProgramData\Temp => ":9A8F071F" ADS removed successfully.
C:\ProgramData\Temp => ":9BB8C675" ADS removed successfully.
C:\ProgramData\Temp => ":9BF0C425" ADS removed successfully.
C:\ProgramData\Temp => ":9C337CCE" ADS removed successfully.
C:\ProgramData\Temp => ":9C6014C6" ADS removed successfully.
C:\ProgramData\Temp => ":9D03192E" ADS removed successfully.
C:\ProgramData\Temp => ":9D60BE91" ADS removed successfully.
C:\ProgramData\Temp => ":9D91E651" ADS removed successfully.
C:\ProgramData\Temp => ":9DDABE44" ADS removed successfully.
C:\ProgramData\Temp => ":9DF24CB2" ADS removed successfully.
C:\ProgramData\Temp => ":9E05DEB0" ADS removed successfully.
C:\ProgramData\Temp => ":9E4F05ED" ADS removed successfully.
C:\ProgramData\Temp => ":9F38BF31" ADS removed successfully.
C:\ProgramData\Temp => ":9F50A55A" ADS removed successfully.
C:\ProgramData\Temp => ":9FB9D3B9" ADS removed successfully.
C:\ProgramData\Temp => ":9FD2057F" ADS removed successfully.
C:\ProgramData\Temp => ":A103830F" ADS removed successfully.
C:\ProgramData\Temp => ":A22AF60D" ADS removed successfully.
C:\ProgramData\Temp => ":A279C25A" ADS removed successfully.
C:\ProgramData\Temp => ":A3840F5B" ADS removed successfully.
C:\ProgramData\Temp => ":A43B789A" ADS removed successfully.
C:\ProgramData\Temp => ":A44008FA" ADS removed successfully.
C:\ProgramData\Temp => ":A4E7D25F" ADS removed successfully.
C:\ProgramData\Temp => ":A5948878" ADS removed successfully.
C:\ProgramData\Temp => ":A69FAA24" ADS removed successfully.
C:\ProgramData\Temp => ":A6A65B80" ADS removed successfully.
C:\ProgramData\Temp => ":A700ABC5" ADS removed successfully.
C:\ProgramData\Temp => ":A7BB14DF" ADS removed successfully.
C:\ProgramData\Temp => ":A8606E6E" ADS removed successfully.
C:\ProgramData\Temp => ":A899E64E" ADS removed successfully.
C:\ProgramData\Temp => ":A89B3FB8" ADS removed successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":A8BF0AE2" ADS removed successfully.
C:\ProgramData\Temp => ":A9ABA3FF" ADS removed successfully.
C:\ProgramData\Temp => ":A9BB1126" ADS removed successfully.
C:\ProgramData\Temp => ":AA559E17" ADS removed successfully.
C:\ProgramData\Temp => ":ACE7A9BB" ADS removed successfully.
C:\ProgramData\Temp => ":AE289451" ADS removed successfully.
C:\ProgramData\Temp => ":AE75CCC8" ADS removed successfully.
C:\ProgramData\Temp => ":AE9351E0" ADS removed successfully.
C:\ProgramData\Temp => ":AFEBAACA" ADS removed successfully.
C:\ProgramData\Temp => ":B02249C3" ADS removed successfully.
C:\ProgramData\Temp => ":B059B88E" ADS removed successfully.
C:\ProgramData\Temp => ":B0B6C3E8" ADS removed successfully.
C:\ProgramData\Temp => ":B0BD7797" ADS removed successfully.
C:\ProgramData\Temp => ":B162D6FD" ADS removed successfully.
C:\ProgramData\Temp => ":B1EED3AD" ADS removed successfully.
C:\ProgramData\Temp => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\Temp => ":B243953E" ADS removed successfully.
C:\ProgramData\Temp => ":B285A50E" ADS removed successfully.
C:\ProgramData\Temp => ":B2B2F0D4" ADS removed successfully.
C:\ProgramData\Temp => ":B3550AA2" ADS removed successfully.
C:\ProgramData\Temp => ":B3606FCC" ADS removed successfully.
C:\ProgramData\Temp => ":B38BEEEE" ADS removed successfully.
C:\ProgramData\Temp => ":B3A4FEE1" ADS removed successfully.
C:\ProgramData\Temp => ":B3D2C69C" ADS removed successfully.
C:\ProgramData\Temp => ":B445A124" ADS removed successfully.
C:\ProgramData\Temp => ":B4F7687B" ADS removed successfully.
C:\ProgramData\Temp => ":B53DCFC9" ADS removed successfully.
C:\ProgramData\Temp => ":B5F623E4" ADS removed successfully.
C:\ProgramData\Temp => ":B615ABD3" ADS removed successfully.
C:\ProgramData\Temp => ":B65E763D" ADS removed successfully.
C:\ProgramData\Temp => ":B6C1A5F4" ADS removed successfully.
C:\ProgramData\Temp => ":B779C113" ADS removed successfully.
C:\ProgramData\Temp => ":B790962B" ADS removed successfully.
C:\ProgramData\Temp => ":B7E52658" ADS removed successfully.
C:\ProgramData\Temp => ":B8428FE1" ADS removed successfully.
C:\ProgramData\Temp => ":B86642C5" ADS removed successfully.
C:\ProgramData\Temp => ":B86927F0" ADS removed successfully.
C:\ProgramData\Temp => ":B88DC997" ADS removed successfully.
C:\ProgramData\Temp => ":B9433D0F" ADS removed successfully.
C:\ProgramData\Temp => ":B9BD98A8" ADS removed successfully.
C:\ProgramData\Temp => ":B9E36774" ADS removed successfully.
C:\ProgramData\Temp => ":BA5938AB" ADS removed successfully.
C:\ProgramData\Temp => ":BB004A7D" ADS removed successfully.
C:\ProgramData\Temp => ":BB718C46" ADS removed successfully.
C:\ProgramData\Temp => ":BD34FFC5" ADS removed successfully.
C:\ProgramData\Temp => ":BD659567" ADS removed successfully.
C:\ProgramData\Temp => ":C07829DC" ADS removed successfully.
C:\ProgramData\Temp => ":C085F80B" ADS removed successfully.
C:\ProgramData\Temp => ":C0DFB793" ADS removed successfully.
C:\ProgramData\Temp => ":C0EFBD3F" ADS removed successfully.
C:\ProgramData\Temp => ":C178954A" ADS removed successfully.
C:\ProgramData\Temp => ":C1DBE635" ADS removed successfully.
C:\ProgramData\Temp => ":C1FF1B01" ADS removed successfully.
C:\ProgramData\Temp => ":C356A185" ADS removed successfully.
C:\ProgramData\Temp => ":C37283B5" ADS removed successfully.
C:\ProgramData\Temp => ":C3C72D5F" ADS removed successfully.
C:\ProgramData\Temp => ":C458CC0A" ADS removed successfully.
C:\ProgramData\Temp => ":C4CB6EA6" ADS removed successfully.
C:\ProgramData\Temp => ":C52EF004" ADS removed successfully.
C:\ProgramData\Temp => ":C54A1A57" ADS removed successfully.
C:\ProgramData\Temp => ":C5B1FE54" ADS removed successfully.
C:\ProgramData\Temp => ":C611D6C8" ADS removed successfully.
C:\ProgramData\Temp => ":C7857F06" ADS removed successfully.
C:\ProgramData\Temp => ":C78DADEA" ADS removed successfully.
C:\ProgramData\Temp => ":C8182692" ADS removed successfully.
C:\ProgramData\Temp => ":C82210DD" ADS removed successfully.
C:\ProgramData\Temp => ":C91C214D" ADS removed successfully.
C:\ProgramData\Temp => ":C9B27A06" ADS removed successfully.
C:\ProgramData\Temp => ":C9BC8592" ADS removed successfully.
C:\ProgramData\Temp => ":CA4FAE31" ADS removed successfully.
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully.
C:\ProgramData\Temp => ":CBAF0C30" ADS removed successfully.
C:\ProgramData\Temp => ":CC45913B" ADS removed successfully.
C:\ProgramData\Temp => ":CC6A54A8" ADS removed successfully.
C:\ProgramData\Temp => ":CCFB0FDD" ADS removed successfully.
C:\ProgramData\Temp => ":CD6DF7CC" ADS removed successfully.
C:\ProgramData\Temp => ":CD95E2C9" ADS removed successfully.
C:\ProgramData\Temp => ":CE253B51" ADS removed successfully.
C:\ProgramData\Temp => ":CE707633" ADS removed successfully.
C:\ProgramData\Temp => ":CE8A42A3" ADS removed successfully.
C:\ProgramData\Temp => ":CF1334B0" ADS removed successfully.
C:\ProgramData\Temp => ":D01ACC06" ADS removed successfully.
C:\ProgramData\Temp => ":D0757AAB" ADS removed successfully.
C:\ProgramData\Temp => ":D0DCD8D7" ADS removed successfully.
C:\ProgramData\Temp => ":D1094629" ADS removed successfully.
C:\ProgramData\Temp => ":D1787194" ADS removed successfully.
C:\ProgramData\Temp => ":D22B04C3" ADS removed successfully.
C:\ProgramData\Temp => ":D2397415" ADS removed successfully.
C:\ProgramData\Temp => ":D254266B" ADS removed successfully.
C:\ProgramData\Temp => ":D2972D66" ADS removed successfully.
C:\ProgramData\Temp => ":D3331ADB" ADS removed successfully.
C:\ProgramData\Temp => ":D36E068F" ADS removed successfully.
C:\ProgramData\Temp => ":D414289B" ADS removed successfully.
C:\ProgramData\Temp => ":D478F292" ADS removed successfully.
C:\ProgramData\Temp => ":D5458F6B" ADS removed successfully.
C:\ProgramData\Temp => ":D59DE356" ADS removed successfully.
C:\ProgramData\Temp => ":D5B149F6" ADS removed successfully.
C:\ProgramData\Temp => ":D61EB62D" ADS removed successfully.
C:\ProgramData\Temp => ":D696AA12" ADS removed successfully.
C:\ProgramData\Temp => ":D6F7008C" ADS removed successfully.
C:\ProgramData\Temp => ":D7DDEF83" ADS removed successfully.
C:\ProgramData\Temp => ":D8936165" ADS removed successfully.
C:\ProgramData\Temp => ":D8AE9DD1" ADS removed successfully.
C:\ProgramData\Temp => ":D9243D84" ADS removed successfully.
C:\ProgramData\Temp => ":DA2268D5" ADS removed successfully.
C:\ProgramData\Temp => ":DA6DA9A1" ADS removed successfully.
C:\ProgramData\Temp => ":DBF7208A" ADS removed successfully.
C:\ProgramData\Temp => ":DCA79AB3" ADS removed successfully.
C:\ProgramData\Temp => ":DCC6EDE9" ADS removed successfully.
C:\ProgramData\Temp => ":DD780579" ADS removed successfully.
C:\ProgramData\Temp => ":DD95E6D9" ADS removed successfully.
C:\ProgramData\Temp => ":DE33A453" ADS removed successfully.
C:\ProgramData\Temp => ":DE813CDD" ADS removed successfully.
C:\ProgramData\Temp => ":DE8F2B8B" ADS removed successfully.
C:\ProgramData\Temp => ":DEEA54A4" ADS removed successfully.
C:\ProgramData\Temp => ":DF19F127" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\ProgramData\Temp => ":E0553E73" ADS removed successfully.
C:\ProgramData\Temp => ":E21413B8" ADS removed successfully.
C:\ProgramData\Temp => ":E2295807" ADS removed successfully.
C:\ProgramData\Temp => ":E24659F6" ADS removed successfully.
C:\ProgramData\Temp => ":E326D1D1" ADS removed successfully.
C:\ProgramData\Temp => ":E397CC9D" ADS removed successfully.
C:\ProgramData\Temp => ":E44513D0" ADS removed successfully.
C:\ProgramData\Temp => ":E4BC4A41" ADS removed successfully.
C:\ProgramData\Temp => ":E5B07840" ADS removed successfully.
C:\ProgramData\Temp => ":E5BA9ADD" ADS removed successfully.
C:\ProgramData\Temp => ":E62BD5C1" ADS removed successfully.
C:\ProgramData\Temp => ":E6537A16" ADS removed successfully.
C:\ProgramData\Temp => ":E67D0FCB" ADS removed successfully.
C:\ProgramData\Temp => ":E6A94369" ADS removed successfully.
C:\ProgramData\Temp => ":E6A96BE9" ADS removed successfully.
C:\ProgramData\Temp => ":E6C6EB3B" ADS removed successfully.
C:\ProgramData\Temp => ":E73B14E2" ADS removed successfully.
C:\ProgramData\Temp => ":E7614E1F" ADS removed successfully.
C:\ProgramData\Temp => ":E8B61305" ADS removed successfully.
C:\ProgramData\Temp => ":E96D894A" ADS removed successfully.
C:\ProgramData\Temp => ":E99D1D3C" ADS removed successfully.
C:\ProgramData\Temp => ":E9D68B36" ADS removed successfully.
C:\ProgramData\Temp => ":EA149D25" ADS removed successfully.
C:\ProgramData\Temp => ":EA17702A" ADS removed successfully.
C:\ProgramData\Temp => ":EABCC64A" ADS removed successfully.
C:\ProgramData\Temp => ":EB4FEEF5" ADS removed successfully.
C:\ProgramData\Temp => ":EB5574AF" ADS removed successfully.
C:\ProgramData\Temp => ":EB68CA55" ADS removed successfully.
C:\ProgramData\Temp => ":EC0BE05C" ADS removed successfully.
C:\ProgramData\Temp => ":EC1B2CAA" ADS removed successfully.
C:\ProgramData\Temp => ":EC3A9923" ADS removed successfully.
C:\ProgramData\Temp => ":EC46FC9D" ADS removed successfully.
C:\ProgramData\Temp => ":EC752217" ADS removed successfully.
C:\ProgramData\Temp => ":ED6B6C83" ADS removed successfully.
C:\ProgramData\Temp => ":ED98A153" ADS removed successfully.
C:\ProgramData\Temp => ":EDE28CFC" ADS removed successfully.
C:\ProgramData\Temp => ":EE0ABC44" ADS removed successfully.
C:\ProgramData\Temp => ":EE0B4216" ADS removed successfully.
C:\ProgramData\Temp => ":EECF83D1" ADS removed successfully.
C:\ProgramData\Temp => ":F001F3C1" ADS removed successfully.
C:\ProgramData\Temp => ":F131B2B8" ADS removed successfully.
C:\ProgramData\Temp => ":F2B0ABCC" ADS removed successfully.
C:\ProgramData\Temp => ":F3591DDB" ADS removed successfully.
C:\ProgramData\Temp => ":F399A6E7" ADS removed successfully.
C:\ProgramData\Temp => ":F41E8853" ADS removed successfully.
C:\ProgramData\Temp => ":F4362715" ADS removed successfully.
C:\ProgramData\Temp => ":F49A2655" ADS removed successfully.
C:\ProgramData\Temp => ":F4BE8180" ADS removed successfully.
C:\ProgramData\Temp => ":F53B274A" ADS removed successfully.
C:\ProgramData\Temp => ":F5E30F6A" ADS removed successfully.
C:\ProgramData\Temp => ":F5FC5DCE" ADS removed successfully.
C:\ProgramData\Temp => ":F72306CC" ADS removed successfully.
C:\ProgramData\Temp => ":F7370879" ADS removed successfully.
C:\ProgramData\Temp => ":F7401CCF" ADS removed successfully.
C:\ProgramData\Temp => ":F7B0AE93" ADS removed successfully.
C:\ProgramData\Temp => ":F83B9C51" ADS removed successfully.
C:\ProgramData\Temp => ":F875BF80" ADS removed successfully.
C:\ProgramData\Temp => ":F919FD4E" ADS removed successfully.
C:\ProgramData\Temp => ":F98E6C67" ADS removed successfully.
C:\ProgramData\Temp => ":FA09FC72" ADS removed successfully.
C:\ProgramData\Temp => ":FA65E745" ADS removed successfully.
C:\ProgramData\Temp => ":FB29EC2F" ADS removed successfully.
C:\ProgramData\Temp => ":FB749AFB" ADS removed successfully.
C:\ProgramData\Temp => ":FB7959F6" ADS removed successfully.
C:\ProgramData\Temp => ":FBA79096" ADS removed successfully.
C:\ProgramData\Temp => ":FC414D14" ADS removed successfully.
C:\ProgramData\Temp => ":FC70A22A" ADS removed successfully.
C:\ProgramData\Temp => ":FC7B5C61" ADS removed successfully.
C:\ProgramData\Temp => ":FC89CE5A" ADS removed successfully.
C:\ProgramData\Temp => ":FCDCCA12" ADS removed successfully.
C:\ProgramData\Temp => ":FD38E906" ADS removed successfully.
C:\ProgramData\Temp => ":FD7E32B5" ADS removed successfully.
C:\ProgramData\Temp => ":FDAA7C08" ADS removed successfully.
C:\ProgramData\Temp => ":FDF70DCD" ADS removed successfully.
C:\ProgramData\Temp => ":FEB4D048" ADS removed successfully.
C:\ProgramData\Temp => ":FEE8782C" ADS removed successfully.
C:\ProgramData\Templates => ":gs5sys" ADS removed successfully.
C:\Users\john\Application Data => ":gs5sys" ADS removed successfully.
C:\Users\john\Cookies => ":gs5sys" ADS removed successfully.
C:\Users\john\Local Settings => ":gs5sys" ADS removed successfully.
C:\Users\john\Local Settings => ":kTmWDtabfrNV0NAWrjHI" ADS removed successfully.
C:\Users\john\Templates => ":gs5sys" ADS removed successfully.
C:\Users\john\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\john\Downloads\Landslide-Wedding 2013.mp4 => ":com.dropbox.attributes" ADS removed successfully.
"C:\Users\john\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\john\AppData\Local" => ":kTmWDtabfrNV0NAWrjHI" ADS not found.
"C:\Users\john\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\john\AppData\Local\Application Data" => ":gs5sys" ADS not found.
"C:\Users\john\AppData\Local\Application Data" => ":kTmWDtabfrNV0NAWrjHI" ADS not found.
C:\Users\john\AppData\Local\History => ":gs5sys" ADS removed successfully.
C:\Users\john\AppData\Local\Temp => ":GMlFSYKkVXJlnoN1JqpFASL" ADS removed successfully.
C:\Users\john\Documents\2012 W2's.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\john\Documents\2012 W2's.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\john\Documents\2013 & 2014 W2's.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\john\Documents\2013 & 2014 W2's.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\john\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\john\Documents\Landslide-Wedding 2013.mp4 => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E31E1EA7-4133-4340-AAEE-9344ACCF92EF}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35CADA72-9DD3-4D5B-8DA6-0F4925E59181}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{06AC1751-579E-4194-A082-C7DFF540A8C8}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7EB9FC32-4A65-40B4-819F-DA93509D6F33}C:\program files (x86)\utorrent\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{598EA2EE-94E3-4963-BCBB-638A63A9B3EC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BBAAEE0-4EAE-44C5-9793-BA1785BA8FC3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA916AC4-8F31-493B-B3D6-84A90ADD7808} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{780750F7-AB85-4E0F-BEB5-D1E35B74B40A} => value removed successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Windows\System32\Drivers\SmartDefragDriver.sys => moved successfully
"C:\Users\john\AppData\Roaming\base_en.db" => not found.
"C:\Users\john\AppData\Roaming\GhostObjGAFix.xml" => not found.
"C:\Users\john\AppData\Roaming\log.txt" => not found.
"C:\Users\john\AppData\Roaming\settings.xml" => not found.
"C:\Users\john\AppData\Roaming\SolitaireTwistCollection_save.txt" => not found.
"C:\Users\john\AppData\Roaming\wklnhst.dat" => not found.
"C:\Users\john\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
"C:\Users\john\AppData\Local\dt.dat" => not found.
"C:\Users\john\AppData\Local\file__0.localstorage" => not found.
"C:\Users\john\AppData\Local\https_drm.youdagames.com_0.localstorage" => not found.
"C:\Users\john\AppData\Local\{B9A161FF-7335-4C19-915F-AB6774FC2B9E}" => not found.
"C:\ProgramData\hpzinstall.log" => not found.
"C:\ProgramData\PKP_DLdu.DAT" => not found.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\program files (x86)\utorrent => moved successfully
"C:\Users\john\AppData\Roaming\BitTorrent" => not found.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5968712 B
Java, Flash, Steam htmlcache => 1544 B
Windows/system/drivers => 1300039 B
Edge => 0 B
Chrome => 11900408 B
Firefox => 123374411 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 229137 B
systemprofile32 => 9442007 B
LocalService => 1172 B
NetworkService => 14896086 B
john => 35090168 B
UpdatusUser => 66228 B

RecycleBin => 6392 B
EmptyTemp: => 201 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-04-2017 18:59:37)

"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.

==== End of Fixlog 18:59:38 ====


Edited by jhguitar1, 26 April 2017 - 07:24 PM.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:23 AM

Posted 27 April 2017 - 03:21 AM

You did that perfectly.

We’ll run another couple of scans and see how things are after that.

Run Zoek

Please temporarily disable your AV program.

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7, 8 and 10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    autoclean;
    emptyalltemp;
    emptyclsid;
    resethosts;
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

===================================================

Run Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware to your desktop.

  • double-click mbam-setup- mb3-setup-consumer-3.0.4.exe and follow the prompts to install the program
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program).
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

zoek-results.log
Mbam.txt


Can you tell me if there are any outstanding problems and if so, what they are.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users