Jump to content
Sign in to follow this  
kristina

Think I have a hidden virus or something on my laptop

Recommended Posts

Had the cable guy out yesterday because the wifi in the house wasn't working right and he went on my laptop claims he just typed in youtube but it brought him to something else and then AVG popped up but I can't find the log with what it found ran a scan and nothing was found. Tonight AVG keeps popping up about Firefox running another scan one now. This didn't happen until he did something before he used my laptop I went on youtube many times and nothing has ever popped up. Any help thank you

Share this post


Link to post
Share on other sites

Hello kristina and welcome to the The Pit.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


I don't understand why you let a "cable guy" touch your laptop or even why he should want to, but we'll take a look and see if we can find out what's going on.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 

Share this post


Link to post
Share on other sites

Thank you I will run all the test tonight :) I get my internet from the cable company and the internet and wifi was running slow and kept lagging and he went on to see how youtube was working because sometimes when I try to watch a video I get that circle spinning thing. He claims he typed in youtube and that it brought him somewhere else but I've been to youtube many times and not once when I type in youtube has it ever brought me to another site and AVG never popped up.

Edited by kristina

Share this post


Link to post
Share on other sites
# AdwCleaner v5.116 - Logfile created 09/05/2016 at 01:19:58

# Updated 09/05/2016 by Xplode

# Database : 2016-05-09.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (X64)

# Username : Kristina - KRISTINA-HP

# Running from : C:\Users\Kristina\Desktop\adwcleaner_5.116.exe

# Option : Clean



***** [ Services ] *****


[-] Service Deleted : YahooAUService

[-] Service Deleted : WtuSystemSupport

[-] Service Deleted : vToolbarUpdater40.2.9


***** [ Folders ] *****


[-] Folder Deleted : C:\ProgramData\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar

[-] Folder Deleted : C:\ProgramData\Yahoo! Companion

[-] Folder Deleted : C:\ProgramData\avg web tuneup

[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb

[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search

[#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar

[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion

[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup

[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0814tb

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

[-] Folder Deleted : C:\Program Files (x86)\Coupons

[-] Folder Deleted : C:\Program Files (x86)\Digital Coupon Printer

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion

[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

[-] Folder Deleted : C:\Users\Kristina\AppData\Local\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\Kristina\AppData\Local\YSearchUtil

[-] Folder Deleted : C:\Users\Kristina\AppData\Local\avg web tuneup

[-] Folder Deleted : C:\Users\Kristina\AppData\LocalLow\Yahoo! Companion

[-] Folder Deleted : C:\Users\Kristina\AppData\LocalLow\Yahoo!\Companion

[-] Folder Deleted : C:\Users\Kristina\AppData\LocalLow\avg web tuneup

[-] Folder Deleted : C:\Users\Kristina\AppData\Roaming\catalina – print savings

[-] Folder Deleted : C:\Users\Kristina\AppData\Roaming\Yahoo!\Companion

[-] Folder Deleted : C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings

[-] Folder Deleted : C:\Users\Kristina\Documents\Add-in Express

[-] Folder Deleted : C:\Users\New User\AppData\Local\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\newac\AppData\Local\avg web tuneup

[-] Folder Deleted : C:\Users\newac\AppData\LocalLow\avg web tuneup

[-] Folder Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search


***** [ Files ] *****


[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

[-] File Deleted : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\Avg@toolbar.xpi

[-] File Deleted : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\searchplugins\avg-secure-search.xml

[-] File Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage

[-] File Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mysearch.avg.com_0.localstorage-journal


***** [ DLLs ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled tasks ] *****


[-] Task Deleted : 0

[-] Task Deleted : 5018


***** [ Registry ] *****


[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (2).exe

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj

[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6

[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList

[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader

[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream

[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YCAAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance

[-] Key Deleted : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Value Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKCU\Software\Yahoo\Companion

[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion

[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion

[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [start Page]

[-] Data Restored : HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main [start Page]

[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [start Page]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]


***** [ Web browsers ] *****


[-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("avg.install.extHomepage", "hxxps://mysearch.avg.com?pid=safeguard&sg=0&cid=%7Bba827911-3d2a-467f-b626-05e1d79c7915%7D&mid=042c0fe279b147d18b55a9aaf3b6aac7-e76d711976fbce63c129617fd1ee71a404[...]

[-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{6be633db-abe7-4362-a183-ccbbd2617d02}\",\"mid\":\"042c0fe279b147d18b55a9aaf3b6aac7-[...]

[-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...]

[-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

[-] [C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.conduit.com

[-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

[-] [C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : movies.netflix.com

[-] [C:\Users\newac\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\newac\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com


*************************


:: "Tracing" keys deleted

:: Winsock settings cleared


*************************


C:\AdwCleaner\AdwCleaner[C1].txt - [20318 bytes] - [09/05/2016 01:19:58]

C:\AdwCleaner\AdwCleaner[R0].txt - [12767 bytes] - [19/09/2014 05:14:40]

C:\AdwCleaner\AdwCleaner[R1].txt - [4934 bytes] - [06/05/2016 01:39:36]

C:\AdwCleaner\AdwCleaner[s0].txt - [11424 bytes] - [19/09/2014 05:17:54]

C:\AdwCleaner\AdwCleaner[s1].txt - [20848 bytes] - [09/05/2016 01:17:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [20687 bytes] ##########


JRT Scan


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 7 Home Premium x64

Ran by Kristina (Administrator) on Mon 05/09/2016 at 1:25:48.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





File System: 59


Successfully deleted: C:\Users\Kristina\AppData\Local\{1E6EE412-D9AA-4AB6-9C1F-2A9AF9880712} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{6A54EF2B-ADED-4E7D-9F60-7B3100098499} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{6D1E465F-AFB6-4A5A-BD0E-7BB69EE4753D} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{730F902F-5342-48AE-AE16-C925704704B4} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{8B97B74E-A403-4F43-9F0B-85B6ABC73A16} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{98DEC232-9DA5-4AD3-BC9E-40F1FBBB945A} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{C7F16BB0-B0B2-4682-A39C-42AD18488F0D} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\{F0DA9FE1-9092-45FE-9708-CEC41CBA5227} (Empty Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\crashrpt (Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K988AAJ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YOVVIUV (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GRFOBHF (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OQRM8Z4 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YUMAJFQ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQRRXLC8 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP7S21GX (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTGDIP3V (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB7TMCZR (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM69TT1Z (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDH4IZAH (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K988AAJ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YOVVIUV (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GRFOBHF (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OQRM8Z4 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YUMAJFQ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQRRXLC8 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HP7S21GX (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTGDIP3V (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB7TMCZR (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM69TT1Z (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDH4IZAH (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\SysWOW64\sho1792.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho18D5.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho25CA.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho2E0A.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho45CE.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho4754.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho5002.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho5D43.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho64F.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho6D2B.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho6F58.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho760E.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho76F4.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\sho789.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoBECB.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoE00E.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoE0E5.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoE9AB.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoF36C.tmp (File)

Successfully deleted: C:\Windows\SysWOW64\shoFBDD.tmp (File)


Deleted the following from C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\prefs.js

user_pref(avg.wtu.ext.dnsWhiteList, toolbarhome.com,avg.com);




Registry: 0






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 05/09/2016 at 1:30:22.94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Share this post


Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016

Ran by Kristina (administrator) on KRISTINA-HP (09-05-2016 01:31:56)

Running from C:\Users\Kristina\Desktop

Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe



==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-04-29] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2015-07-10] (RealNetworks, Inc.)

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-14] (Easybits)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [720112 2016-02-24] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Facebook Update] => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [58C472AA051AD623CFE08192244161E972D1F5A3._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [DriveConfiguration] 0xC6142D477C3E07F5FE5919D366618159D63F935B6DEF714373DEDB9DD79648DADC9C354D0F99BD7A7CB96A9021514B34A3C4468040A7B04C05231BAC419B6FB9398F3C951DC14FA93B968431C673BEDAFBEB17CD6B03CFE0C38CC979A13443F1C945B5EC2590FCE60AA3B70FBD43F259361601CF249FAF28306F999C869AD4F69269D6EB074E93AA261DE6B43D7833EE6E8B4AF4B1FA8FB11CC018582C625A97A59B0BB9E14341CEC2840FE91AB8FCCAC129B4BAE61CFEB7A20FEED1D33E5CD4276C942777DF4FF457ADE389EB36B6FFFBF2F8194A6D926E248F59CB372188D3A38D6DE854E5E2624F9027FF8ECCC08E19C44EBF2ECBAA9DFE5F26C10D0013C6DB4287FCC4225C6125967CCDC0675C6C6243C771C20EDD09AD7A5B8E60D71DFE352CE0AB83864D34BF9033B3E764153820A1E4F5779DBE0DBDC49EB6288C6445182A8823E1EC2ABFC265A7D51BCA6BF0DA9C062D37878143A18AF2C0F8594E95FC007FD506C8B6BAF55E03E96C3222F73B1E982B1A48FF869D499F00648F3E159D92FF388081DFD247B4F4CBF70EE7343141ED826588A7E2DE9947CCFFD5F5DBCCC371DCABBCF9246CE86D278868B147A6D553EA64EA6ECF537DCEA243B454CEC2759C92DF1EDE573377124123BFE458045FE096F9AEA66370EE312448566774BEFF91CA83A30F5511A44A2B3E50E9A3126348FFD6CD264F6DB69D91E7C0581D548C0041D67FF728FAC649004997E05B19BAF7D6A949D0F96EB4B7AA5FA707ED173770A949B4FB3E1DBCA15CD888812F48C36DD3639CA80E2B1AEE3ED4AFB5902911B3732C45A04DFDFC3D6CFD23953F32B683C6EDD57447AB196E433A2851A81D875E4830B0F5A28A8F65A35FB5435B78E19A04B6BE7C34E342143C9FD739649DB943770F9F1E835E9D9CDA1F49105C421D18F98D1CBA7149B8B35E3CF40B75D7C6ED09AFBFB6D031ED4CEA9201B11F06ADD869973250B7B2E3D59DDE00D8C60CBD0B2C1912D9A1666C491BDCA2244F2D2A5A815C8DA29A7F18617BC3D5CD91B2B952A9B11F3406CD7577B1B736FC110C18ECBBDA86598B605023F416A21994EDA732610CD8BE1A0E8BB63FB78335CF2046362B30EC05BFB4DEF3E4B1DE4E05F8489101FC97D7D1E12A966BD54889E6A363EEDE8599F21A3A806A6C5923C3D9E5483CFA21F552A2A6327CC1B20FC31989C3E9A7CF65EA35B348CF1B8395EEE8DD82779C1424FA18D58529D20BF7DFCDFFA862C9C476E5B6D204526FF10D46A559F85C1917ADAE0FB2A899FF0F4BC18D927955BB8660945EBF9691AACE7D6833E2946E7F1CCA631A208134096B9657BC41885E4BE7DDCCFF13C12714A1F14FBD87D70D690BF6EF45338954027E67C3D8D12A81CBB490622DBE21DF644E1369ED7C6AFDA15063F937CD31132E0BA04C361D26C0075D8A69C9264828E5083FAC5FCAAA9565AF51D928F90067EAAC390B589426921B89D12EAAF2971B6288DA83D85CF7A06E1C782024928ACDB16DB16DD244BAE7E3D8DAF1A8AC9A95457D6D89627DAC4CD23F6F2BFF960AB68DABD7703A4C36CA0987D1539F782529ED5F3DB30FF5C192740130D440266A6BEEFF71DE3A6D703F3E30FD5DDBB59B3A5A2F83C053E9A495AFCEDBE8DAA97BB99339D5C36434DEFCFFCF06E278230C04B2D516C417F6015B8D28F61EA5033EFF15B7575668F247E2F404300A0D40256978A63C8A22C0E4F012CA795A9D151644D9ADABB195533A4F280524D7FD82FBA7D17415C85C48793B6A28FB8D242AA9AC91C766F95D8ED59ED819792241411A3A458E6AE3C3F1E8ADD2B6055A05B485A7EDC7296AE0808BDDF91A493A60B06588CC95AEECB44685D6E32FA42E0784A372B061C13D25C49023B494EFDD46E239A6366EBCE4646D6D0B8589D9BFBD2A5F386FF49DEB53902867CAB0807D6F4D43A3EF33A09A1AC00F4F3AE93FFFA37D95509F8BAE437B1CCDAF1DC855B570DD2B352559244256FFC8D46AAA56BD38E207DF6FAD979B35A7028C0E558B7600B70379F41C488B603A0C24237ED83BB0A150726F7CB88E601DB729021A5B95AB73255E76D8E1A861FFF41468435E77A1B109DE7268A1180246A575EDC1BFCC3C1251C39499504AAD7D55690693F13CD881413B4823C3BFE02D68C24012EBE7112560BA3BFE1038582084929568D8E02EC66872EF5A658BB6115E8E298ABE46B312F47DCBD3D1CA7A4831AA17F4DDD25554B0C48012F9A1047B213E2F338E793828C6CE7FC4D8251667F7EE81146970BA6A9F5E78D7A6ACB19508BEA05EA4472C7E39E57B5D76DCCA169CBC79572F436264F17F695F103354C69F7CDD3D43B4068E2F97ADEE52A46081CEC67221AD344F5BCF960CBB2769434A27A41D54799CB06FF0258CB895BEFA9060E75F0268F504DFA8EE2D701683101E458A7E872CAFC6D22966D73F4523A402BACECD51B2717BBC52348BBDF78CF090C0AF52444C4BFB12C577F4EF1DEA6B5D976B58868A88608B61958BFA1AE7AAD03EC17E687C3CB6031B4A0DC6C3C679174A00A64ACA75A27DF7DEDAC0AF6D4579D353DF07568559A693C00F93E4CA3A7070FB67E944FD2798A5D00926A511C5B4F57BBA79FAAE959BAC232F65A479B1943D7893967F1DA9807A403F0074245B92474D43F704913FE3DC72A0F641AB01EE4809CD1B527C0113EB6E34A6F253D415FA82B27EF143C19BFF291AACB1A244B257CCB395DEAA8A8E49B3D7B5E5E85B03B4973CD0388837BB2ADDEFA66E3E85014733684CC8D16FD78B9925CDA49D6370D8E425A60B1096B5F83E6D4B252E7CC115A486A0BF0E52653F66FD81CC5A94A495EAABE23BE0D387376DEA4A11B7CAB10B8472CEB8ACA85BBECEE209DB4367162650B21E98A01733CAF1A82F000D5A4967FC64E79B78E8B36CA1D5F1E2F20C107E74C27FC33125C1F5EC42C421950F266F5DE5437A51091682F71F075D9EC191AB35BCA2ADC67D455A41C67EB07BA5754976A7D72EE3497AEFE5AF40F418993D0ED2921C51A96ABE2635E7259C16B891FF39AAE8AC581E5B23C095BB475E57605961DD5DF61372E2DA4C59B7FF2FFB2EC0BA2F573E9BB87203460FAAE54463002DCEDF85F99A2BCCDFF5359FD31231F14BA2DE14A0A40C2CB87F5BE4E24E455F017B5F71ED8FDB9510164852056BECC0E77ADED04AD86F5B34C3F62BD0062304671D90E58B9A998B96C76E37538D66B1FA94978D62ACA3AD726CD407D8186CA8FEC836F93AC76142453A8E6CEF02280B11E3F49B99C2E5E90ACEFA417763E2D03A0E4C9524E63E8F0807B6D17A4391D9D613AD1E84D44BE87B30B76404DA2AF8C17EEFD4EDF7C5CAE5C3855FE8B504221BEA3B3CD0FEA5490780E96635A3B98B459536FA1BDDD625BAE262ED5F3EAF22AAE17DD57705AABDB3B7A6D96E93275732CF1EB5947AE9260806CA37FA0598B21A30B4C2F7AD3F59CF928ACFA5A5CECB95651E67654F998F5C5AE4AA57C495D77D1910774CE34F254244A0141233F301DF5B121E59B6E14F2A5DE498909F03D64B508AAEB96374C440BBE92DEC3F0526592DDB06D4B0BA71BDB4AECF2FF94AFCE366A54152A1A3841ADC7695BBA3F164A602B2CABE1E7A61681108C06FD18E22B10F046A195FC264CD9A4E4EA8807397EAA293E62E7F3D5E9DEE022062BC85125D95D2DF1C28F13F0786BA79DACBEA26590177373E41213A95771B4AD88E3807A3693E770E33F454BD9AA7C7003BCC819A5AE607C6D7AB4D7C5D6287F0DD8F3C5B3BD29CFF460D1365EEC51EEAB1CB5E79571BEA9ADF04EAACB989626E36074BC53C19E8B9953EB957C06BA8663F260FA94EB766C9BB40951F52F259825C80EA5D66D4DB0444014148547A17480781E18B9EE2904C32E0A615F7709A8FC1A57E99C86CDF97A879ED0DAC81DB6C4BAA892BF3953F611A06A97EF4229B1433A68C0C28726AEE4AED8D04CF4DE9BC7913894FB3D438A0DC3F8167E35CDB8E14121DDB31EC38D0C51C24D0B5C11B821865067A48CA341739E652A70A2C98D2DA0D954035DDBF3C4DAF3D2897E88F7EF5F04B0954145C9C8CDA020387921A3AA62EA0DD605472E02CB05680A28F3F79DDAACC7A233F12D6C8679B7C4FA3AE29D3B8D1DCA5BD8D8A3772711439D359957601EDF04130F1744B9387BAA5476471CD211FAA254C4098A4349A95CCA3DC66DC2A62C046C3510B63B4E26566B7FEEA8E570C33A09D061C95ECD3CB902AD1EE1320B0437124875E87F521A795A7E698A2D53F267336E037A1C527C31A4814DA7782AB8182AB9ABCF51D1CEC85501D5B1F089F1672CD5CFBAD9CAD128ADCAA208B93937A83DA6E18598EF2EA0949A46FEB914083384F5A78CA95824569233434CBB1AD9F4550E8E9C211433FC43A7AC3FB8ED6EA16CEA222D97FDFB970EE38FA037238998AF1BB50E3A5A3CB2120CCC2278E4164763BB0FC44541BCFCEF2D143EF549D47F06C953DEEA29E155DAAC425E81D7539784D875F30E2D29E502C37E559B7E1427120CB540A288303BF072D6E7E02CA25EC40BB9905DA80D00331C65E8284A190E1C216EAEB9CDCD4B7DF6390CC0116956F89F9DD45C454E71AB286A622077E1BEF5E7D53E6DA2732F00EDA6F711A40E07E1720F84AB67A8DE223D2DF1B30CCD7C8AFF98C301FF10BBF8CA258FBB0E7B0BA5E5C11922071FC921FBE7A952F44965D819DDFC8B00221F2A8F8DC2615D51F0E8B255632044D64BC906EF27E488D063684F0D7104ECBDF6C161B33E2A6D310835936B6628884795346D815F34D5142E93770886BF2C15503956EBE4D9398F0E1968C5723AA060CD84B1A25CFE226D972FE04E49BE1842DA93E19A7D241D275BAD08C514510662EAA2C761CCA52BA6DBFFD5216B77AEC5703A57F9F6BF43CAAC5B8C1ECC59F959132177CC187AB4BF354516F88CC853F12878CC1086DC0B5BED627D694EF4B5C6D6046C5632C1DD5B8D84FDC10CFAD37DE056B191DDB788B40420BB26B247E51E3FF608EC3D3C6F9F23FE1CA9551E7D66A3918C93624AF3B7FAA3797D5B0510785DC598C604B464EBE87D230C3B3DBA8E1090ACE9E87B2B398E4FBF3C6C93F8E003EB4F3C2624C5E2D60D9644E9E75CCA33721A1DBACAC85DE95D6D6480D20B6BACBF259BD3C70AC9E4C659CA5F47A7BEAB8ACA66B75FD655C596912BE331B7E33EDE1901156DE2FB5257E62193BAFB6A9294FE053F2E0A4DE1283F67CBF245EA26EF2A1179995129D4BC09475EBAEA6EEB2FD071982DCBF33B3100EC9AB39A21FAF570CD3F88C75BE0A238D1B41D2C5EBAD3CBE971FBA01D8845BF0D47229FC8901AF196FDCB86F599858539D4431757441EF955BA453150E5CF9FC135FFA189C64417E00BDEAA369389D67CC431B521F53161DC68646744E86B9FA5DB16B8EE97816CCA9054BD7C921C256E254EEBD294ED5CEE6851F5F29206D5DB814EC11DC4B8D29A2FC8F27DCF9DDAE2F7C1AE7FBFD2E260AA5EB075E07F0BC2E0BCEA52B2A6A2107E1A2A5385F340BFA81DB2C9301BAB0DAEAFE25FA50C04F743D28BF63EED8A7044088ED7565ED7EBD95DBE0E50D9FBC1C459E08A2BA6C56CD37386A6241009F63A00187281A72D2B18271713BF23EFA1154A74FA527C37ADF7FE3DCB54EC687FCE30CE87EB0EDA94C502BD555C8453E380EEE1C57C795BDF62D5526C6E111A9581BD549F316BE403BF630F1565D1A1E4E397B5BB6DF25C3915EC0E96F0D1311D9677FA1EF19CCD2505828AB3A786D30F2BBA3D76767C63B121BC9142062DA67D389E895FA26AE630BB01A4341CAD04BE3F4668F487514348F420B778F2108F0110E28183DDEFE0A5322E3869C4E8D3B9F1BE346972910F625E9D7D243BA26DD7952ED1853603049126F5BFBA20ED7C695CC2EDAD0ADCB839467CF26E21633E427056780EF22F46DA8B05F2CA93C51D472D2F6F23670A39496BBBBA1B0F1D36C581F1488A594E1DDB095BAFB985261AFCA193BD47FCAF86C858B76EF4395BDE3E3F72E22AD439071A7E82A4873D1CD848E530AC428B3A21433E93EC9BAA360AB748D9A5A99D0FDEAF4D8D5D1395B93039A970B5B95DBE03D10483C79A7D9C47345A1CB81F154C595EB0995FF1CF83E8E26FA1D85C6C3FD6BBC2B2CED5160ECCF837EBB286260D8CFBAB50211F25683A534D66DE1CE5B242DD9AD1CB9188DE46B2248641BC48C6203A1794B711BFB31BF775810853B0555950DDBBEA10895D5CA7F9ACB220C6E1DFD4991606D895F9050C635A68DDBD5689AF30C85424291E1A5F3312E806129BCAE89D492EFBF86BDE9A1B7E86C4A642DFAC7B22B87CFD4597DAE3099039583BD117FABB036597D5729023845473639AFFB7E7216D7F81726E45A9ADF3635DAF2C377976E74342A9B7DA67326EA72127F7B2CDA80B21E824F2A459E852A9DCE907A9E365576072E1A60DA953AA4FBA83C9C550EE837E4807916D445A26BA0C3C85EE0FD6EAF615AF19C7BA875059F601FCE302C848594A662458A638EDABE302E259A9B28C260B6DAE976170C92002323DDB48C97B0EA1995A7A2F3A64B18AC6B6AAD53814DD899A153C8F82FE7934678B0908B3807011060AEF6B816BF6D93FCE2BEB1B5C33734A5C403A9F9EE5099E82EB05A38BEC02B03E10880BBD3239B6C00205C419574275A4A9360327C0A101FFA0505CC92A235668BA6A2F49E6F81EB422A9AFD2C46F2331729A83BC1211D03369D5786509DA8E67F678ABCC67CCEAC06CAF63C7F23DFE694EEA26BCE1DBD6B24955E6E337A9660D6678B897F3BE053054147FAC041F2359C494A186BADE439804DB112791675A65CCC7A67E60685581F7A096F327A9B3D7CBFA6D0E36660D96938FC0A002E21C2A0349CEC982E9551242139781C3933063FAF7D68947AFF77E44E6DA91F71C984FCCB2A59E03DBB2E013406FCCB7E731B825C0BFA2AD88213A459751E1974F0859B0533190A7FB60335806AFD42A942C250ACF295C25AA6F61B5FB0D7C5C0B0AA0CE975D944330426B8092CECE34A61A8E3EFC6B92AEE8C64775E7B1B04DBCEFF012C44A34223741335C5611516AB4EAE66A8D4E899AC31D30EE9E3CA453475F7954DAD9A197BA2788561B1466BFE2D195B33C3FB08765E3E4BCA470F6BEF914E9BD6B49DC45778B8852615047804986AB8328865A02BCA5AD592C229866ABB01F28589782B3F6CDB1A6B38C2C4958EB3E8CB4B3F3A381FB92E774FA056A31E7A3504427351D79948894D1963A9D505473C9E672FA158BAF2623BE72AC04B739593DAF6BB514ECFD26C2516DEE135D21C0D396CA1C389643F9D299543A88F05D1D6C27B87AA9F1A47D329AA4BF1916C5BFA04A244DDC852856687484B62EB5AA0036AEFDF8664C26B126BE4A0E4E1000AA9C9E3D52BD73C8530C9A0E79FFAD148E5353FE497C7CF95A159D8DCFEFEFB7B46F0030409D318CECC650B3900A9E7F23144C9728027F1C8536E18994B88046576995B0BC71CB590C3CDF41C7CC6D845C3E8CE909A7C0935E81AD42370CA2744046A780295F650D30AD02F2D50453FF6536798EDA219DF389FC825B483560C8AA2572C03F080B59DC55C555DDD415C68A3831ECDAFE798A68D5B575FC0E4965506D7A6A3DE4C933848D0052DCC5A6456BD95804018BFEBEF7A8709787EE201AFB1F9ECA201D34234CF1B9208452477A1EA2AC7C773DB0D2CDC153A4FB8F297A1C602FEE6C4D74ADF88C70C264CED7F594A71BF7A88093596F6C056A5B6F6958DB2BBA9753C95F24CDB8BD3A426EB2F5CD59E1ACF23FF534B76ED0FC5421FF9CB2BB876B96A1C2D307101C7C4D2C9F3F55D0FAE618880C13714EC8BEFEE9C003954E7F23338008FDEE9122C95D3F08F403238C4B4DC73B25AE2B819BA3C71D515BF746DA44970EA213F8BE5883949E41FFBB0E7B4A7AA3D2632AA9C261592713F45D4751464D881EA399EA3665EA57197380B9D362CF5CA2D9510319E57E01A1987B3BD25CBED3A6EF2B56C734BAACCDDB0D19210C3D21E0178659747D407D274F3F175A5504A5C58419C3B7EC18585D172AF8D68E201EB890E1722BE25F07F2B8EE7441E2B95E506E8E0D454EC4F5799F5E6B844CC1C21260BF7101B2CD205ECE55D7D74B8E52402C5D647FFE47E88D1F013D5FE65F89B952E3C36CAB863ACE04B6A9C4C9A057117992BDB848ED480F36B0295EE055BFED5019BE473768B614F2205BC2A13ED13330C09E77A2A13DBA7C70DB9EC9FD5B63831F9F7AE68CC54557BBA5B1112D898D2AABF130B3A9B1B65177F42B515FBA92CEFF17ECEE9A4C29526B312503791841BB5B963B776FC4D1B23A968A533AFF75E1A012B7FBD3F3B352A92B6A286D7182446019CD9A2B85263474671E84DB4EE5D68304E0562B2B834C9E04E59E42EBD3BEC4913839579B6D17B3BB64215EA6E0B2F80440215A58C44486B64817E3BDC9BE90F5B70BCE23DF3EC65C18233F423735BC805F1B96E1306F778E7F817722AD9B517FD5A8DC597E03C2F2FDA4B521C516995AA3BC0F8A59127CC58315B2F7160A0286DF879FC0B0ABFF600C7F164ECA1CBE28DAD1ADB324CCE4C730A51CB20C617C8771376149ADFB99F3F527086AAF9094DD824A568FE8D2401313A82F59567A467209E18F9DA5B5EF5C15699FEB9746E3432F56809A9EF9B5072FB8897B42E41B7B54BCDA95836CE9CE3AC614406324674194B41EFA6EEC07B2737BD38115DE63011E4FC2F951479D58E95A975E974CCCAF08B4277FF66E442CDA94FA10C12DCDBFABBD26B3399DBA5C949B59C960C2A42D10F42D1E0F1B76A6D7FA9FCBCC293683C3B7EE35C6D759B9F9C389DF3D534F63E2EB3183B4F9551808431AF96EF266BD51E1A4F2B5218C8A3800F9A41A7D7D32D606FFD14B78998CC3948C7374E484A69CADFAC0DBEA2BE04942B43505B1AED315F5A898DFDA57695B54B5BA6812F196D651295FF4F48143D0802779C92B6A76C486277BD4BB4AED22520C2D2AC2FE3C1291A3BAFBA97752FF5F37C0BCE618536BB914F021585A993C2A1359411016D28E50EE3241654CD7B148EC0F9CE03BC9535D21669C1B518A0A3B5602D099D9ED438E96C91C62B262409ADFCCDCF5845554FD4164D60F1149AE94686329917AE20D87C5ACEFDC0B683C108642BF335CF576E0BBC84499221A04DBC3BCA95AC49DB59EFE80021319FABF18B6CEF60CF2D48CA79BD2D95E260E9B9B761A67FAAF9CB8867738812CA8EAE774F23C5F6CA0758B658339408952211ED0F7BF0D8FBF026B5276617293056671C95F5730D754B8DA924F2B51766C8A244443D53405D07F695E61709D8EFCBBF7DE865A5EF63BC85E01B318ADE36E5A628C72931BF9737D3C0251FA3F0EB039099E38700954A84B8A8A4FCFC12009553F7657DBC5C950DF14E4E79277E8AA64193621644CE24B10BEEA7C63B51DB4D7A5DA46FDC1EE9479E30E7EB17E0CCA6EB8E81888255C721B9EE8589D7D260A3C29F8DA372BDE3CEA741358195D712DE756B4A9D412ADFA421F682EBF5B6C7CA8D9387C7236782AC297249DD454F5CE99B278F5F4A25B2E3392A708113C178409055DBFBF7A1B56CE069108A3F6805159E89246FAA5A16ADF195BD81EEEAE02CEB367064D0250A9E4A7CF35DE27608578908F8D37469B0552AD2177DDB82FC2DF3064CEAEFB789856F8477FA8DF219986E60DB62169011B68163A02CEFE4FBC17F885235FFB49505B103805FAD34BB8111EB2F9C9AFF266480DA2CC156D317C731B745E80CA925686B2DF9123F7FDA2A0A29FCA243D43390FC5FB6E0C22E2346C5C5C47738951199FB1576F8781556FACA4F4FF1552540C07F7236886639A91162C4CE8D68826A8080A9E47F791F9F37DB9B86B01D07E9D31829872BBC83ECE80278FD2921AFD17B05BDC29CFDFEC485B4C3F6A862B37777436B7B2548689EB0C30D27771F0C8A7108107ED656ECDB2D496C8BC6BE8CEF93B1E87E390074B067726D1A67F790DAF33289354934AE7F818BED3B1F7B0384E58BEFABEA43A722F0350999F33A1466FEFE582A42BFE9ABB269511E1B28662F3A140C413AB6774987E101C9EB436F02F73B7665A5EA7D4C3B8DA5E7730A0779D8C83CC473C423C1A7E2DE955A801EC15551A199EE69F8F7E4948E308AECE64728AB24C6619E3DCF794A99D5552CD2D0B948E987DA4CE6B815732715E1A9F78C03F062CB00024804D838B1EDF1AA600B5298AB3111098A430FB1ED40E218538013F9983A8AE80E484638D02F511C535AF2F40C3EA6276B7C234B668F191C1F274AE10BF377E598B7262B149FA15ECAD242076E4BEE02BBE4E0335AB4A875069B73D3EE1B8CFB5A6A23EF92C54DFEFB064DF38479128C40EC002E5405F4EED614D8825369B980B3764FC9FB7BEA3B1AF9170220177119AC44BA0DA31E2A05289206FFC845755CF4338F9FB596B8729B0A2CE9F6EEDA0B490D768FFC7ECAE351C84D72994AF627A8DB522DE986ADD5FA67776D8BDED35DF14DE4490CA03D8D973BFED3643040E5E9B6B4BFFCD686E9DB6888046F3E8CA2D29F115B0EF7231C28CC7CC35DF4EFE9AB0607FF930EEB9D1D8584161E80E250B69C27DCD31C69F71F9EEE8943E34D1FAB74801B3A7A94A298C9A5B5CE1E0A9D10A5CD8DD9BF5E833D01886F7B80A397D34C0C3A973AD27383E7B26151F9468589A8796B977D3E8D1F5A817495BBC35E20083B92AA3E5A2F28067D93D1CA369A6164C613BF32E171DE6DB0C3E1B61CE782F24AFAB458621287C895304D5F5E70FB480883D1D5705F3ECE0C35FE082CA4853A802CA00DDBE55A7236CC711C38F82F19DE74B1E9A6B47174EA75BF12B372FEF088E610B6844C0F67AB693E887E8C3F84CD15864FCD340D4A6AF34967DF775D8D83828E3EE63DF8771C357FD759A30804BEF0E84A7378B19C86F68EBB43B3C12A22D45E8F7F5A3608516DA21C52F0C4F161590FC024C00987F1354FFEEF57DACB78228200

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [LegacyDrive] 0x1CD8E0402AF9DA7E2D01CDBE60CE76D90B17F87705EB7E26775A21AAE2710C94646CDE1637284F167AD7178134F70BE296858A33806E17F347464778B53CDE87524E3522E2B9DFA12FB48B04C9095D2C888AF458789E47EE46C36DFCDA0EB7E02A6FE4AD0B3594CF47D5FFF3EFE7E721F371CB2BEF685E4B4874370878F4CA59A642970D7A38A16A2FF32215EAD67D314AD274CB40E59B7621EAE10D32F96F5D932253D01F16F2C9F7821184B99BDF07A6B5365600121EE7B6F8935543068758D4C72BF5A9886BF2BD67B78DA9AD096DC65E24D9920D192855F51079044645A465BD516F7477B6AB0605076EA5ACC65D98DA6A246548DBE0489941E2DF3A62B0278E2B4DA7488CBBEB1789BD34898FE16E2904BE62EB217B2DCB0490F1B001D1CA963AA804EC6FA28B3B172DA209AF9FD8FD52A67B38438AF0C13265A3152DCCAE75C711E9ED2AC768CCB9D64557F4CE9FBF9C7CE25018BB49EA188DA2B5786B511167D998CCC83C1698D8F08DBC1296E8094FAB7C10325F8E92C3A415385A85AAC284BFB93E088F78B2D6E28D8D372AAD81A05E07CFE1591CC5A07CD185069BC207B817DA62094720476D1DD4CE3106BB756A11B7652C549AF8FC8B3C798703CB2A93B7638C37B8DFDA47D2EEBCD7136C69C951B0E4C657EC822E8D380E7923594833FFE67D44FAA95B754B48023043255E873B82B578CBE97C703DCB6F0D4267E028E3ED5013BAE43C1F61C939622BF943B712D05305F1132FC7C5F38B86BE4CF33C1327140380DF2F2BE1719BBBF432AFC05FBDE2E5F53031443598C27C13A9C604FBB2A3BE14D153D0C26307AF6EBF117C89240094CEEF0D63C812B67895C1A8DFE96EE2ABC355F818D2CA20553E593CE5203C2F72881A986D32874AAFA3CAFC6175E44219F0CDBC45D9018ECD8F3B10F45381C67FE860921A5C7928F7253CC3B86FF4168FB50486A48F7096B7CB9FA306BEB65FD171DC2945DC87A695D525737C767521D38D2381BCFB9A1E205A190A5DE309DE388E8EFC197A5C177790CBF691632E745F5B61CCC813A21315FFA206A652DB06E31F236176BE82D3B77141C84D684743F4A341986D10B450585BEE8D1AE61CDCE0BB6BC6E0C46EA1E23EC0AC006BEA5CAA8787F0ECFEA54BF4DC6F03CF8509B673A6BC9D026B53634DF3C5379700141F9CF47490D2F9B03CBDEF7FCA2CABEBE10EC78D58D04ED3356E1BBDC7089B918C37D4D051A1A7689BCB522B462F38806C8FE55988884D65DC6A5486104794851B4A5A04664AF1B52F9F24CA2C35FEAD72DED4F094EDDF85870F000135E61D084489013479FBB43A4734616D43C46584D8BAA69C3CC42680A298D729B292B281369E036C165807098672B8357E56E8526A0D8D4623605CC61F3D99D4E45B2D86C321F9C30AC2C56AE7DAB14D85632AE5F0CC333BD98FAFB6DD64C7EB0AB58BB6A053DC8A146789055BABB8C864DA8885E764F4595D67FA5D4FDBFD77D40C6977554E955F94ECED01ED6150D0DBCBB7F0D8BD9C188FDB938978A4EAA9E539D13C95301C151F913939862564410DF11E004DFDDB668459FBA43062FB91DD42ED4D3BB62524731436B5BB8C1C5328AEBBABC42C88A7E1E28793AD13757E06A0F646E48F71D2890324CBA8C9A9F24DC91A8A007FD40DA34D7B1F9D163EC039085DC548B9E8890E76C9E05CD7044CF9973E7446A37CD122712EAB0C936C44878C7F52C3E2A3B379740B5D170E9526941D3B215FC75BAD3CECF50213264E2469333A65D69B322BB993A7F32A22969630825DCB34C9CCEEB6C880003F346CEE9703B9163719D0070124B5882FC596DC8AF0A345DC9521C7A780BA952E177D185236C1B29A5F85E5BFF5F446D354473781082FB8963D7380C077DA4C96844B78D9AE33CCFA342798DCFCCA03DA82F2A00C140642C641AA12628F9FDE406CE4B40A6722B03DA0461295E57D7093A79F0CF905153EEADECF84FE3455971732B891F56EC955056B8A2C7A62E2AC9F4295DE6CF5729F57E5CE476CBF3289A076519A638B3D96748DDA1FF9DB9247CFB14AB01F6395F13295E3283C86898E3E21141D4725EC29ABA5A97768B7D9F509CAFEA8CA3AD7E5FC22E1C4AB711CD27F411206E06416F75D3FCA4B4FDBE373B939319573E6D9CA88D0E58ADC58006412A87AF3AC47F2930D74EAF53D1B8E827421C350FBF44BF2AC5CE3FA621661BBAEBFFF54CCF4F7E9D5B850343516F73D60071165C19590A9F341042534A3B4D71750EEA678009BA3B5F1168E1B863F9C9F34CA9577CF9EDD8708FFDB70E8C97ADC068B1C7AE1185C4617E6E70CD8B48D279970978F0D575C13515E0FE266D1DB50E53A32D7EE84625C626069B452E80A67B78220B4630833D5372649839703FE95BD1B23D7C6878BD46DFE274490726ADDE35F340CEEB9F88A55221E305C61A60CAA100FB44D9477DAFF520321A820812F23FA4C0445F7708A1C7B0F6D74AD042CA02CC57177FD8E9D9CC8BCA89502457628B0F193AFC205B85AB1A8C1A7D464638726D70FB549AB1945CBC71980A8C791EF11AAD1B66CCB18239C13FC87826C0C45C479B328CD845FFA15B8E352A2901AADCE8FCEC04C32D80DC5662288B588AF478D027A7A730A71AAE30001E2C5F68659897007517668203F3F963F2CD8EE135B8769422C3E085B4028160BDE82AE9396AC7E792480CA7E96E2B4D1B198BA82925C8039913095D0286AF2DF3E9F30D29E183D804F0D857A35251D4840E09EF6E33234CFC870F269C27069E202EC78688F2865FFF0D52D7E2B3419DBF47F92A91E8436DF55932BDB0F9AB4A7C08F027A4D0E4C9F82C44422E04A0BFEF454561CDC1BD08B3749C0842FF930FBB6DE4E750FC2121991332109A879F2F31CCA2FE296C15E5B600DC0A56C66796898C6F27930D57CF5B4A5368DDC9F3020DABED08F95DFFA75CDE0085B359A40BE21D4DE43B8E46E93077482495386A60EAEB69602C9BFAE5E0941A158DDC26E474EF29008D73375A07858322306AD75D4C538BB8D383FC362380A428144EAD85C18F57A430B8125D2EB6FE91D8C4C5AF4CA8CE99539866622C782C4529C131D6645A7F55F125CC36EBC15ADAC4BCD940B372C508CCE583DB3D50EF63872F160004922EB4BE610142F5B922E452A339563A265CCF6091359CA5ED605285ECB87BD8EB2B1E2714F4620FE0F0DF451EF23CFA19A956172D12E170C108EE32B6F7C3BF8C67D643814A6F0C422AE85396347E1F01FAF1B31D0822CA3CCD2B9AD072579E226CEAEF808FFD78B67DA9E6B634E47A0773C41ACACD8FB0F0D52F8115AB626BB01116C2749D682F9D180052E3978CB151F38739A4DB141CA30EA29948CEB2ACD6FD9DE7763624E9543E85B0A5422A87A46CE5D6F6F7A22FD65F6DC8DC0068A2E21596C2C72BF6BE47096B5D66785A8FC3D6DF15AB29DF5D7E6466F4B1C2E5BD9BDA8137FA0C3B9EB88C2D491EFCC3EFA02E53D5F95EC1DF0765707ED8C306D28D4AB4216FF88D8130C94530162725E331C9B1C89A4A462DC83BF239C77852CB7C6F311BDD3B26742EF9B3384717AA34E0912FC1D5162D480A52781C535A2D1D158959BFB5023A6D60F3BA549A5E78E03596A6F6C408FAFDBA6859609AFED0FC53E32ADEA1619ED8F3F99BB7DACEC37E61AE6B8533B8611DF14CA14A3A4C85571C6FB30C558DB0EF89DB0E3B7E0A795FBB45B26F79B565D1248931DAA37EAEEFB3C315C2D745E91917BF02927DF8B4165D5E2D1332BD93C3A7EEB265EADCA86898D46FCABDF7064FF7FFFAB8FDDF3E1FAB1779075EB0C4D10E9E48CCB3AED8CB888CECE84B2EED67BDE6B93DF229A60B044B1E40BC4C337B51CF246F846DF78AE7F66929B4B89D700B9A9746CE8FC1CD6CA3BF0E9289BA19FE6FFD811896CD68DF6BD57EA7C98BD189515A06AFBE9EC6E7A14B862D3A95B9331F77963800B7AED80753BE8184F03CEED7CB83D342E539DC4AB91037050EB5593D6C9AFECD4F306AD85480CCECCB253A77559B4BEBE17F2DE162C9B69FE24342FEE0B5584FEEDBD693CAD4C8AB4FA8D936E89EB9942A122B5EDDDF3F2652D1C696A1F87AA5E5DC25E5676AF2B71E17DD8683ED6B267E05A2E1C894DCF0D748C4A2E99C6E8B32CE82D23C667D9B7AE896868C01F82C8D682A9A490A1A1FB08006D1B63017908A562191DCA0832F612FB378C9CB158A2368FF66174AD593FFFDAA52530E00AD0DE083C7774E123AF463ED38C257EBE0A30961028ABEE35DC619A081EADBEBCE00903263884487B12ACF15A22B0820D1DC66C0C29CB26C292298094BEFE3520637BBFC2F7896F5D69B3BC580E40DBE6DE9F918BE00946DBE3615A856F5FBC9591FBEDB8E660D1100F8E8D4F3F7E835A92675D489535AC730937CFCFE418177B99102896995BA3541AEB0251175AC2259822C8383310FED7D3F63D88B8A06F9BBF0AF502E4D0466205E6D96A95E88945648076A70A6C59459AC188712D09F1AF448B511AA4CDA7036458E9DC44BBF55440D3CAC46549F8CAE45B553365E0F21F9D864E5F235FC9227F9C5BD184978537E01788E5F2D0D6D5DBDF2AC64DD8448B06CF37678E279F1CEBDD58A381D58521356ED717D3580BD9ADAAB541852F3DA4AE0127056D5A9789A5A6142BB4DD8CB1980F98DF564002EA9C77842FA512D3255D5CDC91C662E84EF99A02585A3144B41DA6EDE4483552BCF2E86B20F973280FF75C08E0715FE7CC521017AD98C2B3054EA83042BA3A3541D7DAAD1005B81AF800F32CBB0F00921A7D50109A4D2DD2882AE500953B9D2B929983BA66DCBD3B8F962969F0F3D1730A3F63A213A8E13B48449AA7835659D110CDDCD0BD0D88C630F25A087E12217FF843EB4D485DBDB4BE418734E41B56F458E3CC63DB2ACD1FA595137C16FBA066EB042FFC9BD9444760DB88D7D64912FD5C11E639BDE7BBF60F950275DC92230880D50A80D2EBE2E807482074D2DBC4B4D0E4DB0D240A496A5EA8C52FA269256E0614DC5E3BA995C10970AC114473C1B8E41A79CC2FE16C5B91D4886690B0A82D024568AD7E1E38681064B06431002376F60077C0873C3479D339DAEC824D78C42B047A86C8C3C35F67ABFC2021C02B87504B87A2C0FD7C8A2B98544960ECC20170510DF26E2471702F740D374DFEFCFF725CC350D379EB98FA48EE7AC9B6586ABCDC26776E7A72675FA15209F4AFFDC7BF802F7B01E3CF836D4BCF182FC754DB952D3518B18DB20CD17754411B1C1C08ACF72658AF522371760D09BFC99B09017E4DC2AA49D3B488D6FFF7A315CD2D68D5A1B50795CF21199760EB86351363A678A3ECA6E748682E9D80F1409FAA0FCA636C459502D57FC60F0EF057EB06A2BD8AF4B71CD232F5B7454F82AAE05FEBDB43966B2E11166BF89A0445B6B8E14D00F61812B8F8D3E18717138B8A4B0068484E7D9CE8FE0099A003A1E9E571B3701E12320C3B29DE7214C1EA1225F948288FF9CD495F2B903C13A7930C5AEEA55B1CDC86F9BAD84DB5974E0774D75FA18067D707223D5F8E72E1F38F6E2C97554A4F463A07182C0C47957114B66029241CAFF8C8462EBDECC149096E42EEE1D38DE4C039955DDC8CE5CEAAFD3EFEA4B0825D4AB5D098673AF16A95FFF3B5030913D1769BE0248E629EF34BF0E977CF6B9A346687EF86CEC3B1E57D8C8DE9EA1AA3B0BA79556483B715005D5BD5FDF333BE2ED95324E8215ABA6729F7026DB6AC082C47D25066A3DE0DD3B5E293C399560F04F719760690B3BB3D16DD45C74143A04F1F95887331AB8BB2DFA2E9148392C2C8E634C16390FB561D30ED463E3FB266D3E1EBA3A50CC4466CEBCD763F8505FF4F9A3851D5CD8CCC4908563BD51D329E09A9522CD03E1698A3C1DD94FC101BE0930EE8ACD4B306699CA68DF8C2F2A8E871AA70FD2ADB10C808BF277B48336DFC086B9A384FE584BA4E9B877CE67D29FD691EFE93A5AECA031F28E64F9CCCE5CFE6D07683CC538CA86B92BD8995AC5EE8980ECD1BBDA631B4EE6346C60097AFBEBDB3A4463652E5695A7AF2F8C81E7D2DE2E7208F23334C15B25E818E3741C540EDF94FD0F8EA8361FA032300E143C340027C7D216C57E73776959842089BA3F4B5883F38DD729B15BEAD8E8C9D7B23166821554E9B4117EA606398EFFAD5C42563B50EC9344C6D83C69DA497973EC75FEF67FBF9C3497D3DD9A1E6F22D8CAD41939DED699F2D9B68B5C2F2CCABB5D336871BFBF5E8622D90C8EA570AB16969642E8E676480E4BD9593F9D48F30C0E278743506CB813F945873DAAD8C967514F3D6993CFB77CCA6FB06B569748F8112961084AFF6062E2427DE27F3CDF5081B34611FFF443BB41F8DA2F43CDC032EBD0C9742521F2D55D78D29CA7BDCCD6E2171B7F306A6ABA0A51D9346D853C4763F7883F1E57EC860216F4146BB059A32507495FC39F88BD4A325FBD5E5CEF640CFCEFD630787F35FB6CA752F81FB6EE6BB70E538D91B1A3C2669D270B769EFFEA231433E6B7DA67BBF9A46FA65833F3871496C74BBB87C6D8F37486DA6F063D5865531F31C0512C0A3E3598BAAD89AA119BCA2AFB7C716D8EF485805D399AA7D615296B505BD8D69608ACEEB48C489BB1004455909E57F5748B794B2AA78E06216FF2830027B35C8391CC20F95DB1099B7A5B1F81072FD39210246B2F7FB2ADB3D2DC6AE0D1A275406B601FD9F6BA40FBA602B847CFBF78D5DA45C7C7BCD99E0342F0EF2F356A9304A5FA24742016836EFCADAB147ABBBC33395B760B8E728AC3A6FA33EBA8BBCE911BDBD6568A0A344557B6A2746168B3123CDC2BC2FE2144B2F1711C0CF7D57D0418757B327625C20B389C8780D94A141F5504DD7A9159A5E095401FBF970952C4407CFB5F54D3031E4993F6D37CC66F7D480E7E119EE28C1CD0E4DFC57FF0C452EAABD6091A2B12C784FC5E0CA4C3795D00DB805EAC5C29281872B893CABFBA977737ADFF1EE8E54C41D44DDA99B55AD811FE4EB41B2F78B1360BB153112C3E26005AA2EBA7BF96EB1B14BE45110AF70C5A74DA91DD94D2C4E53F4347B41106C73C297017A998BFA4C2520CC5F9321296952901A22C78C4D954B4378B0EF325A3EE9948119A6B26BDA2C09E5255B8B74807307F465D7E57F95111691B0154B6903CA65B2A1C62D62B55946E316CE5F701CEDADC2B2C499EDADA8B6845C76F504611E1C70BF9563743833DCC25FC83F79DDA6DE2E432B724C9D3D18099CDE9999F500EEA1049B04EEB5FEBC67A462364083C54F71BCF6686758EC69F9205B069D028941DCB65E3103A0BB011CF90D3B1C2A2295475E783B2E50E662A46C57FE466BF4A420B5CD30721BC315B4C8A5F1D7759964CEDDBE234D710F48D14C8AECE06992F892149338509EE4B2DC55F13591B39934ECD6D5D54C309B46F6800250FC5C01A62E9FE14E9F52F4CC3A81AA2502F23FF23AAA31067AB3F751031DF00450439AF6ED4F04478C01864356ABAF897F817F6C1D0FD6993A0B2DFA284D84DB141C9B4CDEAB65C628E3BA11AEFC634C64D5C6DCCE8624AED63CDB3A5E5C8F24CEC56F6E6EA9BAEC129B82F9FDE9B069002B49BEE21CF09F04A9AB854548EAB8248BC57A24F58582750C66ACD0AF9BEEA3AA938E6E887B926DA8A7047877936628268DA427386A120D35A4153952AA2BC3967A2BB23B71CD7057626C7ABBE60B5C1CF497DD70B26B779B8A190A4B7F68D021C299941180EF1F0BFF6DF4DBE9E23D4EE7230496729598A6EFE6FA8583D95AFE8BAA669BB85DE889D1A68F4C9D43F2B1038FD20470559F8479E23E14C25E0A331E5C192EF7AFC094F07F59EBCA9D43A184142B45C7008AF780A46F1ECFB67F5820FD953AB7971E7F2AB2B353392A9EDEF61A9DB630621E61E94E54140A738AC156DAB8519D61542E325D6A059E84EFCA960B52FC2B0B552A41291BB6427682D91394B2E7481AF6D5943ACBF883A137950F6B9F5D849F884DEFE75A21DC2DA045CE799616831F8DAF7A3791FFB34E4A1FB65B20E3D6F5A2B0B7C3298D0E33B87CA86F270AAE8C81252705AA2EBE69454FC650D40F7B9321238BBDDD87AFD5BC88CE70DC90B6EFF7BD00E3E5CC7FA23A5A6E47310506FAE3CD5072BDC039B730D6E42DAA1A44CEC60AE9B7BF411AE62B532542E6F9F3DB4C6EDF74AB18C83EF76B65E7C00AD9D362308895A97C4F2812A3F71BBD57F8FCA735CB78996F2E5FF27A0FFAA606ABA08733F784C4023FD1AF090DF9C36C4C49E508ADC1EAF14A245A1F894B736444BE71A127850D3A593C44C75E66590D3C03D61D2CDC656E19B43FFE4FA3FF55C21C5E1A1587358E0CE4925944B20B89220F52D809200A2DD0B3D9667323BF55087CA608F5E03A4E612AFA76E8D08F5A930E5D9C07415930FC901A1BF1D232957A1EACBEC5ABFA3C551F719D241B829BD548814DF48E06F97E879429A4337801CCEDF4CFD99D9DE4AC3002A2EA458ED70029B049650638921F57042F899FDDD3535B9C01CA3591D95A7A25329551CEBDEAE51FE27A79D79FCE1C562B53539FC8511851EB7B22D99DC467E72175E01ED77D8C106008B76903537C6A50BE899A032222B82A6668F38B4DDC5D40921F9EA437FBE5731AA7242CC9D4477DBA97B3F754F07976A2E925EA211BC0C6C8B296B4ECC13C8761D8D271E2D98676B207592084602675982DE02628D71B0902FCCEC976C257DC726CBFB6EC2B403D8036047C5B1C309B575995210F6728F50E36994E460BE352CEF0FBF65D13667DBA6C4B3B73A0CC9FD22696710DA8B757BDACB09E9173CC374421B000CC1F3245D5BE6F876D1D177C014C0C5688B12C48FEAB6A47147624950E264FB0646DD838A176BDC96FD298A6CE0F12E25AE84B2ED1B97CEFD035DB94DD5BC026AAA605209885B2827B0ADA219DE6C04105953E65F9D66866C15E6CC3AECDBC385BE1709233EAE5C195337EAB2FF16D9E50DEF7527AC83DB5F8A3F6EF5988638D0EFE85DF35798D9EAF2094D278D38CF3386D774F1546D6ABCCFC652D0074057AD11BFA1BB172562573C9B519A54A2B09203A7BFCDD957C8A940B5713EE5E789BCAA93BA8ECAF262EC136B64A465E5F322631CE6C227B713FB6DC3968FA1B9F0DC6BDE5F719D79EFBBC2070B9224A19899393B0B389972DDE5B682CCC18E0EE44B636FBA14F6CD0E1A65C587E6C75128019986D68B6F9D7B950C9D6B7A712556F26E23BF718AB43F718EA0768C9075D9CC87CE77FDF3AE61C7C484F6361AE21299C91F570BA9FD7E938AD54B73A9FD495767F892A7C95136A5E4922FBB662B5ED248F0C8C939D1035BEEDEF68F226071F1527055EE73F4E0C88A19D013A12EE6069E59C27E829C6047E21F66AA1F405E581A639AB4947B173A16B038AB477D92323FF8887EEF8C788ED31BB0C834D0E62CEC3E66D3728140548B18E9ABDF4201ADDEE5E150B4ADD1F98E0A377DB7DDBE584E2CDE92D0F0E1132C1F4ABC3394D9C373F5190A367D454ACBB93C07F99B9C358ACE645F4B3839D9FDAD7847DC3CECA71D9F9473EE1D515EDD150FC6EE6892E81F1D835D7F10E2975E7FE265AE63CFD616A242A69EA1E07B2B1213E8AE976842AF9BF85DB11E2371A5C023BC288540A503492C9E157E9C9116DF10D6F1DCB072D196CA31C453886D81CD398405034C02AB1FBEE5450045F9DE43C1C756DB3C59217F38CE4609084CC7D011C89FAAEE6F2A24ADC9E6B9E636712E0385739C3CA3619EB3683C47341B85C4735CF83CEEC0512CD2ADE0E882F69D7298DC5A36638E42B5FDC8FA4C573ABF14116BA171413A4F1FA41B8255590EE5687E46F9CA024DF5731398DB96C9F4DE3F4354DE42D134E4CF7F33733984EAD7DF6C2E55B0AB7B6159142F3080549F7EACBE98156AE14C2848C7FB5574FBBAF9E1FA13793D6F417A8B542B384550B9A48E0255BB916805F9AD41865632D33E4BDD939EE831FE99F6F9803017835452D5E8399B3832E8D3CFCC4036EE8BC2A1000B7AD6F70052A00E56BE546E824BEF66A25605AA0A5BCF311DDB562EC0D1D88A0C1BFE1EDA74F805EA2ABC2DAAB58A6B0E7B69CE15A84F4CB00A697091926F595C47A3E2FCF05D503CEDF01866AD9E6A1FCBCB5115AD21F0DF1A80F2A1511987D946E2CFF912D103590900C10CDE2B06711D2C112B2489724020E69868F88D6F0883A25142395D1183D10454A407BE4104A904C1D8CCCDCEBEF7C7365FE1B7BE300DB275C6482F8D763778623E01D7DC8935FE63D668CA85C1F66FD4E1240750A5B2BA2FA6E8A00AB34EEEDDCFFB65A8479336715DA0933035FD9F280F71D408A3F53B428B05DB9F1172899CD468CDB000A73CF645D3E67F5DC6448937B5C210477BE3C398CA552A7D26857A4E3602847F9639BC0582CCBD087BB09910F05C7C27FEBB460B36929765610C435A6B65247776CF3617BB07818C0E410F57AFF24CB03837F4820AEB2CB86F5B7759DAED483830DC2DBD554510FE4A93FC19B5ED03CE49927661D07C508F96900778C50B175A2242E52556B7856DF48B563AC42E0D7B347BFB007F115F3A907194EA14728FC4D63B7E9F8498B17AEA72C404FAF97BDE3B31733A62D65063B83692982DC0B79322B4690D0EC75F318FCCE8D9EAD2C5DB51A116B90B8EB00A72E96165C67230EDFE5D8A14F587719226FC3C1C6EE419A88003C4FB6CF0B6B005396CA24679D174DCB221ED2AD64D864FCAF90AE003976B6FE3FA0C85F9B4EAF0E99722B220770A0BD8B220C34391F3B70653D3E94B65419DF7C45BCD4443B3599A931239E6DB56E7EC8EB352AFFD4084439A8D058C98E622BF36234145EF15B63692ADB99DFC16E1FD7808137D8DD803241D253E3E8E92855029674B943CA34A245C579752E2C231A8D5BEDF886FCAA212FD9CDC939EE2FFDD3C30D91CBF9EA505BF722129ED3D55DC96B0236627C84DA3DD6F547F104C6FE8C2F8F088640A337F445E8AEFE16E6A393381D00

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-13] (EasyBits Software Corp.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-10]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2

Tcpip\..\Interfaces\{522C3B31-8EAC-461F-81DB-46CFDA8BA7EE}: [DhcpNameServer] 75.114.81.1 75.114.81.2


Internet Explorer:

==================

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1

SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)

Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File


FireFox:

========

FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default

FF DefaultSearchEngine.US: Yahoo Web

FF Homepage: hxxps://www.yahoo.com/

FF Keyword.URL:

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-10] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-10] (RealTimes)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-05] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: hopster.com/CouponPrinterPlugin -> C:\Users\Kristina\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\searchplugins\yahoo-ysp.xml [2015-10-23]

FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found]


Chrome:

=======

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default

CHR DefaultSearchKeyword: Default -> Yahoo

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25]

CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]

CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-25]

CHR Extension: (Google Docs Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (TLRemove) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-08-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]

CHR Extension: (Bitdefender QuickScan) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2016-04-21]

CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Skype Calling) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-11]

CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-07-16] (SUPERAntiSpyware.com)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed]

R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)

S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()

R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-10] (RealNetworks, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)

S3 iscFlash; C:\SWSetup\SP60593\iscflashx64.sys [50752 2011-05-19] (Insyde Software)

R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-09 01:31 - 2016-05-09 01:32 - 00054681 _____ C:\Users\Kristina\Desktop\FRST.txt

2016-05-09 01:31 - 2016-05-09 01:31 - 00000000 ____D C:\FRST

2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT1.txt

2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT.txt

2016-05-09 01:24 - 2016-05-09 01:24 - 00020770 _____ C:\Users\Kristina\Desktop\AdwCleaner[C1].txt

2016-05-09 01:16 - 2016-05-09 01:16 - 03640384 _____ C:\Users\Kristina\Desktop\adwcleaner_5.116.exe

2016-05-08 20:52 - 2016-05-08 20:53 - 02379264 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe

2016-05-08 20:50 - 2016-05-08 20:50 - 01610816 _____ (Malwarebytes) C:\Users\Kristina\Desktop\JRT.exe

2016-05-08 19:30 - 2016-05-08 19:30 - 01685487 _____ C:\Users\Kristina\Downloads\13211868_570182763166326_94315496_n.mp4

2016-05-07 22:38 - 2016-05-07 22:38 - 02765833 _____ C:\Users\Kristina\Downloads\13158200_1210624538962844_2004398255_n.mp4

2016-05-05 20:38 - 2016-05-06 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-05-04 16:25 - 2016-05-04 16:26 - 00012886 _____ C:\Users\Kristina\Documents\cc_20160504_162550.reg

2016-05-04 15:22 - 2016-05-04 15:22 - 00000329 _____ C:\Users\Kristina\Desktop\HP Printer Diagnostic Tools.url

2016-05-04 11:07 - 2016-05-04 11:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\SUPERAntiSpyware.com

2016-05-04 09:36 - 2016-05-04 09:36 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006

2016-05-04 09:35 - 2016-05-04 09:35 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006

2016-05-04 09:29 - 2016-05-04 09:29 - 00000000 ____D C:\Users\newac\.cache

2016-05-04 08:13 - 2016-05-04 08:13 - 00000000 ____D C:\Users\newac\AppData\Roaming\AVG

2016-05-04 08:08 - 2016-05-04 08:08 - 00000000 ____D C:\Users\newac\AppData\Roaming\RealNetworks

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\Real

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Real

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Hopster

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\GWX

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\CrashRpt

2016-04-28 15:08 - 2016-05-05 23:35 - 00000000 ____D C:\Users\Kristina\Desktop\jmwp

2016-04-27 18:16 - 2016-04-27 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2016-04-26 00:45 - 2016-04-26 00:45 - 00501127 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April26.fdf

2016-04-21 19:13 - 2016-04-21 19:13 - 00001678 _____ C:\Users\Kristina\Documents\rprtscan.txt

2016-04-21 16:42 - 2016-04-21 16:42 - 02870984 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_enu.exe

2016-04-21 16:41 - 2016-04-21 16:41 - 00039480 _____ C:\Users\Kristina\Downloads\qsinstaller.exe

2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg

2016-04-21 08:06 - 2016-04-21 08:06 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2016-04-21 08:06 - 2016-04-21 08:06 - 00000831 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\Program Files\CCleaner

2016-04-20 23:12 - 2016-04-20 23:12 - 14311424 _____ C:\Users\Kristina\Downloads\SkypeWebPlugin.msi

2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2016-04-19 10:29 - 2016-04-19 10:29 - 00000377 _____ C:\Users\Kristina\Documents\account gone.txt

2016-04-19 00:07 - 2016-04-19 00:07 - 00000070 _____ C:\Users\Kristina\Documents\doc.txt

2016-04-18 20:43 - 2016-04-20 01:13 - 00000000 ____D C:\Users\Kristina\Desktop\FAMILYBIRTHDAYPARTIES

2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys

2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

2016-04-14 03:47 - 2016-04-14 03:47 - 00432148 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14 (1).fdf

2016-04-14 03:45 - 2016-04-14 03:45 - 00432209 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14.fdf

2016-04-09 02:36 - 2016-04-09 02:36 - 04842371 _____ C:\Users\Kristina\Desktop\12980357_516118891914782_1206466174_n.mp4


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-05-09 01:25 - 2012-04-04 23:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-05-09 01:23 - 2012-12-06 21:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-09 01:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-05-09 01:20 - 2012-01-25 20:10 - 00000000 ____D C:\ProgramData\MFAData

2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Yahoo!

2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\LocalLow\Yahoo!

2016-05-09 01:20 - 2011-08-21 00:40 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2016-05-09 01:19 - 2014-09-19 05:14 - 00000000 ____D C:\AdwCleaner

2016-05-08 23:59 - 2012-04-13 14:49 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job

2016-05-08 23:43 - 2013-06-25 18:42 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job

2016-05-08 23:41 - 2012-12-06 21:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-08 17:43 - 2013-06-25 18:42 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job

2016-05-07 20:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf

2016-05-06 11:46 - 2012-04-25 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-05-04 15:21 - 2016-02-07 11:47 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\HpUpdate

2016-05-04 11:39 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac\AppData\Local\Google

2016-05-04 10:01 - 2015-06-25 10:21 - 00000000 ____D C:\Users\newac\AppData\Local\Avg

2016-05-04 09:39 - 2015-05-28 23:01 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEC11DBF-45C2-445F-A798-400974510C19}

2016-05-04 09:29 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac

2016-05-04 08:07 - 2015-05-28 23:02 - 00066616 _____ C:\Users\newac\AppData\Local\GDIPFONTCACHEV1.DAT

2016-0

Share this post


Link to post
Share on other sites

Thank you for the logs but Farbar Recovery Scan Tool, (FRST), is incomplete.

 

I need the full FRST.txt and Addition.txt.

 

Thanks

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016

Ran by Kristina (administrator) on KRISTINA-HP (09-05-2016 01:31:56)

Running from C:\Users\Kristina\Desktop

Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal



==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe



==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-04-29] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-17] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286272 2015-07-10] (RealNetworks, Inc.)

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-14] (Easybits)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [720112 2016-02-24] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Facebook Update] => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [Google Update] => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [58C472AA051AD623CFE08192244161E972D1F5A3._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [DriveConfiguration] 0xC6142D477C3E07F5FE5919D366618159D63F935B6DEF714373DEDB9DD79648DADC9C354D0F99BD7A7CB96A9021514B34A3C4468040A7B04C05231BAC419B6FB9398F3C951DC14FA93B968431C673BEDAFBEB17CD6B03CFE0C38CC979A13443F1C945B5EC2590FCE60AA3B70FBD43F259361601CF249FAF28306F999C869AD4F69269D6EB074E93AA261DE6B43D7833EE6E8B4AF4B1FA8FB11CC018582C625A97A59B0BB9E14341CEC2840FE91AB8FCCAC129B4BAE61CFEB7A20FEED1D33E5CD4276C942777DF4FF457ADE389EB36B6FFFBF2F8194A6D926E248F59CB372188D3A38D6DE854E5E2624F9027FF8ECCC08E19C44EBF2ECBAA9DFE5F26C10D0013C6DB4287FCC4225C6125967CCDC0675C6C6243C771C20EDD09AD7A5B8E60D71DFE352CE0AB83864D34BF9033B3E764153820A1E4F5779DBE0DBDC49EB6288C6445182A8823E1EC2ABFC265A7D51BCA6BF0DA9C062D37878143A18AF2C0F8594E95FC007FD506C8B6BAF55E03E96C3222F73B1E982B1A48FF869D499F00648F3E159D92FF388081DFD247B4F4CBF70EE7343141ED826588A7E2DE9947CCFFD5F5DBCCC371DCABBCF9246CE86D278868B147A6D553EA64EA6ECF537DCEA243B454CEC2759C92DF1EDE573377124123BFE458045FE096F9AEA66370EE312448566774BEFF91CA83A30F5511A44A2B3E50E9A3126348FFD6CD264F6DB69D91E7C0581D548C0041D67FF728FAC649004997E05B19BAF7D6A949D0F96EB4B7AA5FA707ED173770A949B4FB3E1DBCA15CD888812F48C36DD3639CA80E2B1AEE3ED4AFB5902911B3732C45A04DFDFC3D6CFD23953F32B683C6EDD57447AB196E433A2851A81D875E4830B0F5A28A8F65A35FB5435B78E19A04B6BE7C34E342143C9FD739649DB943770F9F1E835E9D9CDA1F49105C421D18F98D1CBA7149B8B35E3CF40B75D7C6ED09AFBFB6D031ED4CEA9201B11F06ADD869973250B7B2E3D59DDE00D8C60CBD0B2C1912D9A1666C491BDCA2244F2D2A5A815C8DA29A7F18617BC3D5CD91B2B952A9B11F3406CD7577B1B736FC110C18ECBBDA86598B605023F416A21994EDA732610CD8BE1A0E8BB63FB78335CF2046362B30EC05BFB4DEF3E4B1DE4E05F8489101FC97D7D1E12A966BD54889E6A363EEDE8599F21A3A806A6C5923C3D9E5483CFA21F552A2A6327CC1B20FC31989C3E9A7CF65EA35B348CF1B8395EEE8DD82779C1424FA18D58529D20BF7DFCDFFA862C9C476E5B6D204526FF10D46A559F85C1917ADAE0FB2A899FF0F4BC18D927955BB8660945EBF9691AACE7D6833E2946E7F1CCA631A208134096B9657BC41885E4BE7DDCCFF13C12714A1F14FBD87D70D690BF6EF45338954027E67C3D8D12A81CBB490622DBE21DF644E1369ED7C6AFDA15063F937CD31132E0BA04C361D26C0075D8A69C9264828E5083FAC5FCAAA9565AF51D928F90067EAAC390B589426921B89D12EAAF2971B6288DA83D85CF7A06E1C782024928ACDB16DB16DD244BAE7E3D8DAF1A8AC9A95457D6D89627DAC4CD23F6F2BFF960AB68DABD7703A4C36CA0987D1539F782529ED5F3DB30FF5C192740130D440266A6BEEFF71DE3A6D703F3E30FD5DDBB59B3A5A2F83C053E9A495AFCEDBE8DAA97BB99339D5C36434DEFCFFCF06E278230C04B2D516C417F6015B8D28F61EA5033EFF15B7575668F247E2F404300A0D40256978A63C8A22C0E4F012CA795A9D151644D9ADABB195533A4F280524D7FD82FBA7D17415C85C48793B6A28FB8D242AA9AC91C766F95D8ED59ED819792241411A3A458E6AE3C3F1E8ADD2B6055A05B485A7EDC7296AE0808BDDF91A493A60B06588CC95AEECB44685D6E32FA42E0784A372B061C13D25C49023B494EFDD46E239A6366EBCE4646D6D0B8589D9BFBD2A5F386FF49DEB53902867CAB0807D6F4D43A3EF33A09A1AC00F4F3AE93FFFA37D95509F8BAE437B1CCDAF1DC855B570DD2B352559244256FFC8D46AAA56BD38E207DF6FAD979B35A7028C0E558B7600B70379F41C488B603A0C24237ED83BB0A150726F7CB88E601DB729021A5B95AB73255E76D8E1A861FFF41468435E77A1B109DE7268A1180246A575EDC1BFCC3C1251C39499504AAD7D55690693F13CD881413B4823C3BFE02D68C24012EBE7112560BA3BFE1038582084929568D8E02EC66872EF5A658BB6115E8E298ABE46B312F47DCBD3D1CA7A4831AA17F4DDD25554B0C48012F9A1047B213E2F338E793828C6CE7FC4D8251667F7EE81146970BA6A9F5E78D7A6ACB19508BEA05EA4472C7E39E57B5D76DCCA169CBC79572F436264F17F695F103354C69F7CDD3D43B4068E2F97ADEE52A46081CEC67221AD344F5BCF960CBB2769434A27A41D54799CB06FF0258CB895BEFA9060E75F0268F504DFA8EE2D701683101E458A7E872CAFC6D22966D73F4523A402BACECD51B2717BBC52348BBDF78CF090C0AF52444C4BFB12C577F4EF1DEA6B5D976B58868A88608B61958BFA1AE7AAD03EC17E687C3CB6031B4A0DC6C3C679174A00A64ACA75A27DF7DEDAC0AF6D4579D353DF07568559A693C00F93E4CA3A7070FB67E944FD2798A5D00926A511C5B4F57BBA79FAAE959BAC232F65A479B1943D7893967F1DA9807A403F0074245B92474D43F704913FE3DC72A0F641AB01EE4809CD1B527C0113EB6E34A6F253D415FA82B27EF143C19BFF291AACB1A244B257CCB395DEAA8A8E49B3D7B5E5E85B03B4973CD0388837BB2ADDEFA66E3E85014733684CC8D16FD78B9925CDA49D6370D8E425A60B1096B5F83E6D4B252E7CC115A486A0BF0E52653F66FD81CC5A94A495EAABE23BE0D387376DEA4A11B7CAB10B8472CEB8ACA85BBECEE209DB4367162650B21E98A01733CAF1A82F000D5A4967FC64E79B78E8B36CA1D5F1E2F20C107E74C27FC33125C1F5EC42C421950F266F5DE5437A51091682F71F075D9EC191AB35BCA2ADC67D455A41C67EB07BA5754976A7D72EE3497AEFE5AF40F418993D0ED2921C51A96ABE2635E7259C16B891FF39AAE8AC581E5B23C095BB475E57605961DD5DF61372E2DA4C59B7FF2FFB2EC0BA2F573E9BB87203460FAAE54463002DCEDF85F99A2BCCDFF5359FD31231F14BA2DE14A0A40C2CB87F5BE4E24E455F017B5F71ED8FDB9510164852056BECC0E77ADED04AD86F5B34C3F62BD0062304671D90E58B9A998B96C76E37538D66B1FA94978D62ACA3AD726CD407D8186CA8FEC836F93AC76142453A8E6CEF02280B11E3F49B99C2E5E90ACEFA417763E2D03A0E4C9524E63E8F0807B6D17A4391D9D613AD1E84D44BE87B30B76404DA2AF8C17EEFD4EDF7C5CAE5C3855FE8B504221BEA3B3CD0FEA5490780E96635A3B98B459536FA1BDDD625BAE262ED5F3EAF22AAE17DD57705AABDB3B7A6D96E93275732CF1EB5947AE9260806CA37FA0598B21A30B4C2F7AD3F59CF928ACFA5A5CECB95651E67654F998F5C5AE4AA57C495D77D1910774CE34F254244A0141233F301DF5B121E59B6E14F2A5DE498909F03D64B508AAEB96374C440BBE92DEC3F0526592DDB06D4B0BA71BDB4AECF2FF94AFCE366A54152A1A3841ADC7695BBA3F164A602B2CABE1E7A61681108C06FD18E22B10F046A195FC264CD9A4E4EA8807397EAA293E62E7F3D5E9DEE022062BC85125D95D2DF1C28F13F0786BA79DACBEA26590177373E41213A95771B4AD88E3807A3693E770E33F454BD9AA7C7003BCC819A5AE607C6D7AB4D7C5D6287F0DD8F3C5B3BD29CFF460D1365EEC51EEAB1CB5E79571BEA9ADF04EAACB989626E36074BC53C19E8B9953EB957C06BA8663F260FA94EB766C9BB40951F52F259825C80EA5D66D4DB0444014148547A17480781E18B9EE2904C32E0A615F7709A8FC1A57E99C86CDF97A879ED0DAC81DB6C4BAA892BF3953F611A06A97EF4229B1433A68C0C28726AEE4AED8D04CF4DE9BC7913894FB3D438A0DC3F8167E35CDB8E14121DDB31EC38D0C51C24D0B5C11B821865067A48CA341739E652A70A2C98D2DA0D954035DDBF3C4DAF3D2897E88F7EF5F04B0954145C9C8CDA020387921A3AA62EA0DD605472E02CB05680A28F3F79DDAACC7A233F12D6C8679B7C4FA3AE29D3B8D1DCA5BD8D8A3772711439D359957601EDF04130F1744B9387BAA5476471CD211FAA254C4098A4349A95CCA3DC66DC2A62C046C3510B63B4E26566B7FEEA8E570C33A09D061C95ECD3CB902AD1EE1320B0437124875E87F521A795A7E698A2D53F267336E037A1C527C31A4814DA7782AB8182AB9ABCF51D1CEC85501D5B1F089F1672CD5CFBAD9CAD128ADCAA208B93937A83DA6E18598EF2EA0949A46FEB914083384F5A78CA95824569233434CBB1AD9F4550E8E9C211433FC43A7AC3FB8ED6EA16CEA222D97FDFB970EE38FA037238998AF1BB50E3A5A3CB2120CCC2278E4164763BB0FC44541BCFCEF2D143EF549D47F06C953DEEA29E155DAAC425E81D7539784D875F30E2D29E502C37E559B7E1427120CB540A288303BF072D6E7E02CA25EC40BB9905DA80D00331C65E8284A190E1C216EAEB9CDCD4B7DF6390CC0116956F89F9DD45C454E71AB286A622077E1BEF5E7D53E6DA2732F00EDA6F711A40E07E1720F84AB67A8DE223D2DF1B30CCD7C8AFF98C301FF10BBF8CA258FBB0E7B0BA5E5C11922071FC921FBE7A952F44965D819DDFC8B00221F2A8F8DC2615D51F0E8B255632044D64BC906EF27E488D063684F0D7104ECBDF6C161B33E2A6D310835936B6628884795346D815F34D5142E93770886BF2C15503956EBE4D9398F0E1968C5723AA060CD84B1A25CFE226D972FE04E49BE1842DA93E19A7D241D275BAD08C514510662EAA2C761CCA52BA6DBFFD5216B77AEC5703A57F9F6BF43CAAC5B8C1ECC59F959132177CC187AB4BF354516F88CC853F12878CC1086DC0B5BED627D694EF4B5C6D6046C5632C1DD5B8D84FDC10CFAD37DE056B191DDB788B40420BB26B247E51E3FF608EC3D3C6F9F23FE1CA9551E7D66A3918C93624AF3B7FAA3797D5B0510785DC598C604B464EBE87D230C3B3DBA8E1090ACE9E87B2B398E4FBF3C6C93F8E003EB4F3C2624C5E2D60D9644E9E75CCA33721A1DBACAC85DE95D6D6480D20B6BACBF259BD3C70AC9E4C659CA5F47A7BEAB8ACA66B75FD655C596912BE331B7E33EDE1901156DE2FB5257E62193BAFB6A9294FE053F2E0A4DE1283F67CBF245EA26EF2A1179995129D4BC09475EBAEA6EEB2FD071982DCBF33B3100EC9AB39A21FAF570CD3F88C75BE0A238D1B41D2C5EBAD3CBE971FBA01D8845BF0D47229FC8901AF196FDCB86F599858539D4431757441EF955BA453150E5CF9FC135FFA189C64417E00BDEAA369389D67CC431B521F53161DC68646744E86B9FA5DB16B8EE97816CCA9054BD7C921C256E254EEBD294ED5CEE6851F5F29206D5DB814EC11DC4B8D29A2FC8F27DCF9DDAE2F7C1AE7FBFD2E260AA5EB075E07F0BC2E0BCEA52B2A6A2107E1A2A5385F340BFA81DB2C9301BAB0DAEAFE25FA50C04F743D28BF63EED8A7044088ED7565ED7EBD95DBE0E50D9FBC1C459E08A2BA6C56CD37386A6241009F63A00187281A72D2B18271713BF23EFA1154A74FA527C37ADF7FE3DCB54EC687FCE30CE87EB0EDA94C502BD555C8453E380EEE1C57C795BDF62D5526C6E111A9581BD549F316BE403BF630F1565D1A1E4E397B5BB6DF25C3915EC0E96F0D1311D9677FA1EF19CCD2505828AB3A786D30F2BBA3D76767C63B121BC9142062DA67D389E895FA26AE630BB01A4341CAD04BE3F4668F487514348F420B778F2108F0110E28183DDEFE0A5322E3869C4E8D3B9F1BE346972910F625E9D7D243BA26DD7952ED1853603049126F5BFBA20ED7C695CC2EDAD0ADCB839467CF26E21633E427056780EF22F46DA8B05F2CA93C51D472D2F6F23670A39496BBBBA1B0F1D36C581F1488A594E1DDB095BAFB985261AFCA193BD47FCAF86C858B76EF4395BDE3E3F72E22AD439071A7E82A4873D1CD848E530AC428B3A21433E93EC9BAA360AB748D9A5A99D0FDEAF4D8D5D1395B93039A970B5B95DBE03D10483C79A7D9C47345A1CB81F154C595EB0995FF1CF83E8E26FA1D85C6C3FD6BBC2B2CED5160ECCF837EBB286260D8CFBAB50211F25683A534D66DE1CE5B242DD9AD1CB9188DE46B2248641BC48C6203A1794B711BFB31BF775810853B0555950DDBBEA10895D5CA7F9ACB220C6E1DFD4991606D895F9050C635A68DDBD5689AF30C85424291E1A5F3312E806129BCAE89D492EFBF86BDE9A1B7E86C4A642DFAC7B22B87CFD4597DAE3099039583BD117FABB036597D5729023845473639AFFB7E7216D7F81726E45A9ADF3635DAF2C377976E74342A9B7DA67326EA72127F7B2CDA80B21E824F2A459E852A9DCE907A9E365576072E1A60DA953AA4FBA83C9C550EE837E4807916D445A26BA0C3C85EE0FD6EAF615AF19C7BA875059F601FCE302C848594A662458A638EDABE302E259A9B28C260B6DAE976170C92002323DDB48C97B0EA1995A7A2F3A64B18AC6B6AAD53814DD899A153C8F82FE7934678B0908B3807011060AEF6B816BF6D93FCE2BEB1B5C33734A5C403A9F9EE5099E82EB05A38BEC02B03E10880BBD3239B6C00205C419574275A4A9360327C0A101FFA0505CC92A235668BA6A2F49E6F81EB422A9AFD2C46F2331729A83BC1211D03369D5786509DA8E67F678ABCC67CCEAC06CAF63C7F23DFE694EEA26BCE1DBD6B24955E6E337A9660D6678B897F3BE053054147FAC041F2359C494A186BADE439804DB112791675A65CCC7A67E60685581F7A096F327A9B3D7CBFA6D0E36660D96938FC0A002E21C2A0349CEC982E9551242139781C3933063FAF7D68947AFF77E44E6DA91F71C984FCCB2A59E03DBB2E013406FCCB7E731B825C0BFA2AD88213A459751E1974F0859B0533190A7FB60335806AFD42A942C250ACF295C25AA6F61B5FB0D7C5C0B0AA0CE975D944330426B8092CECE34A61A8E3EFC6B92AEE8C64775E7B1B04DBCEFF012C44A34223741335C5611516AB4EAE66A8D4E899AC31D30EE9E3CA453475F7954DAD9A197BA2788561B1466BFE2D195B33C3FB08765E3E4BCA470F6BEF914E9BD6B49DC45778B8852615047804986AB8328865A02BCA5AD592C229866ABB01F28589782B3F6CDB1A6B38C2C4958EB3E8CB4B3F3A381FB92E774FA056A31E7A3504427351D79948894D1963A9D505473C9E672FA158BAF2623BE72AC04B739593DAF6BB514ECFD26C2516DEE135D21C0D396CA1C389643F9D299543A88F05D1D6C27B87AA9F1A47D329AA4BF1916C5BFA04A244DDC852856687484B62EB5AA0036AEFDF8664C26B126BE4A0E4E1000AA9C9E3D52BD73C8530C9A0E79FFAD148E5353FE497C7CF95A159D8DCFEFEFB7B46F0030409D318CECC650B3900A9E7F23144C9728027F1C8536E18994B88046576995B0BC71CB590C3CDF41C7CC6D845C3E8CE909A7C0935E81AD42370CA2744046A780295F650D30AD02F2D50453FF6536798EDA219DF389FC825B483560C8AA2572C03F080B59DC55C555DDD415C68A3831ECDAFE798A68D5B575FC0E4965506D7A6A3DE4C933848D0052DCC5A6456BD95804018BFEBEF7A8709787EE201AFB1F9ECA201D34234CF1B9208452477A1EA2AC7C773DB0D2CDC153A4FB8F297A1C602FEE6C4D74ADF88C70C264CED7F594A71BF7A88093596F6C056A5B6F6958DB2BBA9753C95F24CDB8BD3A426EB2F5CD59E1ACF23FF534B76ED0FC5421FF9CB2BB876B96A1C2D307101C7C4D2C9F3F55D0FAE618880C13714EC8BEFEE9C003954E7F23338008FDEE9122C95D3F08F403238C4B4DC73B25AE2B819BA3C71D515BF746DA44970EA213F8BE5883949E41FFBB0E7B4A7AA3D2632AA9C261592713F45D4751464D881EA399EA3665EA57197380B9D362CF5CA2D9510319E57E01A1987B3BD25CBED3A6EF2B56C734BAACCDDB0D19210C3D21E0178659747D407D274F3F175A5504A5C58419C3B7EC18585D172AF8D68E201EB890E1722BE25F07F2B8EE7441E2B95E506E8E0D454EC4F5799F5E6B844CC1C21260BF7101B2CD205ECE55D7D74B8E52402C5D647FFE47E88D1F013D5FE65F89B952E3C36CAB863ACE04B6A9C4C9A057117992BDB848ED480F36B0295EE055BFED5019BE473768B614F2205BC2A13ED13330C09E77A2A13DBA7C70DB9EC9FD5B63831F9F7AE68CC54557BBA5B1112D898D2AABF130B3A9B1B65177F42B515FBA92CEFF17ECEE9A4C29526B312503791841BB5B963B776FC4D1B23A968A533AFF75E1A012B7FBD3F3B352A92B6A286D7182446019CD9A2B85263474671E84DB4EE5D68304E0562B2B834C9E04E59E42EBD3BEC4913839579B6D17B3BB64215EA6E0B2F80440215A58C44486B64817E3BDC9BE90F5B70BCE23DF3EC65C18233F423735BC805F1B96E1306F778E7F817722AD9B517FD5A8DC597E03C2F2FDA4B521C516995AA3BC0F8A59127CC58315B2F7160A0286DF879FC0B0ABFF600C7F164ECA1CBE28DAD1ADB324CCE4C730A51CB20C617C8771376149ADFB99F3F527086AAF9094DD824A568FE8D2401313A82F59567A467209E18F9DA5B5EF5C15699FEB9746E3432F56809A9EF9B5072FB8897B42E41B7B54BCDA95836CE9CE3AC614406324674194B41EFA6EEC07B2737BD38115DE63011E4FC2F951479D58E95A975E974CCCAF08B4277FF66E442CDA94FA10C12DCDBFABBD26B3399DBA5C949B59C960C2A42D10F42D1E0F1B76A6D7FA9FCBCC293683C3B7EE35C6D759B9F9C389DF3D534F63E2EB3183B4F9551808431AF96EF266BD51E1A4F2B5218C8A3800F9A41A7D7D32D606FFD14B78998CC3948C7374E484A69CADFAC0DBEA2BE04942B43505B1AED315F5A898DFDA57695B54B5BA6812F196D651295FF4F48143D0802779C92B6A76C486277BD4BB4AED22520C2D2AC2FE3C1291A3BAFBA97752FF5F37C0BCE618536BB914F021585A993C2A1359411016D28E50EE3241654CD7B148EC0F9CE03BC9535D21669C1B518A0A3B5602D099D9ED438E96C91C62B262409ADFCCDCF5845554FD4164D60F1149AE94686329917AE20D87C5ACEFDC0B683C108642BF335CF576E0BBC84499221A04DBC3BCA95AC49DB59EFE80021319FABF18B6CEF60CF2D48CA79BD2D95E260E9B9B761A67FAAF9CB8867738812CA8EAE774F23C5F6CA0758B658339408952211ED0F7BF0D8FBF026B5276617293056671C95F5730D754B8DA924F2B51766C8A244443D53405D07F695E61709D8EFCBBF7DE865A5EF63BC85E01B318ADE36E5A628C72931BF9737D3C0251FA3F0EB039099E38700954A84B8A8A4FCFC12009553F7657DBC5C950DF14E4E79277E8AA64193621644CE24B10BEEA7C63B51DB4D7A5DA46FDC1EE9479E30E7EB17E0CCA6EB8E81888255C721B9EE8589D7D260A3C29F8DA372BDE3CEA741358195D712DE756B4A9D412ADFA421F682EBF5B6C7CA8D9387C7236782AC297249DD454F5CE99B278F5F4A25B2E3392A708113C178409055DBFBF7A1B56CE069108A3F6805159E89246FAA5A16ADF195BD81EEEAE02CEB367064D0250A9E4A7CF35DE27608578908F8D37469B0552AD2177DDB82FC2DF3064CEAEFB789856F8477FA8DF219986E60DB62169011B68163A02CEFE4FBC17F885235FFB49505B103805FAD34BB8111EB2F9C9AFF266480DA2CC156D317C731B745E80CA925686B2DF9123F7FDA2A0A29FCA243D43390FC5FB6E0C22E2346C5C5C47738951199FB1576F8781556FACA4F4FF1552540C07F7236886639A91162C4CE8D68826A8080A9E47F791F9F37DB9B86B01D07E9D31829872BBC83ECE80278FD2921AFD17B05BDC29CFDFEC485B4C3F6A862B37777436B7B2548689EB0C30D27771F0C8A7108107ED656ECDB2D496C8BC6BE8CEF93B1E87E390074B067726D1A67F790DAF33289354934AE7F818BED3B1F7B0384E58BEFABEA43A722F0350999F33A1466FEFE582A42BFE9ABB269511E1B28662F3A140C413AB6774987E101C9EB436F02F73B7665A5EA7D4C3B8DA5E7730A0779D8C83CC473C423C1A7E2DE955A801EC15551A199EE69F8F7E4948E308AECE64728AB24C6619E3DCF794A99D5552CD2D0B948E987DA4CE6B815732715E1A9F78C03F062CB00024804D838B1EDF1AA600B5298AB3111098A430FB1ED40E218538013F9983A8AE80E484638D02F511C535AF2F40C3EA6276B7C234B668F191C1F274AE10BF377E598B7262B149FA15ECAD242076E4BEE02BBE4E0335AB4A875069B73D3EE1B8CFB5A6A23EF92C54DFEFB064DF38479128C40EC002E5405F4EED614D8825369B980B3764FC9FB7BEA3B1AF9170220177119AC44BA0DA31E2A05289206FFC845755CF4338F9FB596B8729B0A2CE9F6EEDA0B490D768FFC7ECAE351C84D72994AF627A8DB522DE986ADD5FA67776D8BDED35DF14DE4490CA03D8D973BFED3643040E5E9B6B4BFFCD686E9DB6888046F3E8CA2D29F115B0EF7231C28CC7CC35DF4EFE9AB0607FF930EEB9D1D8584161E80E250B69C27DCD31C69F71F9EEE8943E34D1FAB74801B3A7A94A298C9A5B5CE1E0A9D10A5CD8DD9BF5E833D01886F7B80A397D34C0C3A973AD27383E7B26151F9468589A8796B977D3E8D1F5A817495BBC35E20083B92AA3E5A2F28067D93D1CA369A6164C613BF32E171DE6DB0C3E1B61CE782F24AFAB458621287C895304D5F5E70FB480883D1D5705F3ECE0C35FE082CA4853A802CA00DDBE55A7236CC711C38F82F19DE74B1E9A6B47174EA75BF12B372FEF088E610B6844C0F67AB693E887E8C3F84CD15864FCD340D4A6AF34967DF775D8D83828E3EE63DF8771C357FD759A30804BEF0E84A7378B19C86F68EBB43B3C12A22D45E8F7F5A3608516DA21C52F0C4F161590FC024C00987F1354FFEEF57DACB78228200

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Policies\Explorer: [LegacyDrive] 0x1CD8E0402AF9DA7E2D01CDBE60CE76D90B17F87705EB7E26775A21AAE2710C94646CDE1637284F167AD7178134F70BE296858A33806E17F347464778B53CDE87524E3522E2B9DFA12FB48B04C9095D2C888AF458789E47EE46C36DFCDA0EB7E02A6FE4AD0B3594CF47D5FFF3EFE7E721F371CB2BEF685E4B4874370878F4CA59A642970D7A38A16A2FF32215EAD67D314AD274CB40E59B7621EAE10D32F96F5D932253D01F16F2C9F7821184B99BDF07A6B5365600121EE7B6F8935543068758D4C72BF5A9886BF2BD67B78DA9AD096DC65E24D9920D192855F51079044645A465BD516F7477B6AB0605076EA5ACC65D98DA6A246548DBE0489941E2DF3A62B0278E2B4DA7488CBBEB1789BD34898FE16E2904BE62EB217B2DCB0490F1B001D1CA963AA804EC6FA28B3B172DA209AF9FD8FD52A67B38438AF0C13265A3152DCCAE75C711E9ED2AC768CCB9D64557F4CE9FBF9C7CE25018BB49EA188DA2B5786B511167D998CCC83C1698D8F08DBC1296E8094FAB7C10325F8E92C3A415385A85AAC284BFB93E088F78B2D6E28D8D372AAD81A05E07CFE1591CC5A07CD185069BC207B817DA62094720476D1DD4CE3106BB756A11B7652C549AF8FC8B3C798703CB2A93B7638C37B8DFDA47D2EEBCD7136C69C951B0E4C657EC822E8D380E7923594833FFE67D44FAA95B754B48023043255E873B82B578CBE97C703DCB6F0D4267E028E3ED5013BAE43C1F61C939622BF943B712D05305F1132FC7C5F38B86BE4CF33C1327140380DF2F2BE1719BBBF432AFC05FBDE2E5F53031443598C27C13A9C604FBB2A3BE14D153D0C26307AF6EBF117C89240094CEEF0D63C812B67895C1A8DFE96EE2ABC355F818D2CA20553E593CE5203C2F72881A986D32874AAFA3CAFC6175E44219F0CDBC45D9018ECD8F3B10F45381C67FE860921A5C7928F7253CC3B86FF4168FB50486A48F7096B7CB9FA306BEB65FD171DC2945DC87A695D525737C767521D38D2381BCFB9A1E205A190A5DE309DE388E8EFC197A5C177790CBF691632E745F5B61CCC813A21315FFA206A652DB06E31F236176BE82D3B77141C84D684743F4A341986D10B450585BEE8D1AE61CDCE0BB6BC6E0C46EA1E23EC0AC006BEA5CAA8787F0ECFEA54BF4DC6F03CF8509B673A6BC9D026B53634DF3C5379700141F9CF47490D2F9B03CBDEF7FCA2CABEBE10EC78D58D04ED3356E1BBDC7089B918C37D4D051A1A7689BCB522B462F38806C8FE55988884D65DC6A5486104794851B4A5A04664AF1B52F9F24CA2C35FEAD72DED4F094EDDF85870F000135E61D084489013479FBB43A4734616D43C46584D8BAA69C3CC42680A298D729B292B281369E036C165807098672B8357E56E8526A0D8D4623605CC61F3D99D4E45B2D86C321F9C30AC2C56AE7DAB14D85632AE5F0CC333BD98FAFB6DD64C7EB0AB58BB6A053DC8A146789055BABB8C864DA8885E764F4595D67FA5D4FDBFD77D40C6977554E955F94ECED01ED6150D0DBCBB7F0D8BD9C188FDB938978A4EAA9E539D13C95301C151F913939862564410DF11E004DFDDB668459FBA43062FB91DD42ED4D3BB62524731436B5BB8C1C5328AEBBABC42C88A7E1E28793AD13757E06A0F646E48F71D2890324CBA8C9A9F24DC91A8A007FD40DA34D7B1F9D163EC039085DC548B9E8890E76C9E05CD7044CF9973E7446A37CD122712EAB0C936C44878C7F52C3E2A3B379740B5D170E9526941D3B215FC75BAD3CECF50213264E2469333A65D69B322BB993A7F32A22969630825DCB34C9CCEEB6C880003F346CEE9703B9163719D0070124B5882FC596DC8AF0A345DC9521C7A780BA952E177D185236C1B29A5F85E5BFF5F446D354473781082FB8963D7380C077DA4C96844B78D9AE33CCFA342798DCFCCA03DA82F2A00C140642C641AA12628F9FDE406CE4B40A6722B03DA0461295E57D7093A79F0CF905153EEADECF84FE3455971732B891F56EC955056B8A2C7A62E2AC9F4295DE6CF5729F57E5CE476CBF3289A076519A638B3D96748DDA1FF9DB9247CFB14AB01F6395F13295E3283C86898E3E21141D4725EC29ABA5A97768B7D9F509CAFEA8CA3AD7E5FC22E1C4AB711CD27F411206E06416F75D3FCA4B4FDBE373B939319573E6D9CA88D0E58ADC58006412A87AF3AC47F2930D74EAF53D1B8E827421C350FBF44BF2AC5CE3FA621661BBAEBFFF54CCF4F7E9D5B850343516F73D60071165C19590A9F341042534A3B4D71750EEA678009BA3B5F1168E1B863F9C9F34CA9577CF9EDD8708FFDB70E8C97ADC068B1C7AE1185C4617E6E70CD8B48D279970978F0D575C13515E0FE266D1DB50E53A32D7EE84625C626069B452E80A67B78220B4630833D5372649839703FE95BD1B23D7C6878BD46DFE274490726ADDE35F340CEEB9F88A55221E305C61A60CAA100FB44D9477DAFF520321A820812F23FA4C0445F7708A1C7B0F6D74AD042CA02CC57177FD8E9D9CC8BCA89502457628B0F193AFC205B85AB1A8C1A7D464638726D70FB549AB1945CBC71980A8C791EF11AAD1B66CCB18239C13FC87826C0C45C479B328CD845FFA15B8E352A2901AADCE8FCEC04C32D80DC5662288B588AF478D027A7A730A71AAE30001E2C5F68659897007517668203F3F963F2CD8EE135B8769422C3E085B4028160BDE82AE9396AC7E792480CA7E96E2B4D1B198BA82925C8039913095D0286AF2DF3E9F30D29E183D804F0D857A35251D4840E09EF6E33234CFC870F269C27069E202EC78688F2865FFF0D52D7E2B3419DBF47F92A91E8436DF55932BDB0F9AB4A7C08F027A4D0E4C9F82C44422E04A0BFEF454561CDC1BD08B3749C0842FF930FBB6DE4E750FC2121991332109A879F2F31CCA2FE296C15E5B600DC0A56C66796898C6F27930D57CF5B4A5368DDC9F3020DABED08F95DFFA75CDE0085B359A40BE21D4DE43B8E46E93077482495386A60EAEB69602C9BFAE5E0941A158DDC26E474EF29008D73375A07858322306AD75D4C538BB8D383FC362380A428144EAD85C18F57A430B8125D2EB6FE91D8C4C5AF4CA8CE99539866622C782C4529C131D6645A7F55F125CC36EBC15ADAC4BCD940B372C508CCE583DB3D50EF63872F160004922EB4BE610142F5B922E452A339563A265CCF6091359CA5ED605285ECB87BD8EB2B1E2714F4620FE0F0DF451EF23CFA19A956172D12E170C108EE32B6F7C3BF8C67D643814A6F0C422AE85396347E1F01FAF1B31D0822CA3CCD2B9AD072579E226CEAEF808FFD78B67DA9E6B634E47A0773C41ACACD8FB0F0D52F8115AB626BB01116C2749D682F9D180052E3978CB151F38739A4DB141CA30EA29948CEB2ACD6FD9DE7763624E9543E85B0A5422A87A46CE5D6F6F7A22FD65F6DC8DC0068A2E21596C2C72BF6BE47096B5D66785A8FC3D6DF15AB29DF5D7E6466F4B1C2E5BD9BDA8137FA0C3B9EB88C2D491EFCC3EFA02E53D5F95EC1DF0765707ED8C306D28D4AB4216FF88D8130C94530162725E331C9B1C89A4A462DC83BF239C77852CB7C6F311BDD3B26742EF9B3384717AA34E0912FC1D5162D480A52781C535A2D1D158959BFB5023A6D60F3BA549A5E78E03596A6F6C408FAFDBA6859609AFED0FC53E32ADEA1619ED8F3F99BB7DACEC37E61AE6B8533B8611DF14CA14A3A4C85571C6FB30C558DB0EF89DB0E3B7E0A795FBB45B26F79B565D1248931DAA37EAEEFB3C315C2D745E91917BF02927DF8B4165D5E2D1332BD93C3A7EEB265EADCA86898D46FCABDF7064FF7FFFAB8FDDF3E1FAB1779075EB0C4D10E9E48CCB3AED8CB888CECE84B2EED67BDE6B93DF229A60B044B1E40BC4C337B51CF246F846DF78AE7F66929B4B89D700B9A9746CE8FC1CD6CA3BF0E9289BA19FE6FFD811896CD68DF6BD57EA7C98BD189515A06AFBE9EC6E7A14B862D3A95B9331F77963800B7AED80753BE8184F03CEED7CB83D342E539DC4AB91037050EB5593D6C9AFECD4F306AD85480CCECCB253A77559B4BEBE17F2DE162C9B69FE24342FEE0B5584FEEDBD693CAD4C8AB4FA8D936E89EB9942A122B5EDDDF3F2652D1C696A1F87AA5E5DC25E5676AF2B71E17DD8683ED6B267E05A2E1C894DCF0D748C4A2E99C6E8B32CE82D23C667D9B7AE896868C01F82C8D682A9A490A1A1FB08006D1B63017908A562191DCA0832F612FB378C9CB158A2368FF66174AD593FFFDAA52530E00AD0DE083C7774E123AF463ED38C257EBE0A30961028ABEE35DC619A081EADBEBCE00903263884487B12ACF15A22B0820D1DC66C0C29CB26C292298094BEFE3520637BBFC2F7896F5D69B3BC580E40DBE6DE9F918BE00946DBE3615A856F5FBC9591FBEDB8E660D1100F8E8D4F3F7E835A92675D489535AC730937CFCFE418177B99102896995BA3541AEB0251175AC2259822C8383310FED7D3F63D88B8A06F9BBF0AF502E4D0466205E6D96A95E88945648076A70A6C59459AC188712D09F1AF448B511AA4CDA7036458E9DC44BBF55440D3CAC46549F8CAE45B553365E0F21F9D864E5F235FC9227F9C5BD184978537E01788E5F2D0D6D5DBDF2AC64DD8448B06CF37678E279F1CEBDD58A381D58521356ED717D3580BD9ADAAB541852F3DA4AE0127056D5A9789A5A6142BB4DD8CB1980F98DF564002EA9C77842FA512D3255D5CDC91C662E84EF99A02585A3144B41DA6EDE4483552BCF2E86B20F973280FF75C08E0715FE7CC521017AD98C2B3054EA83042BA3A3541D7DAAD1005B81AF800F32CBB0F00921A7D50109A4D2DD2882AE500953B9D2B929983BA66DCBD3B8F962969F0F3D1730A3F63A213A8E13B48449AA7835659D110CDDCD0BD0D88C630F25A087E12217FF843EB4D485DBDB4BE418734E41B56F458E3CC63DB2ACD1FA595137C16FBA066EB042FFC9BD9444760DB88D7D64912FD5C11E639BDE7BBF60F950275DC92230880D50A80D2EBE2E807482074D2DBC4B4D0E4DB0D240A496A5EA8C52FA269256E0614DC5E3BA995C10970AC114473C1B8E41A79CC2FE16C5B91D4886690B0A82D024568AD7E1E38681064B06431002376F60077C0873C3479D339DAEC824D78C42B047A86C8C3C35F67ABFC2021C02B87504B87A2C0FD7C8A2B98544960ECC20170510DF26E2471702F740D374DFEFCFF725CC350D379EB98FA48EE7AC9B6586ABCDC26776E7A72675FA15209F4AFFDC7BF802F7B01E3CF836D4BCF182FC754DB952D3518B18DB20CD17754411B1C1C08ACF72658AF522371760D09BFC99B09017E4DC2AA49D3B488D6FFF7A315CD2D68D5A1B50795CF21199760EB86351363A678A3ECA6E748682E9D80F1409FAA0FCA636C459502D57FC60F0EF057EB06A2BD8AF4B71CD232F5B7454F82AAE05FEBDB43966B2E11166BF89A0445B6B8E14D00F61812B8F8D3E18717138B8A4B0068484E7D9CE8FE0099A003A1E9E571B3701E12320C3B29DE7214C1EA1225F948288FF9CD495F2B903C13A7930C5AEEA55B1CDC86F9BAD84DB5974E0774D75FA18067D707223D5F8E72E1F38F6E2C97554A4F463A07182C0C47957114B66029241CAFF8C8462EBDECC149096E42EEE1D38DE4C039955DDC8CE5CEAAFD3EFEA4B0825D4AB5D098673AF16A95FFF3B5030913D1769BE0248E629EF34BF0E977CF6B9A346687EF86CEC3B1E57D8C8DE9EA1AA3B0BA79556483B715005D5BD5FDF333BE2ED95324E8215ABA6729F7026DB6AC082C47D25066A3DE0DD3B5E293C399560F04F719760690B3BB3D16DD45C74143A04F1F95887331AB8BB2DFA2E9148392C2C8E634C16390FB561D30ED463E3FB266D3E1EBA3A50CC4466CEBCD763F8505FF4F9A3851D5CD8CCC4908563BD51D329E09A9522CD03E1698A3C1DD94FC101BE0930EE8ACD4B306699CA68DF8C2F2A8E871AA70FD2ADB10C808BF277B48336DFC086B9A384FE584BA4E9B877CE67D29FD691EFE93A5AECA031F28E64F9CCCE5CFE6D07683CC538CA86B92BD8995AC5EE8980ECD1BBDA631B4EE6346C60097AFBEBDB3A4463652E5695A7AF2F8C81E7D2DE2E7208F23334C15B25E818E3741C540EDF94FD0F8EA8361FA032300E143C340027C7D216C57E73776959842089BA3F4B5883F38DD729B15BEAD8E8C9D7B23166821554E9B4117EA606398EFFAD5C42563B50EC9344C6D83C69DA497973EC75FEF67FBF9C3497D3DD9A1E6F22D8CAD41939DED699F2D9B68B5C2F2CCABB5D336871BFBF5E8622D90C8EA570AB16969642E8E676480E4BD9593F9D48F30C0E278743506CB813F945873DAAD8C967514F3D6993CFB77CCA6FB06B569748F8112961084AFF6062E2427DE27F3CDF5081B34611FFF443BB41F8DA2F43CDC032EBD0C9742521F2D55D78D29CA7BDCCD6E2171B7F306A6ABA0A51D9346D853C4763F7883F1E57EC860216F4146BB059A32507495FC39F88BD4A325FBD5E5CEF640CFCEFD630787F35FB6CA752F81FB6EE6BB70E538D91B1A3C2669D270B769EFFEA231433E6B7DA67BBF9A46FA65833F3871496C74BBB87C6D8F37486DA6F063D5865531F31C0512C0A3E3598BAAD89AA119BCA2AFB7C716D8EF485805D399AA7D615296B505BD8D69608ACEEB48C489BB1004455909E57F5748B794B2AA78E06216FF2830027B35C8391CC20F95DB1099B7A5B1F81072FD39210246B2F7FB2ADB3D2DC6AE0D1A275406B601FD9F6BA40FBA602B847CFBF78D5DA45C7C7BCD99E0342F0EF2F356A9304A5FA24742016836EFCADAB147ABBBC33395B760B8E728AC3A6FA33EBA8BBCE911BDBD6568A0A344557B6A2746168B3123CDC2BC2FE2144B2F1711C0CF7D57D0418757B327625C20B389C8780D94A141F5504DD7A9159A5E095401FBF970952C4407CFB5F54D3031E4993F6D37CC66F7D480E7E119EE28C1CD0E4DFC57FF0C452EAABD6091A2B12C784FC5E0CA4C3795D00DB805EAC5C29281872B893CABFBA977737ADFF1EE8E54C41D44DDA99B55AD811FE4EB41B2F78B1360BB153112C3E26005AA2EBA7BF96EB1B14BE45110AF70C5A74DA91DD94D2C4E53F4347B41106C73C297017A998BFA4C2520CC5F9321296952901A22C78C4D954B4378B0EF325A3EE9948119A6B26BDA2C09E5255B8B74807307F465D7E57F95111691B0154B6903CA65B2A1C62D62B55946E316CE5F701CEDADC2B2C499EDADA8B6845C76F504611E1C70BF9563743833DCC25FC83F79DDA6DE2E432B724C9D3D18099CDE9999F500EEA1049B04EEB5FEBC67A462364083C54F71BCF6686758EC69F9205B069D028941DCB65E3103A0BB011CF90D3B1C2A2295475E783B2E50E662A46C57FE466BF4A420B5CD30721BC315B4C8A5F1D7759964CEDDBE234D710F48D14C8AECE06992F892149338509EE4B2DC55F13591B39934ECD6D5D54C309B46F6800250FC5C01A62E9FE14E9F52F4CC3A81AA2502F23FF23AAA31067AB3F751031DF00450439AF6ED4F04478C01864356ABAF897F817F6C1D0FD6993A0B2DFA284D84DB141C9B4CDEAB65C628E3BA11AEFC634C64D5C6DCCE8624AED63CDB3A5E5C8F24CEC56F6E6EA9BAEC129B82F9FDE9B069002B49BEE21CF09F04A9AB854548EAB8248BC57A24F58582750C66ACD0AF9BEEA3AA938E6E887B926DA8A7047877936628268DA427386A120D35A4153952AA2BC3967A2BB23B71CD7057626C7ABBE60B5C1CF497DD70B26B779B8A190A4B7F68D021C299941180EF1F0BFF6DF4DBE9E23D4EE7230496729598A6EFE6FA8583D95AFE8BAA669BB85DE889D1A68F4C9D43F2B1038FD20470559F8479E23E14C25E0A331E5C192EF7AFC094F07F59EBCA9D43A184142B45C7008AF780A46F1ECFB67F5820FD953AB7971E7F2AB2B353392A9EDEF61A9DB630621E61E94E54140A738AC156DAB8519D61542E325D6A059E84EFCA960B52FC2B0B552A41291BB6427682D91394B2E7481AF6D5943ACBF883A137950F6B9F5D849F884DEFE75A21DC2DA045CE799616831F8DAF7A3791FFB34E4A1FB65B20E3D6F5A2B0B7C3298D0E33B87CA86F270AAE8C81252705AA2EBE69454FC650D40F7B9321238BBDDD87AFD5BC88CE70DC90B6EFF7BD00E3E5CC7FA23A5A6E47310506FAE3CD5072BDC039B730D6E42DAA1A44CEC60AE9B7BF411AE62B532542E6F9F3DB4C6EDF74AB18C83EF76B65E7C00AD9D362308895A97C4F2812A3F71BBD57F8FCA735CB78996F2E5FF27A0FFAA606ABA08733F784C4023FD1AF090DF9C36C4C49E508ADC1EAF14A245A1F894B736444BE71A127850D3A593C44C75E66590D3C03D61D2CDC656E19B43FFE4FA3FF55C21C5E1A1587358E0CE4925944B20B89220F52D809200A2DD0B3D9667323BF55087CA608F5E03A4E612AFA76E8D08F5A930E5D9C07415930FC901A1BF1D232957A1EACBEC5ABFA3C551F719D241B829BD548814DF48E06F97E879429A4337801CCEDF4CFD99D9DE4AC3002A2EA458ED70029B049650638921F57042F899FDDD3535B9C01CA3591D95A7A25329551CEBDEAE51FE27A79D79FCE1C562B53539FC8511851EB7B22D99DC467E72175E01ED77D8C106008B76903537C6A50BE899A032222B82A6668F38B4DDC5D40921F9EA437FBE5731AA7242CC9D4477DBA97B3F754F07976A2E925EA211BC0C6C8B296B4ECC13C8761D8D271E2D98676B207592084602675982DE02628D71B0902FCCEC976C257DC726CBFB6EC2B403D8036047C5B1C309B575995210F6728F50E36994E460BE352CEF0FBF65D13667DBA6C4B3B73A0CC9FD22696710DA8B757BDACB09E9173CC374421B000CC1F3245D5BE6F876D1D177C014C0C5688B12C48FEAB6A47147624950E264FB0646DD838A176BDC96FD298A6CE0F12E25AE84B2ED1B97CEFD035DB94DD5BC026AAA605209885B2827B0ADA219DE6C04105953E65F9D66866C15E6CC3AECDBC385BE1709233EAE5C195337EAB2FF16D9E50DEF7527AC83DB5F8A3F6EF5988638D0EFE85DF35798D9EAF2094D278D38CF3386D774F1546D6ABCCFC652D0074057AD11BFA1BB172562573C9B519A54A2B09203A7BFCDD957C8A940B5713EE5E789BCAA93BA8ECAF262EC136B64A465E5F322631CE6C227B713FB6DC3968FA1B9F0DC6BDE5F719D79EFBBC2070B9224A19899393B0B389972DDE5B682CCC18E0EE44B636FBA14F6CD0E1A65C587E6C75128019986D68B6F9D7B950C9D6B7A712556F26E23BF718AB43F718EA0768C9075D9CC87CE77FDF3AE61C7C484F6361AE21299C91F570BA9FD7E938AD54B73A9FD495767F892A7C95136A5E4922FBB662B5ED248F0C8C939D1035BEEDEF68F226071F1527055EE73F4E0C88A19D013A12EE6069E59C27E829C6047E21F66AA1F405E581A639AB4947B173A16B038AB477D92323FF8887EEF8C788ED31BB0C834D0E62CEC3E66D3728140548B18E9ABDF4201ADDEE5E150B4ADD1F98E0A377DB7DDBE584E2CDE92D0F0E1132C1F4ABC3394D9C373F5190A367D454ACBB93C07F99B9C358ACE645F4B3839D9FDAD7847DC3CECA71D9F9473EE1D515EDD150FC6EE6892E81F1D835D7F10E2975E7FE265AE63CFD616A242A69EA1E07B2B1213E8AE976842AF9BF85DB11E2371A5C023BC288540A503492C9E157E9C9116DF10D6F1DCB072D196CA31C453886D81CD398405034C02AB1FBEE5450045F9DE43C1C756DB3C59217F38CE4609084CC7D011C89FAAEE6F2A24ADC9E6B9E636712E0385739C3CA3619EB3683C47341B85C4735CF83CEEC0512CD2ADE0E882F69D7298DC5A36638E42B5FDC8FA4C573ABF14116BA171413A4F1FA41B8255590EE5687E46F9CA024DF5731398DB96C9F4DE3F4354DE42D134E4CF7F33733984EAD7DF6C2E55B0AB7B6159142F3080549F7EACBE98156AE14C2848C7FB5574FBBAF9E1FA13793D6F417A8B542B384550B9A48E0255BB916805F9AD41865632D33E4BDD939EE831FE99F6F9803017835452D5E8399B3832E8D3CFCC4036EE8BC2A1000B7AD6F70052A00E56BE546E824BEF66A25605AA0A5BCF311DDB562EC0D1D88A0C1BFE1EDA74F805EA2ABC2DAAB58A6B0E7B69CE15A84F4CB00A697091926F595C47A3E2FCF05D503CEDF01866AD9E6A1FCBCB5115AD21F0DF1A80F2A1511987D946E2CFF912D103590900C10CDE2B06711D2C112B2489724020E69868F88D6F0883A25142395D1183D10454A407BE4104A904C1D8CCCDCEBEF7C7365FE1B7BE300DB275C6482F8D763778623E01D7DC8935FE63D668CA85C1F66FD4E1240750A5B2BA2FA6E8A00AB34EEEDDCFFB65A8479336715DA0933035FD9F280F71D408A3F53B428B05DB9F1172899CD468CDB000A73CF645D3E67F5DC6448937B5C210477BE3C398CA552A7D26857A4E3602847F9639BC0582CCBD087BB09910F05C7C27FEBB460B36929765610C435A6B65247776CF3617BB07818C0E410F57AFF24CB03837F4820AEB2CB86F5B7759DAED483830DC2DBD554510FE4A93FC19B5ED03CE49927661D07C508F96900778C50B175A2242E52556B7856DF48B563AC42E0D7B347BFB007F115F3A907194EA14728FC4D63B7E9F8498B17AEA72C404FAF97BDE3B31733A62D65063B83692982DC0B79322B4690D0EC75F318FCCE8D9EAD2C5DB51A116B90B8EB00A72E96165C67230EDFE5D8A14F587719226FC3C1C6EE419A88003C4FB6CF0B6B005396CA24679D174DCB221ED2AD64D864FCAF90AE003976B6FE3FA0C85F9B4EAF0E99722B220770A0BD8B220C34391F3B70653D3E94B65419DF7C45BCD4443B3599A931239E6DB56E7EC8EB352AFFD4084439A8D058C98E622BF36234145EF15B63692ADB99DFC16E1FD7808137D8DD803241D253E3E8E92855029674B943CA34A245C579752E2C231A8D5BEDF886FCAA212FD9CDC939EE2FFDD3C30D91CBF9EA505BF722129ED3D55DC96B0236627C84DA3DD6F547F104C6FE8C2F8F088640A337F445E8AEFE16E6A393381D00

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-13] (EasyBits Software Corp.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-10]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2

Tcpip\..\Interfaces\{522C3B31-8EAC-461F-81DB-46CFDA8BA7EE}: [DhcpNameServer] 75.114.81.1 75.114.81.2


Internet Explorer:

==================

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1

SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)

Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File


FireFox:

========

FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default

FF DefaultSearchEngine.US: Yahoo Web

FF Homepage: hxxps://www.yahoo.com/

FF Keyword.URL:

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-07-10] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-07-10] (RealTimes)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @talk.google.com/O1DPlugin -> C:\Users\Kristina\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kristina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-05] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kristina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]

FF Plugin HKU\S-1-5-21-1203233110-3124362348-787559586-1002: hopster.com/CouponPrinterPlugin -> C:\Users\Kristina\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-09-18] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Kristina\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF SearchPlugin: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\searchplugins\yahoo-ysp.xml [2015-10-23]

FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found]


Chrome:

=======

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default

CHR DefaultSearchKeyword: Default -> Yahoo

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10

CHR Profile: C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-25]

CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]

CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Google Search) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Sheets) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-25]

CHR Extension: (Google Docs Offline) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (TLRemove) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2015-08-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]

CHR Extension: (Bitdefender QuickScan) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2016-04-21]

CHR Extension: (Gmail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Skype Calling) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-11]

CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-07-16] (SUPERAntiSpyware.com)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) [File not signed]

R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)

S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()

R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-10] (RealNetworks, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)

S3 iscFlash; C:\SWSetup\SP60593\iscflashx64.sys [50752 2011-05-19] (Insyde Software)

R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-09 01:31 - 2016-05-09 01:32 - 00054681 _____ C:\Users\Kristina\Desktop\FRST.txt

2016-05-09 01:31 - 2016-05-09 01:31 - 00000000 ____D C:\FRST

2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT1.txt

2016-05-09 01:30 - 2016-05-09 01:30 - 00007913 _____ C:\Users\Kristina\Desktop\JRT.txt

2016-05-09 01:24 - 2016-05-09 01:24 - 00020770 _____ C:\Users\Kristina\Desktop\AdwCleaner[C1].txt

2016-05-09 01:16 - 2016-05-09 01:16 - 03640384 _____ C:\Users\Kristina\Desktop\adwcleaner_5.116.exe

2016-05-08 20:52 - 2016-05-08 20:53 - 02379264 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe

2016-05-08 20:50 - 2016-05-08 20:50 - 01610816 _____ (Malwarebytes) C:\Users\Kristina\Desktop\JRT.exe

2016-05-08 19:30 - 2016-05-08 19:30 - 01685487 _____ C:\Users\Kristina\Downloads\13211868_570182763166326_94315496_n.mp4

2016-05-07 22:38 - 2016-05-07 22:38 - 02765833 _____ C:\Users\Kristina\Downloads\13158200_1210624538962844_2004398255_n.mp4

2016-05-05 20:38 - 2016-05-06 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-05-04 16:25 - 2016-05-04 16:26 - 00012886 _____ C:\Users\Kristina\Documents\cc_20160504_162550.reg

2016-05-04 15:22 - 2016-05-04 15:22 - 00000329 _____ C:\Users\Kristina\Desktop\HP Printer Diagnostic Tools.url

2016-05-04 11:07 - 2016-05-04 11:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\SUPERAntiSpyware.com

2016-05-04 09:36 - 2016-05-04 09:36 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006

2016-05-04 09:35 - 2016-05-04 09:35 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006

2016-05-04 09:29 - 2016-05-04 09:29 - 00000000 ____D C:\Users\newac\.cache

2016-05-04 08:13 - 2016-05-04 08:13 - 00000000 ____D C:\Users\newac\AppData\Roaming\AVG

2016-05-04 08:08 - 2016-05-04 08:08 - 00000000 ____D C:\Users\newac\AppData\Roaming\RealNetworks

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Roaming\Real

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Real

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\Hopster

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\GWX

2016-05-04 08:07 - 2016-05-04 08:07 - 00000000 ____D C:\Users\newac\AppData\Local\CrashRpt

2016-04-28 15:08 - 2016-05-05 23:35 - 00000000 ____D C:\Users\Kristina\Desktop\jmwp

2016-04-27 18:16 - 2016-04-27 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2016-04-26 00:45 - 2016-04-26 00:45 - 00501127 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April26.fdf

2016-04-21 19:13 - 2016-04-21 19:13 - 00001678 _____ C:\Users\Kristina\Documents\rprtscan.txt

2016-04-21 16:42 - 2016-04-21 16:42 - 02870984 _____ (ESET) C:\Users\Kristina\Downloads\esetsmartinstaller_enu.exe

2016-04-21 16:41 - 2016-04-21 16:41 - 00039480 _____ C:\Users\Kristina\Downloads\qsinstaller.exe

2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg

2016-04-21 08:06 - 2016-04-21 08:06 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2016-04-21 08:06 - 2016-04-21 08:06 - 00000831 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-04-21 08:06 - 2016-04-21 08:06 - 00000000 ____D C:\Program Files\CCleaner

2016-04-20 23:12 - 2016-04-20 23:12 - 14311424 _____ C:\Users\Kristina\Downloads\SkypeWebPlugin.msi

2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2016-04-19 10:29 - 2016-04-19 10:29 - 00000377 _____ C:\Users\Kristina\Documents\account gone.txt

2016-04-19 00:07 - 2016-04-19 00:07 - 00000070 _____ C:\Users\Kristina\Documents\doc.txt

2016-04-18 20:43 - 2016-04-20 01:13 - 00000000 ____D C:\Users\Kristina\Desktop\FAMILYBIRTHDAYPARTIES

2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys

2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

2016-04-14 03:47 - 2016-04-14 03:47 - 00432148 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14 (1).fdf

2016-04-14 03:45 - 2016-04-14 03:45 - 00432209 _____ C:\Users\Kristina\Downloads\SmartSource_Coupon_April14.fdf

2016-04-09 02:36 - 2016-04-09 02:36 - 04842371 _____ C:\Users\Kristina\Desktop\12980357_516118891914782_1206466174_n.mp4


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-05-09 01:28 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-05-09 01:25 - 2012-04-04 23:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-05-09 01:23 - 2012-12-06 21:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-09 01:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-05-09 01:20 - 2012-01-25 20:10 - 00000000 ____D C:\ProgramData\MFAData

2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\Yahoo!

2016-05-09 01:20 - 2011-08-21 00:41 - 00000000 ____D C:\Users\Kristina\AppData\LocalLow\Yahoo!

2016-05-09 01:20 - 2011-08-21 00:40 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2016-05-09 01:19 - 2014-09-19 05:14 - 00000000 ____D C:\AdwCleaner

2016-05-08 23:59 - 2012-04-13 14:49 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job

2016-05-08 23:43 - 2013-06-25 18:42 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job

2016-05-08 23:41 - 2012-12-06 21:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-08 17:43 - 2013-06-25 18:42 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job

2016-05-07 20:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf

2016-05-06 11:46 - 2012-04-25 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-05-04 15:21 - 2016-02-07 11:47 - 00000000 ____D C:\Users\Kristina\AppData\Roaming\HpUpdate

2016-05-04 11:39 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac\AppData\Local\Google

2016-05-04 10:01 - 2015-06-25 10:21 - 00000000 ____D C:\Users\newac\AppData\Local\Avg

2016-05-04 09:39 - 2015-05-28 23:01 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AEC11DBF-45C2-445F-A798-400974510C19}

2016-05-04 09:29 - 2015-05-28 23:01 - 00000000 ____D C:\Users\newac

2016-05-04 08:07 - 2015-05-28 23:02 - 00066616 _____ C:\Users\newac\AppData\Local\GDIPFONTCACHEV1.DAT

Edited by kristina

Share this post


Link to post
Share on other sites
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-05-2016

Ran by Kristina (2016-05-09 01:32:45)

Running from C:\Users\Kristina\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2011-08-15 01:06:18)

Boot Mode: Normal

==========================================================



==================== Accounts: =============================


Administrator (S-1-5-21-1203233110-3124362348-787559586-500 - Administrator - Disabled)

Guest (S-1-5-21-1203233110-3124362348-787559586-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1203233110-3124362348-787559586-1003 - Limited - Enabled)

Kristina (S-1-5-21-1203233110-3124362348-787559586-1002 - Administrator - Enabled) => C:\Users\Kristina

New User (S-1-5-21-1203233110-3124362348-787559586-1005 - Administrator - Enabled) => C:\Users\New User

newac (S-1-5-21-1203233110-3124362348-787559586-1006 - Limited - Enabled) => C:\Users\newac


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)

Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)

AVG (HKLM\...\AvgZen) (Version: 1.51.2.3593 - AVG Technologies)

AVG (Version: 16.71.7596 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)

AVG Zen (Version: 1.51.58 - AVG Technologies) Hidden

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

ccc-core-static (x32 Version: 2011.0228.1151.21177 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

CouponBridge (HKLM-x32\...\{5C94DF7B-C6C5-4220-889E-4B9559C07965}) (Version: 1.0.4 - CouponFactory, LLC) <==== ATTENTION

CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4606 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden

Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)

Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)

HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP On Screen Display (HKLM-x32\...\{B97A2DD1-46E5-41BB-95D9-3B971B66A498}) (Version: 1.1.1 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)

Pinger (HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\Pinger 1.1.0.6) (Version: 1.1.0.6 - Pinger Inc.)

Pinger (x32 Version: 1.1.0.6 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

QponPrinter 1.0.1 (HKLM-x32\...\Qpon-Printer) (Version: 1.0.1 - Qples Inc)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)

RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden

RealDownloader (x32 Version: 18.1.2.185 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)

RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1008 - SUPERAntiSpyware.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

Unity Web Player (HKU\S-1-5-21-1203233110-3124362348-787559586-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Video Downloader (x32 Version: 1.1.0 - RealNetworks) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

Wondershare Photo Collage Studio 4.2.16.1 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.16.1 - Wondershare Software Co.,Ltd.)

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1203233110-3124362348-787559586-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0C76A7FA-F5AC-47C4-A23B-FCE1059CF98B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

Task: {11330A39-8236-49BF-B247-F62219BCF153} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

Task: {120EB91F-2D67-418A-B661-7169B82A08E6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {12AF6DA6-1F82-4DE6-858A-3ABAC82FBE3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {1D13ED79-793A-4C2C-9D05-C0DA4ADDD1E4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {229E29A9-7082-495C-852C-C2679BB90E0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {23363B2B-73A4-4A6B-BF56-1DC93E8B58BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {24CB810E-BD72-4854-9181-60254DA38C9A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {2D159972-CD98-4258-9484-F94B78598A6B} - System32\Tasks\{48C00D52-EB8C-4560-9A73-D58F4B5370FF} => pcalua.exe -a C:\Users\Kristina\Downloads\bw11.08.13.exe -d C:\Users\Kristina\Downloads

Task: {3CDD512E-3FF0-4C10-B80A-5C6B5F7BA079} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)

Task: {3F18608F-B93E-4619-A19D-4CBCBCC4B547} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)

Task: {4B4D3367-34BE-469F-B8CD-5BF906E62E02} - System32\Tasks\{DBE7D854-96C9-4F7F-A9B4-21CD998C1C79} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {5D5B3A12-CB35-49F6-A4A6-11B7D11199E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {6430E7E2-65A6-49D5-9BF7-1CDE66AA4FC9} - System32\Tasks\HPCeeScheduleForKristina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {6829D26F-870F-4A93-9D02-E0AD893930AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {686CFA1F-3D1E-4746-A068-EA3A49AFEC25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe

Task: {6BF12DE6-70E4-49C0-A047-F6C350CC3D02} - System32\Tasks\{C398C920-9036-43C9-9C16-6632CA93D9B6} => pcalua.exe -a "C:\Users\Kristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TKS3IZ3\jre-6u29-windows-i586-iftw.exe" -d C:\Users\Kristina\Desktop

Task: {71226F51-638A-4249-8E44-F828443D8EF1} - System32\Tasks\{EB1E2209-03AA-4611-A735-2E5D7CAA1E36} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {7404B7F8-66C3-4759-965C-02A54AAE6AA1} - System32\Tasks\{413E9514-DD67-4D90-90EF-176243B59408} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {7BB8EF6C-74B4-4847-8F2A-E2EE9E452F2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {8184EB97-65B8-46A9-92F5-8ECB9BA2B2B9} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

Task: {828EE263-0E81-4F8F-98AA-6D3750DB1454} - System32\Tasks\{933370C5-841D-4A70-A83D-495A880E9757} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {902453A2-83DA-460B-A3E3-E361D7FBC8BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

Task: {9B6667F7-7E0A-408A-92C6-B85434644231} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {9D558AEA-A3A3-4C3E-9FB4-F6A6AC528CC7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()

Task: {A4FEC03C-A928-4801-9F15-25462C678F9B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {B2940945-46AA-4AE6-A6B2-0BBEA47D7F7C} - System32\Tasks\0615pizUpdateInfo => C:\ProgramData\Avg_Update_0615piz\0615piz_AVG-Secure-Search-Update.exe [2015-11-03] ()

Task: {CBCC6FC8-0A20-46E2-AF10-16FED26E4678} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-06-17] (RealNetworks, Inc.)

Task: {CCCC3B1E-62AF-45AD-A02B-866BB05B66E8} - System32\Tasks\{760A731F-D146-483E-9066-46B1389C5AB0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {D4CF2BCF-0DDF-4A1E-875E-71D872606B16} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-10-06] (CyberLink)

Task: {D82EBDEA-9EEC-4580-BE70-3ECE195DC441} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {DB1018A8-03FF-44EF-B84B-9E80CD68054D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1203233110-3124362348-787559586-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)

Task: {E413A1CE-1D25-43F8-AA79-FA2F1AE20EFF} - System32\Tasks\{A8BDAE69-37E5-4188-82C1-CE5B154D86EE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {E6202F66-EEE3-42C6-8705-AB290D6A4BEC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {E703CA6C-F0A0-4435-8E55-9EDD61EE6A1F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-02-24] ()

Task: {E8AD03DF-2C7A-4042-8C8E-3B55AD290FAA} - System32\Tasks\AVG_SYS_TASK_0614a_RUN => C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe

Task: {EB1025C2-CE29-45A6-B506-5D1626A521A2} - System32\Tasks\{AF6C0069-DC37-41CC-84EF-5C44BEC96586} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {EE584F9A-0E7B-48B2-BAA1-248316B8F67D} - System32\Tasks\{3068062A-F6DE-47BC-BDCE-CE942BD70C1F} => pcalua.exe -a "C:\Users\Kristina\Downloads\Boggly10 (1).exe" -d C:\Users\Kristina\Downloads

Task: {F1DA42B5-E7E0-40F5-8FEB-81AAFD36CEFC} - System32\Tasks\{DC735D85-101C-4D11-9734-4CE9A7706063} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {FD18089A-E518-42F6-B348-EAD4B0254CBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\0615pizUpdateInfo.job => C:\ProgramData\Avg_Update_0615piz\0615piz_AVG-Secure-Search-Update.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job => C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002Core.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1203233110-3124362348-787559586-1002UA.job => C:\Users\Kristina\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForKristina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============


2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-06-17 03:25 - 2015-06-17 03:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2011-02-28 15:01 - 2011-02-28 15:01 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll

2011-02-28 15:01 - 2011-02-28 15:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll

2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll

2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll

2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\Temp:59B45175 [318]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)



==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)



==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts



==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 75.114.81.1 - 75.114.81.2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{A2083E66-516F-40D2-B7D0-D4D40872771D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{A82602FC-7315-4BE3-8CD5-0D14EF9C05C3}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{91803447-188C-46E2-A413-1388FC1DE3B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{4016F0C6-FA7B-45F5-9B84-32109805D0BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{64B8F929-A5B1-4ACE-86FC-223AB4679926}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{B58DE479-59DE-451A-9E9A-9BAE220B7913}] => (Allow) LPort=2869

FirewallRules: [{BCA98E97-9F5A-4A07-A637-0A207042BF17}] => (Allow) LPort=1900

FirewallRules: [{9A317BBF-F470-4A3D-9F3D-292BE8E21491}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{C28BFB64-CDFD-4336-9DFB-8D8FE9991D89}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{35788D79-BECA-4593-9FED-814201DEBC36}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe

FirewallRules: [{16CF247F-A741-48F4-8938-1C74E4B3AAC7}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe

FirewallRules: [{CB30D52A-6388-4CD9-B6F1-606BBE75B37E}] => (Allow) LPort=443

FirewallRules: [{A287DD99-F094-4A25-9D9E-3C2099EBF5D2}] => (Allow) LPort=443

FirewallRules: [{9BF79BBB-498D-485B-8DC2-E238C6CDD6C0}] => (Allow) LPort=37674

FirewallRules: [{D7057773-36D6-4BE1-9A1C-D95714C6BD10}] => (Allow) LPort=37674

FirewallRules: [{55C8EC9D-1CE0-43F0-A5C8-AD095A48B366}] => (Allow) LPort=37675

FirewallRules: [{05F77CB4-6583-4286-B823-A23ECB4AB57C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{20EC5D30-9E2A-4032-B64F-C9F63CA6A950}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{8AA913AC-3FF9-41BE-8EF3-5DD205676008}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{EF924F6C-51DE-4391-A2F8-A6C233FE0E2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{453C4FB3-0E1D-4685-B089-5318FED80589}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{2BD79EB5-E7B8-4D1B-84E8-A9A6163D341D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [uDP Query User{FED31433-96AB-4A47-B08A-6E8031629613}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

FirewallRules: [{A47D0429-27F9-483D-946A-CDAEB61C9093}] => (Allow) C:\Users\Kristina\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [{3CBA743E-4081-4308-A1FF-8F18B1681F84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{34D473AC-3C92-4C42-8F9F-0372E37A5114}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{4B48FD14-E0DB-43E6-85B6-C8992B838C14}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{44271426-5E11-4DAB-A8AD-9F1C76DB5D84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{288D6F71-582A-4BB3-A73D-9E28A080F5F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{340EA129-383C-46F8-B8C0-75ACE1A8348D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{149A5A53-1700-414B-85B0-B5913B30781A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{6222E6E4-F787-4B5E-8C16-2DE5A82F9B4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{8285C0A2-C3F7-48A9-8459-844D6E1CA7ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{9321D6B7-0D2E-4C12-942F-7CFD52C39179}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{1284C46E-EF76-4989-9420-33CF50DBA7CF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{E6130C22-771B-41EC-AAE8-51FB80F1233F}] => (Allow) LPort=15600

FirewallRules: [{117C25EB-0819-4C35-81E8-AA4CA04AC8B1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe

FirewallRules: [{03E6506F-D7BE-4834-985B-EE93913953D5}] => (Allow) LPort=5357

FirewallRules: [{9A5D7EA6-7DFF-4E37-86FC-92336998F8B7}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{7298D6CB-CBBB-440E-8A90-3A928399204F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{4B0A62BF-51EA-4EE7-963E-1DEADF9128E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{A1CE183A-A30C-4DD6-A7DE-25EFC0E6E9CE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{8D034D47-CD8A-40CC-8157-AE45906A6AA7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{136A9B50-0681-49F4-AC30-8539E02062B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{48C234D4-92CE-4519-B243-760079A5642F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{1E3077B0-4E04-4E14-9C82-1DB11B88BA5B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{9DD767F3-6A70-46E6-8FA7-64DE14335582}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe


==================== Restore Points =========================


24-04-2016 20:50:15 Windows Backup

27-04-2016 18:14:11 Garmin Express

01-05-2016 19:00:35 Windows Backup

08-05-2016 19:00:19 Windows Backup

09-05-2016 01:26:02 JRT Pre-Junkware Removal


==================== Faulty Device Manager Devices =============



==================== Event log errors: =========================


Application errors:

==================

Error: (05/09/2016 01:23:40 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.


Error: (05/09/2016 01:23:40 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml


Error: (05/09/2016 01:23:32 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461

Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461

Exception code: 0xc0000005

Fault offset: 0x0000000000007be2

Faulting process id: 0x744

Faulting application start time: 0xHPAuto.exe0

Faulting application path: HPAuto.exe1

Faulting module path: HPAuto.exe2

Report Id: HPAuto.exe3


Error: (05/09/2016 01:23:26 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Error: (05/09/2016 01:18:28 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Error: invalid descriptor, filepath = C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml Type: 45::InvalidMetadataFile.


Error: (05/09/2016 01:18:28 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml


Error: (05/09/2016 01:08:27 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.


Error: (05/09/2016 01:08:27 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Error: XML document load failed for file: C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0409-0000-0000000FF1CE}\descriptor.xml HResult: 0x1. OException caught while loading the descriptor xml


Error: (05/09/2016 01:08:26 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461

Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461

Exception code: 0xc0000005

Fault offset: 0x0000000000007be2

Faulting process id: 0xe34

Faulting application start time: 0xHPAuto.exe0

Faulting application path: HPAuto.exe1

Faulting module path: HPAuto.exe2

Report Id: HPAuto.exe3


Error: (05/09/2016 01:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



System errors:

=============

Error: (05/09/2016 01:23:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The HP Auto service terminated unexpectedly. It has done this 1 time(s).


Error: (05/09/2016 01:20:26 AM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056


Error: (05/09/2016 01:19:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).


Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The HP Connection Manager 4 Service service terminated unexpectedly. It has done this 1 time(s).


Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s).


Error: (05/09/2016 01:19:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).


Error: (05/09/2016 01:19:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Error: (05/09/2016 01:19:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).


Error: (05/09/2016 01:19:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).



CodeIntegrity:

===================================

Date: 2014-11-29 12:06:35.146

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Date: 2014-11-29 12:06:34.959

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



==================== Memory info ===========================


Processor: AMD Phenom II P650 Dual-Core Processor

Percentage of memory in use: 56%

Total physical RAM: 3834.9 MB

Available physical RAM: 1668.77 MB

Total Virtual: 7667.99 MB

Available Virtual: 5741.5 MB


==================== Drives ================================


Drive c: (HardDrive) (Fixed) (Total:450.77 GB) (Free:308.81 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32


==================== MBR & Partition Table ==================


========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08F0C05B)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)


==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Thank you for the new logs which are what i needed.

 

I've just got home I'm afraid and as it's nearly midnight here, I won't reply until the morning, (GMT).

 

Nina

Share this post


Link to post
Share on other sites

That’s not too bad and I see no Firefox problem but we’ll clear up what was found.

Uninstall programs

Uninstall these programs:

CouponBridge
CouponPrinterPlugin

  • click Start, Control Panel, Programs and Features
  • click on CouponBridge and then Uninstall
  • repeat this for the other program listed above.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found]
2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg
C:\Users\Kristina\AppData\Local\Temp\libeay32.dll
C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll
CMD: bitsadmin /reset /allusers
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 

Share this post


Link to post
Share on other sites
The only thing I notice is the computer is lagging at times, also I get this most times when the computer is on the home screen after being started up

Click To Run

You cannot open a Click-to-Run application while you are repairing or removing a Click-to-Run application. Complete the existing action, and then try again I've gotten that message for like a year now my system fan is shot and I need to replace that so not sure if I get that message because of that.


Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016

Ran by Kristina (2016-05-11 15:02:20) Run:1

Running from C:\Users\Kristina\Desktop

Loaded Profiles: Kristina (Available Profiles: Kristina & New User & newac)

Boot Mode: Normal

==============================================


fixlist content:

*****************

Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [] => [X]

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {5850D516-A214-46CF-9401-AE7DE20F77B2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File

Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKU\S-1-5-21-1203233110-3124362348-787559586-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File

FF Extension: No Name - C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi [not found]

2016-04-21 08:08 - 2016-04-21 08:09 - 00418302 _____ C:\Users\Kristina\Documents\cc_20160421_080835.reg

C:\Users\Kristina\AppData\Local\Temp\libeay32.dll

C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll

CMD: bitsadmin /reset /allusers

EmptyTemp:

*****************


Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) => Error: No automatic fix found for this entry.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC}" => key removed successfully

HKCR\CLSID\{2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} => key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.

"HKU\S-1-5-21-1203233110-3124362348-787559586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5850D516-A214-46CF-9401-AE7DE20F77B2}" => key removed successfully

HKCR\CLSID\{5850D516-A214-46CF-9401-AE7DE20F77B2} => key not found.

"HKU\S-1-5-21-1203233110-3124362348-787559586-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully

HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.

HKU\S-1-5-21-1203233110-3124362348-787559586-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => key removed successfully

HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => key not found.

"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully

HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.

C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\uhoxnpbr.default\extensions\avg@toolbar.xpi => not found.

C:\Users\Kristina\Documents\cc_20160421_080835.reg => moved successfully

C:\Users\Kristina\AppData\Local\Temp\libeay32.dll => moved successfully

C:\Users\Kristina\AppData\Local\Temp\msvcr120.dll => moved successfully


========= bitsadmin /reset /allusers =========



BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.


BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.


{0EDDC6C1-87E7-41E0-9618-B6BF458E8227} canceled.

{E27B3E5C-72C8-416A-8E7B-57C574C559D8} canceled.

2 out of 2 jobs canceled.


========= End of CMD: =========


EmptyTemp: => 911.3 MB temporary data Removed.



The system needed a reboot.


==== End of Fixlog 15:05:57 ====



Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 5/11/2016

Scan Time: 3:22 PM

Logfile: scantoday.txt

Administrator: Yes


Version: 2.2.1.1043

Malware Database: v2016.05.11.05

Rootkit Database: v2016.05.06.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled


OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Kristina


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 459862

Time Elapsed: 36 min, 7 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 0

(No malicious items detected)


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)



(end)

Share this post


Link to post
Share on other sites

You cannot open a Click-to-Run application while you are repairing or removing a Click-to-Run application. Complete the existing action, and then try again

That message is related to MS Office - not malware.

 

We'll run a final scan to be sure your computer is clean.

 

Run ESET Online Scan

 

Note: This may take a long time so please be patient.

 

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

 

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

 

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    o click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

    o double click on the Eset installer icon on your desktop.

     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:

    o scan archives

    o scan for potentially unsafe applications

    o enable Anti-Stealth technology

    Note: Do not check Remove found threats

     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.

     

  • push the back button.
  • push Finish

When the scan is complete:

 

If no threats were found:

o put a checkmark in "Uninstall application on close"

o close program

o report to me that nothing was found.

 

If threats were found:

o click on "list of threats found"

o click on "export to text file" and save it as ESET results and save to the desktop

o click on back

o put a checkmark in "Uninstall application on close"

o click on finish

o close program

o copy and paste the report here

 

Satchfan

 

 

 

Share this post


Link to post
Share on other sites

That looks good.

Please go to your downloads folder and delete the file in red:

C:\Users\Kristina\Downloads\couponprinter.exe

Are you happy that your computer is OK now? If so, I’ll send instructions to tidy up.

Share this post


Link to post
Share on other sites

Hi Kristina

It has been a few days since I asked if there were any remaining problems. Please let me know if there are any.

If I do not hear from you within 24 hours I'll assume that all is now OK and close this topic.

Satchfan

Share this post


Link to post
Share on other sites
Sign in to follow this  

×