kristina Posted May 6, 2016 Share Posted May 6, 2016 Had the cable guy out yesterday because the wifi in the house wasn't working right and he went on my laptop claims he just typed in youtube but it brought him to something else and then AVG popped up but I can't find the log with what it found ran a scan and nothing was found. Tonight AVG keeps popping up about Firefox running another scan one now. This didn't happen until he did something before he used my laptop I went on youtube many times and nothing has ever popped up. Any help thank you Link to comment Share on other sites More sharing options...
Satchfan Posted May 6, 2016 Share Posted May 6, 2016 Hello kristina and welcome to the The Pit.My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier: please follow all instructions in the order posted please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked if you don't understand something, please don't hesitate to ask for clarification before proceeding the fixes are specific to your problem and should only be used for this issue on this machine. please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed! IMPORTANT:Please DO NOT install/uninstall any programs unless asked to.Please DO NOT run any scans other than those requestedI don't understand why you let a "cable guy" touch your laptop or even why he should want to, but we'll take a look and see if we can find out what's going on.===================================================Note: Please run these in the order given in the instructions.===================================================Download and run AdwCleaner Download AdwCleaner from here and save it to your desktop. run AdwCleaner when it has finished, select Clean if it asks to reboot, allow the reboot on reboot a log will be produced; please attach the content of the log to your next reply. ===================================================Download and run Junkware Removal Tool Please download Junkware Removal Tool to your desktop. shut down your protection software now to avoid potential conflicts. run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system please be patient as this can take a while to complete depending on your system's specifications on completion, a log (JRT.txt) is saved to your desktop and will automatically open post the contents of JRT.txt into your next message. ===================================================Run Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. press Scan button it will produce a log called Frst.txt in the same directory the tool is run from please copy and paste log back here. the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply. Logs to include with next post:AdwCleaner logJRT.txtFrst.txtAddition.txtThanksSatchfan Link to comment Share on other sites More sharing options...
kristina Posted May 9, 2016 Author Share Posted May 9, 2016 (edited) Thank you I will run all the test tonight I get my internet from the cable company and the internet and wifi was running slow and kept lagging and he went on to see how youtube was working because sometimes when I try to watch a video I get that circle spinning thing. He claims he typed in youtube and that it brought him somewhere else but I've been to youtube many times and not once when I type in youtube has it ever brought me to another site and AVG never popped up. Edited May 9, 2016 by kristina Link to comment Share on other sites More sharing options...
kristina Posted May 9, 2016 Author Share Posted May 9, 2016 # AdwCleaner v5.116 - Logfile created 09/05/2016 at 01:19:58 # Updated 09/05/2016 by Xplode # Database : 2016-05-09.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Kristina - KRISTINA-HP # Running from : C:\Users\Kristina\Desktop\adwcleaner_5.116.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : YahooAUService [-] Service Deleted : WtuSystemSupport [-] Service Deleted : vToolbarUpdater40.2.9 ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\AVG Secure Search [-] Folder Deleted : C:\ProgramData\AVG Security Toolbar [-] Folder Deleted : C:\ProgramData\Yahoo! Companion [-] Folder Deleted : C:\ProgramData\avg web tuneup [-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb [#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search [#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar [#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion [#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup [#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0814tb [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [-] Folder Deleted : C:\Program Files (x86)\Coupons [-] Folder Deleted : C:\Program Files (x86)\Digital Coupon Printer [-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion [-] Folder Deleted : C:\Program Files (x86)\avg web tuneup [-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil [-] Folder Deleted : C:\Users\Kristina\AppData\Local\AVG SafeGuard toolbar [-] Folder Deleted : C:\Users\Kristina\AppData\Local\YSearchUtil [-] Folder Deleted : C:\Users\Kristina\AppData\Local\avg web tuneup [-] Folder Deleted : C:\Users\Kristina\AppData\LocalLow\Yahoo! Companion [-] Folder Deleted : C:\Users\Kristina\AppData\LocalLow\Yahoo!\Companion [-] Folder Deleted : C:\Users\Kristina\AppData\LocalLow\avg web tuneup [-] Folder Deleted : C:\Users\Kristina\AppData\Roaming\catalina – print savings [-] Folder Deleted : C:\Users\Kristina\AppData\Roaming\Yahoo!\Companion [-] Folder Deleted : C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings [-] Folder Deleted : C:\Users\Kristina\Documents\Add-in Express [-] Folder Deleted : C:\Users\New User\AppData\Local\AVG SafeGuard toolbar [-] Folder Deleted : C:\Users\newac\AppData\Local\avg web tuneup [-] Folder Deleted : C:\Users\newac\AppData\LocalLow\avg web tuneup [-] Folder Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search ***** [ Files ] ***** [-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml [-] File Deleted : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\Avg@toolbar.xpi [-] File Deleted : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\searchplugins\avg-secure-search.xml [-] File Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage [-] File Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : 0 [-] Task Deleted : 5018 ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj [-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6 [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin [-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4 [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin [-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList [-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl [-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton [-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance [-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}] [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] [-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [start Page] [-] Data Restored : HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main [start Page] [-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [start Page] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] ***** [ Web browsers ] ***** [-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("avg.install.extHomepage", "hxxps://mysearch.avg.com?pid=safeguard&sg=0&cid=%7Bba827911-3d2a-467f-b626-05e1d79c7915%7D&mid=042c0fe279b147d18b55a9aaf3b6aac7-e76d711976fbce63c129617fd1ee71a404[...] [-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{6be633db-abe7-4362-a183-ccbbd2617d02}\",\"mid\":\"042c0fe279b147d18b55a9aaf3b6aac7-[...] [-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...] [-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); [-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); [-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.conduit.com [-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com [-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com [-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : movies.netflix.com [-] [C:\Users\newac\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com [-] [C:\Users\newac\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [20318 bytes] - [09/05/2016 01:19:58] C:\AdwCleaner\AdwCleaner[R0].txt - [12767 bytes] - [19/09/2014 05:14:40] C:\AdwCleaner\AdwCleaner[R1].txt - [4934 bytes] - [06/05/2016 01:39:36] C:\AdwCleaner\AdwCleaner[s0].txt - [11424 bytes] - [19/09/2014 05:17:54] C:\AdwCleaner\AdwCleaner[s1].txt - [20848 bytes] - [09/05/2016 01:17:17] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [20687 bytes] ########## JRT Scan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 7 Home Premium x64 Ran by Kristina (Administrator) on Mon 05/09/2016 at 1:25:48.09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 59 Successfully deleted: C:\Users\Kristina\AppData\Local\{1E6EE412-D9AA-4AB6-9C1F-2A9AF9880712} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{6A54EF2B-ADED-4E7D-9F60-7B3100098499} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{6D1E465F-AFB6-4A5A-BD0E-7BB69EE4753D} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{730F902F-5342-48AE-AE16-C925704704B4} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{8B97B74E-A403-4F43-9F0B-85B6ABC73A16} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{98DEC232-9DA5-4AD3-BC9E-40F1FBBB945A} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{C7F16BB0-B0B2-4682-A39C-42AD18488F0D} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\{F0DA9FE1-9092-45FE-9708-CEC41CBA5227} (Empty Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K988AAJ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YOVVIUV (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GRFOBHF (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OQRM8Z4 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YUMAJFQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQRRXLC8 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP7S21GX (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTGDIP3V (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB7TMCZR (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM69TT1Z (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDH4IZAH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K988AAJ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YOVVIUV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GRFOBHF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OQRM8Z4 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YUMAJFQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQRRXLC8 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP7S21GX (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTGDIP3V (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB7TMCZR (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM69TT1Z (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDH4IZAH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\SysWOW64\sho1792.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho18D5.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho25CA.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho2E0A.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho45CE.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho4754.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho5002.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho5D43.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho64F.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho6D2B.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho6F58.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho760E.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho76F4.tmp (File) Successfully deleted: C:\Windows\SysWOW64\sho789.tmp (File) Successfully deleted: C:\Windows\SysWOW64\shoBECB.tmp (File) Successfully deleted: C:\Windows\SysWOW64\shoE00E.tmp (File) Successfully deleted: C:\Windows\SysWOW64\shoE0E5.tmp (File) Successfully deleted: C:\Windows\SysWOW64\shoE9AB.tmp (File) Successfully deleted: C:\Windows\SysWOW64\shoF36C.tmp (File) Successfully deleted: C:\Windows\SysWOW64\shoFBDD.tmp (File) Deleted the following from C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js user_pref(avg.wtu.ext.dnsWhiteList, toolbarhome.com,avg.com); Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 05/09/2016 at 1:30:22.94 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
kristina Posted May 9, 2016 Author Share Posted May 9, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016 Ran by Kristina (administrator) on KRISTINA-HP (09-05-2016 01:31:56) Running from C:\Users\Kristina\Desktop Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-04-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2015-07-10] (RealNetworks, Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-14] (Easybits) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe" HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [720112 2016-02-24] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Facebook Update] => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [58C472AA051AD623CFE08192244161E972D1F5A3._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [DriveConfiguration] 0xC6142D477C3E07F5FE5919D366618159D63F935B6DEF714373DEDB9DD79648DADC9C354D0F99BD7A7CB96A9021514B34A3C4468040A7B04C05231BAC419B6FB9398F3C951DC14FA93B968431C673BEDAFBEB17CD6B03CFE0C38CC979A13443F1C945B5EC2590FCE60AA3B70FBD43F259361601CF249FAF28306F999C869AD4F69269D6EB074E93AA261DE6B43D7833EE6E8B4AF4B1FA8FB11CC018582C625A97A59B0BB9E14341CEC2840FE91AB8FCCAC129B4BAE61CFEB7A20FEED1D33E5CD4276C942777DF4FF457ADE389EB36B6FFFBF2F8194A6D926E248F59CB372188D3A38D6DE854E5E2624F9027FF8ECCC08E19C44EBF2ECBAA9DFE5F26C10D0013C6DB4287FCC4225C6125967CCDC0675C6C6243C771C20EDD09AD7A5B8E60D71DFE352CE0AB83864D34BF9033B3E764153820A1E4F5779DBE0DBDC49EB6288C6445182A8823E1EC2ABFC265A7D51BCA6BF0DA9C062D37878143A18AF2C0F8594E95FC007FD506C8B6BAF55E03E96C3222F73B1E982B1A48FF869D499F00648F3E159D92FF388081DFD247B4F4CBF70EE7343141ED826588A7E2DE9947CCFFD5F5DBCCC371DCABBCF9246CE86D278868B147A6D553EA64EA6ECF537DCEA243B454CEC2759C92DF1EDE573377124123BFE458045FE096F9AEA66370EE312448566774BEFF91CA83A30F5511A44A2B3E50E9A3126348FFD6CD264F6DB69D91E7C0581D548C0041D67FF728FAC649004997E05B19BAF7D6A949D0F96EB4B7AA5FA707ED173770A949B4FB3E1DBCA15CD888812F48C36DD3639CA80E2B1AEE3ED4AFB5902911B3732C45A04DFDFC3D6CFD23953F32B683C6EDD57447AB196E433A2851A81D875E4830B0F5A28A8F65A35FB5435B78E19A04B6BE7C34E342143C9FD739649DB943770F9F1E835E9D9CDA1F49105C421D18F98D1CBA7149B8B35E3CF40B75D7C6ED09AFBFB6D031ED4CEA9201B11F06ADD869973250B7B2E3D59DDE00D8C60CBD0B2C1912D9A1666C491BDCA2244F2D2A5A815C8DA29A7F18617BC3D5CD91B2B952A9B11F3406CD7577B1B736FC110C18ECBBDA86598B605023F416A21994EDA732610CD8BE1A0E8BB63FB78335CF2046362B30EC05BFB4DEF3E4B1DE4E05F8489101FC97D7D1E12A966BD54889E6A363EEDE8599F21A3A806A6C5923C3D9E5483CFA21F552A2A6327CC1B20FC31989C3E9A7CF65EA35B348CF1B8395EEE8DD82779C1424FA18D58529D20BF7DFCDFFA862C9C476E5B6D204526FF10D46A559F85C1917ADAE0FB2A899FF0F4BC18D927955BB8660945EBF9691AACE7D6833E2946E7F1CCA631A208134096B9657BC41885E4BE7DDCCFF13C12714A1F14FBD87D70D690BF6EF45338954027E67C3D8D12A81CBB490622DBE21DF644E1369ED7C6AFDA15063F937CD31132E0BA04C361D26C0075D8A69C9264828E5083FAC5FCAAA9565AF51D928F90067EAAC390B589426921B89D12EAAF2971B6288DA83D85CF7A06E1C782024928ACDB16DB16DD244BAE7E3D8DAF1A8AC9A95457D6D89627DAC4CD23F6F2BFF960AB68DABD7703A4C36CA0987D1539F782529ED5F3DB30FF5C192740130D440266A6BEEFF71DE3A6D703F3E30FD5DDBB59B3A5A2F83C053E9A495AFCEDBE8DAA97BB99339D5C36434DEFCFFCF06E278230C04B2D516C417F6015B8D28F61EA5033EFF15B7575668F247E2F404300A0D40256978A63C8A22C0E4F012CA795A9D151644D9ADABB195533A4F280524D7FD82FBA7D17415C85C48793B6A28FB8D242AA9AC91C766F95D8ED59ED819792241411A3A458E6AE3C3F1E8ADD2B6055A05B485A7EDC7296AE0808BDDF91A493A60B06588CC95AEECB44685D6E32FA42E0784A372B061C13D25C49023B494EFDD46E239A6366EBCE4646D6D0B8589D9BFBD2A5F386FF49DEB53902867CAB0807D6F4D43A3EF33A09A1AC00F4F3AE93FFFA37D95509F8BAE437B1CCDAF1DC855B570DD2B352559244256FFC8D46AAA56BD38E207DF6FAD979B35A7028C0E558B7600B70379F41C488B603A0C24237ED83BB0A150726F7CB88E601DB729021A5B95AB73255E76D8E1A861FFF41468435E77A1B109DE7268A1180246A575EDC1BFCC3C1251C39499504AAD7D55690693F13CD881413B4823C3BFE02D68C24012EBE7112560BA3BFE1038582084929568D8E02EC66872EF5A658BB6115E8E298ABE46B312F47DCBD3D1CA7A4831AA17F4DDD25554B0C48012F9A1047B213E2F338E793828C6CE7FC4D8251667F7EE81146970BA6A9F5E78D7A6ACB19508BEA05EA4472C7E39E57B5D76DCCA169CBC79572F436264F17F695F103354C69F7CDD3D43B4068E2F97ADEE52A46081CEC67221AD344F5BCF960CBB2769434A27A41D54799CB06FF0258CB895BEFA9060E75F0268F504DFA8EE2D701683101E458A7E872CAFC6D22966D73F4523A402BACECD51B2717BBC52348BBDF78CF090C0AF52444C4BFB12C577F4EF1DEA6B5D976B58868A88608B61958BFA1AE7AAD03EC17E687C3CB6031B4A0DC6C3C679174A00A64ACA75A27DF7DEDAC0AF6D4579D353DF07568559A693C00F93E4CA3A7070FB67E944FD2798A5D00926A511C5B4F57BBA79FAAE959BAC232F65A479B1943D7893967F1DA9807A403F0074245B92474D43F704913FE3DC72A0F641AB01EE4809CD1B527C0113EB6E34A6F253D415FA82B27EF143C19BFF291AACB1A244B257CCB395DEAA8A8E49B3D7B5E5E85B03B4973CD0388837BB2ADDEFA66E3E85014733684CC8D16FD78B9925CDA49D6370D8E425A60B1096B5F83E6D4B252E7CC115A486A0BF0E52653F66FD81CC5A94A495EAABE23BE0D387376DEA4A11B7CAB10B8472CEB8ACA85BBECEE209DB4367162650B21E98A01733CAF1A82F000D5A4967FC64E79B78E8B36CA1D5F1E2F20C107E74C27FC33125C1F5EC42C421950F266F5DE5437A51091682F71F075D9EC191AB35BCA2ADC67D455A41C67EB07BA5754976A7D72EE3497AEFE5AF40F418993D0ED2921C51A96ABE2635E7259C16B891FF39AAE8AC581E5B23C095BB475E57605961DD5DF61372E2DA4C59B7FF2FFB2EC0BA2F573E9BB87203460FAAE54463002DCEDF85F99A2BCCDFF5359FD31231F14BA2DE14A0A40C2CB87F5BE4E24E455F017B5F71ED8FDB9510164852056BECC0E77ADED04AD86F5B34C3F62BD0062304671D90E58B9A998B96C76E37538D66B1FA94978D62ACA3AD726CD407D8186CA8FEC836F93AC76142453A8E6CEF02280B11E3F49B99C2E5E90ACEFA417763E2D03A0E4C9524E63E8F0807B6D17A4391D9D613AD1E84D44BE87B30B76404DA2AF8C17EEFD4EDF7C5CAE5C3855FE8B504221BEA3B3CD0FEA5490780E96635A3B98B459536FA1BDDD625BAE262ED5F3EAF22AAE17DD57705AABDB3B7A6D96E93275732CF1EB5947AE9260806CA37FA0598B21A30B4C2F7AD3F59CF928ACFA5A5CECB95651E67654F998F5C5AE4AA57C495D77D1910774CE34F254244A0141233F301DF5B121E59B6E14F2A5DE498909F03D64B508AAEB96374C440BBE92DEC3F0526592DDB06D4B0BA71BDB4AECF2FF94AFCE366A54152A1A3841ADC7695BBA3F164A602B2CABE1E7A61681108C06FD18E22B10F046A195FC264CD9A4E4EA8807397EAA293E62E7F3D5E9DEE022062BC85125D95D2DF1C28F13F0786BA79DACBEA26590177373E41213A95771B4AD88E3807A3693E770E33F454BD9AA7C7003BCC819A5AE607C6D7AB4D7C5D6287F0DD8F3C5B3BD29CFF460D1365EEC51EEAB1CB5E79571BEA9ADF04EAACB989626E36074BC53C19E8B9953EB957C06BA8663F260FA94EB766C9BB40951F52F259825C80EA5D66D4DB0444014148547A17480781E18B9EE2904C32E0A615F7709A8FC1A57E99C86CDF97A879ED0DAC81DB6C4BAA892BF3953F611A06A97EF4229B1433A68C0C28726AEE4AED8D04CF4DE9BC7913894FB3D438A0DC3F8167E35CDB8E14121DDB31EC38D0C51C24D0B5C11B821865067A48CA341739E652A70A2C98D2DA0D954035DDBF3C4DAF3D2897E88F7EF5F04B0954145C9C8CDA020387921A3AA62EA0DD605472E02CB05680A28F3F79DDAACC7A233F12D6C8679B7C4FA3AE29D3B8D1DCA5BD8D8A3772711439D359957601EDF04130F1744B9387BAA5476471CD211FAA254C4098A4349A95CCA3DC66DC2A62C046C3510B63B4E26566B7FEEA8E570C33A09D061C95ECD3CB902AD1EE1320B0437124875E87F521A795A7E698A2D53F267336E037A1C527C31A4814DA7782AB8182AB9ABCF51D1CEC85501D5B1F089F1672CD5CFBAD9CAD128ADCAA208B93937A83DA6E18598EF2EA0949A46FEB914083384F5A78CA95824569233434CBB1AD9F4550E8E9C211433FC43A7AC3FB8ED6EA16CEA222D97FDFB970EE38FA037238998AF1BB50E3A5A3CB2120CCC2278E4164763BB0FC44541BCFCEF2D143EF549D47F06C953DEEA29E155DAAC425E81D7539784D875F30E2D29E502C37E559B7E1427120CB540A288303BF072D6E7E02CA25EC40BB9905DA80D00331C65E8284A190E1C216EAEB9CDCD4B7DF6390CC0116956F89F9DD45C454E71AB286A622077E1BEF5E7D53E6DA2732F00EDA6F711A40E07E1720F84AB67A8DE223D2DF1B30CCD7C8AFF98C301FF10BBF8CA258FBB0E7B0BA5E5C11922071FC921FBE7A952F44965D819DDFC8B00221F2A8F8DC2615D51F0E8B255632044D64BC906EF27E488D063684F0D7104ECBDF6C161B33E2A6D310835936B6628884795346D815F34D5142E93770886BF2C15503956EBE4D9398F0E1968C5723AA060CD84B1A25CFE226D972FE04E49BE1842DA93E19A7D241D275BAD08C514510662EAA2C761CCA52BA6DBFFD5216B77AEC5703A57F9F6BF43CAAC5B8C1ECC59F959132177CC187AB4BF354516F88CC853F12878CC1086DC0B5BED627D694EF4B5C6D6046C5632C1DD5B8D84FDC10CFAD37DE056B191DDB788B40420BB26B247E51E3FF608EC3D3C6F9F23FE1CA9551E7D66A3918C93624AF3B7FAA3797D5B0510785DC598C604B464EBE87D230C3B3DBA8E1090ACE9E87B2B398E4FBF3C6C93F8E003EB4F3C2624C5E2D60D9644E9E75CCA33721A1DBACAC85DE95D6D6480D20B6BACBF259BD3C70AC9E4C659CA5F47A7BEAB8ACA66B75FD655C596912BE331B7E33EDE1901156DE2FB5257E62193BAFB6A9294FE053F2E0A4DE1283F67CBF245EA26EF2A1179995129D4BC09475EBAEA6EEB2FD071982DCBF33B3100EC9AB39A21FAF570CD3F88C75BE0A238D1B41D2C5EBAD3CBE971FBA01D8845BF0D47229FC8901AF196FDCB86F599858539D4431757441EF955BA453150E5CF9FC135FFA189C64417E00BDEAA369389D67CC431B521F53161DC68646744E86B9FA5DB16B8EE97816CCA9054BD7C921C256E254EEBD294ED5CEE6851F5F29206D5DB814EC11DC4B8D29A2FC8F27DCF9DDAE2F7C1AE7FBFD2E260AA5EB075E07F0BC2E0BCEA52B2A6A2107E1A2A5385F340BFA81DB2C9301BAB0DAEAFE25FA50C04F743D28BF63EED8A7044088ED7565ED7EBD95DBE0E50D9FBC1C459E08A2BA6C56CD37386A6241009F63A00187281A72D2B18271713BF23EFA1154A74FA527C37ADF7FE3DCB54EC687FCE30CE87EB0EDA94C502BD555C8453E380EEE1C57C795BDF62D5526C6E111A9581BD549F316BE403BF630F1565D1A1E4E397B5BB6DF25C3915EC0E96F0D1311D9677FA1EF19CCD2505828AB3A786D30F2BBA3D76767C63B121BC9142062DA67D389E895FA26AE630BB01A4341CAD04BE3F4668F487514348F420B778F2108F0110E28183DDEFE0A5322E3869C4E8D3B9F1BE346972910F625E9D7D243BA26DD7952ED1853603049126F5BFBA20ED7C695CC2EDAD0ADCB839467CF26E21633E427056780EF22F46DA8B05F2CA93C51D472D2F6F23670A39496BBBBA1B0F1D36C581F1488A594E1DDB095BAFB985261AFCA193BD47FCAF86C858B76EF4395BDE3E3F72E22AD439071A7E82A4873D1CD848E530AC428B3A21433E93EC9BAA360AB748D9A5A99D0FDEAF4D8D5D1395B93039A970B5B95DBE03D10483C79A7D9C47345A1CB81F154C595EB0995FF1CF83E8E26FA1D85C6C3FD6BBC2B2CED5160ECCF837EBB286260D8CFBAB50211F25683A534D66DE1CE5B242DD9AD1CB9188DE46B2248641BC48C6203A1794B711BFB31BF775810853B0555950DDBBEA10895D5CA7F9ACB220C6E1DFD4991606D895F9050C635A68DDBD5689AF30C85424291E1A5F3312E806129BCAE89D492EFBF86BDE9A1B7E86C4A642DFAC7B22B87CFD4597DAE3099039583BD117FABB036597D5729023845473639AFFB7E7216D7F81726E45A9ADF3635DAF2C377976E74342A9B7DA67326EA72127F7B2CDA80B21E824F2A459E852A9DCE907A9E365576072E1A60DA953AA4FBA83C9C550EE837E4807916D445A26BA0C3C85EE0FD6EAF615AF19C7BA875059F601FCE302C848594A662458A638EDABE302E259A9B28C260B6DAE976170C92002323DDB48C97B0EA1995A7A2F3A64B18AC6B6AAD53814DD899A153C8F82FE7934678B0908B3807011060AEF6B816BF6D93FCE2BEB1B5C33734A5C403A9F9EE5099E82EB05A38BEC02B03E10880BBD3239B6C00205C419574275A4A9360327C0A101FFA0505CC92A235668BA6A2F49E6F81EB422A9AFD2C46F2331729A83BC1211D03369D5786509DA8E67F678ABCC67CCEAC06CAF63C7F23DFE694EEA26BCE1DBD6B24955E6E337A9660D6678B897F3BE053054147FAC041F2359C494A186BADE439804DB112791675A65CCC7A67E60685581F7A096F327A9B3D7CBFA6D0E36660D96938FC0A002E21C2A0349CEC982E9551242139781C3933063FAF7D68947AFF77E44E6DA91F71C984FCCB2A59E03DBB2E013406FCCB7E731B825C0BFA2AD88213A459751E1974F0859B0533190A7FB60335806AFD42A942C250ACF295C25AA6F61B5FB0D7C5C0B0AA0CE975D944330426B8092CECE34A61A8E3EFC6B92AEE8C64775E7B1B04DBCEFF012C44A34223741335C5611516AB4EAE66A8D4E899AC31D30EE9E3CA453475F7954DAD9A197BA2788561B1466BFE2D195B33C3FB08765E3E4BCA470F6BEF914E9BD6B49DC45778B8852615047804986AB8328865A02BCA5AD592C229866ABB01F28589782B3F6CDB1A6B38C2C4958EB3E8CB4B3F3A381FB92E774FA056A31E7A3504427351D79948894D1963A9D505473C9E672FA158BAF2623BE72AC04B739593DAF6BB514ECFD26C2516DEE135D21C0D396CA1C389643F9D299543A88F05D1D6C27B87AA9F1A47D329AA4BF1916C5BFA04A244DDC852856687484B62EB5AA0036AEFDF8664C26B126BE4A0E4E1000AA9C9E3D52BD73C8530C9A0E79FFAD148E5353FE497C7CF95A159D8DCFEFEFB7B46F0030409D318CECC650B3900A9E7F23144C9728027F1C8536E18994B88046576995B0BC71CB590C3CDF41C7CC6D845C3E8CE909A7C0935E81AD42370CA2744046A780295F650D30AD02F2D50453FF6536798EDA219DF389FC825B483560C8AA2572C03F080B59DC55C555DDD415C68A3831ECDAFE798A68D5B575FC0E4965506D7A6A3DE4C933848D0052DCC5A6456BD95804018BFEBEF7A8709787EE201AFB1F9ECA201D34234CF1B9208452477A1EA2AC7C773DB0D2CDC153A4FB8F297A1C602FEE6C4D74ADF88C70C264CED7F594A71BF7A88093596F6C056A5B6F6958DB2BBA9753C95F24CDB8BD3A426EB2F5CD59E1ACF23FF534B76ED0FC5421FF9CB2BB876B96A1C2D307101C7C4D2C9F3F55D0FAE618880C13714EC8BEFEE9C003954E7F23338008FDEE9122C95D3F08F403238C4B4DC73B25AE2B819BA3C71D515BF746DA44970EA213F8BE5883949E41FFBB0E7B4A7AA3D2632AA9C261592713F45D4751464D881EA399EA3665EA57197380B9D362CF5CA2D9510319E57E01A1987B3BD25CBED3A6EF2B56C734BAACCDDB0D19210C3D21E0178659747D407D274F3F175A5504A5C58419C3B7EC18585D172AF8D68E201EB890E1722BE25F07F2B8EE7441E2B95E506E8E0D454EC4F5799F5E6B844CC1C21260BF7101B2CD205ECE55D7D74B8E52402C5D647FFE47E88D1F013D5FE65F89B952E3C36CAB863ACE04B6A9C4C9A057117992BDB848ED480F36B0295EE055BFED5019BE473768B614F2205BC2A13ED13330C09E77A2A13DBA7C70DB9EC9FD5B63831F9F7AE68CC54557BBA5B1112D898D2AABF130B3A9B1B65177F42B515FBA92CEFF17ECEE9A4C29526B312503791841BB5B963B776FC4D1B23A968A533AFF75E1A012B7FBD3F3B352A92B6A286D7182446019CD9A2B85263474671E84DB4EE5D68304E0562B2B834C9E04E59E42EBD3BEC4913839579B6D17B3BB64215EA6E0B2F80440215A58C44486B64817E3BDC9BE90F5B70BCE23DF3EC65C18233F423735BC805F1B96E1306F778E7F817722AD9B517FD5A8DC597E03C2F2FDA4B521C516995AA3BC0F8A59127CC58315B2F7160A0286DF879FC0B0ABFF600C7F164ECA1CBE28DAD1ADB324CCE4C730A51CB20C617C8771376149ADFB99F3F527086AAF9094DD824A568FE8D2401313A82F59567A467209E18F9DA5B5EF5C15699FEB9746E3432F56809A9EF9B5072FB8897B42E41B7B54BCDA95836CE9CE3AC614406324674194B41EFA6EEC07B2737BD38115DE63011E4FC2F951479D58E95A975E974CCCAF08B4277FF66E442CDA94FA10C12DCDBFABBD26B3399DBA5C949B59C960C2A42D10F42D1E0F1B76A6D7FA9FCBCC293683C3B7EE35C6D759B9F9C389DF3D534F63E2EB3183B4F9551808431AF96EF266BD51E1A4F2B5218C8A3800F9A41A7D7D32D606FFD14B78998CC3948C7374E484A69CADFAC0DBEA2BE04942B43505B1AED315F5A898DFDA57695B54B5BA6812F196D651295FF4F48143D0802779C92B6A76C486277BD4BB4AED22520C2D2AC2FE3C1291A3BAFBA97752FF5F37C0BCE618536BB914F021585A993C2A1359411016D28E50EE3241654CD7B148EC0F9CE03BC9535D21669C1B518A0A3B5602D099D9ED438E96C91C62B262409ADFCCDCF5845554FD4164D60F1149AE94686329917AE20D87C5ACEFDC0B683C108642BF335CF576E0BBC84499221A04DBC3BCA95AC49DB59EFE80021319FABF18B6CEF60CF2D48CA79BD2D95E260E9B9B761A67FAAF9CB8867738812CA8EAE774F23C5F6CA0758B658339408952211ED0F7BF0D8FBF026B5276617293056671C95F5730D754B8DA924F2B51766C8A244443D53405D07F695E61709D8EFCBBF7DE865A5EF63BC85E01B318ADE36E5A628C72931BF9737D3C0251FA3F0EB039099E38700954A84B8A8A4FCFC12009553F7657DBC5C950DF14E4E79277E8AA64193621644CE24B10BEEA7C63B51DB4D7A5DA46FDC1EE9479E30E7EB17E0CCA6EB8E81888255C721B9EE8589D7D260A3C29F8DA372BDE3CEA741358195D712DE756B4A9D412ADFA421F682EBF5B6C7CA8D9387C7236782AC297249DD454F5CE99B278F5F4A25B2E3392A708113C178409055DBFBF7A1B56CE069108A3F6805159E89246FAA5A16ADF195BD81EEEAE02CEB367064D0250A9E4A7CF35DE27608578908F8D37469B0552AD2177DDB82FC2DF3064CEAEFB789856F8477FA8DF219986E60DB62169011B68163A02CEFE4FBC17F885235FFB49505B103805FAD34BB8111EB2F9C9AFF266480DA2CC156D317C731B745E80CA925686B2DF9123F7FDA2A0A29FCA243D43390FC5FB6E0C22E2346C5C5C47738951199FB1576F8781556FACA4F4FF1552540C07F7236886639A91162C4CE8D68826A8080A9E47F791F9F37DB9B86B01D07E9D31829872BBC83ECE80278FD2921AFD17B05BDC29CFDFEC485B4C3F6A862B37777436B7B2548689EB0C30D27771F0C8A7108107ED656ECDB2D496C8BC6BE8CEF93B1E87E390074B067726D1A67F790DAF33289354934AE7F818BED3B1F7B0384E58BEFABEA43A722F0350999F33A1466FEFE582A42BFE9ABB269511E1B28662F3A140C413AB6774987E101C9EB436F02F73B7665A5EA7D4C3B8DA5E7730A0779D8C83CC473C423C1A7E2DE955A801EC15551A199EE69F8F7E4948E308AECE64728AB24C6619E3DCF794A99D5552CD2D0B948E987DA4CE6B815732715E1A9F78C03F062CB00024804D838B1EDF1AA600B5298AB3111098A430FB1ED40E218538013F9983A8AE80E484638D02F511C535AF2F40C3EA6276B7C234B668F191C1F274AE10BF377E598B7262B149FA15ECAD242076E4BEE02BBE4E0335AB4A875069B73D3EE1B8CFB5A6A23EF92C54DFEFB064DF38479128C40EC002E5405F4EED614D8825369B980B3764FC9FB7BEA3B1AF9170220177119AC44BA0DA31E2A05289206FFC845755CF4338F9FB596B8729B0A2CE9F6EEDA0B490D768FFC7ECAE351C84D72994AF627A8DB522DE986ADD5FA67776D8BDED35DF14DE4490CA03D8D973BFED3643040E5E9B6B4BFFCD686E9DB6888046F3E8CA2D29F115B0EF7231C28CC7CC35DF4EFE9AB0607FF930EEB9D1D8584161E80E250B69C27DCD31C69F71F9EEE8943E34D1FAB74801B3A7A94A298C9A5B5CE1E0A9D10A5CD8DD9BF5E833D01886F7B80A397D34C0C3A973AD27383E7B26151F9468589A8796B977D3E8D1F5A817495BBC35E20083B92AA3E5A2F28067D93D1CA369A6164C613BF32E171DE6DB0C3E1B61CE782F24AFAB458621287C895304D5F5E70FB480883D1D5705F3ECE0C35FE082CA4853A802CA00DDBE55A7236CC711C38F82F19DE74B1E9A6B47174EA75BF12B372FEF088E610B6844C0F67AB693E887E8C3F84CD15864FCD340D4A6AF34967DF775D8D83828E3EE63DF8771C357FD759A30804BEF0E84A7378B19C86F68EBB43B3C12A22D45E8F7F5A3608516DA21C52F0C4F161590FC024C00987F1354FFEEF57DACB78228200 HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [LegacyDrive] 0x1CD8E0402AF9DA7E2D01CDBE60CE76D90B17F87705EB7E26775A21AAE2710C94646CDE1637284F167AD7178134F70BE296858A33806E17F347464778B53CDE87524E3522E2B9DFA12FB48B04C9095D2C888AF458789E47EE46C36DFCDA0EB7E02A6FE4AD0B3594CF47D5FFF3EFE7E721F371CB2BEF685E4B4874370878F4CA59A642970D7A38A16A2FF32215EAD67D314AD274CB40E59B7621EAE10D32F96F5D932253D01F16F2C9F7821184B99BDF07A6B5365600121EE7B6F8935543068758D4C72BF5A9886BF2BD67B78DA9AD096DC65E24D9920D192855F51079044645A465BD516F7477B6AB0605076EA5ACC65D98DA6A246548DBE0489941E2DF3A62B0278E2B4DA7488CBBEB1789BD34898FE16E2904BE62EB217B2DCB0490F1B001D1CA963AA804EC6FA28B3B172DA209AF9FD8FD52A67B38438AF0C13265A3152DCCAE75C711E9ED2AC768CCB9D64557F4CE9FBF9C7CE25018BB49EA188DA2B5786B511167D998CCC83C1698D8F08DBC1296E8094FAB7C10325F8E92C3A415385A85AAC284BFB93E088F78B2D6E28D8D372AAD81A05E07CFE1591CC5A07CD185069BC207B817DA62094720476D1DD4CE3106BB756A11B7652C549AF8FC8B3C798703CB2A93B7638C37B8DFDA47D2EEBCD7136C69C951B0E4C657EC822E8D380E7923594833FFE67D44FAA95B754B48023043255E873B82B578CBE97C703DCB6F0D4267E028E3ED5013BAE43C1F61C939622BF943B712D05305F1132FC7C5F38B86BE4CF33C1327140380DF2F2BE1719BBBF432AFC05FBDE2E5F53031443598C27C13A9C604FBB2A3BE14D153D0C26307AF6EBF117C89240094CEEF0D63C812B67895C1A8DFE96EE2ABC355F818D2CA20553E593CE5203C2F72881A986D32874AAFA3CAFC6175E44219F0CDBC45D9018ECD8F3B10F45381C67FE860921A5C7928F7253CC3B86FF4168FB50486A48F7096B7CB9FA306BEB65FD171DC2945DC87A695D525737C767521D38D2381BCFB9A1E205A190A5DE309DE388E8EFC197A5C177790CBF691632E745F5B61CCC813A21315FFA206A652DB06E31F236176BE82D3B77141C84D684743F4A341986D10B450585BEE8D1AE61CDCE0BB6BC6E0C46EA1E23EC0AC006BEA5CAA8787F0ECFEA54BF4DC6F03CF8509B673A6BC9D026B53634DF3C5379700141F9CF47490D2F9B03CBDEF7FCA2CABEBE10EC78D58D04ED3356E1BBDC7089B918C37D4D051A1A7689BCB522B462F38806C8FE55988884D65DC6A5486104794851B4A5A04664AF1B52F9F24CA2C35FEAD72DED4F094EDDF85870F000135E61D084489013479FBB43A4734616D43C46584D8BAA69C3CC42680A298D729B292B281369E036C165807098672B8357E56E8526A0D8D4623605CC61F3D99D4E45B2D86C321F9C30AC2C56AE7DAB14D85632AE5F0CC333BD98FAFB6DD64C7EB0AB58BB6A053DC8A146789055BABB8C864DA8885E764F4595D67FA5D4FDBFD77D40C6977554E955F94ECED01ED6150D0DBCBB7F0D8BD9C188FDB938978A4EAA9E539D13C95301C151F913939862564410DF11E004DFDDB668459FBA43062FB91DD42ED4D3BB62524731436B5BB8C1C5328AEBBABC42C88A7E1E28793AD13757E06A0F646E48F71D2890324CBA8C9A9F24DC91A8A007FD40DA34D7B1F9D163EC039085DC548B9E8890E76C9E05CD7044CF9973E7446A37CD122712EAB0C936C44878C7F52C3E2A3B379740B5D170E9526941D3B215FC75BAD3CECF50213264E2469333A65D69B322BB993A7F32A22969630825DCB34C9CCEEB6C880003F346CEE9703B9163719D0070124B5882FC596DC8AF0A345DC9521C7A780BA952E177D185236C1B29A5F85E5BFF5F446D354473781082FB8963D7380C077DA4C96844B78D9AE33CCFA342798DCFCCA03DA82F2A00C140642C641AA12628F9FDE406CE4B40A6722B03DA0461295E57D7093A79F0CF905153EEADECF84FE3455971732B891F56EC955056B8A2C7A62E2AC9F4295DE6CF5729F57E5CE476CBF3289A076519A638B3D96748DDA1FF9DB9247CFB14AB01F6395F13295E3283C86898E3E21141D4725EC29ABA5A97768B7D9F509CAFEA8CA3AD7E5FC22E1C4AB711CD27F411206E06416F75D3FCA4B4FDBE373B939319573E6D9CA88D0E58ADC58006412A87AF3AC47F2930D74EAF53D1B8E827421C350FBF44BF2AC5CE3FA621661BBAEBFFF54CCF4F7E9D5B850343516F73D60071165C19590A9F341042534A3B4D71750EEA678009BA3B5F1168E1B863F9C9F34CA9577CF9EDD8708FFDB70E8C97ADC068B1C7AE1185C4617E6E70CD8B48D279970978F0D575C13515E0FE266D1DB50E53A32D7EE84625C626069B452E80A67B78220B4630833D5372649839703FE95BD1B23D7C6878BD46DFE274490726ADDE35F340CEEB9F88A55221E305C61A60CAA100FB44D9477DAFF520321A820812F23FA4C0445F7708A1C7B0F6D74AD042CA02CC57177FD8E9D9CC8BCA89502457628B0F193AFC205B85AB1A8C1A7D464638726D70FB549AB1945CBC71980A8C791EF11AAD1B66CCB18239C13FC87826C0C45C479B328CD845FFA15B8E352A2901AADCE8FCEC04C32D80DC5662288B588AF478D027A7A730A71AAE30001E2C5F68659897007517668203F3F963F2CD8EE135B8769422C3E085B4028160BDE82AE9396AC7E792480CA7E96E2B4D1B198BA82925C8039913095D0286AF2DF3E9F30D29E183D804F0D857A35251D4840E09EF6E33234CFC870F269C27069E202EC78688F2865FFF0D52D7E2B3419DBF47F92A91E8436DF55932BDB0F9AB4A7C08F027A4D0E4C9F82C44422E04A0BFEF454561CDC1BD08B3749C0842FF930FBB6DE4E750FC2121991332109A879F2F31CCA2FE296C15E5B600DC0A56C66796898C6F27930D57CF5B4A5368DDC9F3020DABED08F95DFFA75CDE0085B359A40BE21D4DE43B8E46E93077482495386A60EAEB69602C9BFAE5E0941A158DDC26E474EF29008D73375A07858322306AD75D4C538BB8D383FC362380A428144EAD85C18F57A430B8125D2EB6FE91D8C4C5AF4CA8CE99539866622C782C4529C131D6645A7F55F125CC36EBC15ADAC4BCD940B372C508CCE583DB3D50EF63872F160004922EB4BE610142F5B922E452A339563A265CCF6091359CA5ED605285ECB87BD8EB2B1E2714F4620FE0F0DF451EF23CFA19A956172D12E170C108EE32B6F7C3BF8C67D643814A6F0C422AE85396347E1F01FAF1B31D0822CA3CCD2B9AD072579E226CEAEF808FFD78B67DA9E6B634E47A0773C41ACACD8FB0F0D52F8115AB626BB01116C2749D682F9D180052E3978CB151F38739A4DB141CA30EA29948CEB2ACD6FD9DE7763624E9543E85B0A5422A87A46CE5D6F6F7A22FD65F6DC8DC0068A2E21596C2C72BF6BE47096B5D66785A8FC3D6DF15AB29DF5D7E6466F4B1C2E5BD9BDA8137FA0C3B9EB88C2D491EFCC3EFA02E53D5F95EC1DF0765707ED8C306D28D4AB4216FF88D8130C94530162725E331C9B1C89A4A462DC83BF239C77852CB7C6F311BDD3B26742EF9B3384717AA34E0912FC1D5162D480A52781C535A2D1D158959BFB5023A6D60F3BA549A5E78E03596A6F6C408FAFDBA6859609AFED0FC53E32ADEA1619ED8F3F99BB7DACEC37E61AE6B8533B8611DF14CA14A3A4C85571C6FB30C558DB0EF89DB0E3B7E0A795FBB45B26F79B565D1248931DAA37EAEEFB3C315C2D745E91917BF02927DF8B4165D5E2D1332BD93C3A7EEB265EADCA86898D46FCABDF7064FF7FFFAB8FDDF3E1FAB1779075EB0C4D10E9E48CCB3AED8CB888CECE84B2EED67BDE6B93DF229A60B044B1E40BC4C337B51CF246F846DF78AE7F66929B4B89D700B9A9746CE8FC1CD6CA3BF0E9289BA19FE6FFD811896CD68DF6BD57EA7C98BD189515A06AFBE9EC6E7A14B862D3A95B9331F77963800B7AED80753BE8184F03CEED7CB83D342E539DC4AB91037050EB5593D6C9AFECD4F306AD85480CCECCB253A77559B4BEBE17F2DE162C9B69FE24342FEE0B5584FEEDBD693CAD4C8AB4FA8D936E89EB9942A122B5EDDDF3F2652D1C696A1F87AA5E5DC25E5676AF2B71E17DD8683ED6B267E05A2E1C894DCF0D748C4A2E99C6E8B32CE82D23C667D9B7AE896868C01F82C8D682A9A490A1A1FB08006D1B63017908A562191DCA0832F612FB378C9CB158A2368FF66174AD593FFFDAA52530E00AD0DE083C7774E123AF463ED38C257EBE0A30961028ABEE35DC619A081EADBEBCE00903263884487B12ACF15A22B0820D1DC66C0C29CB26C292298094BEFE3520637BBFC2F7896F5D69B3BC580E40DBE6DE9F918BE00946DBE3615A856F5FBC9591FBEDB8E660D1100F8E8D4F3F7E835A92675D489535AC730937CFCFE418177B99102896995BA3541AEB0251175AC2259822C8383310FED7D3F63D88B8A06F9BBF0AF502E4D0466205E6D96A95E88945648076A70A6C59459AC188712D09F1AF448B511AA4CDA7036458E9DC44BBF55440D3CAC46549F8CAE45B553365E0F21F9D864E5F235FC9227F9C5BD184978537E01788E5F2D0D6D5DBDF2AC64DD8448B06CF37678E279F1CEBDD58A381D58521356ED717D3580BD9ADAAB541852F3DA4AE0127056D5A9789A5A6142BB4DD8CB1980F98DF564002EA9C77842FA512D3255D5CDC91C662E84EF99A02585A3144B41DA6EDE4483552BCF2E86B20F973280FF75C08E0715FE7CC521017AD98C2B3054EA83042BA3A3541D7DAAD1005B81AF800F32CBB0F00921A7D50109A4D2DD2882AE500953B9D2B929983BA66DCBD3B8F962969F0F3D1730A3F63A213A8E13B48449AA7835659D110CDDCD0BD0D88C630F25A087E12217FF843EB4D485DBDB4BE418734E41B56F458E3CC63DB2ACD1FA595137C16FBA066EB042FFC9BD9444760DB88D7D64912FD5C11E639BDE7BBF60F950275DC92230880D50A80D2EBE2E807482074D2DBC4B4D0E4DB0D240A496A5EA8C52FA269256E0614DC5E3BA995C10970AC114473C1B8E41A79CC2FE16C5B91D4886690B0A82D024568AD7E1E38681064B06431002376F60077C0873C3479D339DAEC824D78C42B047A86C8C3C35F67ABFC2021C02B87504B87A2C0FD7C8A2B98544960ECC20170510DF26E2471702F740D374DFEFCFF725CC350D379EB98FA48EE7AC9B6586ABCDC26776E7A72675FA15209F4AFFDC7BF802F7B01E3CF836D4BCF182FC754DB952D3518B18DB20CD17754411B1C1C08ACF72658AF522371760D09BFC99B09017E4DC2AA49D3B488D6FFF7A315CD2D68D5A1B50795CF21199760EB86351363A678A3ECA6E748682E9D80F1409FAA0FCA636C459502D57FC60F0EF057EB06A2BD8AF4B71CD232F5B7454F82AAE05FEBDB43966B2E11166BF89A0445B6B8E14D00F61812B8F8D3E18717138B8A4B0068484E7D9CE8FE0099A003A1E9E571B3701E12320C3B29DE7214C1EA1225F948288FF9CD495F2B903C13A7930C5AEEA55B1CDC86F9BAD84DB5974E0774D75FA18067D707223D5F8E72E1F38F6E2C97554A4F463A07182C0C47957114B66029241CAFF8C8462EBDECC149096E42EEE1D38DE4C039955DDC8CE5CEAAFD3EFEA4B0825D4AB5D098673AF16A95FFF3B5030913D1769BE0248E629EF34BF0E977CF6B9A346687EF86CEC3B1E57D8C8DE9EA1AA3B0BA79556483B715005D5BD5FDF333BE2ED95324E8215ABA6729F7026DB6AC082C47D25066A3DE0DD3B5E293C399560F04F719760690B3BB3D16DD45C74143A04F1F95887331AB8BB2DFA2E9148392C2C8E634C16390FB561D30ED463E3FB266D3E1EBA3A50CC4466CEBCD763F8505FF4F9A3851D5CD8CCC4908563BD51D329E09A9522CD03E1698A3C1DD94FC101BE0930EE8ACD4B306699CA68DF8C2F2A8E871AA70FD2ADB10C808BF277B48336DFC086B9A384FE584BA4E9B877CE67D29FD691EFE93A5AECA031F28E64F9CCCE5CFE6D07683CC538CA86B92BD8995AC5EE8980ECD1BBDA631B4EE6346C60097AFBEBDB3A4463652E5695A7AF2F8C81E7D2DE2E7208F23334C15B25E818E3741C540EDF94FD0F8EA8361FA032300E143C340027C7D216C57E73776959842089BA3F4B5883F38DD729B15BEAD8E8C9D7B23166821554E9B4117EA606398EFFAD5C42563B50EC9344C6D83C69DA497973EC75FEF67FBF9C3497D3DD9A1E6F22D8CAD41939DED699F2D9B68B5C2F2CCABB5D336871BFBF5E8622D90C8EA570AB16969642E8E676480E4BD9593F9D48F30C0E278743506CB813F945873DAAD8C967514F3D6993CFB77CCA6FB06B569748F8112961084AFF6062E2427DE27F3CDF5081B34611FFF443BB41F8DA2F43CDC032EBD0C9742521F2D55D78D29CA7BDCCD6E2171B7F306A6ABA0A51D9346D853C4763F7883F1E57EC860216F4146BB059A32507495FC39F88BD4A325FBD5E5CEF640CFCEFD630787F35FB6CA752F81FB6EE6BB70E538D91B1A3C2669D270B769EFFEA231433E6B7DA67BBF9A46FA65833F3871496C74BBB87C6D8F37486DA6F063D5865531F31C0512C0A3E3598BAAD89AA119BCA2AFB7C716D8EF485805D399AA7D615296B505BD8D69608ACEEB48C489BB1004455909E57F5748B794B2AA78E06216FF2830027B35C8391CC20F95DB1099B7A5B1F81072FD39210246B2F7FB2ADB3D2DC6AE0D1A275406B601FD9F6BA40FBA602B847CFBF78D5DA45C7C7BCD99E0342F0EF2F356A9304A5FA24742016836EFCADAB147ABBBC33395B760B8E728AC3A6FA33EBA8BBCE911BDBD6568A0A344557B6A2746168B3123CDC2BC2FE2144B2F1711C0CF7D57D0418757B327625C20B389C8780D94A141F5504DD7A9159A5E095401FBF970952C4407CFB5F54D3031E4993F6D37CC66F7D480E7E119EE28C1CD0E4DFC57FF0C452EAABD6091A2B12C784FC5E0CA4C3795D00DB805EAC5C29281872B893CABFBA977737ADFF1EE8E54C41D44DDA99B55AD811FE4EB41B2F78B1360BB153112C3E26005AA2EBA7BF96EB1B14BE45110AF70C5A74DA91DD94D2C4E53F4347B41106C73C297017A998BFA4C2520CC5F9321296952901A22C78C4D954B4378B0EF325A3EE9948119A6B26BDA2C09E5255B8B74807307F465D7E57F95111691B0154B6903CA65B2A1C62D62B55946E316CE5F701CEDADC2B2C499EDADA8B6845C76F504611E1C70BF9563743833DCC25FC83F79DDA6DE2E432B724C9D3D18099CDE9999F500EEA1049B04EEB5FEBC67A462364083C54F71BCF6686758EC69F9205B069D028941DCB65E3103A0BB011CF90D3B1C2A2295475E783B2E50E662A46C57FE466BF4A420B5CD30721BC315B4C8A5F1D7759964CEDDBE234D710F48D14C8AECE06992F892149338509EE4B2DC55F13591B39934ECD6D5D54C309B46F6800250FC5C01A62E9FE14E9F52F4CC3A81AA2502F23FF23AAA31067AB3F751031DF00450439AF6ED4F04478C01864356ABAF897F817F6C1D0FD6993A0B2DFA284D84DB141C9B4CDEAB65C628E3BA11AEFC634C64D5C6DCCE8624AED63CDB3A5E5C8F24CEC56F6E6EA9BAEC129B82F9FDE9B069002B49BEE21CF09F04A9AB854548EAB8248BC57A24F58582750C66ACD0AF9BEEA3AA938E6E887B926DA8A7047877936628268DA427386A120D35A4153952AA2BC3967A2BB23B71CD7057626C7ABBE60B5C1CF497DD70B26B779B8A190A4B7F68D021C299941180EF1F0BFF6DF4DBE9E23D4EE7230496729598A6EFE6FA8583D95AFE8BAA669BB85DE889D1A68F4C9D43F2B1038FD20470559F8479E23E14C25E0A331E5C192EF7AFC094F07F59EBCA9D43A184142B45C7008AF780A46F1ECFB67F5820FD953AB7971E7F2AB2B353392A9EDEF61A9DB630621E61E94E54140A738AC156DAB8519D61542E325D6A059E84EFCA960B52FC2B0B552A41291BB6427682D91394B2E7481AF6D5943ACBF883A137950F6B9F5D849F884DEFE75A21DC2DA045CE799616831F8DAF7A3791FFB34E4A1FB65B20E3D6F5A2B0B7C3298D0E33B87CA86F270AAE8C81252705AA2EBE69454FC650D40F7B9321238BBDDD87AFD5BC88CE70DC90B6EFF7BD00E3E5CC7FA23A5A6E47310506FAE3CD5072BDC039B730D6E42DAA1A44CEC60AE9B7BF411AE62B532542E6F9F3DB4C6EDF74AB18C83EF76B65E7C00AD9D362308895A97C4F2812A3F71BBD57F8FCA735CB78996F2E5FF27A0FFAA606ABA08733F784C4023FD1AF090DF9C36C4C49E508ADC1EAF14A245A1F894B736444BE71A127850D3A593C44C75E66590D3C03D61D2CDC656E19B43FFE4FA3FF55C21C5E1A1587358E0CE4925944B20B89220F52D809200A2DD0B3D9667323BF55087CA608F5E03A4E612AFA76E8D08F5A930E5D9C07415930FC901A1BF1D232957A1EACBEC5ABFA3C551F719D241B829BD548814DF48E06F97E879429A4337801CCEDF4CFD99D9DE4AC3002A2EA458ED70029B049650638921F57042F899FDDD3535B9C01CA3591D95A7A25329551CEBDEAE51FE27A79D79FCE1C562B53539FC8511851EB7B22D99DC467E72175E01ED77D8C106008B76903537C6A50BE899A032222B82A6668F38B4DDC5D40921F9EA437FBE5731AA7242CC9D4477DBA97B3F754F07976A2E925EA211BC0C6C8B296B4ECC13C8761D8D271E2D98676B207592084602675982DE02628D71B0902FCCEC976C257DC726CBFB6EC2B403D8036047C5B1C309B575995210F6728F50E36994E460BE352CEF0FBF65D13667DBA6C4B3B73A0CC9FD22696710DA8B757BDACB09E9173CC374421B000CC1F3245D5BE6F876D1D177C014C0C5688B12C48FEAB6A47147624950E264FB0646DD838A176BDC96FD298A6CE0F12E25AE84B2ED1B97CEFD035DB94DD5BC026AAA605209885B2827B0ADA219DE6C04105953E65F9D66866C15E6CC3AECDBC385BE1709233EAE5C195337EAB2FF16D9E50DEF7527AC83DB5F8A3F6EF5988638D0EFE85DF35798D9EAF2094D278D38CF3386D774F1546D6ABCCFC652D0074057AD11BFA1BB172562573C9B519A54A2B09203A7BFCDD957C8A940B5713EE5E789BCAA93BA8ECAF262EC136B64A465E5F322631CE6C227B713FB6DC3968FA1B9F0DC6BDE5F719D79EFBBC2070B9224A19899393B0B389972DDE5B682CCC18E0EE44B636FBA14F6CD0E1A65C587E6C75128019986D68B6F9D7B950C9D6B7A712556F26E23BF718AB43F718EA0768C9075D9CC87CE77FDF3AE61C7C484F6361AE21299C91F570BA9FD7E938AD54B73A9FD495767F892A7C95136A5E4922FBB662B5ED248F0C8C939D1035BEEDEF68F226071F1527055EE73F4E0C88A19D013A12EE6069E59C27E829C6047E21F66AA1F405E581A639AB4947B173A16B038AB477D92323FF8887EEF8C788ED31BB0C834D0E62CEC3E66D3728140548B18E9ABDF4201ADDEE5E150B4ADD1F98E0A377DB7DDBE584E2CDE92D0F0E1132C1F4ABC3394D9C373F5190A367D454ACBB93C07F99B9C358ACE645F4B3839D9FDAD7847DC3CECA71D9F9473EE1D515EDD150FC6EE6892E81F1D835D7F10E2975E7FE265AE63CFD616A242A69EA1E07B2B1213E8AE976842AF9BF85DB11E2371A5C023BC288540A503492C9E157E9C9116DF10D6F1DCB072D196CA31C453886D81CD398405034C02AB1FBEE5450045F9DE43C1C756DB3C59217F38CE4609084CC7D011C89FAAEE6F2A24ADC9E6B9E636712E0385739C3CA3619EB3683C47341B85C4735CF83CEEC0512CD2ADE0E882F69D7298DC5A36638E42B5FDC8FA4C573ABF14116BA171413A4F1FA41B8255590EE5687E46F9CA024DF5731398DB96C9F4DE3F4354DE42D134E4CF7F33733984EAD7DF6C2E55B0AB7B6159142F3080549F7EACBE98156AE14C2848C7FB5574FBBAF9E1FA13793D6F417A8B542B384550B9A48E0255BB916805F9AD41865632D33E4BDD939EE831FE99F6F9803017835452D5E8399B3832E8D3CFCC4036EE8BC2A1000B7AD6F70052A00E56BE546E824BEF66A25605AA0A5BCF311DDB562EC0D1D88A0C1BFE1EDA74F805EA2ABC2DAAB58A6B0E7B69CE15A84F4CB00A697091926F595C47A3E2FCF05D503CEDF01866AD9E6A1FCBCB5115AD21F0DF1A80F2A1511987D946E2CFF912D103590900C10CDE2B06711D2C112B2489724020E69868F88D6F0883A25142395D1183D10454A407BE4104A904C1D8CCCDCEBEF7C7365FE1B7BE300DB275C6482F8D763778623E01D7DC8935FE63D668CA85C1F66FD4E1240750A5B2BA2FA6E8A00AB34EEEDDCFFB65A8479336715DA0933035FD9F280F71D408A3F53B428B05DB9F1172899CD468CDB000A73CF645D3E67F5DC6448937B5C210477BE3C398CA552A7D26857A4E3602847F9639BC0582CCBD087BB09910F05C7C27FEBB460B36929765610C435A6B65247776CF3617BB07818C0E410F57AFF24CB03837F4820AEB2CB86F5B7759DAED483830DC2DBD554510FE4A93FC19B5ED03CE49927661D07C508F96900778C50B175A2242E52556B7856DF48B563AC42E0D7B347BFB007F115F3A907194EA14728FC4D63B7E9F8498B17AEA72C404FAF97BDE3B31733A62D65063B83692982DC0B79322B4690D0EC75F318FCCE8D9EAD2C5DB51A116B90B8EB00A72E96165C67230EDFE5D8A14F587719226FC3C1C6EE419A88003C4FB6CF0B6B005396CA24679D174DCB221ED2AD64D864FCAF90AE003976B6FE3FA0C85F9B4EAF0E99722B220770A0BD8B220C34391F3B70653D3E94B65419DF7C45BCD4443B3599A931239E6DB56E7EC8EB352AFFD4084439A8D058C98E622BF36234145EF15B63692ADB99DFC16E1FD7808137D8DD803241D253E3E8E92855029674B943CA34A245C579752E2C231A8D5BEDF886FCAA212FD9CDC939EE2FFDD3C30D91CBF9EA505BF722129ED3D55DC96B0236627C84DA3DD6F547F104C6FE8C2F8F088640A337F445E8AEFE16E6A393381D00 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-13] (EasyBits Software Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-10] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2 Tcpip\..\Interfaces\{522C3B31-8EAC-461F-81DB-46CFDA8BA7EE}: [DhcpNameServer] 75.114.81.1 75.114.81.2 Internet Explorer: ================== HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FireFox: ======== FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default FF DefaultSearchEngine.US: Yahoo Web FF Homepage: hxxps://www.yahoo.com/ FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-10] (RealTimes) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-05] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File] FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: hopster.com/CouponPrinterPlugin -> C:\Users\Kristina\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\searchplugins\yahoo-ysp.xml [2015-10-23] FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25] CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25] CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-25] CHR Extension: (Google Docs Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (TLRemove) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-08-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Bitdefender QuickScan) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2016-04-21] CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Skype Calling) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-11] CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-07-16] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries) S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] () R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-10] (RealNetworks, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider) S3 iscFlash; C:\SWSetup\SP60593\iscflashx64.sys [50752 2011-05-19] (Insyde Software) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-09 01:31 - 2016-05-09 01:32 - 00054681 _____ C:\Users\Kristina\Desktop\FRST.txt 2016-05-09 01:31 - 2016-05-09 01:31 - 00000000 ____D C:\FRST 2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT1.txt 2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT.txt 2016-05-09 01:24 - 2016-05-09 01:24 - 00020770 _____ C:\Users\Kristina\Desktop\AdwCleaner[C1].txt 2016-05-09 01:16 - 2016-05-09 01:16 - 03640384 _____ C:\Users\Kristina\Desktop\adwcleaner_5.116.exe 2016-05-08 20:52 - 2016-05-08 20:53 - 02379264 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe 2016-05-08 20:50 - 2016-05-08 20:50 - 01610816 _____ (Malwarebytes) C:\Users\Kristina\Desktop\JRT.exe 2016-05-08 19:30 - 2016-05-08 19:30 - 01685487 _____ C:\Users\Kristina\Downloads\13211868_570182763166326_94315496_n.mp4 2016-05-07 22:38 - 2016-05-07 22:38 - 02765833 _____ C:\Users\Kristina\Downloads\13158200_1210624538962844_2004398255_n.mp4 2016-05-05 20:38 - 2016-05-06 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-04 16:25 - 2016-05-04 16:26 - 00012886 _____ C:\Users\Kristina\Documents\cc_20160504_162550.reg 2016-05-04 15:22 - 2016-05-04 15:22 - 00000329 _____ C:\Users\Kristina\Desktop\HP Printer Diagnostic Tools.url 2016-05-04 11:07 - 2016-05-04 11:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\SUPERAntiSpyware.com 2016-05-04 09:36 - 2016-05-04 09:36 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006 2016-05-04 09:35 - 2016-05-04 09:35 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006 2016-05-04 09:29 - 2016-05-04 09:29 - 00000000 ____D C:\Users\newac\.cache 2016-05-04 08:13 - 2016-05-04 08:13 - 00000000 ____D C:\Users\newac\AppData\Roaming\AVG 2016-05-04 08:08 - 2016-05-04 08:08 - 00000000 ____D C:\Users\newac\AppData\Roaming\RealNetworks 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\Real 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Real 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Hopster 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\GWX 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\CrashRpt 2016-04-28 15:08 - 2016-05-05 23:35 - 00000000 ____D C:\Users\Kristina\Desktop\jmwp 2016-04-27 18:16 - 2016-04-27 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-04-26 00:45 - 2016-04-26 00:45 - 00501127 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April26.fdf 2016-04-21 19:13 - 2016-04-21 19:13 - 00001678 _____ C:\Users\Kristina\Documents\rprtscan.txt 2016-04-21 16:42 - 2016-04-21 16:42 - 02870984 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_enu.exe 2016-04-21 16:41 - 2016-04-21 16:41 - 00039480 _____ C:\Users\Kristina\Downloads\qsinstaller.exe 2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg 2016-04-21 08:06 - 2016-04-21 08:06 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-04-21 08:06 - 2016-04-21 08:06 - 00000831 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\Program Files\CCleaner 2016-04-20 23:12 - 2016-04-20 23:12 - 14311424 _____ C:\Users\Kristina\Downloads\SkypeWebPlugin.msi 2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2016-04-19 10:29 - 2016-04-19 10:29 - 00000377 _____ C:\Users\Kristina\Documents\account gone.txt 2016-04-19 00:07 - 2016-04-19 00:07 - 00000070 _____ C:\Users\Kristina\Documents\doc.txt 2016-04-18 20:43 - 2016-04-20 01:13 - 00000000 ____D C:\Users\Kristina\Desktop\FAMILYBIRTHDAYPARTIES 2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys 2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2016-04-14 03:47 - 2016-04-14 03:47 - 00432148 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14 (1).fdf 2016-04-14 03:45 - 2016-04-14 03:45 - 00432209 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14.fdf 2016-04-09 02:36 - 2016-04-09 02:36 - 04842371 _____ C:\Users\Kristina\Desktop\12980357_516118891914782_1206466174_n.mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-09 01:25 - 2012-04-04 23:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-09 01:23 - 2012-12-06 21:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-09 01:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-09 01:20 - 2012-01-25 20:10 - 00000000 ____D C:\ProgramData\MFAData 2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Yahoo! 2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\LocalLow\Yahoo! 2016-05-09 01:20 - 2011-08-21 00:40 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-05-09 01:19 - 2014-09-19 05:14 - 00000000 ____D C:\AdwCleaner 2016-05-08 23:59 - 2012-04-13 14:49 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job 2016-05-08 23:43 - 2013-06-25 18:42 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job 2016-05-08 23:41 - 2012-12-06 21:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-08 17:43 - 2013-06-25 18:42 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job 2016-05-07 20:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-05-06 11:46 - 2012-04-25 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-04 15:21 - 2016-02-07 11:47 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\HpUpdate 2016-05-04 11:39 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac\AppData\Local\Google 2016-05-04 10:01 - 2015-06-25 10:21 - 00000000 ____D C:\Users\newac\AppData\Local\Avg 2016-05-04 09:39 - 2015-05-28 23:01 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEC11DBF-45C2-445F-A798-400974510C19} 2016-05-04 09:29 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac 2016-05-04 08:07 - 2015-05-28 23:02 - 00066616 _____ C:\Users\newac\AppData\Local\GDIPFONTCACHEV1.DAT 2016-0 Link to comment Share on other sites More sharing options...
Satchfan Posted May 9, 2016 Share Posted May 9, 2016 Thank you for the logs but Farbar Recovery Scan Tool, (FRST), is incomplete. I need the full FRST.txt and Addition.txt. Thanks Link to comment Share on other sites More sharing options...
kristina Posted May 9, 2016 Author Share Posted May 9, 2016 (edited) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016 Ran by Kristina (administrator) on KRISTINA-HP (09-05-2016 01:31:56) Running from C:\Users\Kristina\Desktop Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-04-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2015-07-10] (RealNetworks, Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-14] (Easybits) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe" HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [720112 2016-02-24] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Facebook Update] => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [58C472AA051AD623CFE08192244161E972D1F5A3._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [DriveConfiguration] 0xC6142D477C3E07F5FE5919D366618159D63F935B6DEF714373DEDB9DD79648DADC9C354D0F99BD7A7CB96A9021514B34A3C4468040A7B04C05231BAC419B6FB9398F3C951DC14FA93B968431C673BEDAFBEB17CD6B03CFE0C38CC979A13443F1C945B5EC2590FCE60AA3B70FBD43F259361601CF249FAF28306F999C869AD4F69269D6EB074E93AA261DE6B43D7833EE6E8B4AF4B1FA8FB11CC018582C625A97A59B0BB9E14341CEC2840FE91AB8FCCAC129B4BAE61CFEB7A20FEED1D33E5CD4276C942777DF4FF457ADE389EB36B6FFFBF2F8194A6D926E248F59CB372188D3A38D6DE854E5E2624F9027FF8ECCC08E19C44EBF2ECBAA9DFE5F26C10D0013C6DB4287FCC4225C6125967CCDC0675C6C6243C771C20EDD09AD7A5B8E60D71DFE352CE0AB83864D34BF9033B3E764153820A1E4F5779DBE0DBDC49EB6288C6445182A8823E1EC2ABFC265A7D51BCA6BF0DA9C062D37878143A18AF2C0F8594E95FC007FD506C8B6BAF55E03E96C3222F73B1E982B1A48FF869D499F00648F3E159D92FF388081DFD247B4F4CBF70EE7343141ED826588A7E2DE9947CCFFD5F5DBCCC371DCABBCF9246CE86D278868B147A6D553EA64EA6ECF537DCEA243B454CEC2759C92DF1EDE573377124123BFE458045FE096F9AEA66370EE312448566774BEFF91CA83A30F5511A44A2B3E50E9A3126348FFD6CD264F6DB69D91E7C0581D548C0041D67FF728FAC649004997E05B19BAF7D6A949D0F96EB4B7AA5FA707ED173770A949B4FB3E1DBCA15CD888812F48C36DD3639CA80E2B1AEE3ED4AFB5902911B3732C45A04DFDFC3D6CFD23953F32B683C6EDD57447AB196E433A2851A81D875E4830B0F5A28A8F65A35FB5435B78E19A04B6BE7C34E342143C9FD739649DB943770F9F1E835E9D9CDA1F49105C421D18F98D1CBA7149B8B35E3CF40B75D7C6ED09AFBFB6D031ED4CEA9201B11F06ADD869973250B7B2E3D59DDE00D8C60CBD0B2C1912D9A1666C491BDCA2244F2D2A5A815C8DA29A7F18617BC3D5CD91B2B952A9B11F3406CD7577B1B736FC110C18ECBBDA86598B605023F416A21994EDA732610CD8BE1A0E8BB63FB78335CF2046362B30EC05BFB4DEF3E4B1DE4E05F8489101FC97D7D1E12A966BD54889E6A363EEDE8599F21A3A806A6C5923C3D9E5483CFA21F552A2A6327CC1B20FC31989C3E9A7CF65EA35B348CF1B8395EEE8DD82779C1424FA18D58529D20BF7DFCDFFA862C9C476E5B6D204526FF10D46A559F85C1917ADAE0FB2A899FF0F4BC18D927955BB8660945EBF9691AACE7D6833E2946E7F1CCA631A208134096B9657BC41885E4BE7DDCCFF13C12714A1F14FBD87D70D690BF6EF45338954027E67C3D8D12A81CBB490622DBE21DF644E1369ED7C6AFDA15063F937CD31132E0BA04C361D26C0075D8A69C9264828E5083FAC5FCAAA9565AF51D928F90067EAAC390B589426921B89D12EAAF2971B6288DA83D85CF7A06E1C782024928ACDB16DB16DD244BAE7E3D8DAF1A8AC9A95457D6D89627DAC4CD23F6F2BFF960AB68DABD7703A4C36CA0987D1539F782529ED5F3DB30FF5C192740130D440266A6BEEFF71DE3A6D703F3E30FD5DDBB59B3A5A2F83C053E9A495AFCEDBE8DAA97BB99339D5C36434DEFCFFCF06E278230C04B2D516C417F6015B8D28F61EA5033EFF15B7575668F247E2F404300A0D40256978A63C8A22C0E4F012CA795A9D151644D9ADABB195533A4F280524D7FD82FBA7D17415C85C48793B6A28FB8D242AA9AC91C766F95D8ED59ED819792241411A3A458E6AE3C3F1E8ADD2B6055A05B485A7EDC7296AE0808BDDF91A493A60B06588CC95AEECB44685D6E32FA42E0784A372B061C13D25C49023B494EFDD46E239A6366EBCE4646D6D0B8589D9BFBD2A5F386FF49DEB53902867CAB0807D6F4D43A3EF33A09A1AC00F4F3AE93FFFA37D95509F8BAE437B1CCDAF1DC855B570DD2B352559244256FFC8D46AAA56BD38E207DF6FAD979B35A7028C0E558B7600B70379F41C488B603A0C24237ED83BB0A150726F7CB88E601DB729021A5B95AB73255E76D8E1A861FFF41468435E77A1B109DE7268A1180246A575EDC1BFCC3C1251C39499504AAD7D55690693F13CD881413B4823C3BFE02D68C24012EBE7112560BA3BFE1038582084929568D8E02EC66872EF5A658BB6115E8E298ABE46B312F47DCBD3D1CA7A4831AA17F4DDD25554B0C48012F9A1047B213E2F338E793828C6CE7FC4D8251667F7EE81146970BA6A9F5E78D7A6ACB19508BEA05EA4472C7E39E57B5D76DCCA169CBC79572F436264F17F695F103354C69F7CDD3D43B4068E2F97ADEE52A46081CEC67221AD344F5BCF960CBB2769434A27A41D54799CB06FF0258CB895BEFA9060E75F0268F504DFA8EE2D701683101E458A7E872CAFC6D22966D73F4523A402BACECD51B2717BBC52348BBDF78CF090C0AF52444C4BFB12C577F4EF1DEA6B5D976B58868A88608B61958BFA1AE7AAD03EC17E687C3CB6031B4A0DC6C3C679174A00A64ACA75A27DF7DEDAC0AF6D4579D353DF07568559A693C00F93E4CA3A7070FB67E944FD2798A5D00926A511C5B4F57BBA79FAAE959BAC232F65A479B1943D7893967F1DA9807A403F0074245B92474D43F704913FE3DC72A0F641AB01EE4809CD1B527C0113EB6E34A6F253D415FA82B27EF143C19BFF291AACB1A244B257CCB395DEAA8A8E49B3D7B5E5E85B03B4973CD0388837BB2ADDEFA66E3E85014733684CC8D16FD78B9925CDA49D6370D8E425A60B1096B5F83E6D4B252E7CC115A486A0BF0E52653F66FD81CC5A94A495EAABE23BE0D387376DEA4A11B7CAB10B8472CEB8ACA85BBECEE209DB4367162650B21E98A01733CAF1A82F000D5A4967FC64E79B78E8B36CA1D5F1E2F20C107E74C27FC33125C1F5EC42C421950F266F5DE5437A51091682F71F075D9EC191AB35BCA2ADC67D455A41C67EB07BA5754976A7D72EE3497AEFE5AF40F418993D0ED2921C51A96ABE2635E7259C16B891FF39AAE8AC581E5B23C095BB475E57605961DD5DF61372E2DA4C59B7FF2FFB2EC0BA2F573E9BB87203460FAAE54463002DCEDF85F99A2BCCDFF5359FD31231F14BA2DE14A0A40C2CB87F5BE4E24E455F017B5F71ED8FDB9510164852056BECC0E77ADED04AD86F5B34C3F62BD0062304671D90E58B9A998B96C76E37538D66B1FA94978D62ACA3AD726CD407D8186CA8FEC836F93AC76142453A8E6CEF02280B11E3F49B99C2E5E90ACEFA417763E2D03A0E4C9524E63E8F0807B6D17A4391D9D613AD1E84D44BE87B30B76404DA2AF8C17EEFD4EDF7C5CAE5C3855FE8B504221BEA3B3CD0FEA5490780E96635A3B98B459536FA1BDDD625BAE262ED5F3EAF22AAE17DD57705AABDB3B7A6D96E93275732CF1EB5947AE9260806CA37FA0598B21A30B4C2F7AD3F59CF928ACFA5A5CECB95651E67654F998F5C5AE4AA57C495D77D1910774CE34F254244A0141233F301DF5B121E59B6E14F2A5DE498909F03D64B508AAEB96374C440BBE92DEC3F0526592DDB06D4B0BA71BDB4AECF2FF94AFCE366A54152A1A3841ADC7695BBA3F164A602B2CABE1E7A61681108C06FD18E22B10F046A195FC264CD9A4E4EA8807397EAA293E62E7F3D5E9DEE022062BC85125D95D2DF1C28F13F0786BA79DACBEA26590177373E41213A95771B4AD88E3807A3693E770E33F454BD9AA7C7003BCC819A5AE607C6D7AB4D7C5D6287F0DD8F3C5B3BD29CFF460D1365EEC51EEAB1CB5E79571BEA9ADF04EAACB989626E36074BC53C19E8B9953EB957C06BA8663F260FA94EB766C9BB40951F52F259825C80EA5D66D4DB0444014148547A17480781E18B9EE2904C32E0A615F7709A8FC1A57E99C86CDF97A879ED0DAC81DB6C4BAA892BF3953F611A06A97EF4229B1433A68C0C28726AEE4AED8D04CF4DE9BC7913894FB3D438A0DC3F8167E35CDB8E14121DDB31EC38D0C51C24D0B5C11B821865067A48CA341739E652A70A2C98D2DA0D954035DDBF3C4DAF3D2897E88F7EF5F04B0954145C9C8CDA020387921A3AA62EA0DD605472E02CB05680A28F3F79DDAACC7A233F12D6C8679B7C4FA3AE29D3B8D1DCA5BD8D8A3772711439D359957601EDF04130F1744B9387BAA5476471CD211FAA254C4098A4349A95CCA3DC66DC2A62C046C3510B63B4E26566B7FEEA8E570C33A09D061C95ECD3CB902AD1EE1320B0437124875E87F521A795A7E698A2D53F267336E037A1C527C31A4814DA7782AB8182AB9ABCF51D1CEC85501D5B1F089F1672CD5CFBAD9CAD128ADCAA208B93937A83DA6E18598EF2EA0949A46FEB914083384F5A78CA95824569233434CBB1AD9F4550E8E9C211433FC43A7AC3FB8ED6EA16CEA222D97FDFB970EE38FA037238998AF1BB50E3A5A3CB2120CCC2278E4164763BB0FC44541BCFCEF2D143EF549D47F06C953DEEA29E155DAAC425E81D7539784D875F30E2D29E502C37E559B7E1427120CB540A288303BF072D6E7E02CA25EC40BB9905DA80D00331C65E8284A190E1C216EAEB9CDCD4B7DF6390CC0116956F89F9DD45C454E71AB286A622077E1BEF5E7D53E6DA2732F00EDA6F711A40E07E1720F84AB67A8DE223D2DF1B30CCD7C8AFF98C301FF10BBF8CA258FBB0E7B0BA5E5C11922071FC921FBE7A952F44965D819DDFC8B00221F2A8F8DC2615D51F0E8B255632044D64BC906EF27E488D063684F0D7104ECBDF6C161B33E2A6D310835936B6628884795346D815F34D5142E93770886BF2C15503956EBE4D9398F0E1968C5723AA060CD84B1A25CFE226D972FE04E49BE1842DA93E19A7D241D275BAD08C514510662EAA2C761CCA52BA6DBFFD5216B77AEC5703A57F9F6BF43CAAC5B8C1ECC59F959132177CC187AB4BF354516F88CC853F12878CC1086DC0B5BED627D694EF4B5C6D6046C5632C1DD5B8D84FDC10CFAD37DE056B191DDB788B40420BB26B247E51E3FF608EC3D3C6F9F23FE1CA9551E7D66A3918C93624AF3B7FAA3797D5B0510785DC598C604B464EBE87D230C3B3DBA8E1090ACE9E87B2B398E4FBF3C6C93F8E003EB4F3C2624C5E2D60D9644E9E75CCA33721A1DBACAC85DE95D6D6480D20B6BACBF259BD3C70AC9E4C659CA5F47A7BEAB8ACA66B75FD655C596912BE331B7E33EDE1901156DE2FB5257E62193BAFB6A9294FE053F2E0A4DE1283F67CBF245EA26EF2A1179995129D4BC09475EBAEA6EEB2FD071982DCBF33B3100EC9AB39A21FAF570CD3F88C75BE0A238D1B41D2C5EBAD3CBE971FBA01D8845BF0D47229FC8901AF196FDCB86F599858539D4431757441EF955BA453150E5CF9FC135FFA189C64417E00BDEAA369389D67CC431B521F53161DC68646744E86B9FA5DB16B8EE97816CCA9054BD7C921C256E254EEBD294ED5CEE6851F5F29206D5DB814EC11DC4B8D29A2FC8F27DCF9DDAE2F7C1AE7FBFD2E260AA5EB075E07F0BC2E0BCEA52B2A6A2107E1A2A5385F340BFA81DB2C9301BAB0DAEAFE25FA50C04F743D28BF63EED8A7044088ED7565ED7EBD95DBE0E50D9FBC1C459E08A2BA6C56CD37386A6241009F63A00187281A72D2B18271713BF23EFA1154A74FA527C37ADF7FE3DCB54EC687FCE30CE87EB0EDA94C502BD555C8453E380EEE1C57C795BDF62D5526C6E111A9581BD549F316BE403BF630F1565D1A1E4E397B5BB6DF25C3915EC0E96F0D1311D9677FA1EF19CCD2505828AB3A786D30F2BBA3D76767C63B121BC9142062DA67D389E895FA26AE630BB01A4341CAD04BE3F4668F487514348F420B778F2108F0110E28183DDEFE0A5322E3869C4E8D3B9F1BE346972910F625E9D7D243BA26DD7952ED1853603049126F5BFBA20ED7C695CC2EDAD0ADCB839467CF26E21633E427056780EF22F46DA8B05F2CA93C51D472D2F6F23670A39496BBBBA1B0F1D36C581F1488A594E1DDB095BAFB985261AFCA193BD47FCAF86C858B76EF4395BDE3E3F72E22AD439071A7E82A4873D1CD848E530AC428B3A21433E93EC9BAA360AB748D9A5A99D0FDEAF4D8D5D1395B93039A970B5B95DBE03D10483C79A7D9C47345A1CB81F154C595EB0995FF1CF83E8E26FA1D85C6C3FD6BBC2B2CED5160ECCF837EBB286260D8CFBAB50211F25683A534D66DE1CE5B242DD9AD1CB9188DE46B2248641BC48C6203A1794B711BFB31BF775810853B0555950DDBBEA10895D5CA7F9ACB220C6E1DFD4991606D895F9050C635A68DDBD5689AF30C85424291E1A5F3312E806129BCAE89D492EFBF86BDE9A1B7E86C4A642DFAC7B22B87CFD4597DAE3099039583BD117FABB036597D5729023845473639AFFB7E7216D7F81726E45A9ADF3635DAF2C377976E74342A9B7DA67326EA72127F7B2CDA80B21E824F2A459E852A9DCE907A9E365576072E1A60DA953AA4FBA83C9C550EE837E4807916D445A26BA0C3C85EE0FD6EAF615AF19C7BA875059F601FCE302C848594A662458A638EDABE302E259A9B28C260B6DAE976170C92002323DDB48C97B0EA1995A7A2F3A64B18AC6B6AAD53814DD899A153C8F82FE7934678B0908B3807011060AEF6B816BF6D93FCE2BEB1B5C33734A5C403A9F9EE5099E82EB05A38BEC02B03E10880BBD3239B6C00205C419574275A4A9360327C0A101FFA0505CC92A235668BA6A2F49E6F81EB422A9AFD2C46F2331729A83BC1211D03369D5786509DA8E67F678ABCC67CCEAC06CAF63C7F23DFE694EEA26BCE1DBD6B24955E6E337A9660D6678B897F3BE053054147FAC041F2359C494A186BADE439804DB112791675A65CCC7A67E60685581F7A096F327A9B3D7CBFA6D0E36660D96938FC0A002E21C2A0349CEC982E9551242139781C3933063FAF7D68947AFF77E44E6DA91F71C984FCCB2A59E03DBB2E013406FCCB7E731B825C0BFA2AD88213A459751E1974F0859B0533190A7FB60335806AFD42A942C250ACF295C25AA6F61B5FB0D7C5C0B0AA0CE975D944330426B8092CECE34A61A8E3EFC6B92AEE8C64775E7B1B04DBCEFF012C44A34223741335C5611516AB4EAE66A8D4E899AC31D30EE9E3CA453475F7954DAD9A197BA2788561B1466BFE2D195B33C3FB08765E3E4BCA470F6BEF914E9BD6B49DC45778B8852615047804986AB8328865A02BCA5AD592C229866ABB01F28589782B3F6CDB1A6B38C2C4958EB3E8CB4B3F3A381FB92E774FA056A31E7A3504427351D79948894D1963A9D505473C9E672FA158BAF2623BE72AC04B739593DAF6BB514ECFD26C2516DEE135D21C0D396CA1C389643F9D299543A88F05D1D6C27B87AA9F1A47D329AA4BF1916C5BFA04A244DDC852856687484B62EB5AA0036AEFDF8664C26B126BE4A0E4E1000AA9C9E3D52BD73C8530C9A0E79FFAD148E5353FE497C7CF95A159D8DCFEFEFB7B46F0030409D318CECC650B3900A9E7F23144C9728027F1C8536E18994B88046576995B0BC71CB590C3CDF41C7CC6D845C3E8CE909A7C0935E81AD42370CA2744046A780295F650D30AD02F2D50453FF6536798EDA219DF389FC825B483560C8AA2572C03F080B59DC55C555DDD415C68A3831ECDAFE798A68D5B575FC0E4965506D7A6A3DE4C933848D0052DCC5A6456BD95804018BFEBEF7A8709787EE201AFB1F9ECA201D34234CF1B9208452477A1EA2AC7C773DB0D2CDC153A4FB8F297A1C602FEE6C4D74ADF88C70C264CED7F594A71BF7A88093596F6C056A5B6F6958DB2BBA9753C95F24CDB8BD3A426EB2F5CD59E1ACF23FF534B76ED0FC5421FF9CB2BB876B96A1C2D307101C7C4D2C9F3F55D0FAE618880C13714EC8BEFEE9C003954E7F23338008FDEE9122C95D3F08F403238C4B4DC73B25AE2B819BA3C71D515BF746DA44970EA213F8BE5883949E41FFBB0E7B4A7AA3D2632AA9C261592713F45D4751464D881EA399EA3665EA57197380B9D362CF5CA2D9510319E57E01A1987B3BD25CBED3A6EF2B56C734BAACCDDB0D19210C3D21E0178659747D407D274F3F175A5504A5C58419C3B7EC18585D172AF8D68E201EB890E1722BE25F07F2B8EE7441E2B95E506E8E0D454EC4F5799F5E6B844CC1C21260BF7101B2CD205ECE55D7D74B8E52402C5D647FFE47E88D1F013D5FE65F89B952E3C36CAB863ACE04B6A9C4C9A057117992BDB848ED480F36B0295EE055BFED5019BE473768B614F2205BC2A13ED13330C09E77A2A13DBA7C70DB9EC9FD5B63831F9F7AE68CC54557BBA5B1112D898D2AABF130B3A9B1B65177F42B515FBA92CEFF17ECEE9A4C29526B312503791841BB5B963B776FC4D1B23A968A533AFF75E1A012B7FBD3F3B352A92B6A286D7182446019CD9A2B85263474671E84DB4EE5D68304E0562B2B834C9E04E59E42EBD3BEC4913839579B6D17B3BB64215EA6E0B2F80440215A58C44486B64817E3BDC9BE90F5B70BCE23DF3EC65C18233F423735BC805F1B96E1306F778E7F817722AD9B517FD5A8DC597E03C2F2FDA4B521C516995AA3BC0F8A59127CC58315B2F7160A0286DF879FC0B0ABFF600C7F164ECA1CBE28DAD1ADB324CCE4C730A51CB20C617C8771376149ADFB99F3F527086AAF9094DD824A568FE8D2401313A82F59567A467209E18F9DA5B5EF5C15699FEB9746E3432F56809A9EF9B5072FB8897B42E41B7B54BCDA95836CE9CE3AC614406324674194B41EFA6EEC07B2737BD38115DE63011E4FC2F951479D58E95A975E974CCCAF08B4277FF66E442CDA94FA10C12DCDBFABBD26B3399DBA5C949B59C960C2A42D10F42D1E0F1B76A6D7FA9FCBCC293683C3B7EE35C6D759B9F9C389DF3D534F63E2EB3183B4F9551808431AF96EF266BD51E1A4F2B5218C8A3800F9A41A7D7D32D606FFD14B78998CC3948C7374E484A69CADFAC0DBEA2BE04942B43505B1AED315F5A898DFDA57695B54B5BA6812F196D651295FF4F48143D0802779C92B6A76C486277BD4BB4AED22520C2D2AC2FE3C1291A3BAFBA97752FF5F37C0BCE618536BB914F021585A993C2A1359411016D28E50EE3241654CD7B148EC0F9CE03BC9535D21669C1B518A0A3B5602D099D9ED438E96C91C62B262409ADFCCDCF5845554FD4164D60F1149AE94686329917AE20D87C5ACEFDC0B683C108642BF335CF576E0BBC84499221A04DBC3BCA95AC49DB59EFE80021319FABF18B6CEF60CF2D48CA79BD2D95E260E9B9B761A67FAAF9CB8867738812CA8EAE774F23C5F6CA0758B658339408952211ED0F7BF0D8FBF026B5276617293056671C95F5730D754B8DA924F2B51766C8A244443D53405D07F695E61709D8EFCBBF7DE865A5EF63BC85E01B318ADE36E5A628C72931BF9737D3C0251FA3F0EB039099E38700954A84B8A8A4FCFC12009553F7657DBC5C950DF14E4E79277E8AA64193621644CE24B10BEEA7C63B51DB4D7A5DA46FDC1EE9479E30E7EB17E0CCA6EB8E81888255C721B9EE8589D7D260A3C29F8DA372BDE3CEA741358195D712DE756B4A9D412ADFA421F682EBF5B6C7CA8D9387C7236782AC297249DD454F5CE99B278F5F4A25B2E3392A708113C178409055DBFBF7A1B56CE069108A3F6805159E89246FAA5A16ADF195BD81EEEAE02CEB367064D0250A9E4A7CF35DE27608578908F8D37469B0552AD2177DDB82FC2DF3064CEAEFB789856F8477FA8DF219986E60DB62169011B68163A02CEFE4FBC17F885235FFB49505B103805FAD34BB8111EB2F9C9AFF266480DA2CC156D317C731B745E80CA925686B2DF9123F7FDA2A0A29FCA243D43390FC5FB6E0C22E2346C5C5C47738951199FB1576F8781556FACA4F4FF1552540C07F7236886639A91162C4CE8D68826A8080A9E47F791F9F37DB9B86B01D07E9D31829872BBC83ECE80278FD2921AFD17B05BDC29CFDFEC485B4C3F6A862B37777436B7B2548689EB0C30D27771F0C8A7108107ED656ECDB2D496C8BC6BE8CEF93B1E87E390074B067726D1A67F790DAF33289354934AE7F818BED3B1F7B0384E58BEFABEA43A722F0350999F33A1466FEFE582A42BFE9ABB269511E1B28662F3A140C413AB6774987E101C9EB436F02F73B7665A5EA7D4C3B8DA5E7730A0779D8C83CC473C423C1A7E2DE955A801EC15551A199EE69F8F7E4948E308AECE64728AB24C6619E3DCF794A99D5552CD2D0B948E987DA4CE6B815732715E1A9F78C03F062CB00024804D838B1EDF1AA600B5298AB3111098A430FB1ED40E218538013F9983A8AE80E484638D02F511C535AF2F40C3EA6276B7C234B668F191C1F274AE10BF377E598B7262B149FA15ECAD242076E4BEE02BBE4E0335AB4A875069B73D3EE1B8CFB5A6A23EF92C54DFEFB064DF38479128C40EC002E5405F4EED614D8825369B980B3764FC9FB7BEA3B1AF9170220177119AC44BA0DA31E2A05289206FFC845755CF4338F9FB596B8729B0A2CE9F6EEDA0B490D768FFC7ECAE351C84D72994AF627A8DB522DE986ADD5FA67776D8BDED35DF14DE4490CA03D8D973BFED3643040E5E9B6B4BFFCD686E9DB6888046F3E8CA2D29F115B0EF7231C28CC7CC35DF4EFE9AB0607FF930EEB9D1D8584161E80E250B69C27DCD31C69F71F9EEE8943E34D1FAB74801B3A7A94A298C9A5B5CE1E0A9D10A5CD8DD9BF5E833D01886F7B80A397D34C0C3A973AD27383E7B26151F9468589A8796B977D3E8D1F5A817495BBC35E20083B92AA3E5A2F28067D93D1CA369A6164C613BF32E171DE6DB0C3E1B61CE782F24AFAB458621287C895304D5F5E70FB480883D1D5705F3ECE0C35FE082CA4853A802CA00DDBE55A7236CC711C38F82F19DE74B1E9A6B47174EA75BF12B372FEF088E610B6844C0F67AB693E887E8C3F84CD15864FCD340D4A6AF34967DF775D8D83828E3EE63DF8771C357FD759A30804BEF0E84A7378B19C86F68EBB43B3C12A22D45E8F7F5A3608516DA21C52F0C4F161590FC024C00987F1354FFEEF57DACB78228200 HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [LegacyDrive] 0x1CD8E0402AF9DA7E2D01CDBE60CE76D90B17F87705EB7E26775A21AAE2710C94646CDE1637284F167AD7178134F70BE296858A33806E17F347464778B53CDE87524E3522E2B9DFA12FB48B04C9095D2C888AF458789E47EE46C36DFCDA0EB7E02A6FE4AD0B3594CF47D5FFF3EFE7E721F371CB2BEF685E4B4874370878F4CA59A642970D7A38A16A2FF32215EAD67D314AD274CB40E59B7621EAE10D32F96F5D932253D01F16F2C9F7821184B99BDF07A6B5365600121EE7B6F8935543068758D4C72BF5A9886BF2BD67B78DA9AD096DC65E24D9920D192855F51079044645A465BD516F7477B6AB0605076EA5ACC65D98DA6A246548DBE0489941E2DF3A62B0278E2B4DA7488CBBEB1789BD34898FE16E2904BE62EB217B2DCB0490F1B001D1CA963AA804EC6FA28B3B172DA209AF9FD8FD52A67B38438AF0C13265A3152DCCAE75C711E9ED2AC768CCB9D64557F4CE9FBF9C7CE25018BB49EA188DA2B5786B511167D998CCC83C1698D8F08DBC1296E8094FAB7C10325F8E92C3A415385A85AAC284BFB93E088F78B2D6E28D8D372AAD81A05E07CFE1591CC5A07CD185069BC207B817DA62094720476D1DD4CE3106BB756A11B7652C549AF8FC8B3C798703CB2A93B7638C37B8DFDA47D2EEBCD7136C69C951B0E4C657EC822E8D380E7923594833FFE67D44FAA95B754B48023043255E873B82B578CBE97C703DCB6F0D4267E028E3ED5013BAE43C1F61C939622BF943B712D05305F1132FC7C5F38B86BE4CF33C1327140380DF2F2BE1719BBBF432AFC05FBDE2E5F53031443598C27C13A9C604FBB2A3BE14D153D0C26307AF6EBF117C89240094CEEF0D63C812B67895C1A8DFE96EE2ABC355F818D2CA20553E593CE5203C2F72881A986D32874AAFA3CAFC6175E44219F0CDBC45D9018ECD8F3B10F45381C67FE860921A5C7928F7253CC3B86FF4168FB50486A48F7096B7CB9FA306BEB65FD171DC2945DC87A695D525737C767521D38D2381BCFB9A1E205A190A5DE309DE388E8EFC197A5C177790CBF691632E745F5B61CCC813A21315FFA206A652DB06E31F236176BE82D3B77141C84D684743F4A341986D10B450585BEE8D1AE61CDCE0BB6BC6E0C46EA1E23EC0AC006BEA5CAA8787F0ECFEA54BF4DC6F03CF8509B673A6BC9D026B53634DF3C5379700141F9CF47490D2F9B03CBDEF7FCA2CABEBE10EC78D58D04ED3356E1BBDC7089B918C37D4D051A1A7689BCB522B462F38806C8FE55988884D65DC6A5486104794851B4A5A04664AF1B52F9F24CA2C35FEAD72DED4F094EDDF85870F000135E61D084489013479FBB43A4734616D43C46584D8BAA69C3CC42680A298D729B292B281369E036C165807098672B8357E56E8526A0D8D4623605CC61F3D99D4E45B2D86C321F9C30AC2C56AE7DAB14D85632AE5F0CC333BD98FAFB6DD64C7EB0AB58BB6A053DC8A146789055BABB8C864DA8885E764F4595D67FA5D4FDBFD77D40C6977554E955F94ECED01ED6150D0DBCBB7F0D8BD9C188FDB938978A4EAA9E539D13C95301C151F913939862564410DF11E004DFDDB668459FBA43062FB91DD42ED4D3BB62524731436B5BB8C1C5328AEBBABC42C88A7E1E28793AD13757E06A0F646E48F71D2890324CBA8C9A9F24DC91A8A007FD40DA34D7B1F9D163EC039085DC548B9E8890E76C9E05CD7044CF9973E7446A37CD122712EAB0C936C44878C7F52C3E2A3B379740B5D170E9526941D3B215FC75BAD3CECF50213264E2469333A65D69B322BB993A7F32A22969630825DCB34C9CCEEB6C880003F346CEE9703B9163719D0070124B5882FC596DC8AF0A345DC9521C7A780BA952E177D185236C1B29A5F85E5BFF5F446D354473781082FB8963D7380C077DA4C96844B78D9AE33CCFA342798DCFCCA03DA82F2A00C140642C641AA12628F9FDE406CE4B40A6722B03DA0461295E57D7093A79F0CF905153EEADECF84FE3455971732B891F56EC955056B8A2C7A62E2AC9F4295DE6CF5729F57E5CE476CBF3289A076519A638B3D96748DDA1FF9DB9247CFB14AB01F6395F13295E3283C86898E3E21141D4725EC29ABA5A97768B7D9F509CAFEA8CA3AD7E5FC22E1C4AB711CD27F411206E06416F75D3FCA4B4FDBE373B939319573E6D9CA88D0E58ADC58006412A87AF3AC47F2930D74EAF53D1B8E827421C350FBF44BF2AC5CE3FA621661BBAEBFFF54CCF4F7E9D5B850343516F73D60071165C19590A9F341042534A3B4D71750EEA678009BA3B5F1168E1B863F9C9F34CA9577CF9EDD8708FFDB70E8C97ADC068B1C7AE1185C4617E6E70CD8B48D279970978F0D575C13515E0FE266D1DB50E53A32D7EE84625C626069B452E80A67B78220B4630833D5372649839703FE95BD1B23D7C6878BD46DFE274490726ADDE35F340CEEB9F88A55221E305C61A60CAA100FB44D9477DAFF520321A820812F23FA4C0445F7708A1C7B0F6D74AD042CA02CC57177FD8E9D9CC8BCA89502457628B0F193AFC205B85AB1A8C1A7D464638726D70FB549AB1945CBC71980A8C791EF11AAD1B66CCB18239C13FC87826C0C45C479B328CD845FFA15B8E352A2901AADCE8FCEC04C32D80DC5662288B588AF478D027A7A730A71AAE30001E2C5F68659897007517668203F3F963F2CD8EE135B8769422C3E085B4028160BDE82AE9396AC7E792480CA7E96E2B4D1B198BA82925C8039913095D0286AF2DF3E9F30D29E183D804F0D857A35251D4840E09EF6E33234CFC870F269C27069E202EC78688F2865FFF0D52D7E2B3419DBF47F92A91E8436DF55932BDB0F9AB4A7C08F027A4D0E4C9F82C44422E04A0BFEF454561CDC1BD08B3749C0842FF930FBB6DE4E750FC2121991332109A879F2F31CCA2FE296C15E5B600DC0A56C66796898C6F27930D57CF5B4A5368DDC9F3020DABED08F95DFFA75CDE0085B359A40BE21D4DE43B8E46E93077482495386A60EAEB69602C9BFAE5E0941A158DDC26E474EF29008D73375A07858322306AD75D4C538BB8D383FC362380A428144EAD85C18F57A430B8125D2EB6FE91D8C4C5AF4CA8CE99539866622C782C4529C131D6645A7F55F125CC36EBC15ADAC4BCD940B372C508CCE583DB3D50EF63872F160004922EB4BE610142F5B922E452A339563A265CCF6091359CA5ED605285ECB87BD8EB2B1E2714F4620FE0F0DF451EF23CFA19A956172D12E170C108EE32B6F7C3BF8C67D643814A6F0C422AE85396347E1F01FAF1B31D0822CA3CCD2B9AD072579E226CEAEF808FFD78B67DA9E6B634E47A0773C41ACACD8FB0F0D52F8115AB626BB01116C2749D682F9D180052E3978CB151F38739A4DB141CA30EA29948CEB2ACD6FD9DE7763624E9543E85B0A5422A87A46CE5D6F6F7A22FD65F6DC8DC0068A2E21596C2C72BF6BE47096B5D66785A8FC3D6DF15AB29DF5D7E6466F4B1C2E5BD9BDA8137FA0C3B9EB88C2D491EFCC3EFA02E53D5F95EC1DF0765707ED8C306D28D4AB4216FF88D8130C94530162725E331C9B1C89A4A462DC83BF239C77852CB7C6F311BDD3B26742EF9B3384717AA34E0912FC1D5162D480A52781C535A2D1D158959BFB5023A6D60F3BA549A5E78E03596A6F6C408FAFDBA6859609AFED0FC53E32ADEA1619ED8F3F99BB7DACEC37E61AE6B8533B8611DF14CA14A3A4C85571C6FB30C558DB0EF89DB0E3B7E0A795FBB45B26F79B565D1248931DAA37EAEEFB3C315C2D745E91917BF02927DF8B4165D5E2D1332BD93C3A7EEB265EADCA86898D46FCABDF7064FF7FFFAB8FDDF3E1FAB1779075EB0C4D10E9E48CCB3AED8CB888CECE84B2EED67BDE6B93DF229A60B044B1E40BC4C337B51CF246F846DF78AE7F66929B4B89D700B9A9746CE8FC1CD6CA3BF0E9289BA19FE6FFD811896CD68DF6BD57EA7C98BD189515A06AFBE9EC6E7A14B862D3A95B9331F77963800B7AED80753BE8184F03CEED7CB83D342E539DC4AB91037050EB5593D6C9AFECD4F306AD85480CCECCB253A77559B4BEBE17F2DE162C9B69FE24342FEE0B5584FEEDBD693CAD4C8AB4FA8D936E89EB9942A122B5EDDDF3F2652D1C696A1F87AA5E5DC25E5676AF2B71E17DD8683ED6B267E05A2E1C894DCF0D748C4A2E99C6E8B32CE82D23C667D9B7AE896868C01F82C8D682A9A490A1A1FB08006D1B63017908A562191DCA0832F612FB378C9CB158A2368FF66174AD593FFFDAA52530E00AD0DE083C7774E123AF463ED38C257EBE0A30961028ABEE35DC619A081EADBEBCE00903263884487B12ACF15A22B0820D1DC66C0C29CB26C292298094BEFE3520637BBFC2F7896F5D69B3BC580E40DBE6DE9F918BE00946DBE3615A856F5FBC9591FBEDB8E660D1100F8E8D4F3F7E835A92675D489535AC730937CFCFE418177B99102896995BA3541AEB0251175AC2259822C8383310FED7D3F63D88B8A06F9BBF0AF502E4D0466205E6D96A95E88945648076A70A6C59459AC188712D09F1AF448B511AA4CDA7036458E9DC44BBF55440D3CAC46549F8CAE45B553365E0F21F9D864E5F235FC9227F9C5BD184978537E01788E5F2D0D6D5DBDF2AC64DD8448B06CF37678E279F1CEBDD58A381D58521356ED717D3580BD9ADAAB541852F3DA4AE0127056D5A9789A5A6142BB4DD8CB1980F98DF564002EA9C77842FA512D3255D5CDC91C662E84EF99A02585A3144B41DA6EDE4483552BCF2E86B20F973280FF75C08E0715FE7CC521017AD98C2B3054EA83042BA3A3541D7DAAD1005B81AF800F32CBB0F00921A7D50109A4D2DD2882AE500953B9D2B929983BA66DCBD3B8F962969F0F3D1730A3F63A213A8E13B48449AA7835659D110CDDCD0BD0D88C630F25A087E12217FF843EB4D485DBDB4BE418734E41B56F458E3CC63DB2ACD1FA595137C16FBA066EB042FFC9BD9444760DB88D7D64912FD5C11E639BDE7BBF60F950275DC92230880D50A80D2EBE2E807482074D2DBC4B4D0E4DB0D240A496A5EA8C52FA269256E0614DC5E3BA995C10970AC114473C1B8E41A79CC2FE16C5B91D4886690B0A82D024568AD7E1E38681064B06431002376F60077C0873C3479D339DAEC824D78C42B047A86C8C3C35F67ABFC2021C02B87504B87A2C0FD7C8A2B98544960ECC20170510DF26E2471702F740D374DFEFCFF725CC350D379EB98FA48EE7AC9B6586ABCDC26776E7A72675FA15209F4AFFDC7BF802F7B01E3CF836D4BCF182FC754DB952D3518B18DB20CD17754411B1C1C08ACF72658AF522371760D09BFC99B09017E4DC2AA49D3B488D6FFF7A315CD2D68D5A1B50795CF21199760EB86351363A678A3ECA6E748682E9D80F1409FAA0FCA636C459502D57FC60F0EF057EB06A2BD8AF4B71CD232F5B7454F82AAE05FEBDB43966B2E11166BF89A0445B6B8E14D00F61812B8F8D3E18717138B8A4B0068484E7D9CE8FE0099A003A1E9E571B3701E12320C3B29DE7214C1EA1225F948288FF9CD495F2B903C13A7930C5AEEA55B1CDC86F9BAD84DB5974E0774D75FA18067D707223D5F8E72E1F38F6E2C97554A4F463A07182C0C47957114B66029241CAFF8C8462EBDECC149096E42EEE1D38DE4C039955DDC8CE5CEAAFD3EFEA4B0825D4AB5D098673AF16A95FFF3B5030913D1769BE0248E629EF34BF0E977CF6B9A346687EF86CEC3B1E57D8C8DE9EA1AA3B0BA79556483B715005D5BD5FDF333BE2ED95324E8215ABA6729F7026DB6AC082C47D25066A3DE0DD3B5E293C399560F04F719760690B3BB3D16DD45C74143A04F1F95887331AB8BB2DFA2E9148392C2C8E634C16390FB561D30ED463E3FB266D3E1EBA3A50CC4466CEBCD763F8505FF4F9A3851D5CD8CCC4908563BD51D329E09A9522CD03E1698A3C1DD94FC101BE0930EE8ACD4B306699CA68DF8C2F2A8E871AA70FD2ADB10C808BF277B48336DFC086B9A384FE584BA4E9B877CE67D29FD691EFE93A5AECA031F28E64F9CCCE5CFE6D07683CC538CA86B92BD8995AC5EE8980ECD1BBDA631B4EE6346C60097AFBEBDB3A4463652E5695A7AF2F8C81E7D2DE2E7208F23334C15B25E818E3741C540EDF94FD0F8EA8361FA032300E143C340027C7D216C57E73776959842089BA3F4B5883F38DD729B15BEAD8E8C9D7B23166821554E9B4117EA606398EFFAD5C42563B50EC9344C6D83C69DA497973EC75FEF67FBF9C3497D3DD9A1E6F22D8CAD41939DED699F2D9B68B5C2F2CCABB5D336871BFBF5E8622D90C8EA570AB16969642E8E676480E4BD9593F9D48F30C0E278743506CB813F945873DAAD8C967514F3D6993CFB77CCA6FB06B569748F8112961084AFF6062E2427DE27F3CDF5081B34611FFF443BB41F8DA2F43CDC032EBD0C9742521F2D55D78D29CA7BDCCD6E2171B7F306A6ABA0A51D9346D853C4763F7883F1E57EC860216F4146BB059A32507495FC39F88BD4A325FBD5E5CEF640CFCEFD630787F35FB6CA752F81FB6EE6BB70E538D91B1A3C2669D270B769EFFEA231433E6B7DA67BBF9A46FA65833F3871496C74BBB87C6D8F37486DA6F063D5865531F31C0512C0A3E3598BAAD89AA119BCA2AFB7C716D8EF485805D399AA7D615296B505BD8D69608ACEEB48C489BB1004455909E57F5748B794B2AA78E06216FF2830027B35C8391CC20F95DB1099B7A5B1F81072FD39210246B2F7FB2ADB3D2DC6AE0D1A275406B601FD9F6BA40FBA602B847CFBF78D5DA45C7C7BCD99E0342F0EF2F356A9304A5FA24742016836EFCADAB147ABBBC33395B760B8E728AC3A6FA33EBA8BBCE911BDBD6568A0A344557B6A2746168B3123CDC2BC2FE2144B2F1711C0CF7D57D0418757B327625C20B389C8780D94A141F5504DD7A9159A5E095401FBF970952C4407CFB5F54D3031E4993F6D37CC66F7D480E7E119EE28C1CD0E4DFC57FF0C452EAABD6091A2B12C784FC5E0CA4C3795D00DB805EAC5C29281872B893CABFBA977737ADFF1EE8E54C41D44DDA99B55AD811FE4EB41B2F78B1360BB153112C3E26005AA2EBA7BF96EB1B14BE45110AF70C5A74DA91DD94D2C4E53F4347B41106C73C297017A998BFA4C2520CC5F9321296952901A22C78C4D954B4378B0EF325A3EE9948119A6B26BDA2C09E5255B8B74807307F465D7E57F95111691B0154B6903CA65B2A1C62D62B55946E316CE5F701CEDADC2B2C499EDADA8B6845C76F504611E1C70BF9563743833DCC25FC83F79DDA6DE2E432B724C9D3D18099CDE9999F500EEA1049B04EEB5FEBC67A462364083C54F71BCF6686758EC69F9205B069D028941DCB65E3103A0BB011CF90D3B1C2A2295475E783B2E50E662A46C57FE466BF4A420B5CD30721BC315B4C8A5F1D7759964CEDDBE234D710F48D14C8AECE06992F892149338509EE4B2DC55F13591B39934ECD6D5D54C309B46F6800250FC5C01A62E9FE14E9F52F4CC3A81AA2502F23FF23AAA31067AB3F751031DF00450439AF6ED4F04478C01864356ABAF897F817F6C1D0FD6993A0B2DFA284D84DB141C9B4CDEAB65C628E3BA11AEFC634C64D5C6DCCE8624AED63CDB3A5E5C8F24CEC56F6E6EA9BAEC129B82F9FDE9B069002B49BEE21CF09F04A9AB854548EAB8248BC57A24F58582750C66ACD0AF9BEEA3AA938E6E887B926DA8A7047877936628268DA427386A120D35A4153952AA2BC3967A2BB23B71CD7057626C7ABBE60B5C1CF497DD70B26B779B8A190A4B7F68D021C299941180EF1F0BFF6DF4DBE9E23D4EE7230496729598A6EFE6FA8583D95AFE8BAA669BB85DE889D1A68F4C9D43F2B1038FD20470559F8479E23E14C25E0A331E5C192EF7AFC094F07F59EBCA9D43A184142B45C7008AF780A46F1ECFB67F5820FD953AB7971E7F2AB2B353392A9EDEF61A9DB630621E61E94E54140A738AC156DAB8519D61542E325D6A059E84EFCA960B52FC2B0B552A41291BB6427682D91394B2E7481AF6D5943ACBF883A137950F6B9F5D849F884DEFE75A21DC2DA045CE799616831F8DAF7A3791FFB34E4A1FB65B20E3D6F5A2B0B7C3298D0E33B87CA86F270AAE8C81252705AA2EBE69454FC650D40F7B9321238BBDDD87AFD5BC88CE70DC90B6EFF7BD00E3E5CC7FA23A5A6E47310506FAE3CD5072BDC039B730D6E42DAA1A44CEC60AE9B7BF411AE62B532542E6F9F3DB4C6EDF74AB18C83EF76B65E7C00AD9D362308895A97C4F2812A3F71BBD57F8FCA735CB78996F2E5FF27A0FFAA606ABA08733F784C4023FD1AF090DF9C36C4C49E508ADC1EAF14A245A1F894B736444BE71A127850D3A593C44C75E66590D3C03D61D2CDC656E19B43FFE4FA3FF55C21C5E1A1587358E0CE4925944B20B89220F52D809200A2DD0B3D9667323BF55087CA608F5E03A4E612AFA76E8D08F5A930E5D9C07415930FC901A1BF1D232957A1EACBEC5ABFA3C551F719D241B829BD548814DF48E06F97E879429A4337801CCEDF4CFD99D9DE4AC3002A2EA458ED70029B049650638921F57042F899FDDD3535B9C01CA3591D95A7A25329551CEBDEAE51FE27A79D79FCE1C562B53539FC8511851EB7B22D99DC467E72175E01ED77D8C106008B76903537C6A50BE899A032222B82A6668F38B4DDC5D40921F9EA437FBE5731AA7242CC9D4477DBA97B3F754F07976A2E925EA211BC0C6C8B296B4ECC13C8761D8D271E2D98676B207592084602675982DE02628D71B0902FCCEC976C257DC726CBFB6EC2B403D8036047C5B1C309B575995210F6728F50E36994E460BE352CEF0FBF65D13667DBA6C4B3B73A0CC9FD22696710DA8B757BDACB09E9173CC374421B000CC1F3245D5BE6F876D1D177C014C0C5688B12C48FEAB6A47147624950E264FB0646DD838A176BDC96FD298A6CE0F12E25AE84B2ED1B97CEFD035DB94DD5BC026AAA605209885B2827B0ADA219DE6C04105953E65F9D66866C15E6CC3AECDBC385BE1709233EAE5C195337EAB2FF16D9E50DEF7527AC83DB5F8A3F6EF5988638D0EFE85DF35798D9EAF2094D278D38CF3386D774F1546D6ABCCFC652D0074057AD11BFA1BB172562573C9B519A54A2B09203A7BFCDD957C8A940B5713EE5E789BCAA93BA8ECAF262EC136B64A465E5F322631CE6C227B713FB6DC3968FA1B9F0DC6BDE5F719D79EFBBC2070B9224A19899393B0B389972DDE5B682CCC18E0EE44B636FBA14F6CD0E1A65C587E6C75128019986D68B6F9D7B950C9D6B7A712556F26E23BF718AB43F718EA0768C9075D9CC87CE77FDF3AE61C7C484F6361AE21299C91F570BA9FD7E938AD54B73A9FD495767F892A7C95136A5E4922FBB662B5ED248F0C8C939D1035BEEDEF68F226071F1527055EE73F4E0C88A19D013A12EE6069E59C27E829C6047E21F66AA1F405E581A639AB4947B173A16B038AB477D92323FF8887EEF8C788ED31BB0C834D0E62CEC3E66D3728140548B18E9ABDF4201ADDEE5E150B4ADD1F98E0A377DB7DDBE584E2CDE92D0F0E1132C1F4ABC3394D9C373F5190A367D454ACBB93C07F99B9C358ACE645F4B3839D9FDAD7847DC3CECA71D9F9473EE1D515EDD150FC6EE6892E81F1D835D7F10E2975E7FE265AE63CFD616A242A69EA1E07B2B1213E8AE976842AF9BF85DB11E2371A5C023BC288540A503492C9E157E9C9116DF10D6F1DCB072D196CA31C453886D81CD398405034C02AB1FBEE5450045F9DE43C1C756DB3C59217F38CE4609084CC7D011C89FAAEE6F2A24ADC9E6B9E636712E0385739C3CA3619EB3683C47341B85C4735CF83CEEC0512CD2ADE0E882F69D7298DC5A36638E42B5FDC8FA4C573ABF14116BA171413A4F1FA41B8255590EE5687E46F9CA024DF5731398DB96C9F4DE3F4354DE42D134E4CF7F33733984EAD7DF6C2E55B0AB7B6159142F3080549F7EACBE98156AE14C2848C7FB5574FBBAF9E1FA13793D6F417A8B542B384550B9A48E0255BB916805F9AD41865632D33E4BDD939EE831FE99F6F9803017835452D5E8399B3832E8D3CFCC4036EE8BC2A1000B7AD6F70052A00E56BE546E824BEF66A25605AA0A5BCF311DDB562EC0D1D88A0C1BFE1EDA74F805EA2ABC2DAAB58A6B0E7B69CE15A84F4CB00A697091926F595C47A3E2FCF05D503CEDF01866AD9E6A1FCBCB5115AD21F0DF1A80F2A1511987D946E2CFF912D103590900C10CDE2B06711D2C112B2489724020E69868F88D6F0883A25142395D1183D10454A407BE4104A904C1D8CCCDCEBEF7C7365FE1B7BE300DB275C6482F8D763778623E01D7DC8935FE63D668CA85C1F66FD4E1240750A5B2BA2FA6E8A00AB34EEEDDCFFB65A8479336715DA0933035FD9F280F71D408A3F53B428B05DB9F1172899CD468CDB000A73CF645D3E67F5DC6448937B5C210477BE3C398CA552A7D26857A4E3602847F9639BC0582CCBD087BB09910F05C7C27FEBB460B36929765610C435A6B65247776CF3617BB07818C0E410F57AFF24CB03837F4820AEB2CB86F5B7759DAED483830DC2DBD554510FE4A93FC19B5ED03CE49927661D07C508F96900778C50B175A2242E52556B7856DF48B563AC42E0D7B347BFB007F115F3A907194EA14728FC4D63B7E9F8498B17AEA72C404FAF97BDE3B31733A62D65063B83692982DC0B79322B4690D0EC75F318FCCE8D9EAD2C5DB51A116B90B8EB00A72E96165C67230EDFE5D8A14F587719226FC3C1C6EE419A88003C4FB6CF0B6B005396CA24679D174DCB221ED2AD64D864FCAF90AE003976B6FE3FA0C85F9B4EAF0E99722B220770A0BD8B220C34391F3B70653D3E94B65419DF7C45BCD4443B3599A931239E6DB56E7EC8EB352AFFD4084439A8D058C98E622BF36234145EF15B63692ADB99DFC16E1FD7808137D8DD803241D253E3E8E92855029674B943CA34A245C579752E2C231A8D5BEDF886FCAA212FD9CDC939EE2FFDD3C30D91CBF9EA505BF722129ED3D55DC96B0236627C84DA3DD6F547F104C6FE8C2F8F088640A337F445E8AEFE16E6A393381D00 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-13] (EasyBits Software Corp.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-10] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2 Tcpip\..\Interfaces\{522C3B31-8EAC-461F-81DB-46CFDA8BA7EE}: [DhcpNameServer] 75.114.81.1 75.114.81.2 Internet Explorer: ================== HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation) Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FireFox: ======== FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default FF DefaultSearchEngine.US: Yahoo Web FF Homepage: hxxps://www.yahoo.com/ FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-10] (RealTimes) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-05] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File] FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: hopster.com/CouponPrinterPlugin -> C:\Users\Kristina\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\searchplugins\yahoo-ysp.xml [2015-10-23] FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25] CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25] CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-25] CHR Extension: (Google Docs Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (TLRemove) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-08-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Bitdefender QuickScan) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2016-04-21] CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Skype Calling) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-11] CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-07-16] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries) S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] () R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-10] (RealNetworks, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider) S3 iscFlash; C:\SWSetup\SP60593\iscflashx64.sys [50752 2011-05-19] (Insyde Software) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-09 01:31 - 2016-05-09 01:32 - 00054681 _____ C:\Users\Kristina\Desktop\FRST.txt 2016-05-09 01:31 - 2016-05-09 01:31 - 00000000 ____D C:\FRST 2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT1.txt 2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT.txt 2016-05-09 01:24 - 2016-05-09 01:24 - 00020770 _____ C:\Users\Kristina\Desktop\AdwCleaner[C1].txt 2016-05-09 01:16 - 2016-05-09 01:16 - 03640384 _____ C:\Users\Kristina\Desktop\adwcleaner_5.116.exe 2016-05-08 20:52 - 2016-05-08 20:53 - 02379264 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe 2016-05-08 20:50 - 2016-05-08 20:50 - 01610816 _____ (Malwarebytes) C:\Users\Kristina\Desktop\JRT.exe 2016-05-08 19:30 - 2016-05-08 19:30 - 01685487 _____ C:\Users\Kristina\Downloads\13211868_570182763166326_94315496_n.mp4 2016-05-07 22:38 - 2016-05-07 22:38 - 02765833 _____ C:\Users\Kristina\Downloads\13158200_1210624538962844_2004398255_n.mp4 2016-05-05 20:38 - 2016-05-06 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-04 16:25 - 2016-05-04 16:26 - 00012886 _____ C:\Users\Kristina\Documents\cc_20160504_162550.reg 2016-05-04 15:22 - 2016-05-04 15:22 - 00000329 _____ C:\Users\Kristina\Desktop\HP Printer Diagnostic Tools.url 2016-05-04 11:07 - 2016-05-04 11:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\SUPERAntiSpyware.com 2016-05-04 09:36 - 2016-05-04 09:36 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006 2016-05-04 09:35 - 2016-05-04 09:35 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006 2016-05-04 09:29 - 2016-05-04 09:29 - 00000000 ____D C:\Users\newac\.cache 2016-05-04 08:13 - 2016-05-04 08:13 - 00000000 ____D C:\Users\newac\AppData\Roaming\AVG 2016-05-04 08:08 - 2016-05-04 08:08 - 00000000 ____D C:\Users\newac\AppData\Roaming\RealNetworks 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\Real 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Real 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Hopster 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\GWX 2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\CrashRpt 2016-04-28 15:08 - 2016-05-05 23:35 - 00000000 ____D C:\Users\Kristina\Desktop\jmwp 2016-04-27 18:16 - 2016-04-27 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-04-26 00:45 - 2016-04-26 00:45 - 00501127 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April26.fdf 2016-04-21 19:13 - 2016-04-21 19:13 - 00001678 _____ C:\Users\Kristina\Documents\rprtscan.txt 2016-04-21 16:42 - 2016-04-21 16:42 - 02870984 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_enu.exe 2016-04-21 16:41 - 2016-04-21 16:41 - 00039480 _____ C:\Users\Kristina\Downloads\qsinstaller.exe 2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg 2016-04-21 08:06 - 2016-04-21 08:06 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-04-21 08:06 - 2016-04-21 08:06 - 00000831 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\Program Files\CCleaner 2016-04-20 23:12 - 2016-04-20 23:12 - 14311424 _____ C:\Users\Kristina\Downloads\SkypeWebPlugin.msi 2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2016-04-19 10:29 - 2016-04-19 10:29 - 00000377 _____ C:\Users\Kristina\Documents\account gone.txt 2016-04-19 00:07 - 2016-04-19 00:07 - 00000070 _____ C:\Users\Kristina\Documents\doc.txt 2016-04-18 20:43 - 2016-04-20 01:13 - 00000000 ____D C:\Users\Kristina\Desktop\FAMILYBIRTHDAYPARTIES 2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys 2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2016-04-14 03:47 - 2016-04-14 03:47 - 00432148 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14 (1).fdf 2016-04-14 03:45 - 2016-04-14 03:45 - 00432209 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14.fdf 2016-04-09 02:36 - 2016-04-09 02:36 - 04842371 _____ C:\Users\Kristina\Desktop\12980357_516118891914782_1206466174_n.mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-09 01:25 - 2012-04-04 23:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-09 01:23 - 2012-12-06 21:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-09 01:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-09 01:20 - 2012-01-25 20:10 - 00000000 ____D C:\ProgramData\MFAData 2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Yahoo! 2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\LocalLow\Yahoo! 2016-05-09 01:20 - 2011-08-21 00:40 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-05-09 01:19 - 2014-09-19 05:14 - 00000000 ____D C:\AdwCleaner 2016-05-08 23:59 - 2012-04-13 14:49 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job 2016-05-08 23:43 - 2013-06-25 18:42 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job 2016-05-08 23:41 - 2012-12-06 21:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-08 17:43 - 2013-06-25 18:42 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job 2016-05-07 20:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-05-06 11:46 - 2012-04-25 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-04 15:21 - 2016-02-07 11:47 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\HpUpdate 2016-05-04 11:39 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac\AppData\Local\Google 2016-05-04 10:01 - 2015-06-25 10:21 - 00000000 ____D C:\Users\newac\AppData\Local\Avg 2016-05-04 09:39 - 2015-05-28 23:01 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEC11DBF-45C2-445F-A798-400974510C19} 2016-05-04 09:29 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac 2016-05-04 08:07 - 2015-05-28 23:02 - 00066616 _____ C:\Users\newac\AppData\Local\GDIPFONTCACHEV1.DAT Edited May 9, 2016 by kristina Link to comment Share on other sites More sharing options...
kristina Posted May 9, 2016 Author Share Posted May 9, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-05-2016 Ran by Kristina (2016-05-09 01:32:45) Running from C:\Users\Kristina\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-08-15 01:06:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1203233110-3124362348-787559586-500 - Administrator - Disabled) Guest (S-1-5-21-1203233110-3124362348-787559586-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1203233110-3124362348-787559586-1003 - Limited - Enabled) Kristina (S-1-5-21-1203233110-3124362348-787559586-1002 - Administrator - Enabled) => C:\Users\Kristina New User (S-1-5-21-1203233110-3124362348-787559586-1005 - Administrator - Enabled) => C:\Users\New User newac (S-1-5-21-1203233110-3124362348-787559586-1006 - Limited - Enabled) => C:\Users\newac ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.) AVG (HKLM\...\AvgZen) (Version: 1.51.2.3593 - AVG Technologies) AVG (Version: 16.71.7596 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies) AVG Zen (Version: 1.51.58 - AVG Technologies) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden ccc-core-static (x32 Version: 2011.0228.1151.21177 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden CouponBridge (HKLM-x32\...\{5C94DF7B-C6C5-4220-889E-4B9559C07965}) (Version: 1.0.4 - CouponFactory, LLC) <==== ATTENTION CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4606 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company) HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP On Screen Display (HKLM-x32\...\{B97A2DD1-46E5-41BB-95D9-3B971B66A498}) (Version: 1.1.1 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT) iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Pinger (HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Pinger 1.1.0.6) (Version: 1.1.0.6 - Pinger Inc.) Pinger (x32 Version: 1.1.0.6 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) QponPrinter 1.0.1 (HKLM-x32\...\Qpon-Printer) (Version: 1.0.1 - Qples Inc) Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink) RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.1.2.185 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.) RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1008 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Unity Web Player (HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Video Downloader (x32 Version: 1.1.0 - RealNetworks) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden Wondershare Photo Collage Studio 4.2.16.1 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.16.1 - Wondershare Software Co.,Ltd.) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C76A7FA-F5AC-47C4-A23B-FCE1059CF98B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.) Task: {11330A39-8236-49BF-B247-F62219BCF153} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Task: {120EB91F-2D67-418A-B661-7169B82A08E6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {12AF6DA6-1F82-4DE6-858A-3ABAC82FBE3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {1D13ED79-793A-4C2C-9D05-C0DA4ADDD1E4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {229E29A9-7082-495C-852C-C2679BB90E0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {23363B2B-73A4-4A6B-BF56-1DC93E8B58BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {24CB810E-BD72-4854-9181-60254DA38C9A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {2D159972-CD98-4258-9484-F94B78598A6B} - System32\Tasks\{48C00D52-EB8C-4560-9A73-D58F4B5370FF} => pcalua.exe -a C:\Users\Kristina\Downloads\bw11.08.13.exe -d C:\Users\Kristina\Downloads Task: {3CDD512E-3FF0-4C10-B80A-5C6B5F7BA079} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated) Task: {3F18608F-B93E-4619-A19D-4CBCBCC4B547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard) Task: {4B4D3367-34BE-469F-B8CD-5BF906E62E02} - System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {5D5B3A12-CB35-49F6-A4A6-11B7D11199E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {6430E7E2-65A6-49D5-9BF7-1CDE66AA4FC9} - System32\Tasks\HPCeeScheduleForKristina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {6829D26F-870F-4A93-9D02-E0AD893930AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {686CFA1F-3D1E-4746-A068-EA3A49AFEC25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe Task: {6BF12DE6-70E4-49C0-A047-F6C350CC3D02} - System32\Tasks\{C398C920-9036-43C9-9C16-6632CA93D9B6} => pcalua.exe -a "C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TKS3IZ3\jre-6u29-windows-i586-iftw.exe" -d C:\Users\Kristina\Desktop Task: {71226F51-638A-4249-8E44-F828443D8EF1} - System32\Tasks\{EB1E2209-03AA-4611-A735-2E5D7CAA1E36} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {7404B7F8-66C3-4759-965C-02A54AAE6AA1} - System32\Tasks\{413E9514-DD67-4D90-90EF-176243B59408} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {7BB8EF6C-74B4-4847-8F2A-E2EE9E452F2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {8184EB97-65B8-46A9-92F5-8ECB9BA2B2B9} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {828EE263-0E81-4F8F-98AA-6D3750DB1454} - System32\Tasks\{933370C5-841D-4A70-A83D-495A880E9757} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {902453A2-83DA-460B-A3E3-E361D7FBC8BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {9B6667F7-7E0A-408A-92C6-B85434644231} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {9D558AEA-A3A3-4C3E-9FB4-F6A6AC528CC7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] () Task: {A4FEC03C-A928-4801-9F15-25462C678F9B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] () Task: {B2940945-46AA-4AE6-A6B2-0BBEA47D7F7C} - System32\Tasks\0615pizUpdateInfo => C:\ProgramData\Avg_Update_0615piz\0615piz_AVG-Secure-Search-Update.exe [2015-11-03] () Task: {CBCC6FC8-0A20-46E2-AF10-16FED26E4678} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-06-17] (RealNetworks, Inc.) Task: {CCCC3B1E-62AF-45AD-A02B-866BB05B66E8} - System32\Tasks\{760A731F-D146-483E-9066-46B1389C5AB0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {D4CF2BCF-0DDF-4A1E-875E-71D872606B16} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-10-06] (CyberLink) Task: {D82EBDEA-9EEC-4580-BE70-3ECE195DC441} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {DB1018A8-03FF-44EF-B84B-9E80CD68054D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {E413A1CE-1D25-43F8-AA79-FA2F1AE20EFF} - System32\Tasks\{A8BDAE69-37E5-4188-82C1-CE5B154D86EE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {E6202F66-EEE3-42C6-8705-AB290D6A4BEC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {E703CA6C-F0A0-4435-8E55-9EDD61EE6A1F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-02-24] () Task: {E8AD03DF-2C7A-4042-8C8E-3B55AD290FAA} - System32\Tasks\AVG_SYS_TASK_0614a_RUN => C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe Task: {EB1025C2-CE29-45A6-B506-5D1626A521A2} - System32\Tasks\{AF6C0069-DC37-41CC-84EF-5C44BEC96586} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {EE584F9A-0E7B-48B2-BAA1-248316B8F67D} - System32\Tasks\{3068062A-F6DE-47BC-BDCE-CE942BD70C1F} => pcalua.exe -a "C:\Users\Kristina\Downloads\Boggly10 (1).exe" -d C:\Users\Kristina\Downloads Task: {F1DA42B5-E7E0-40F5-8FEB-81AAFD36CEFC} - System32\Tasks\{DC735D85-101C-4D11-9734-4CE9A7706063} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603 Task: {FD18089A-E518-42F6-B348-EAD4B0254CBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\0615pizUpdateInfo.job => C:\ProgramData\Avg_Update_0615piz\0615piz_AVG-Secure-Search-Update.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForKristina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-06-17 03:25 - 2015-06-17 03:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2011-02-28 15:01 - 2011-02-28 15:01 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll 2011-02-28 15:01 - 2011-02-28 15:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll 2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:59B45175 [318] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.114.81.1 - 75.114.81.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A2083E66-516F-40D2-B7D0-D4D40872771D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{A82602FC-7315-4BE3-8CD5-0D14EF9C05C3}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{91803447-188C-46E2-A413-1388FC1DE3B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{4016F0C6-FA7B-45F5-9B84-32109805D0BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{64B8F929-A5B1-4ACE-86FC-223AB4679926}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B58DE479-59DE-451A-9E9A-9BAE220B7913}] => (Allow) LPort=2869 FirewallRules: [{BCA98E97-9F5A-4A07-A637-0A207042BF17}] => (Allow) LPort=1900 FirewallRules: [{9A317BBF-F470-4A3D-9F3D-292BE8E21491}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{C28BFB64-CDFD-4336-9DFB-8D8FE9991D89}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{35788D79-BECA-4593-9FED-814201DEBC36}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe FirewallRules: [{16CF247F-A741-48F4-8938-1C74E4B3AAC7}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [{CB30D52A-6388-4CD9-B6F1-606BBE75B37E}] => (Allow) LPort=443 FirewallRules: [{A287DD99-F094-4A25-9D9E-3C2099EBF5D2}] => (Allow) LPort=443 FirewallRules: [{9BF79BBB-498D-485B-8DC2-E238C6CDD6C0}] => (Allow) LPort=37674 FirewallRules: [{D7057773-36D6-4BE1-9A1C-D95714C6BD10}] => (Allow) LPort=37674 FirewallRules: [{55C8EC9D-1CE0-43F0-A5C8-AD095A48B366}] => (Allow) LPort=37675 FirewallRules: [{05F77CB4-6583-4286-B823-A23ECB4AB57C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{20EC5D30-9E2A-4032-B64F-C9F63CA6A950}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8AA913AC-3FF9-41BE-8EF3-5DD205676008}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EF924F6C-51DE-4391-A2F8-A6C233FE0E2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{453C4FB3-0E1D-4685-B089-5318FED80589}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{2BD79EB5-E7B8-4D1B-84E8-A9A6163D341D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [uDP Query User{FED31433-96AB-4A47-B08A-6E8031629613}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{A47D0429-27F9-483D-946A-CDAEB61C9093}] => (Allow) C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{3CBA743E-4081-4308-A1FF-8F18B1681F84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{34D473AC-3C92-4C42-8F9F-0372E37A5114}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4B48FD14-E0DB-43E6-85B6-C8992B838C14}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{44271426-5E11-4DAB-A8AD-9F1C76DB5D84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{288D6F71-582A-4BB3-A73D-9E28A080F5F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{340EA129-383C-46F8-B8C0-75ACE1A8348D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{149A5A53-1700-414B-85B0-B5913B30781A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6222E6E4-F787-4B5E-8C16-2DE5A82F9B4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8285C0A2-C3F7-48A9-8459-844D6E1CA7ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9321D6B7-0D2E-4C12-942F-7CFD52C39179}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{1284C46E-EF76-4989-9420-33CF50DBA7CF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{E6130C22-771B-41EC-AAE8-51FB80F1233F}] => (Allow) LPort=15600 FirewallRules: [{117C25EB-0819-4C35-81E8-AA4CA04AC8B1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{03E6506F-D7BE-4834-985B-EE93913953D5}] => (Allow) LPort=5357 FirewallRules: [{9A5D7EA6-7DFF-4E37-86FC-92336998F8B7}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{7298D6CB-CBBB-440E-8A90-3A928399204F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{4B0A62BF-51EA-4EE7-963E-1DEADF9128E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A1CE183A-A30C-4DD6-A7DE-25EFC0E6E9CE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{8D034D47-CD8A-40CC-8157-AE45906A6AA7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{136A9B50-0681-49F4-AC30-8539E02062B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{48C234D4-92CE-4519-B243-760079A5642F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{1E3077B0-4E04-4E14-9C82-1DB11B88BA5B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9DD767F3-6A70-46E6-8FA7-64DE14335582}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe ==================== Restore Points ========================= 24-04-2016 20:50:15 Windows Backup 27-04-2016 18:14:11 Garmin Express 01-05-2016 19:00:35 Windows Backup 08-05-2016 19:00:19 Windows Backup 09-05-2016 01:26:02 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/09/2016 01:23:40 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (05/09/2016 01:23:40 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error: (05/09/2016 01:23:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting process id: 0x744 Faulting application start time: 0xHPAuto.exe0 Faulting application path: HPAuto.exe1 Faulting module path: HPAuto.exe2 Report Id: HPAuto.exe3 Error: (05/09/2016 01:23:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/09/2016 01:18:28 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile. Error: (05/09/2016 01:18:28 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error: (05/09/2016 01:08:27 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (05/09/2016 01:08:27 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml Error: (05/09/2016 01:08:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting process id: 0xe34 Faulting application start time: 0xHPAuto.exe0 Faulting application path: HPAuto.exe1 Faulting module path: HPAuto.exe2 Report Id: HPAuto.exe3 Error: (05/09/2016 01:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/09/2016 01:23:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Auto service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2016 01:20:26 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (05/09/2016 01:19:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Connection Manager 4 Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2016 01:19:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/09/2016 01:19:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s). Error: (05/09/2016 01:19:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2014-11-29 12:06:35.146 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-29 12:06:34.959 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom II P650 Dual-Core Processor Percentage of memory in use: 56% Total physical RAM: 3834.9 MB Available physical RAM: 1668.77 MB Total Virtual: 7667.99 MB Available Virtual: 5741.5 MB ==================== Drives ================================ Drive c: (HardDrive) (Fixed) (Total:450.77 GB) (Free:308.81 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08F0C05B) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of Addition.txt ============================ Link to comment Share on other sites More sharing options...
Satchfan Posted May 9, 2016 Share Posted May 9, 2016 Thank you for the new logs which are what i needed. I've just got home I'm afraid and as it's nearly midnight here, I won't reply until the morning, (GMT). Nina Link to comment Share on other sites More sharing options...
kristina Posted May 10, 2016 Author Share Posted May 10, 2016 (edited) Ok no problem Edited May 10, 2016 by kristina Link to comment Share on other sites More sharing options...
Satchfan Posted May 10, 2016 Share Posted May 10, 2016 That’s not too bad and I see no Firefox problem but we’ll clear up what was found.Uninstall programsUninstall these programs:CouponBridgeCouponPrinterPlugin click Start, Control Panel, Programs and Features click on CouponBridge and then Uninstall repeat this for the other program listed above. ================================================Run Farbar Recovery Scan ToolOpen notepad. Please copy the contents of the code box below and paste it into Notepad. Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found] 2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg C:\Users\Kristina\AppData\Local\Temp\libeay32.dll C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll CMD: bitsadmin /reset /allusers EmptyTemp: NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work run FRST64 then click Fix just once and wait it will create a log on your desktop, (Fixlog.txt); please post it to your reply. ================================================Run Malwarebytes’ Anti-MalwareI noticed that you had MBAM on your system: if you no longer have it, you can download it from here: start Malwarebytes-Anti-Malware and update it, (“Update” tab} once it is updated, click on “Scan” tab, select Threat Scan, then click Scan. when the scan is complete, if no malicious items are found you can close the program if malicious items are found be sure that everything is checked and click Quarantine when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) the log is automatically saved and can be viewed by clicking the Logs tab in MBAM. copy and paste the contents of that report in your next reply and exit MBAM. NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Logs to include with the next post:Fixlog.txtMbam.txtCan you tell me if there are any outstanding problems.Satchfan Link to comment Share on other sites More sharing options...
kristina Posted May 11, 2016 Author Share Posted May 11, 2016 The only thing I notice is the computer is lagging at times, also I get this most times when the computer is on the home screen after being started up Click To Run You cannot open a Click-to-Run application while you are repairing or removing a Click-to-Run application. Complete the existing action, and then try again I've gotten that message for like a year now my system fan is shot and I need to replace that so not sure if I get that message because of that. Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016 Ran by Kristina (2016-05-11 15:02:20) Run:1 Running from C:\Users\Kristina\Desktop Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac) Boot Mode: Normal ============================================== fixlist content: ***************** Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found] 2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg C:\Users\Kristina\AppData\Local\Temp\libeay32.dll C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll CMD: bitsadmin /reset /allusers EmptyTemp: ***************** Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) => Error: No automatic fix found for this entry. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}" => key removed successfully HKCR\CLSID\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} => key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. "HKU\S-1-5-21-1203233110-3124362348-787559586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5850D516-A214-46CF-9401-AE7DE20F77B2}" => key removed successfully HKCR\CLSID\{5850D516-A214-46CF-9401-AE7DE20F77B2} => key not found. "HKU\S-1-5-21-1203233110-3124362348-787559586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => key removed successfully HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => key not found. "HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi => not found. C:\Users\Kristina\Documents\cc_20160421_080835.reg => moved successfully C:\Users\Kristina\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll => moved successfully ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {0EDDC6C1-87E7-41E0-9618-B6BF458E8227} canceled. {E27B3E5C-72C8-416A-8E7B-57C574C559D8} canceled. 2 out of 2 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 911.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 15:05:57 ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/11/2016 Scan Time: 3:22 PM Logfile: scantoday.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.05.11.05 Rootkit Database: v2016.05.06.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kristina Scan Type: Threat Scan Result: Completed Objects Scanned: 459862 Time Elapsed: 36 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to comment Share on other sites More sharing options...
Satchfan Posted May 11, 2016 Share Posted May 11, 2016 You cannot open a Click-to-Run application while you are repairing or removing a Click-to-Run application. Complete the existing action, and then try again That message is related to MS Office - not malware. We'll run a final scan to be sure your computer is clean. Run ESET Online Scan Note: This may take a long time so please be patient. IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable. Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan click the Run Eset online Scanner button for alternate browsers only: (Microsoft Internet Explorer users can skip these steps) o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop. o double click on the Eset installer icon on your desktop. check Yes, I accept the Terms of Use click the Start button accept any security warnings from your browser check Enable detection of potentially unwanted applications click Advanced settings and select the following: o scan archives o scan for potentially unsafe applications o enable Anti-Stealth technology Note: Do not check Remove found threats ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. when the scan completes, push List of found threats push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Note - if ESET doesn't find any threats, no report will be created. push the back button. push Finish When the scan is complete: If no threats were found: o put a checkmark in "Uninstall application on close" o close program o report to me that nothing was found. If threats were found: o click on "list of threats found" o click on "export to text file" and save it as ESET results and save to the desktop o click on back o put a checkmark in "Uninstall application on close" o click on finish o close program o copy and paste the report here Satchfan Link to comment Share on other sites More sharing options...
kristina Posted May 12, 2016 Author Share Posted May 12, 2016 Hi, C:\Users\Kristina\Downloads\couponprinter.exe a variant of Win32/Adware.Coupons.AA application Link to comment Share on other sites More sharing options...
Satchfan Posted May 12, 2016 Share Posted May 12, 2016 That looks good.Please go to your downloads folder and delete the file in red:C:\Users\Kristina\Downloads\couponprinter.exeAre you happy that your computer is OK now? If so, I’ll send instructions to tidy up. Link to comment Share on other sites More sharing options...
Satchfan Posted May 15, 2016 Share Posted May 15, 2016 Hi KristinaIt has been a few days since I asked if there were any remaining problems. Please let me know if there are any.If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.Satchfan Link to comment Share on other sites More sharing options...
Recommended Posts