withavision Posted December 18, 2015 ID:1007843 Share Posted December 18, 2015 Hello, I am getting some messages popping up, see attached pictures. The "setting up personalized settings for web platform customizations" pop up comes up first before any of the desktop icons appear.... then the other one pops up. Also, my mouse pointer is pinned up in the upper left corner of my screen, I cannot move it out of the corner, therefore I cannot download or run farbar or any other programs. However, I have a laptop that I can install programs on a usb drive, but again I cannot move the mouse pointer from the upper left corner in order to click on anything to run it... The only way I can move the mouse is if I do CTRL+ALT+DELETE...when I click task manager it shows the programs running, but once again the mouse goes up to the upper left hand corner. One of the programs in the list is "Allpcoptimizer.exe - .NET framework initialization..." can someone please help me?? Thanks a lot Link to post Share on other sites More sharing options...
kevinf80 Posted December 18, 2015 ID:1007844 Share Posted December 18, 2015 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Please download Farbar Recovery Scan Tool from here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. If you are using Windows 8 or 10 consult How to use the Windows 8 or 10 System Recovery Environment Command Prompt Here: http://www.howtogeek.com/126016/three-ways-to-access-the-windows-8-boot-options-menu/ to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options. Plug the flashdrive into the infected PC. Enter System Recovery Options I give two methods, use whichever is convenient for you. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select Your Country as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next. To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select Your Country as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next. On the System Recovery Options menu you may get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.The tool will start to run. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Thank you, Kevin Link to post Share on other sites More sharing options...
withavision Posted December 19, 2015 Author ID:1007958 Share Posted December 19, 2015 Thanks for the reply Kevin....here is my log. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015Ran by SYSTEM on MININT-07QKFA2 (19-12-2015 12:51:43)Running from e:\Platform: Windows 7 Ultimate (X64) Language: English (United States)Internet Explorer Version 11Boot Mode: RecoveryDefault: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2617608 2015-05-25] (FSPro Labs)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-05] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)HKLM-x32\...\Run: [ospd_us_014010180] => C:\Program Files (x86)\ospd_us_014010180\ospd_us_014010180.exe [3974320 2015-12-18] ()HKLM-x32\...\Run: [smartWeb] => C:\Users\P. Miller\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)HKLM-x32\...\RunOnce: [upospd_us_014010180.exe] => C:\Users\P. Miller\AppData\Local\ospd_us_014010180\upospd_us_014010180.exe [3276464 2015-12-18] ()Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [X]HKU\P. Miller\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()HKU\P. Miller\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)HKU\P. Miller\...\Run: [CPN Notifier] => C:\Program Files (x86)\Lock Poker\PokerNotifier.exeHKU\P. Miller\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupHKU\P. Miller\...\Run: [Dropbox Update] => C:\Users\P. Miller\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)HKU\P. Miller\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)HKU\P. Miller\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [6916163 2015-12-03] ()HKU\P. Miller\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)AppInit_DLLs: C:\ProgramData\FlashBeat\UOSFF64.dll => C:\ProgramData\FlashBeat\UOSFF64.dll [1092096 2015-12-17] (FlashBeat)AppInit_DLLs-x32: C:\ProgramData\FlashBeat\UOSFF32.dll => C:\ProgramData\FlashBeat\UOSFF32.dll [853504 2015-12-17] (FlashBeat)Startup: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]ShortcutTarget: Dropbox.lnk -> (No File)Startup: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-04-01]ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()Startup: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-18]ShortcutTarget: SmartWeb.lnk -> (No File)BootExecute: autocheck autochk * lsdelete==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-06] (SUPERAntiSpyware.com)S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.)S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1355968 2011-06-15] (Lavasoft)S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-02-05] ()S4 rizyqibe; C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\jnsg9722.tmp [307712 2015-12-18] ()S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)S4 woforemu; C:\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51\snsl4EED.tmp [337920 2015-12-18] ()S4 zizusyju; C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\hnslB03F.tmp [817152 2015-12-18] ()S2 pevenegi; C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\knsv7AD5.tmpfs [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-23] ()S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-23] (Avast Software s.r.o.)S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-23] (Avast Software s.r.o.)S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-23] ()S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-23] (Avast Software s.r.o.)S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-23] (Avast Software s.r.o.)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-23] (Avast Software s.r.o.)S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-23] ()S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-06-15] (Lavasoft AB)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2015-12-18] (Macrovision Europe Ltd)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-19 12:51 - 2015-12-19 12:51 - 00000000 ____D C:\FRST2015-12-18 13:52 - 2015-12-18 13:52 - 00002615 _____ C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk2015-12-18 13:52 - 2015-12-18 13:52 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-12-18 13:52 - 2015-12-18 13:52 - 00000000 ____D C:\ProgramData\DataFile2015-12-18 13:52 - 2015-12-18 13:52 - 00000000 ____D C:\Program Files (x86)\AllPCOptimizer2015-12-18 13:51 - 2015-12-18 13:51 - 00930465 _____ C:\Windows\unins000.exe2015-12-18 13:51 - 2015-12-18 13:51 - 00001148 _____ C:\Windows\unins000.dat2015-12-18 13:51 - 2015-12-18 13:51 - 00000000 ____D C:\Program Files (x86)\ytd2015-12-18 13:51 - 2015-12-03 13:11 - 06916163 _____ C:\Users\Public\Documents\windows.exe2015-12-18 13:50 - 2015-12-18 13:55 - 00000338 _____ C:\Windows\Tasks\VAKLATOZ1.job2015-12-18 13:50 - 2015-12-18 13:53 - 00000000 ____D C:\Users\P. Miller\AppData\Local\SmartWeb2015-12-18 13:50 - 2015-12-18 13:50 - 00004048 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task2015-12-18 13:50 - 2015-12-18 13:50 - 00002860 _____ C:\Windows\System32\Tasks\VAKLATOZ12015-12-18 13:50 - 2015-12-18 13:50 - 00000000 ____D C:\ProgramData\Service12912015-12-18 13:50 - 2015-12-18 13:50 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e2015-12-18 13:49 - 2015-12-18 14:02 - 00000000 ____D C:\ProgramData\FlashBeat2015-12-18 13:47 - 2015-12-18 13:47 - 05464104 _____ (TeamViewer) C:\Users\P. Miller\Downloads\TeamViewerQS_en.exe2015-12-18 13:47 - 2015-12-18 13:47 - 02431866 _____ (Electronic Arts Inc.) C:\Users\P. Miller\Downloads\moh_spearhead.exe2015-12-18 13:47 - 2015-12-18 13:47 - 01703936 _____ (Electronic Arts Inc.) C:\Users\P. Miller\Downloads\moh_Breakthrough.exe2015-12-18 13:47 - 2015-12-18 13:47 - 00463872 _____ (Malfaction's Software) C:\Users\P. Miller\Downloads\MohaasPlayerScan.exe2015-12-18 13:47 - 2015-12-18 13:47 - 00299008 _____ (Malfaction's Software) C:\Users\P. Miller\Downloads\GSListProxy.exe2015-12-18 13:46 - 2015-12-18 13:46 - 00000000 ____D C:\Users\P. Miller\Desktop\MOHAA FILE2015-12-18 13:40 - 2015-12-18 14:01 - 00000000 ____D C:\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B512015-12-18 13:39 - 2015-12-18 14:01 - 00000000 ____D C:\Users\P. Miller\AppData\Local\ospd_us_0140101802015-12-18 13:39 - 2015-12-18 13:53 - 00000000 ____D C:\Users\P. Miller\AppData\Local\SearchModule2015-12-18 13:39 - 2015-12-18 13:41 - 00000000 ____D C:\Users\P. Miller\AppData\Local\BrowserAir2015-12-18 13:39 - 2015-12-18 13:39 - 00000000 ____D C:\Program Files (x86)\ospd_us_0140101802015-12-18 13:39 - 2015-12-18 13:38 - 00000134 _____ C:\Windows\System32\Drivers\etc\hp.bak2015-12-18 13:38 - 2015-12-18 14:26 - 00000000 ____D C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B512015-12-18 13:38 - 2015-12-18 13:58 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\ASPackage2015-12-18 13:37 - 2015-12-18 13:37 - 03455984 _____ (Google Inc.) C:\Users\P. Miller\Downloads\Removewat+2.2.9+Activator_10924_i102654165_il345.exe2015-12-18 13:31 - 2015-12-18 13:31 - 00001959 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault Breakthrough.lnk2015-12-18 13:22 - 2015-12-18 13:22 - 01148754 _____ (InstallShield ) C:\Users\P. Miller\Downloads\ikernelupdate.exe2015-12-18 13:10 - 2015-12-18 13:10 - 00001894 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk2015-12-18 12:20 - 2015-12-18 12:20 - 00003060 _____ C:\Windows\System32\Tasks\{C151BF29-E5D9-4036-BBBF-FB20E265A652}2015-12-18 12:09 - 2015-12-18 12:09 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk2015-12-18 11:24 - 2015-12-18 12:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-17 13:08 - 2015-12-17 13:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\Windows\Allpcoptimizer.exe2015-12-17 13:08 - 2015-12-17 13:08 - 00155136 _____ C:\Windows\Allpcoptimizer.pdb2015-12-10 00:35 - 2015-12-18 14:03 - 00003612 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)2015-12-09 02:35 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll2015-12-09 02:35 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2015-12-09 02:35 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe2015-12-09 02:35 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll2015-12-09 02:35 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll2015-12-09 02:35 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-12-09 02:35 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-12-09 02:35 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-12-09 02:35 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-12-09 02:35 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-12-09 02:35 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2015-12-09 02:35 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-12-09 02:35 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll2015-12-09 02:35 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll2015-12-09 02:35 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll2015-12-09 02:35 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll2015-12-09 02:35 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2015-12-09 02:35 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-12-09 02:35 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-12-09 02:35 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-12-09 02:35 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-12-09 02:35 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2015-12-09 02:35 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-12-09 02:35 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2015-12-09 02:35 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll2015-12-09 02:35 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll2015-12-09 02:35 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-12-09 02:35 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2015-12-09 02:35 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2015-12-09 02:35 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-12-09 02:35 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-12-09 02:35 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-12-09 02:35 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-12-09 02:35 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-12-09 02:35 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-12-09 02:35 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-12-09 02:35 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-12-09 02:35 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-12-09 02:35 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-12-09 02:35 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-12-09 02:35 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-12-09 02:35 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-12-09 02:35 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-09 02:35 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-12-09 02:35 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-12-09 02:35 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2015-12-09 02:35 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-12-09 02:35 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-12-09 02:35 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-12-09 02:35 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-12-09 02:35 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-12-09 02:35 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-12-09 02:35 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-12-09 02:35 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2015-12-09 02:35 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll2015-12-09 02:35 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2015-12-09 02:35 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2015-12-09 02:35 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2015-12-09 02:35 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec2015-12-09 02:35 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll2015-12-09 02:35 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll2015-12-09 02:35 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2015-12-09 02:35 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2015-12-09 02:35 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2015-12-09 02:35 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2015-12-09 02:35 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2015-12-09 02:35 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll2015-12-09 02:35 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2015-12-09 02:35 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe2015-12-09 02:35 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe2015-12-09 02:35 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll2015-12-09 02:35 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll2015-12-09 02:35 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll2015-12-09 02:35 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll2015-12-09 02:35 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll2015-12-09 02:35 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll2015-12-09 02:35 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2015-12-09 02:35 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2015-12-09 02:35 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2015-12-09 02:35 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll2015-12-09 02:35 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2015-12-09 02:35 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2015-12-09 02:35 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2015-12-09 02:35 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll2015-12-09 02:35 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wshrm.dll2015-12-09 02:35 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll2015-12-09 02:35 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys2015-12-09 02:35 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll2015-12-09 02:35 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2015-12-09 02:34 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll2015-12-09 02:34 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll2015-12-03 07:27 - 2015-12-03 07:27 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software2015-12-03 07:27 - 2015-12-03 07:27 - 00000000 ____D C:\Program Files\Common Files\AV2015-12-01 10:47 - 2015-12-01 10:48 - 00097792 _____ C:\Users\P. Miller\Downloads\SITES LATEST.xls2015-12-01 10:37 - 2015-12-01 10:38 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Notepad++2015-12-01 10:37 - 2015-12-01 10:37 - 00000000 ____D C:\Program Files (x86)\Notepad++2015-12-01 10:36 - 2015-12-01 10:36 - 04119231 _____ C:\Users\P. Miller\Downloads\npp.6.8.7.Installer.exe2015-12-01 10:25 - 2015-12-01 10:40 - 00000000 ____D C:\Users\P. Miller\Desktop\WWALKING DISAVOW 12.1.152015-11-19 09:44 - 2015-11-19 09:44 - 00025472 _____ C:\Users\P. Miller\.recently-used.xbel==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-18 15:10 - 2009-07-13 20:45 - 00014224 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-18 15:10 - 2009-07-13 20:45 - 00014224 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-18 14:54 - 2014-07-05 21:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-18 14:52 - 2012-04-24 13:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-12-18 14:38 - 2015-06-22 10:24 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001UA.job2015-12-18 14:34 - 2014-03-05 15:54 - 00000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001.job2015-12-18 14:02 - 2014-01-26 16:05 - 00000000 ___RD C:\Users\P. Miller\Dropbox2015-12-18 14:02 - 2014-01-26 16:05 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Dropbox2015-12-18 14:01 - 2015-11-04 10:08 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Skype2015-12-18 14:01 - 2012-12-06 17:58 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update2015-12-18 13:56 - 2015-04-27 17:36 - 00000410 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job2015-12-18 13:56 - 2014-07-05 21:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-18 13:55 - 2014-10-18 07:53 - 00000000 ____D C:\avast! sandbox2015-12-18 13:55 - 2012-04-24 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-18 13:55 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-18 13:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows2015-12-18 13:48 - 2015-10-29 06:26 - 00012400 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS2015-12-18 13:46 - 2015-05-31 04:48 - 00000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001.job2015-12-18 13:42 - 2013-02-05 20:30 - 00786678 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2015-12-18 13:42 - 2009-07-13 21:13 - 00786678 _____ C:\Windows\System32\PerfStringBackup.INI2015-12-18 13:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf2015-12-18 13:39 - 2014-07-05 21:52 - 00002333 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-18 13:39 - 2010-03-31 14:42 - 00001324 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-12-18 13:38 - 2015-06-22 10:24 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001Core.job2015-12-18 13:28 - 2010-04-26 14:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2015-12-18 13:23 - 2010-04-26 15:09 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\TS3Client2015-12-18 13:11 - 2014-01-28 16:16 - 00000000 ____D C:\Users\P. Miller\AppData\Local\CrashDumps2015-12-18 13:03 - 2010-04-26 14:50 - 00000000 ____D C:\Program Files (x86)\EA GAMES2015-12-18 12:09 - 2015-11-04 10:08 - 00000000 ____D C:\Users\P. Miller\AppData\Local\Skype2015-12-18 12:09 - 2015-11-04 10:07 - 00000000 ____D C:\ProgramData\Skype2015-12-18 12:09 - 2010-04-01 13:54 - 00000000 ___RD C:\Program Files (x86)\Skype2015-12-18 11:57 - 2010-03-31 14:56 - 00000000 ____D C:\Users\P. Miller\Poker2015-12-15 07:15 - 2015-05-31 04:48 - 00003678 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-10012015-12-15 07:15 - 2014-03-05 15:54 - 00003582 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-10012015-12-12 10:24 - 2011-12-18 13:04 - 00000000 ____D C:\Bovada2015-12-10 13:48 - 2015-08-21 08:06 - 00098304 _____ C:\Users\P. Miller\Desktop\SITES LATEST.xls2015-12-10 01:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2015-12-10 00:31 - 2013-03-13 23:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-10 00:31 - 2013-03-13 23:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-10 00:31 - 2009-07-13 20:45 - 00388216 _____ C:\Windows\System32\FNTCACHE.DAT2015-12-10 00:10 - 2013-08-13 23:01 - 00000000 ____D C:\Windows\System32\MRT2015-12-10 00:02 - 2010-02-09 22:16 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2015-12-09 06:52 - 2012-04-24 13:45 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-09 06:52 - 2012-04-24 13:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-12-09 06:52 - 2011-06-14 10:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-01 20:49 - 2014-07-05 21:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-12-01 20:48 - 2014-07-05 21:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-12-01 10:28 - 2011-03-23 04:50 - 00000013 _____ C:\Windows\SysWOW64\WinSys32.crc2015-11-20 13:51 - 2014-10-11 09:08 - 00000000 ____D C:\Users\P. Miller\Teeth Whitening Site2015-11-19 09:44 - 2010-12-14 15:37 - 00000000 ____D C:\Users\P. Miller\.gimp-2.62015-11-19 09:44 - 2010-03-31 14:36 - 00000000 ____D C:\users\P. MillerSome files in TEMP:====================C:\Users\P. Miller\AppData\Local\Temp\drm_dialogs.dllC:\Users\P. Miller\AppData\Local\Temp\drm_dyndata_7340014.dllC:\Users\P. Miller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ztwce.dllC:\Users\P. Miller\AppData\Local\Temp\Execute2App.exeC:\Users\P. Miller\AppData\Local\Temp\msvcp90.dllC:\Users\P. Miller\AppData\Local\Temp\msvcr90.dllC:\Users\P. Miller\AppData\Local\Temp\ntdll_dump.dllC:\Users\P. Miller\AppData\Local\Temp\Uninstall.exeC:\Users\P. Miller\AppData\Local\Temp\xmlUpdater.exe==================== Known DLLs (Whitelisted) ============================================= Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll[2015-12-09 02:35] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03AC:\Windows\SysWOW64\User32.dll[2015-12-09 02:35] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722C:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\dnsapi.dll => MD5 is legitC:\Windows\SysWOW64\dnsapi.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE Association (Whitelisted) ================================= Restore Points =========================Restore point date: 2015-12-17 21:00Restore point date: 2015-12-18 12:24Restore point date: 2015-12-18 12:35Restore point date: 2015-12-18 12:43Restore point date: 2015-12-18 12:49Restore point date: 2015-12-18 12:58Restore point date: 2015-12-18 12:59Restore point date: 2015-12-18 13:04Restore point date: 2015-12-18 13:24Restore point date: 2015-12-18 13:25Restore point date: 2015-12-18 13:27Restore point date: 2015-12-18 13:28Restore point date: 2015-12-18 13:42==================== Memory info ===========================Percentage of memory in use: 14%Total physical RAM: 4094.49 MBAvailable physical RAM: 3484.88 MBTotal Virtual: 4092.64 MBAvailable Virtual: 3475.55 MB==================== Drives ================================Drive c: () (Fixed) (Total:465.76 GB) (Free:280.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]Drive d: (MOHAAB) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFSDrive e: (PENDRIVE) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 19697EE1)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)Partition: GPT.LastRegBack: 2015-12-09 21:31==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted December 19, 2015 ID:1007961 Share Posted December 19, 2015 Boot to System Recovery Options and run FRST as you did to get the log.Type the following in the edit box after "Search:".User32.dllClick Search button and post the log (Search.txt) it makes to your reply. Link to post Share on other sites More sharing options...
withavision Posted December 19, 2015 Author ID:1007966 Share Posted December 19, 2015 Farbar Recovery Scan Tool (x64) Version:19-12-2015Ran by SYSTEM (2015-12-19 13:39:21)Running from e:\Boot Mode: Recovery================== Search Files: "User32.dll" =============C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll[2009-07-14 21:28][2009-04-10 22:28] 0627712 ____A (Microsoft Corporation) 75510147B94598407666F4802797C75AC:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll[2008-01-20 18:22][2008-01-20 18:22] 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269C:\Windows.old\Windows\System32\user32.dll[2008-01-20 18:22][2008-01-20 18:22] 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll[2015-12-09 02:35][2015-11-10 10:35] 0833024 ____A (Microsoft Corporation) D0A3A0DBF77EE35CE97E55DE92014E05C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll[2015-12-09 02:35][2015-11-10 10:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll[2013-01-03 15:36][2010-11-20 04:08] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll[2009-07-13 15:24][2009-07-13 17:11] 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll[2015-12-09 02:35][2015-11-10 10:59] 1009152 ____A (Microsoft Corporation) E42CB2576D5C8456C60988B1C908F41AC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll[2015-12-09 02:35][2015-11-10 10:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03AC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll[2013-01-03 15:36][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1BC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6C:\Windows\SysWOW64\user32.dll[2015-12-09 02:35][2015-11-10 10:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722C:\Windows\System32\user32.dll[2015-12-09 02:35][2015-11-10 10:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03AX:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6X:\Windows\System32\user32.dll[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6====== End of Search ====== Link to post Share on other sites More sharing options...
kevinf80 Posted December 19, 2015 ID:1007968 Share Posted December 19, 2015 Save the attached file fixlist.txt to your flash drive, same place as FRST.Now please enter System Recovery Options as you did to get the log. Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Reboot and see if your system will start normally, if so continue Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Post logs from FRST fix, Malwarebytes and FRST scan... Thank you, KevinFixlist.txt Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008170 Share Posted December 20, 2015 here are the logs.... Fix result of Farbar Recovery Scan Tool (x64) Version:19-12-2015Ran by SYSTEM (2015-12-20 12:39:01) Run:1Running from e:\Boot Mode: Recovery==============================================fixlist content:*****************StartHKLM-x32\...\Run: [ospd_us_014010180] => C:\Program Files (x86)\ospd_us_014010180\ospd_us_014010180.exe [3974320 2015-12-18] ()C:\Program Files (x86)\ospd_us_014010180\ospd_us_014010180.exeC:\Program Files (x86)\ospd_us_014010180HKLM-x32\...\Run: [smartWeb] => C:\Users\P. Miller\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)C:\Users\P. Miller\AppData\Local\SmartWeb\SmartWebHelper.exeC:\Users\P. Miller\AppData\Local\SmartWebHKLM-x32\...\RunOnce: [upospd_us_014010180.exe] => C:\Users\P. Miller\AppData\Local\ospd_us_014010180\upospd_us_014010180.exe [3276464 2015-12-18] ()C:\Users\P. Miller\AppData\Local\ospd_us_014010180\upospd_us_014010180.exeC:\Users\P. Miller\AppData\Local\ospd_us_014010180HKU\P. Miller\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [6916163 2015-12-03] ()C:\Users\Public\Documents\windows.exeAppInit_DLLs: C:\ProgramData\FlashBeat\UOSFF64.dll => C:\ProgramData\FlashBeat\UOSFF64.dll [1092096 2015-12-17] (FlashBeat)C:\ProgramData\FlashBeat\UOSFF64.dllC:\ProgramData\FlashBeatAppInit_DLLs-x32: C:\ProgramData\FlashBeat\UOSFF32.dll => C:\ProgramData\FlashBeat\UOSFF32.dll [853504 2015-12-17] (FlashBeat)C:\ProgramData\FlashBeat\UOSFF32.dllShortcutTarget: SmartWeb.lnk -> (No File)S4 rizyqibe; C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\jnsg9722.tmp [307712 2015-12-18] ()C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51S4 woforemu; C:\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51\snsl4EED.tmp [337920 2015-12-18] ()C:\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51S4 zizusyju; C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\hnslB03F.tmp [817152 2015-12-18] ()C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51S2 pevenegi; C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\knsv7AD5.tmpfs [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]2015-12-18 13:52 - 2015-12-18 13:52 - 00000000 ____D C:\Program Files (x86)\AllPCOptimizer2015-12-18 13:51 - 2015-12-18 13:51 - 00930465 _____ C:\Windows\unins000.exe2015-12-18 13:51 - 2015-12-18 13:51 - 00001148 _____ C:\Windows\unins000.dat2015-12-18 13:51 - 2015-12-18 13:51 - 00000000 ____D C:\Program Files (x86)\ytd2015-12-18 13:51 - 2015-12-03 13:11 - 06916163 _____ C:\Users\Public\Documents\windows.exe2015-12-18 13:50 - 2015-12-18 13:55 - 00000338 _____ C:\Windows\Tasks\VAKLATOZ1.job2015-12-18 13:50 - 2015-12-18 13:53 - 00000000 ____D C:\Users\P. Miller\AppData\Local\SmartWeb2015-12-18 13:50 - 2015-12-18 13:50 - 00004048 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task2015-12-18 13:50 - 2015-12-18 13:50 - 00002860 _____ C:\Windows\System32\Tasks\VAKLATOZ12015-12-18 13:50 - 2015-12-18 13:50 - 00000000 ____D C:\ProgramData\Service12912015-12-18 13:50 - 2015-12-18 13:50 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e2015-12-18 13:49 - 2015-12-18 14:02 - 00000000 ____D C:\ProgramData\FlashBeatC:\Users\P. Miller\AppData\Local\Temp\drm_dialogs.dllC:\Users\P. Miller\AppData\Local\Temp\drm_dyndata_7340014.dllC:\Users\P. Miller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ztwce.dllC:\Users\P. Miller\AppData\Local\Temp\Execute2App.exeC:\Users\P. Miller\AppData\Local\Temp\msvcp90.dllC:\Users\P. Miller\AppData\Local\Temp\msvcr90.dllC:\Users\P. Miller\AppData\Local\Temp\ntdll_dump.dllC:\Users\P. Miller\AppData\Local\Temp\Uninstall.exeC:\Users\P. Miller\AppData\Local\Temp\xmlUpdater.exeReplace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\User32.dllReplace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\System32\User32.dllend*****************HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_014010180 => value removed successfullyC:\Program Files (x86)\ospd_us_014010180\ospd_us_014010180.exe => moved successfullyC:\Program Files (x86)\ospd_us_014010180 => moved successfullyHKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfullyC:\Users\P. Miller\AppData\Local\SmartWeb\SmartWebHelper.exe => moved successfullyC:\Users\P. Miller\AppData\Local\SmartWeb => moved successfullyHKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upospd_us_014010180.exe => value removed successfullyC:\Users\P. Miller\AppData\Local\ospd_us_014010180\upospd_us_014010180.exe => moved successfullyC:\Users\P. Miller\AppData\Local\ospd_us_014010180 => moved successfullyHKU\P. Miller\Software\Microsoft\Windows\CurrentVersion\Run\\Application => value removed successfullyC:\Users\Public\Documents\windows.exe => moved successfully"C:\ProgramData\FlashBeat\UOSFF64.dll" => Value data removed successfully.C:\ProgramData\FlashBeat\UOSFF64.dll => moved successfullyC:\ProgramData\FlashBeat => moved successfully"C:\ProgramData\FlashBeat\UOSFF32.dll" => Value data removed successfully."C:\ProgramData\FlashBeat\UOSFF32.dll" => not found.ShortcutTarget: SmartWeb.lnk -> (No File) => not found.rizyqibe => service removed successfullyC:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51 => moved successfullywoforemu => service removed successfullyC:\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51 => moved successfullyzizusyju => service removed successfully"C:\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51" => not found.pevenegi => service removed successfullycatchme => service removed successfullyRimUsb => service removed successfullySynth3dVsc => service removed successfullytsusbhub => service removed successfullyVGPU => service removed successfullyC:\Program Files (x86)\AllPCOptimizer => moved successfullyC:\Windows\unins000.exe => moved successfullyC:\Windows\unins000.dat => moved successfullyC:\Program Files (x86)\ytd => moved successfully"C:\Users\Public\Documents\windows.exe" => not found.C:\Windows\Tasks\VAKLATOZ1.job => moved successfully"C:\Users\P. Miller\AppData\Local\SmartWeb" => not found.C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfullyC:\Windows\System32\Tasks\VAKLATOZ1 => moved successfullyC:\ProgramData\Service1291 => moved successfullyC:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully"C:\ProgramData\FlashBeat" => not found.C:\Users\P. Miller\AppData\Local\Temp\drm_dialogs.dll => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\drm_dyndata_7340014.dll => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ztwce.dll => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\Execute2App.exe => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\msvcp90.dll => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\msvcr90.dll => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\ntdll_dump.dll => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\Uninstall.exe => moved successfullyC:\Users\P. Miller\AppData\Local\Temp\xmlUpdater.exe => moved successfullyC:\Windows\SysWOW64\User32.dll => moved successfullyC:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll copied successfully to C:\Windows\SysWOW64\User32.dllC:\Windows\System32\User32.dll => moved successfullyC:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll copied successfully to C:\Windows\System32\User32.dll==== End of Fixlog 12:39:04 ==== Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008171 Share Posted December 20, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12/20/2015Scan Time: 12:53 PMLogfile:Administrator: YesVersion: 2.2.0.1024Malware Database: v2015.12.20.05Rootkit Database: v2015.12.18.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: P. MillerScan Type: Threat ScanResult: CompletedObjects Scanned: 482479Time Elapsed: 1 hr, 39 min, 22 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 32PUP.Optional.TaskRNDM, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [a6af2e79bfcc0a2cb36893cea75bca36],PUP.Optional.TaskRNDM, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\APPDATALOW\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [a6af2e79bfcc0a2cb36893cea75bca36],PUP.Optional.ASPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, Quarantined, [75e094137f0c6bcbb8ba6f1a34cff709],PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\Flashbeat, Quarantined, [74e103a4583323136743758e9c680ef2],PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\CLASSES\INSTALLER\ASSEMBLIES\C:|Program Files (x86)|AllPCOptimizer|Allpcoptimizer.exe, Quarantined, [41144463a0eb1e180267db2f4fb5dd23],PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INSTALLER\ASSEMBLIES\C:|Program Files (x86)|AllPCOptimizer|Allpcoptimizer.exe, Quarantined, [0a4b693e94f737ffed7c3fcb5ba96a96],PUP.Optional.BrowserAir, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\BrowserAir.FVK7KJUNOVQMGXX6HL4E7KFNEA, Quarantined, [de77caddd2b973c33384337f956df10f],PUP.Optional.SmartWeb, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SmartWeb Upgrade Trigger Task, Delete-on-Reboot, [80d58c1b66257eb8fe807249a45f7888],PUP.Optional.BrowserAir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserAir.exe, Quarantined, [98bdbceb800b44f28a30387ad82a06fa],PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\Flashbeat, Quarantined, [2f26a7008cffa78fd5d511f2679d55ab],PUP.Optional.MyFreeze, HKLM\SOFTWARE\WOW6432NODE\Freeze.com, Quarantined, [23328b1c5536ba7c96a59a1306fd3ac6],PUP.Optional.OneSoftPerDay, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [8cc9a403f89393a3222dcce32ad9e11f],PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [93c2f5b2d3b802344c282ba65da60df3],PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INSTALLER\ASSEMBLIES\C:|Program Files (x86)|AllPCOptimizer|Allpcoptimizer.exe, Quarantined, [b5a0e4c3d4b7f343e683868427dd4bb5],PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\BrowserAir.FVK7KJUNOVQMGXX6HL4E7KFNEA, Quarantined, [b4a11a8d424984b26453bcf6887a53ad],PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserAir.exe, Quarantined, [54014a5db4d763d367523e74e022936d],PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserAir.exe, Quarantined, [63f2f8af90fbc2749822a0124fb354ac],PUP.Optional.OneSoftPerDay, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_014010180_is1, Quarantined, [f46124830289f34395b91c935ca77b85],PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [084d8324018a8aac31a75f65bb48fd03],PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, Quarantined, [11444d5a1a714ee80dea58a835cfc23e],PUP.Optional.SmartWeb, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMARTWEB, Quarantined, [b99cddca90fb84b2fb21dff55fa42fd1],PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{20A647C6-0C59-42A7-B3B4-1E95674496BB}, Quarantined, [9db85a4da6e5350194d7000a7b8907f9],PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [d184bbec7912f93dfdc3566cfd067e82],PUP.Optional.DeskBar, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\DeskBar, Quarantined, [63f2099edcaf270fe0719a3553b0d32d],PUP.Optional.Tuto4PC, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\TutoTag, Quarantined, [32231e8912795ed8a7151aa8986b857b],PUP.Optional.SmartWeb, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\APPDATALOW\SOFTWARE\SmartWeb, Quarantined, [dd789e097e0d3006d1f316f324e0926e],PUP.Optional.Searching, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa, Quarantined, [98bd1e893b5042f41ca68e24ef13d42c],PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27658A5A-9549-4C32-8456-471B6DD86A20}, Quarantined, [d67fb8ef99f277bf6cff94ee90736898],PUP.Optional.Tuto4PC, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [dd78396e2e5d83b3209901c1c63d0000],PUP.Optional.Tuto4PC, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\TUTORIALS\updatetutorialshp, Quarantined, [79dc8d1a5734f83ed6e4843ec34030d0],PUP.Optional.Tuto4PC, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\TUTORIALS\updv, Quarantined, [3f16198e355666d0714a2999f90ae11f],PUP.Optional.Goobzo, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],Registry Values: 12PUP.Optional.BrowserAir, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|BrowserAir.FVK7KJUNOVQMGXX6HL4E7KFNEA, Software\Clients\StartMenuInternet\BrowserAir.FVK7KJUNOVQMGXX6HL4E7KFNEA\Capabilities, Quarantined, [a8ad683f3f4c36000ef78a46e41f46ba]PUP.Optional.AnySend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPACKAGE|DisplayName, AnySend, Quarantined, [dd78b5f2602ba69025d7f5159d674fb1]PUP.Optional.SmartWeb, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMARTWEB|URLInfoAbout, http://www.Smart-Web.me, Quarantined, [b99cddca90fb84b2fb21dff55fa42fd1] PUP.Optional.SmartWeb, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMARTWEB|Publisher, SoftBrain Technologies Ltd., Quarantined, [d97c0a9db4d7191da341364be61ddf21]PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{20A647C6-0C59-42A7-B3B4-1E95674496BB}|Publisher, All PC Optimizer, Quarantined, [9db85a4da6e5350194d7000a7b8907f9]PUP.Optional.AllPCOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{20A647C6-0C59-42A7-B3B4-1E95674496BB}|DisplayName, AllPCOptimizer, Quarantined, [6aeba2059dee3ef87388ad5dc83c54ac]PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|BrowserAir.FVK7KJUNOVQMGXX6HL4E7KFNEA, Software\Clients\StartMenuInternet\BrowserAir.FVK7KJUNOVQMGXX6HL4E7KFNEA\Capabilities, Quarantined, [2d28e1c6ec9f40f613f2a92707fc19e7]PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, D3E4FC46-A08E-4582-8D72-5C8CDE246716, Quarantined, [d184bbec7912f93dfdc3566cfd067e82]PUP.Optional.BrowserAir, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{9DB11B5C-F005-47C8-9312-AFE5B6DF1F4E}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\P. Miller\AppData\Local\BrowserAir\Application\BrowserAir.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir|, Quarantined, [f164dec94e3d3303e8956699ae55d927]PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27658A5A-9549-4C32-8456-471B6DD86A20}|OSDFileURL, http://www-searching.com/opensearch.ashx?s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9, Quarantined, [d67fb8ef99f277bf6cff94ee90736898] PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27658A5A-9549-4C32-8456-471B6DD86A20}|FaviconURL, http://www-searching.com/favicon.ico, Quarantined, [a3b29d0aa1ea3501abc083ff33d09b65] PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{27658A5A-9549-4C32-8456-471B6DD86A20}|URL, http://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,Quarantined, [bc9951563259c96d53180f73a75ce719] Registry Data: 1PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www-searching.com/?pid=s&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,&vp=ch&prd=set_ie, Good: (www.google.com), Bad: (http://www-searching.com/?pid=s&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,&vp=ch&prd=set_ie),Replaced,[6de8396ea8e31521f9162a5f8e769769] Folders: 37PUP.Optional.ASPackage, C:\Users\P. Miller\AppData\Roaming\ASPackage, Quarantined, [75e094137f0c6bcbb8ba6f1a34cff709],PUP.Optional.ASPackage, C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, Quarantined, [2035575093f8b97ded86e3a6a55ea15f],PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\Downloads, Quarantined, [ff56e2c548438da9f4fa28aab15243bd],PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile, Quarantined, [ff56e2c548438da9f4fa28aab15243bd],PUP.Optional.ConduitTB.Gen, C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\gm3oq43n.default\conduitCommon, Quarantined, [55001691e9a24ee8907badd107fbc43c],PUP.Optional.ConduitTB.Gen, C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\gm3oq43n.default\conduitCommon\alert, Quarantined, [55001691e9a24ee8907badd107fbc43c],PUP.Optional.ConduitTB.Gen, C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\gm3oq43n.default\conduitCommon\alert\Dialogs, Quarantined, [55001691e9a24ee8907badd107fbc43c],PUP.Optional.ConduitTB.Gen, C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\gm3oq43n.default\conduitCommon\alert\Dialogs\AppNotificationDialog, Quarantined, [55001691e9a24ee8907badd107fbc43c],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\dext, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Installer, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\pls, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\VisualElements, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Local Storage, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extension State, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\Temp, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\GPUCache, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Local Extension Settings, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\pnacl, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.OneSoftPerDay, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, Quarantined, [abaa2780721976c07df56634e2206997],PUP.Optional.PriceGong, C:\Users\P. Miller\AppData\LocalLow\PriceGong, Quarantined, [b69f1f88216a37ffc541b6e635cd6898],PUP.Optional.PriceGong, C:\Users\P. Miller\AppData\LocalLow\PriceGong\Data, Quarantined, [b69f1f88216a37ffc541b6e635cd6898],PUP.Optional.WeCare, C:\ProgramData\WeCareReminder, Quarantined, [02530d9af794280e639b8e177989a55b],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir, Quarantined, [30250f98117a191d400d8b1d1fe39868],PUP.Optional.AllPCOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer, Quarantined, [2f2684236724b0869c5ce5c7f1112ed2],PUP.Optional.AllPCOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer\AllPCOptimizer, Quarantined, [2f2684236724b0869c5ce5c7f1112ed2],PUP.Optional.Goobzo, C:\Users\P. Miller\AppData\Local\SearchModule, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],PUP.Optional.Goobzo, C:\Users\P. Miller\AppData\Local\SearchModule\2.7.6.1776, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],Files: 172PUP.Optional.ConvertAd, C:\Users\P. Miller\AppData\Local\Temp\nsf857A.tmp, Quarantined, [5ef784236526171f8a6f36dfdc267b85],PUP.Optional.CouponMarvel, C:\Users\P. Miller\AppData\Local\Temp\nsp52FC.tmp, Quarantined, [c78eecbb49429f97a6db1f6e3bc60bf5],PUP.Optional.Amonetize, C:\Users\P. Miller\AppData\Local\Temp\GirVEcZz\Removewat+2.2.9+Activator__10924_i1789249340_il1612107.exe, Quarantined, [4312248385061620b7dec6f7ac55ff01],PUP.Optional.Amonetize, C:\Users\P. Miller\Downloads\Removewat+2.2.9+Activator_10924_i102654165_il345.exe, Quarantined, [1342aef92467999dcc4dac1512ef837d],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk, Quarantined, [8ec7f5b2e9a275c1585da40e1ce65aa6],PUP.Optional.ASPackage, C:\Users\P. Miller\AppData\Roaming\ASPackage\Uninstall.exe, Quarantined, [75e094137f0c6bcbb8ba6f1a34cff709],PUP.Optional.ASPackage, C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, Quarantined, [2035575093f8b97ded86e3a6a55ea15f],PUP.Optional.SearchModule, C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\suiuw01d.default-1447179483838\searchplugins\smod.xml, Quarantined, [6aebf8af0586191d3c088335966dc838],PUP.Optional.SmartWeb, C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk, Quarantined, [2b2a2e79fb906ec835460fac6b9802fe],PUP.Optional.FakeIELaunch, C:\Users\P. Miller\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [a8ad60470a815dd92e140ac7b053bc44],PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\Downloads\sysTech.txt, Quarantined, [ff56e2c548438da9f4fa28aab15243bd],PUP.Optional.OnePCOptimizer, C:\ProgramData\DataFile\System.xml, Quarantined, [ff56e2c548438da9f4fa28aab15243bd],PUP.Optional.AllPCOptimizer, C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk, Quarantined, [fa5bbee9e9a2ad8902d28383c044f50b],PUP.Optional.AllPCOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk, Quarantined, [c1948522b7d4b97dba1ceb1b46bede22],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\BrowserAir.exe, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\debug.log, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\VisualElementsManifest.xml, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\libegl.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\44.4.9.9.manifest, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\44.5.0.0.manifest, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\chrome.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\chrome_100_percent.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\chrome_200_percent.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\chrome_child.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\chrome_elf.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\d3dcompiler_46.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\delegate_execute.exe, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\ffmpegsumo.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\icudtl.dat, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\libexif.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\libglesv2.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\metro_driver.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\mksnapshot.ia32.exe.assert.manifest, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\nacl64.exe, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\nacl_irt_x86_32.nexe, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\nacl_irt_x86_64.nexe, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\pdf.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\ppgooglenaclpluginchrome.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\resources.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\secondarytile.png, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\dext\dext.json, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\dext\ShopBrowser.crx, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\dext\t.crx, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Installer\chrome.7z, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Installer\setup.exe, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\hi.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\am.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ar.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\bg.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\bn.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ca.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\cs.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\da.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\de.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\el.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\en-GB.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\en-US.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\es-419.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\es.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\et.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\fa.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\fi.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\fil.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\fr.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\gu.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\he.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\hr.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\hu.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\id.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\it.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ja.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\kn.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ko.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\lt.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\lv.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ml.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\mr.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ms.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\nb.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\nl.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\pl.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\pt-BR.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\pt-PT.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ro.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ru.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\sk.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\sl.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\sr.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\sv.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\sw.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\ta.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\te.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\th.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\tr.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\uk.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\vi.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\zh-CN.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\Locales\zh-TW.pak, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\pls\flash.dll, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\pls\manifest.json, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\VisualElements\logo.png, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\VisualElements\smalllogo.png, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\Application\44.5.0.0\VisualElements\splash-620x300.png, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\chrome_shutdown_ms.txt, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\First Run, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Local State, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Safe Browsing Cookies, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Safe Browsing Cookies-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Archived History, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Archived History-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Cookies, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Cookies-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Current Session, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Favicons, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Favicons-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Google Profile.ico, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\History, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\History Provider Cache, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\History-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Login Data, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Login Data-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Network Action Predictor, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Network Action Predictor-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Preferences, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Protected Preferences, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Shortcuts, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Shortcuts-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Top Sites, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Top Sites-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Visited Links, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Web Data, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Web Data-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extension State\000003.log, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extension State\CURRENT, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extension State\LOCK, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extension State\LOG, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extension State\MANIFEST-000002, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\appConfig.js, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\background.js, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\config.json, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\database1_0_0.json, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\helper.js, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\injection.js, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\logo128.png, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\manifest.json, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd\1.0.1.6_0\utils.js, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\GPUCache\data_0, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\GPUCache\data_1, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\GPUCache\data_2, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\GPUCache\data_3, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Local\BrowserAir\User Data\Default\GPUCache\index, Quarantined, [97be1f88c0cba0964cbfdaa811f1ad53],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\6866.url, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\6881.url, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\6884.url, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\control.txt, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\games.ico, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.Freeze, C:\Program Files (x86)\Free Offers from Freeze.com\musicoasis.ico, Quarantined, [2b2a7c2badde3ff73a9deca45aa81be5],PUP.Optional.OneSoftPerDay, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, Quarantined, [abaa2780721976c07df56634e2206997],PUP.Optional.WeCare, C:\ProgramData\WeCareReminder\aspca.bmp, Quarantined, [02530d9af794280e639b8e177989a55b],PUP.Optional.WeCare, C:\ProgramData\WeCareReminder\savethechildren.bmp, Quarantined, [02530d9af794280e639b8e177989a55b],PUP.Optional.BrowserAir, C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir\BrowserAir.lnk, Quarantined, [30250f98117a191d400d8b1d1fe39868],PUP.Optional.AllPCOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer\AllPCOptimizer\AllPCOptimizer.exe.lnk, Quarantined, [2f2684236724b0869c5ce5c7f1112ed2],PUP.Optional.AllPCOptimizer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer\AllPCOptimizer\Uninstall AllPCOptimizer.lnk, Quarantined, [2f2684236724b0869c5ce5c7f1112ed2],PUP.Optional.Goobzo, C:\Users\P. Miller\AppData\Local\SearchModule\netinstall.exe, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],PUP.Optional.Goobzo, C:\Users\P. Miller\AppData\Local\SearchModule\unins000.dat, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],PUP.Optional.Goobzo, C:\Users\P. Miller\AppData\Local\SearchModule\unins000.exe, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],PUP.Optional.Goobzo, C:\Users\P. Miller\AppData\Local\SearchModule\2.7.6.1776\DeskBar.exe, Quarantined, [a7ae6b3c2f5caf87d7d05954a65c7b85],PUP.Optional.Searching, C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/]}}),Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://www-searching.com/?pid=s&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,&vp=ch&prd=set_ch"]},"sync":{"remaining_rollback_tries":0}}), Replaced,[4411c6e152393402dcc8ad09a85c02fe] PUP.Optional.Searching.ShrtCln, C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\suiuw01d.default-1447179483838\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,"),Replaced,[90c505a21873b97d8c89703f7d876f91] Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008173 Share Posted December 20, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015Ran by P. Miller (administrator) on PMILLER (20-12-2015 16:05:44)Running from C:\Users\P. Miller\DownloadsLoaded Profiles: P. Miller (Available Profiles: P. Miller & Guest)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Windows\SysWOW64\PnkBstrA.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe() C:\Program Files (x86)\RocketDock\RocketDock.exe(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe(Dropbox, Inc.) C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Dropbox.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2617608 2015-05-25] (FSPro Labs)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5512912 2015-03-23] (Avast Software s.r.o.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [X]HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\Lock Poker\PokerNotifier.exeHKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupHKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [Dropbox Update] => C:\Users\P. Miller\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)HKU\S-1-5-21-1197745190-727455461-723387890-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL No File [ ]ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-03-23] (Avast Software s.r.o.)ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)Startup: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-20]ShortcutTarget: Dropbox.lnk -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2015-12-20]ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()BootExecute: autocheck autochk * lsdelete==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75Tcpip\..\Interfaces\{F27E68F0-3633-4082-80A7-CC6040344E1F}: [DhcpNameServer] 198.224.151.135 198.224.150.135Tcpip\..\Interfaces\{FB059B07-3DAC-4C97-ADF4-AA0CFF3ABBB6}: [DhcpNameServer] 75.75.76.76 75.75.75.75Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-1197745190-727455461-723387890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1197745190-727455461-723387890-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120615213738833&tb_oid=15-06-2012&tb_mrud=15-06-2012SearchScopes: HKU\S-1-5-21-1197745190-727455461-723387890-1001 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120615213738833&tb_oid=15-06-2012&tb_mrud=15-06-2012BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-23] (Avast Software s.r.o.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-18] (Sun Microsystems, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-09] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-09] (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabFireFox:========FF ProfilePath: C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\suiuw01d.default-1447179483838FF DefaultSearchEngine.US: Search ModuleFF Homepage: google.comFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-10-18] (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-09] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-04-09] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1197745190-727455461-723387890-1001: @citrixonline.com/appdetectorplugin -> C:\Users\P. Miller\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-05] (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-01-12] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-01-12] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-01-12] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-01-12] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-01-12] (Apple Inc.)FF Extension: AdBeaver - C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\suiuw01d.default-1447179483838\Extensions\adbeaverSG@adbeaver.org.xpi [2015-12-18]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-10]Chrome:=======CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,&vp=ch&prd=set_chCHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,CHR DefaultSearchKeyword: Default -> www-searching.comCHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}CHR Profile: C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]CHR Extension: (Google Drive) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05]CHR Extension: (YouTube) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]CHR Extension: (Google Search) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]CHR Extension: (Avast SafePrice) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-12]CHR Extension: (Google Docs Offline) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]CHR Extension: (Chrome Web Store Payments) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]CHR Extension: (Gmail) - C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-06] (SUPERAntiSpyware.com) [File not signed]R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.)R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1355968 2011-06-15] (Lavasoft)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-02-05] ()R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-23] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-23] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-23] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-23] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-23] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-23] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-23] (Avast Software s.r.o.)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-23] ()S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-06-15] (Lavasoft AB)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2015-12-18] (Macrovision Europe Ltd) [File not signed]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-20 16:05 - 2015-12-20 16:08 - 00021857 _____ C:\Users\P. Miller\Downloads\FRST.txt2015-12-20 16:05 - 2015-12-20 16:05 - 02370560 _____ (Farbar) C:\Users\P. Miller\Downloads\FRST64.exe2015-12-20 16:01 - 2015-12-20 16:01 - 00000394 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job2015-12-20 12:51 - 2015-12-20 16:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-12-20 12:51 - 2015-12-20 15:56 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-12-20 12:51 - 2015-12-20 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-12-20 12:50 - 2015-12-20 12:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-12-20 12:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-12-20 12:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-12-20 12:48 - 2015-12-20 12:49 - 22908888 _____ (Malwarebytes ) C:\Users\P. Miller\Downloads\mbam-setup-org-2.2.0.1024.exe2015-12-19 15:51 - 2015-12-20 16:05 - 00000000 ____D C:\FRST2015-12-18 16:52 - 2015-12-18 16:52 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-12-18 16:51 - 2015-12-18 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)2015-12-18 16:47 - 2015-12-18 16:47 - 05464104 _____ (TeamViewer) C:\Users\P. Miller\Downloads\TeamViewerQS_en.exe2015-12-18 16:47 - 2015-12-18 16:47 - 02431866 _____ (Electronic Arts Inc.) C:\Users\P. Miller\Downloads\moh_spearhead.exe2015-12-18 16:47 - 2015-12-18 16:47 - 01703936 _____ (Electronic Arts Inc.) C:\Users\P. Miller\Downloads\moh_Breakthrough.exe2015-12-18 16:47 - 2015-12-18 16:47 - 00463872 _____ (Malfaction's Software) C:\Users\P. Miller\Downloads\MohaasPlayerScan.exe2015-12-18 16:47 - 2015-12-18 16:47 - 00299008 _____ (Malfaction's Software) C:\Users\P. Miller\Downloads\GSListProxy.exe2015-12-18 16:46 - 2015-12-18 16:46 - 00000000 ____D C:\Users\P. Miller\Desktop\MOHAA FILE2015-12-18 16:39 - 2015-12-18 16:38 - 00000134 _____ C:\Windows\system32\Drivers\etc\hp.bak2015-12-18 16:31 - 2015-12-20 15:56 - 00001959 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault Breakthrough.lnk2015-12-18 16:22 - 2015-12-18 16:22 - 01148754 _____ (InstallShield ) C:\Users\P. Miller\Downloads\ikernelupdate.exe2015-12-18 16:12 - 2015-12-18 16:12 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2015-12-18 16:10 - 2015-12-20 15:56 - 00001894 _____ C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk2015-12-18 15:20 - 2015-12-18 15:20 - 00003060 _____ C:\Windows\System32\Tasks\{C151BF29-E5D9-4036-BBBF-FB20E265A652}2015-12-18 15:09 - 2015-12-20 15:56 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk2015-12-18 15:09 - 2015-12-18 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-12-18 14:24 - 2015-12-18 15:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-17 16:08 - 2015-12-17 16:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\Windows\Allpcoptimizer.exe2015-12-17 16:08 - 2015-12-17 16:08 - 00155136 _____ C:\Windows\Allpcoptimizer.pdb2015-12-10 23:51 - 2015-12-10 23:51 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-12-10 03:35 - 2015-12-20 12:50 - 00003612 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)2015-12-09 05:35 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-12-09 05:35 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-12-09 05:35 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-12-09 05:35 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-12-09 05:35 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-12-09 05:35 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-12-09 05:35 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-12-09 05:35 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-12-09 05:35 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-12-09 05:35 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-12-09 05:35 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-12-09 05:35 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-12-09 05:35 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll2015-12-09 05:35 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll2015-12-09 05:35 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll2015-12-09 05:35 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll2015-12-09 05:35 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-12-09 05:35 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-12-09 05:35 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-12-09 05:35 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-12-09 05:35 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-12-09 05:35 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-12-09 05:35 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-12-09 05:35 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-12-09 05:35 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-12-09 05:35 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-12-09 05:35 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-12-09 05:35 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-12-09 05:35 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-12-09 05:35 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-12-09 05:35 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-12-09 05:35 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-12-09 05:35 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-12-09 05:35 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-12-09 05:35 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-12-09 05:35 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-12-09 05:35 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-12-09 05:35 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-12-09 05:35 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-12-09 05:35 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-12-09 05:35 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-09 05:35 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-12-09 05:35 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-12-09 05:35 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2015-12-09 05:35 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-12-09 05:35 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-12-09 05:35 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-12-09 05:35 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-12-09 05:35 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-12-09 05:35 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-12-09 05:35 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-12-09 05:35 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-12-09 05:35 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-12-09 05:35 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-12-09 05:35 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-12-09 05:35 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-12-09 05:35 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-12-09 05:35 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-12-09 05:35 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-12-09 05:35 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-12-09 05:35 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-12-09 05:35 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-12-09 05:35 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-12-09 05:35 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-12-09 05:35 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-12-09 05:35 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-12-09 05:35 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-12-09 05:35 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-12-09 05:35 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-12-09 05:35 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-12-09 05:35 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-12-09 05:35 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-12-09 05:35 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2015-12-09 05:35 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-12-09 05:35 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-12-09 05:35 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-12-09 05:35 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-12-09 05:35 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-12-09 05:35 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-12-09 05:35 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-12-09 05:35 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-12-09 05:35 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-12-09 05:35 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll2015-12-09 05:35 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll2015-12-09 05:35 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2015-12-09 05:35 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2015-12-09 05:35 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2015-12-09 05:35 - 2010-11-20 08:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\User32.dll2015-12-09 05:35 - 2009-07-13 20:11 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\User32.dll2015-12-09 05:34 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll2015-12-09 05:34 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll2015-12-03 10:27 - 2015-12-03 10:27 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software2015-12-03 10:27 - 2015-12-03 10:27 - 00000000 ____D C:\Program Files\Common Files\AV2015-12-01 13:47 - 2015-12-01 13:48 - 00097792 _____ C:\Users\P. Miller\Downloads\SITES LATEST.xls2015-12-01 13:37 - 2015-12-01 13:38 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Notepad++2015-12-01 13:37 - 2015-12-01 13:37 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2015-12-01 13:37 - 2015-12-01 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2015-12-01 13:37 - 2015-12-01 13:37 - 00000000 ____D C:\Program Files (x86)\Notepad++2015-12-01 13:36 - 2015-12-01 13:36 - 04119231 _____ C:\Users\P. Miller\Downloads\npp.6.8.7.Installer.exe2015-12-01 13:25 - 2015-12-01 13:40 - 00000000 ____D C:\Users\P. Miller\Desktop\WWALKING DISAVOW 12.1.15==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-20 16:00 - 2014-01-26 19:05 - 00000000 ___RD C:\Users\P. Miller\Dropbox2015-12-20 16:00 - 2014-01-26 19:05 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Dropbox2015-12-20 16:00 - 2012-12-06 20:58 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update2015-12-20 15:56 - 2015-09-30 10:27 - 00001937 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-12-20 15:56 - 2015-09-02 09:53 - 00000892 _____ C:\Users\P. Miller\Desktop\CoffeeCup HTML Editor.lnk2015-12-20 15:56 - 2014-07-06 00:52 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-20 15:56 - 2013-07-02 16:49 - 00001042 _____ C:\Users\P. Miller\Desktop\Traffic Travis v4.lnk2015-12-20 15:56 - 2013-03-29 11:22 - 00002328 _____ C:\Users\P. Miller\Desktop\WebSite Auditor.lnk2015-12-20 15:56 - 2013-03-29 11:22 - 00002299 _____ C:\Users\P. Miller\Desktop\LinkAssistant.lnk2015-12-20 15:56 - 2013-03-29 11:22 - 00002274 _____ C:\Users\P. Miller\Desktop\Rank Tracker.lnk2015-12-20 15:56 - 2013-03-29 11:22 - 00002245 _____ C:\Users\P. Miller\Desktop\BuzzBundle.lnk2015-12-20 15:56 - 2013-03-29 11:21 - 00002274 _____ C:\Users\P. Miller\Desktop\SEO SpyGlass.lnk2015-12-20 15:56 - 2013-02-05 22:25 - 00001562 _____ C:\Users\Public\Desktop\AmericasCardroom.lnk2015-12-20 15:56 - 2013-01-28 20:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-12-20 15:56 - 2012-04-02 19:42 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk2015-12-20 15:56 - 2012-01-31 22:41 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk2015-12-20 15:56 - 2012-01-16 19:03 - 00001828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Burner v8.22.lnk2015-12-20 15:56 - 2011-12-18 16:04 - 00000439 _____ C:\Users\Public\Desktop\BovadaPoker.lnk2015-12-20 15:56 - 2011-10-15 13:32 - 00001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk2015-12-20 15:56 - 2011-05-07 09:04 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-12-20 15:56 - 2011-03-27 15:32 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk2015-12-20 15:56 - 2010-12-13 18:20 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif WebPlus X4.lnk2015-12-20 15:56 - 2010-11-30 06:21 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk2015-12-20 15:56 - 2010-06-23 16:32 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-12-20 15:56 - 2010-03-31 17:42 - 00001138 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-12-20 15:56 - 2010-03-31 17:37 - 00001413 _____ C:\Users\P. Miller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-12-20 15:56 - 2010-02-10 01:04 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk2015-12-20 15:56 - 2010-02-10 01:04 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk2015-12-20 15:56 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk2015-12-20 15:56 - 2009-07-13 23:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-12-20 15:56 - 2009-07-13 23:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk2015-12-20 15:56 - 2009-07-13 23:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk2015-12-20 15:56 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk2015-12-20 15:54 - 2015-04-27 20:36 - 00000410 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job2015-12-20 15:54 - 2014-07-06 00:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-20 15:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-20 15:53 - 2009-07-13 23:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-20 15:53 - 2009-07-13 23:45 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-20 15:52 - 2012-04-24 16:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-12-20 15:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows2015-12-20 15:38 - 2015-06-22 13:24 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001UA.job2015-12-20 15:34 - 2014-03-05 18:54 - 00000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001.job2015-12-20 14:54 - 2014-07-06 00:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-20 14:46 - 2015-05-31 07:48 - 00000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001.job2015-12-20 13:46 - 2013-02-05 23:30 - 00786678 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2015-12-20 13:46 - 2009-07-14 00:13 - 00786678 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-20 13:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf2015-12-20 12:51 - 2010-05-07 16:25 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Malwarebytes2015-12-20 12:51 - 2010-05-07 16:25 - 00000000 ____D C:\ProgramData\Malwarebytes2015-12-18 17:01 - 2015-11-04 13:08 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\Skype2015-12-18 16:55 - 2012-04-24 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-18 16:48 - 2015-10-29 09:26 - 00012400 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS2015-12-18 16:38 - 2015-06-22 13:24 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001Core.job2015-12-18 16:28 - 2010-04-26 17:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2015-12-18 16:28 - 2010-04-26 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES2015-12-18 16:23 - 2010-04-26 18:09 - 00000000 ____D C:\Users\P. Miller\AppData\Roaming\TS3Client2015-12-18 16:11 - 2014-01-28 19:16 - 00000000 ____D C:\Users\P. Miller\AppData\Local\CrashDumps2015-12-18 16:03 - 2010-04-26 17:50 - 00000000 ____D C:\Program Files (x86)\EA GAMES2015-12-18 15:09 - 2015-11-04 13:08 - 00000000 ____D C:\Users\P. Miller\AppData\Local\Skype2015-12-18 15:09 - 2015-11-04 13:07 - 00000000 ____D C:\ProgramData\Skype2015-12-18 15:09 - 2010-04-01 16:54 - 00000000 ___RD C:\Program Files (x86)\Skype2015-12-18 14:57 - 2010-03-31 17:56 - 00000000 ____D C:\Users\P. Miller\Poker2015-12-15 10:15 - 2015-05-31 07:48 - 00003678 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-10012015-12-15 10:15 - 2014-03-05 18:54 - 00003582 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-10012015-12-12 13:24 - 2011-12-18 16:04 - 00000000 ____D C:\Bovada2015-12-10 16:48 - 2015-08-21 11:06 - 00098304 _____ C:\Users\P. Miller\Desktop\SITES LATEST.xls2015-12-10 04:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2015-12-10 03:31 - 2013-03-14 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-10 03:31 - 2013-03-14 02:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-10 03:31 - 2009-07-13 23:45 - 00388216 _____ C:\Windows\system32\FNTCACHE.DAT2015-12-10 03:13 - 2013-03-14 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-12-10 03:10 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT2015-12-10 03:02 - 2010-02-10 01:16 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-12-09 09:52 - 2012-04-24 16:45 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-09 09:52 - 2012-04-24 16:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-12-09 09:52 - 2011-06-14 13:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-01 23:49 - 2014-07-06 00:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-12-01 23:48 - 2014-07-06 00:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-12-01 13:28 - 2011-03-23 07:50 - 00000013 _____ C:\Windows\SysWOW64\WinSys32.crc2015-11-20 16:51 - 2014-10-11 12:08 - 00000000 ____D C:\Users\P. Miller\Teeth Whitening Site==================== Files in the root of some directories =======2012-03-06 20:26 - 2012-03-06 20:26 - 0000272 _____ () C:\Users\P. Miller\AppData\Roaming\.backup.dm2010-12-22 16:17 - 2011-06-29 21:52 - 0000600 _____ () C:\Users\P. Miller\AppData\Roaming\winscp.rnd2012-06-21 17:20 - 2012-06-21 17:20 - 0007680 _____ () C:\Users\P. Miller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-02-14 03:29 - 2013-02-14 03:29 - 0000097 _____ () C:\Users\P. Miller\AppData\Local\fusioncache.dat==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-12-20 14:57==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008174 Share Posted December 20, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015Ran by P. Miller (2015-12-20 16:10:04)Running from C:\Users\P. Miller\DownloadsWindows 7 Ultimate Service Pack 1 (X64) (2010-03-31 22:26:57)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1197745190-727455461-723387890-500 - Administrator - Disabled)ASPNET (S-1-5-21-1197745190-727455461-723387890-1004 - Limited - Enabled)Guest (S-1-5-21-1197745190-727455461-723387890-501 - Limited - Disabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-1197745190-727455461-723387890-1002 - Limited - Enabled)P. Miller (S-1-5-21-1197745190-727455461-723387890-1001 - Administrator - Enabled) => C:\Users\P. Miller==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)AAA Logo 3.10 Free Trial (HKLM-x32\...\AAA Logo Free Trial_is1) (Version: - SWGSoft.com)Ad-Aware (HKLM-x32\...\{685DEA21-3622-455A-A41B-89557A168DFD}) (Version: 9.0.6 - Lavasoft Limited)Ad-Aware (HKLM-x32\...\Ad-Aware) (Version: - Lavasoft)Ad-Aware (x32 Version: 8.2.0 - Lavasoft) HiddenAd-Aware Email Scanner for Outlook (HKLM-x32\...\{338F08AB-C262-42C7-B000-34DE1A475273}) (Version: 1.0.0 - Lavasoft)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)AIM 7 (HKLM-x32\...\AIM_7) (Version: - )AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )Apache Tomcat 6.0.26 (HKLM\...\nbi-tomcat-6.0.26.0.0) (Version: - )Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)CoffeeCup HTML Editor (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\CoffeeCup HTML Editor) (Version: - )Copy Network Card (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Copy Network Card) <==== ATTENTIONCrysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDesktop Player (HKLM-x32\...\{1D45405D-B1CF-4AEC-AC09-2D8175CB98DE}) (Version: 1.00.0000 - LongTailVideo)DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Dropbox (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTIONFree File Viewer 2011 (HKLM-x32\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTIONFull Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.29.3.WIN.FullTilt.COM - )GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)GlassFish Server Open Source Edition 3.0.1 (HKLM\...\nbi-glassfish-mod-3.0.1.22.0) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenGoToMeeting 7.7.1.4099 (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\GoToMeeting) (Version: 7.7.1.4099 - CitrixOnline)GTK+ Runtime 2.14.7 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version: - )HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)iBackupBot for iTunes 3.0.10 (HKLM-x32\...\iBackupBot for iTunes) (Version: 3.0.10 - VOWSoft, Ltd.)iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)ISO Burner v8.22 (Trial version) (HKLM-x32\...\ISO Burner v8.22 (Trial version)) (Version: - hxxp://www.iso-burner.com)iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)Java 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)Java 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.300 - Oracle)Java SE Development Kit 6 Update 22 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160220}) (Version: 1.6.0.220 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLock Poker (HKLM-x32\...\Lock Poker) (Version: 2.0.1.4577 - Lock Poker)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.88.58 - Alliance Software Pty Ltd)Market Samurai (x32 Version: 0.88.58 - Alliance Software Pty Ltd) HiddenMedal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version: - )Medal of Honor Allied Assault Breakthrough (HKLM-x32\...\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}) (Version: - )Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Lockbox 3.8.1 (HKLM\...\My Lockbox_is1) (Version: 3.8.1 - )MyFreeCodec (HKU\S-1-5-21-1197745190-727455461-723387890-1001\...\MyFreeCodec) (Version: - )NetBeans IDE 6.9.1 (HKLM\...\nbi-nb-base-6.9.1.0.0) (Version: 6.9.1 - NetBeans.org)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.7 - Notepad++ Team)OpenOffice.org 3.2 (HKLM-x32\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) HiddenSamsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 5.0 - Screaming Frog Ltd)SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - )Serif WebPlus X4 (HKLM-x32\...\{9ADA45A0-8043-470A-8E8B-02EA7D95F896}) (Version: 12.0.4.031 - Serif (Europe) Ltd)Serif WebPlus X4 Resources (HKLM-x32\...\{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}) (Version: 12.0.0.008 - Serif (Europe) Ltd)Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)Snood 4 (HKLM-x32\...\Snood 4_is1) (Version: - Word of Mouse Games)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1142 - SUPERAntiSpyware.com)SUPERAntiSpyware Free Edition (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.37.0.1000 - SUPERAntiSpyware.com)TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.11117 - TeamViewer GmbH)Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version: - Affilorama Ltd.)VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenVisual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)Vodusoft Windows Password Reset Standard Trial (HKLM-x32\...\Vodusoft Windows Password Reset Standard Trial) (Version: 7.1.1.1 - Vodusoft)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)WinRAR 4.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)WinSCP 4.2.9 (HKLM-x32\...\winscp3_is1) (Version: 4.2.9 - Martin Prikryl)Youtube Downloader version 2.0.0 (HKLM-x32\...\{B3E84B4A-ACDB-4B40-BA8A-5AD2675B8735}_is1) (Version: 2.0.0 - Mintra)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{3980AD37-207D-455D-88E5-BEC590BA4C6E}\InprocServer32 -> C:\Users\PA8BC~1.MIL\AppData\Local\Temp\radB58B3.tmp => No FileCustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3770\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1197745190-727455461-723387890-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)==================== Restore Points =========================18-12-2015 00:00:03 Scheduled Checkpoint18-12-2015 15:23:48 Installed Medal of Honor Allied Assault Breakthrough18-12-2015 15:35:03 Removed Medal of Honor Allied Assault Breakthrough18-12-2015 15:42:50 Installed Medal of Honor Allied Assault Breakthrough18-12-2015 15:48:56 Installed Medal of Honor Allied Assault18-12-2015 15:57:44 Removed Medal of Honor Allied Assault18-12-2015 15:59:28 Removed Medal of Honor Allied Assault Breakthrough18-12-2015 16:04:08 Installed Medal of Honor Allied Assault18-12-2015 16:23:48 Installed Update ikernel Engine18-12-2015 16:25:08 Installed Update ikernel Engine18-12-2015 16:27:20 Removed Medal of Honor Allied Assault UK & US 1.11 Patch18-12-2015 16:27:54 Installed Medal of Honor Allied Assault Breakthrough20-12-2015 12:51:15 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2015-12-18 16:38 - 00000134 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost127.0.0.1 down.baidu2016.com127.0.0.1 123.sogou.com127.0.0.1 www.czzsyzgm.com==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {085DB8A1-465C-48F2-BE46-575DBE711C49} - System32\Tasks\{C151BF29-E5D9-4036-BBBF-FB20E265A652} => pcalua.exe -a D:\setup\Setup.exe -d D:\setupTask: {089CEB2D-DFA9-45F4-8812-5D460DC09130} - System32\Tasks\{CF91F38A-78FD-4246-9398-F01D96886C94} => pcalua.exe -a "C:\Users\P. Miller\Downloads\jxpiinstall.exe" -d "C:\Program Files (x86)\Mozilla Firefox"Task: {160DAD04-B808-4A22-8146-D531F557C7CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)Task: {1A27E40F-1738-4D3E-ABA7-B5C80288168C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exeTask: {20CE1EB9-A017-44DC-9441-170999C95890} - \VAKLATOZ1 -> No File <==== ATTENTIONTask: {2E570911-CBF4-44E0-8657-C67B29F9B787} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTIONTask: {394F0017-1396-4EEB-84CD-8DD710CB5E87} - System32\Tasks\{49F8AB6D-B350-44D2-9904-0C6C7079A31E} => pcalua.exe -a "C:\Users\P. Miller\Downloads\Renan.exe" -d "C:\Program Files (x86)\Mozilla Firefox"Task: {493BB6A6-0A27-4598-8920-F9F222BEF73A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {5D0AC389-C539-4B97-AE72-11ED3E84AF27} - System32\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\4099\g2mupdate.exe [2015-12-15] (Citrix Online, a division of Citrix Systems, Inc.)Task: {7861C9B4-3946-41FA-AD10-44EC40935263} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-09-30] (Avast Software s.r.o.)Task: {88726F65-532A-42E8-8CFF-68E397C36B2E} - System32\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\4099\g2mupload.exe [2015-12-15] (Citrix Online, a division of Citrix Systems, Inc.)Task: {88F738FC-297B-4915-B1F7-AFCA8E65D248} - System32\Tasks\{469EE7FF-8698-43BC-93BE-3A75F31BA3C9} => pcalua.exe -a "C:\Users\P. Miller\Desktop\toysoldiers.exe" -d "C:\Users\P. Miller\Desktop"Task: {91B817B4-E4C5-4CB4-89E2-93F16927D6C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {9F408590-9AFA-4D10-9A14-E595459B16B7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001Core => C:\Users\P. Miller\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)Task: {A54E9F0A-CC7A-4779-8900-E7EF02B6C8DB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)Task: {B2B26ED8-3A13-49EB-8F89-519C8A821C8A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-15] (Lavasoft )Task: {C07EF107-3AE0-4452-980C-0BAA3562018B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {CF5187CF-0920-4994-AD35-690A85D7BF9E} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTIONTask: {DA49978A-5917-4CAF-8D55-6D601F83A9BF} - System32\Tasks\{F60B546F-A9A9-4505-86F6-68ED28E9C6A7} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\MOHAA\main\toysoldiers.exe" -d "C:\Program Files (x86)\EA GAMES\MOHAA\main"Task: {DD79D710-CA16-4309-A966-DA962233551C} - System32\Tasks\{8972804F-4C43-4E54-B1C5-E550CBCF95FF} => pcalua.exe -a "C:\Users\P. Miller\Downloads\moretime.exe" -d "C:\Program Files (x86)\Mozilla Firefox"Task: {E6CB6BE4-11DA-4313-B8EA-674776C01814} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {ED40F146-FE42-425F-9980-141979BA7C07} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001UA => C:\Users\P. Miller\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)Task: {FBE81442-941E-4FD4-9FB2-E04501D3B578} - System32\Tasks\{629A8DEB-4EC7-4870-89A8-D2384D8B4CFD} => C:\Users\P. Miller\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe [2013-07-11] ()(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001Core.job => C:\Users\P. Miller\AppData\Local\Dropbox\Update\DropboxUpdate.exeTask: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1197745190-727455461-723387890-1001UA.job => C:\Users\P. Miller\AppData\Local\Dropbox\Update\DropboxUpdate.exeTask: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTIONTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1197745190-727455461-723387890-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\4099\g2mupdate.exeTask: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1197745190-727455461-723387890-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\4099\g2mupload.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2013-02-05 23:27 - 2013-02-05 23:27 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2015-08-24 08:56 - 2015-08-24 08:56 - 00043480 _____ () C:\Users\P. Miller\Filezilla\FileZilla FTP Client\fzshellext_64.dll2010-09-30 11:13 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe2015-03-23 11:03 - 2015-03-23 11:03 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll2015-03-23 11:03 - 2015-03-23 11:03 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll2015-12-20 12:47 - 2015-12-20 12:47 - 02805760 _____ () C:\Program Files\Alwil Software\Avast5\defs\15122000\algo.dll2015-12-20 15:57 - 2015-12-20 15:57 - 02805760 _____ () C:\Program Files\Alwil Software\Avast5\defs\15122001\algo.dll2010-02-04 10:53 - 2011-06-15 18:14 - 00271856 _____ () C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-09-30 11:13 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll2012-05-30 12:11 - 2012-05-30 12:11 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll2015-03-23 11:03 - 2015-03-23 11:03 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll2015-12-10 23:50 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\faulthandler.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd2015-12-10 23:50 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\pywintypes27.dll2015-12-10 23:50 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_ctypes.pyd2015-12-10 23:50 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\select.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32api.pyd2015-12-10 23:50 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\pythoncom27.dll2015-12-10 23:50 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd2015-12-10 23:50 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\unicodedata.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\fastpath.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32event.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\mmapfile.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32security.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32file.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32pipe.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32process.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32gui.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32ts.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32clipboard.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32service.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\librsync.dll2015-12-10 23:50 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\win32profile.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd2015-12-10 23:50 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_elementtree.pyd2015-12-10 23:50 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\pyexpat.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\jpegtran.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\winxpgui.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL2015-12-10 23:50 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd2015-12-10 23:50 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\sip.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd2015-12-10 23:50 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll2015-03-04 16:45 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll2015-07-30 22:40 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll2009-10-20 20:02 - 2010-04-01 17:48 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-1197745190-727455461-723387890-1001\Control Panel\Desktop\\Wallpaper ->DNS Servers: 75.75.76.76 - 75.75.75.75HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [TCP Query User{7B842E08-2C2D-4495-8B03-358226F7728C}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough.exeFirewallRules: [uDP Query User{1094E275-68B2-44C1-A5FE-2C85C5202DFD}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough.exeFirewallRules: [TCP Query User{4EEA770E-6183-4BFB-A892-F60DCBFDB6A2}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exeFirewallRules: [uDP Query User{F0E03FAE-2D84-46D3-8143-ADCB8AC52ABC}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exeFirewallRules: [{6C781EA6-380D-4B0A-B94D-54DC2B1D71F6}] => (Allow) C:\Program Files (x86)\AIM\aim.exeFirewallRules: [{AFAEFA94-519F-48E5-8C95-BB7F967385C7}] => (Allow) C:\Program Files (x86)\AIM\aim.exeFirewallRules: [{8DF1FD3C-1A3E-4817-8F4A-11C4397608B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{0E5562E1-C246-4BEB-816E-250379508CA0}] => (Allow) LPort=2869FirewallRules: [{F4D575AA-77D7-4670-A528-4D5F8BD1BB39}] => (Allow) LPort=1900FirewallRules: [{956E51CB-999D-404B-BB19-57BBEBEAC6EC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{C906BD41-9B0A-4170-9A49-598D097EBD4B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exeFirewallRules: [{A5917A94-6138-4EF8-85B6-F3CE049154B4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exeFirewallRules: [{C0D2C658-5E08-4C2B-97E5-050ADBFC2018}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exeFirewallRules: [{AFAF0908-FD19-4AE9-A76F-DA8C709CC4DF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exeFirewallRules: [{7542ADF8-974C-4BAB-9578-19D1FD166D72}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exeFirewallRules: [{FD2F7D97-C2D2-4787-9D1F-DAC723BE1711}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{B984E8AC-D7CB-410A-83CF-BB2050EC2719}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{675E211F-561A-4A12-91BA-A50C476DDE8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{801790A5-35CA-4274-A718-D7FC03779F45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{F6881B3B-2281-4B75-A8EC-D6129E1142CA}] => (Allow) C:\Program Files (x86)\Lock Poker\PokerClient.exeFirewallRules: [{72D14782-1033-47FA-A470-E23DC1408975}] => (Allow) C:\Program Files (x86)\Lock Poker\PokerClient.exeFirewallRules: [{1F751675-D9C9-406D-B0DE-C21002B20D00}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exeFirewallRules: [{2C0626E5-9AAD-4FC2-817F-9EEA5FAD5CF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exeFirewallRules: [{63AB9B6A-8CA2-4054-9D0A-3F3E03C89319}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exeFirewallRules: [{6B105EEA-793D-4DB6-BE96-C8716C5349D1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exeFirewallRules: [{10F44976-FEE4-4A61-95B6-A11FD504B1AF}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exeFirewallRules: [{1167BA5B-F3AF-4E73-9B50-9B3DF4C1E07E}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exeFirewallRules: [{B2EA8ADC-5AF3-4187-8D1C-1C7CB163E1A0}] => (Allow) C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{87DDA4CD-96C7-41EA-A488-FE0A417B04C9}] => (Allow) C:\Users\P. Miller\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{FA9BAB85-7412-40DF-825D-2EA31082579A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [TCP Query User{E21D897E-361B-467C-920E-4372C88D79D4}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exeFirewallRules: [uDP Query User{7D2C636B-8DEF-4578-952C-699826851F20}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exeFirewallRules: [TCP Query User{2F7B604F-4BA9-4D20-83D1-43097F80834C}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe] => (Block) C:\program files (x86)\ea games\mohaa\moh_breakthrough.exeFirewallRules: [uDP Query User{75C2A9CA-6E4B-4D75-9F52-19ABC985AAE1}C:\program files (x86)\ea games\mohaa\moh_breakthrough.exe] => (Block) C:\program files (x86)\ea games\mohaa\moh_breakthrough.exeFirewallRules: [{06DC380F-59DB-4EAE-BD53-7846981657C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{D4B5475C-5F04-43C9-B71D-CFFC1737E04C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{E09ABE0F-255B-4F1F-AA83-2CA082A5D5DB}C:\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [uDP Query User{C851FE03-DA16-46B2-8187-7EE6EE1234ED}C:\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [TCP Query User{F30C761B-F674-4035-B578-8506294F7FB9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [uDP Query User{73A46335-0E3E-44AC-A782-2D1EDF077937}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [{3E2FD738-B8CF-4D87-AA28-8AF80B9958D7}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exeFirewallRules: [{ED5C8CFE-1DA4-478B-8740-E0AE5E0E3F8B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{C2E5A228-AFDE-4E3D-B030-6CF0797A1370}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{6AB17AD1-620C-4258-A811-16CCE205043E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{AAF9CA67-5354-4004-AC3C-25D6384D8FC3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [TCP Query User{25C87F20-242F-4295-83BC-F0FB70FF097F}C:\program files (x86)\ea games\mohaa\mohaa_server.exe] => (Allow) C:\program files (x86)\ea games\mohaa\mohaa_server.exeFirewallRules: [uDP Query User{5165D6F9-4D18-42D7-9276-4BC05FB8FCFC}C:\program files (x86)\ea games\mohaa\mohaa_server.exe] => (Allow) C:\program files (x86)\ea games\mohaa\mohaa_server.exeFirewallRules: [TCP Query User{3252B1AD-4DB5-438A-99C7-B407094D8810}C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exeFirewallRules: [uDP Query User{16169076-C5D8-4316-9FC3-AE381C5DFB47}C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe] => (Allow) C:\program files (x86)\ea games\mohaa\moh_breakthrough_server.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/20/2015 02:59:19 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.Error: (12/18/2015 04:59:06 PM) (Source: ESENT) (EventID: 215) (User: )Description: WinMail (1128) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.Error: (12/18/2015 04:45:18 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program myoffergroup_us6.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 11e8Start Time: 01d139dd3b2ba859Termination Time: 4Application Path: C:\Users\PA8BC~1.MIL\AppData\Local\Temp\is-90LKG.tmp\myoffergroup_us6.tmpReport Id:Error: (12/18/2015 04:10:53 PM) (Source: Application Error) (EventID: 1005) (User: )Description: Windows cannot access the file D:\SETUP.EXE for one of the following reasons:there is a problem with the network connection, the disk that the file is stored on, or the storagedrivers installed on this computer; or the disk is missing.Windows closed the program InstallShield ® Setup Launcher because of this error.Program: InstallShield ® Setup LauncherFile: D:\SETUP.EXEThe error value is listed in the Additional Data section.User Action1. Open the file again.This situation might be a temporary problem that corrects itself when the program runs again.2.If the file still cannot be accessed and - It is on the network,your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.4. If the problem persists, restore the file from a backup copy.5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor forfurther assistance.Additional DataError value: C0000012Disk type: 5Error: (12/18/2015 04:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Setup.exe_InstallShield ®, version: 6.31.100.1190, time stamp: 0x3b95ef0bFaulting module name: Setup.exe, version: 6.31.100.1190, time stamp: 0x3b95ef0bException code: 0xc0000006Fault offset: 0x000057f6Faulting process id: 0x1250Faulting application start time: 0xSetup.exe_InstallShield ®0Faulting application path: Setup.exe_InstallShield ®1Faulting module path: Setup.exe_InstallShield ®2Report Id: Setup.exe_InstallShield ®3Error: (12/18/2015 12:33:24 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.Error: (12/17/2015 12:33:07 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.Error: (12/16/2015 12:32:48 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.Error: (12/15/2015 12:33:19 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.Error: (12/12/2015 12:32:59 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.System errors:=============Error: (12/20/2015 04:00:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Windows Update service hung on starting.Error: (12/20/2015 03:54:30 PM) (Source: atikmdag) (EventID: 10261) (User: )Description: Display is not activeError: (12/20/2015 03:54:30 PM) (Source: atikmdag) (EventID: 19468) (User: )Description: CPLIB :: General - Invalid ParameterError: (12/20/2015 03:54:29 PM) (Source: atikmdag) (EventID: 10261) (User: )Description: Display is not activeError: (12/20/2015 03:54:29 PM) (Source: atikmdag) (EventID: 19468) (User: )Description: CPLIB :: General - Invalid ParameterError: (12/20/2015 12:47:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Windows Update service hung on starting.Error: (12/20/2015 12:44:57 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}Error: (12/20/2015 12:40:26 PM) (Source: atikmdag) (EventID: 10261) (User: )Description: Display is not activeError: (12/20/2015 12:40:26 PM) (Source: atikmdag) (EventID: 19468) (User: )Description: CPLIB :: General - Invalid ParameterError: (12/20/2015 12:40:25 PM) (Source: atikmdag) (EventID: 10261) (User: )Description: Display is not activeCodeIntegrity:=================================== Date: 2012-12-06 20:44:06.900 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:44:06.697 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:42:32.832 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6002.18005_none_36c61ef4ef40c41e\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:42:32.614 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6002.18005_none_36c61ef4ef40c41e\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:42:32.286 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:42:32.083 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:32:41.980 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:32:41.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:32:41.450 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-06 20:32:41.231 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHzPercentage of memory in use: 54%Total physical RAM: 4094.49 MBAvailable physical RAM: 1879.94 MBTotal Virtual: 8187.19 MBAvailable Virtual: 5961.83 MB==================== Drives ================================Drive c: () (Fixed) (Total:465.76 GB) (Free:280.44 GB) NTFS ==>[drive with boot components (obtained from BCD)]Drive d: (MOHAAB) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFSDrive e: (PENDRIVE) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 19697EE1)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)Partition: GPT.==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted December 20, 2015 ID:1008175 Share Posted December 20, 2015 Thanks for those logs, we seem to have made good progress. Continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode <<<<<------------ http://support.eset.com/kb2268/ Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktopThis log will be excessive, Please attach it to your next reply… Let me see those logs, also give an update on any remaining issues or concerns... Thank you, Kevin Fixlist.txt Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008178 Share Posted December 20, 2015 first log... doing others now... ad-aware starts on start up and keeps popping up saying malicious programs have been detected running in background.... and the scan I just stopped so I can do the other things you listed says win32.trojan.agent malware qty 2 TAI 10 ... and Win32.trijandropper.agent/a process qty1 TAI 7.... As mentioned I stopped that scan, and it only scanned for 3 min. Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015Ran by P. Miller (2015-12-20 16:54:45) Run:2Running from C:\Users\P. Miller\Desktop\frstLoaded Profiles: P. Miller (Available Profiles: P. Miller & Guest)Boot Mode: Normal==============================================fixlist content:*****************StartCloseProcesses:CreateRestorePoint:Task: {20CE1EB9-A017-44DC-9441-170999C95890} - \VAKLATOZ1 -> No File <==== ATTENTIONTask: {2E570911-CBF4-44E0-8657-C67B29F9B787} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTIONTask: {CF5187CF-0920-4994-AD35-690A85D7BF9E} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTIONC:\Program Files (x86)\FreeFileViewerTask: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTIONAlternateDataStreams: C:\Program Files (x86)\Lock Poker:MIDHosts:EmptyTemp:end*****************Processes closed successfully.Restore point was successfully created."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20CE1EB9-A017-44DC-9441-170999C95890}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CE1EB9-A017-44DC-9441-170999C95890}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VAKLATOZ1" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E570911-CBF4-44E0-8657-C67B29F9B787}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E570911-CBF4-44E0-8657-C67B29F9B787}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF5187CF-0920-4994-AD35-690A85D7BF9E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF5187CF-0920-4994-AD35-690A85D7BF9E}" => key removed successfullyC:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => key removed successfullyC:\Program Files (x86)\FreeFileViewer => moved successfullyC:\Windows\Tasks\FreeFileViewerUpdateChecker.job => moved successfullyC:\Program Files (x86)\Lock Poker => ":MID" ADS removed successfully.C:\Windows\System32\Drivers\etc\hosts => moved successfullyHosts restored successfully.EmptyTemp: => 3.2 GB temporary data Removed.The system needed a reboot.==== End of Fixlog 16:58:41 ==== Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008180 Share Posted December 20, 2015 farbar log and adwcleaner... doing others now Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015Ran by P. Miller (2015-12-20 16:54:45) Run:2Running from C:\Users\P. Miller\Desktop\frstLoaded Profiles: P. Miller (Available Profiles: P. Miller & Guest)Boot Mode: Normal==============================================fixlist content:*****************StartCloseProcesses:CreateRestorePoint:Task: {20CE1EB9-A017-44DC-9441-170999C95890} - \VAKLATOZ1 -> No File <==== ATTENTIONTask: {2E570911-CBF4-44E0-8657-C67B29F9B787} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTIONTask: {CF5187CF-0920-4994-AD35-690A85D7BF9E} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software) <==== ATTENTIONC:\Program Files (x86)\FreeFileViewerTask: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTIONAlternateDataStreams: C:\Program Files (x86)\Lock Poker:MIDHosts:EmptyTemp:end*****************Processes closed successfully.Restore point was successfully created."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20CE1EB9-A017-44DC-9441-170999C95890}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20CE1EB9-A017-44DC-9441-170999C95890}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VAKLATOZ1" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E570911-CBF4-44E0-8657-C67B29F9B787}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E570911-CBF4-44E0-8657-C67B29F9B787}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF5187CF-0920-4994-AD35-690A85D7BF9E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF5187CF-0920-4994-AD35-690A85D7BF9E}" => key removed successfullyC:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => moved successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker" => key removed successfullyC:\Program Files (x86)\FreeFileViewer => moved successfullyC:\Windows\Tasks\FreeFileViewerUpdateChecker.job => moved successfullyC:\Program Files (x86)\Lock Poker => ":MID" ADS removed successfully.C:\Windows\System32\Drivers\etc\hosts => moved successfullyHosts restored successfully.EmptyTemp: => 3.2 GB temporary data Removed.The system needed a reboot.==== End of Fixlog 16:58:41 ==== # AdwCleaner v5.025 - Logfile created 20/12/2015 at 17:14:25# Updated 13/12/2015 by Xplode# Database : 2015-12-13.2 [server]# Operating system : Windows 7 Ultimate Service Pack 1 (x64)# Username : P. Miller - PMILLER# Running from : C:\Users\P. Miller\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\Program Files (x86)\myfree codec[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec[-] Folder Deleted : C:\Users\P. Miller\AppData\Local\Zoom_Downloader***** [ Files ] ********** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}[-] Key Deleted : HKCU\Software\APN PIP[-] Key Deleted : HKCU\Software\Bitberry[-] Key Deleted : HKCU\Software\Cr_Installer[-] Key Deleted : HKCU\Software\ilivid[-] Key Deleted : HKCU\Software\Myfree Codec[-] Key Deleted : HKCU\Software\Tutorials[-] Key Deleted : HKCU\Software\YahooPartnerToolbar[-] Key Deleted : HKCU\Software\Yahoo\Companion[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}***** [ Web browsers ] *****[-] [C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,[-] [C:\Users\P. Miller\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FCIzamobl10924,ca9d1070-2e7e-4a2d-afcf-1a7cf7adede9,&vp=ch&prd=set_ch*************************:: "Tracing" keys removed:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4850 bytes] ########## Link to post Share on other sites More sharing options...
withavision Posted December 20, 2015 Author ID:1008181 Share Posted December 20, 2015 JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 7 Ultimate x64Ran by P. Miller (Administrator) on Sun 12/20/2015 at 17:22:58.22~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~File System: 92Failed to delete: C:\Users\P. Miller\AppData\Roaming\Mozilla\Firefox\Profiles\gm3oq43n.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\Chrome\CT2144081 (Folder)Successfully deleted: C:\ProgramData\Start Menu\Programs\(default) (Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{048AA57A-860F-423D-B05F-548EAF521D1B} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{05A6957F-18E0-445D-AF43-789344A1F2EC} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{0CD6DA73-B5B8-419A-9496-084044D9B37E} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{0F107A70-D7C3-4749-A3FE-057D60CB1EFE} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{1627BF90-1540-4A56-B4BB-58BD0A705E1D} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{17FDE277-86DC-41D6-9F9B-0402E95BCC15} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{2167F576-7482-4F1C-8F16-FA2C5A78ABE0} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{2231322C-200E-4AB3-8B29-295D229A7C2A} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{23E05E14-CF99-41B3-B0EF-3C2B737B1E60} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{28DB9832-9100-4B1B-8F0C-702FD4FD8FFC} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{2CD23E6B-24EC-4E3E-B423-F9AF42872910} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{2FB63877-296B-471B-AC6F-E7DF3DB15DF9} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{30C393C4-5B47-4E51-B764-89C87AED5499} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{317D976C-DBE1-4E85-BB18-BE493925B5F2} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{33FD5EBB-2E3A-487C-95BF-AD31D0986B1C} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{355C5F8F-12F4-422A-B490-E58B6E9F3576} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{39BD3344-073D-46E0-B8D7-E7E7F8A44EEF} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{412439B5-1652-4C5E-AE3A-5CB24A011484} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{423D1F7A-2710-4550-8CB7-79CCF2509003} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{42B90DD3-84AC-41A0-802C-322AE0539E5B} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{42BE82D5-8F6D-4BC8-BCCA-8877AC608C0D} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{45D71825-F646-4C80-BBE1-270A98102399} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{49B72EA2-AC10-4F9E-BB79-7AEE4AF58BBF} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{49F97086-6866-4EB2-AAD1-C18315677BEC} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{4C194850-9F9E-4662-BCFF-05AA4A52DD47} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{4CF3A16F-A5C4-4236-9D23-D7BC5E958C4B} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5166239D-0C54-4F64-9265-D3364224ECFA} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{51F5872D-19CA-4C4E-B95A-75FB994653D5} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{53219F37-DF0C-4750-988E-25B6C9C7C8EE} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{543A0FCE-C23B-4D09-9A4F-79154F7DDEED} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5576F4A3-3302-485F-BAB7-9D0458F15196} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5815FA5F-0ADE-46F4-B2E0-04A0EA5E0340} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5949E557-7EE8-4FAB-A552-E2A46A8443FB} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5995B544-7B8D-46F3-AD84-EE8F5603FEA3} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5AB43243-FA31-4FB6-8ABE-71DB6A94D791} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{5C9D1D9C-9D15-4D33-82AE-B20BEB3C58E7} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{675D5739-C858-40A8-AC82-1605E2F17F9A} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{6865C84E-C00D-4F74-8AD0-85CEC868F4CC} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{6C37D87C-87C3-43CE-AECD-EAE2DE1F3812} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{6E57776D-4CC9-4B32-90F6-480F2ACAD73E} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{6F9B6911-2C73-4E9E-86AA-A8FFFA1301D1} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{70CE5D20-E379-4872-A0C7-456ABA7C8691} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{72092E40-1393-4D92-814A-396A1E49CDD4} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{74C5A0B2-304E-46F2-A43F-2E9CDD03B225} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{74E8D577-FF84-43CA-8B05-FB0A79889C39} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{799CE78B-8824-43E1-B95D-1ADD46D842BA} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{7E1DB128-E1B1-4C04-8720-4E54BFCE669C} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{7ED4E792-B90E-4D39-8220-38F5330DF83B} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{84AAF757-891A-42E1-8E5A-7DD5CFED4F2D} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{88720B88-0382-4366-AC56-36F9880707A2} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{8B3D9D16-F7B2-47D2-B5C3-90F458969771} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{8DCAEE13-6415-4974-8F0D-7ABA6B9F2997} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{8F0993CD-6FF5-4C01-B13C-2C9D8C37419F} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{931B46BB-A773-4DF5-998B-A796F356B3ED} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{9F3CE98A-93C4-42A1-A86A-F6C9B6F38D11} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{A1A53BA6-76C5-4D04-A201-7A40964C379E} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{A82DE798-B429-44C5-A9C2-BE080BCB3802} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{B35939FA-D2AC-44A4-B4CC-22CF0F8B963F} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{B43FBB8D-5B47-4B2F-80FA-7DC1D53F39B5} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{B5AAFA3B-B527-4CF1-80F1-00DA057F2676} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{B973EF24-2E57-46F7-A110-7580B9D31551} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{BB86BB2C-46FB-4789-8D8D-75992C5AC8D5} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{BBD1F050-CA90-45B8-BDEE-111C6FBD2288} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{C2CFC1C3-DAB8-4681-95B4-B169D0670C9F} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{C725CEB0-AD31-47B6-975D-C599B98D2388} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{C849974D-3870-47C1-954F-CAAD0138E6C8} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{C886190A-31C8-485B-9E03-743EDCDA2CD7} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{C8E357EE-1651-46DA-8719-D616395DE024} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{C90C678E-6C5E-4EF0-8B81-9A0639B9A8F3} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{CCBEA9C6-4C9C-4819-B6CE-6124FA72A8B4} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{CFF915EA-66FF-4418-A321-08E863A58C51} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{D18FDBE4-B1F4-47A1-93E7-E3960F9B485B} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{D2D9A1AE-632C-49CE-B503-E326E7E4124C} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{D3E7072E-DCF3-40DA-9B72-75126B0C8F55} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{D3FC5322-52FF-4FA9-B244-EBDE50EA0D25} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{D77F84CA-9BEA-452C-8473-FA64EE721254} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{DD5ECC7B-A95E-48A5-8FF8-E6DF5B808914} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{DE38D110-9C69-450F-A6BB-61AC90C7EC93} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{E4675FB5-B50A-4C1D-84A1-A9AF3332FEC3} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{E4F681F5-CB6F-4C90-A766-2EA4C22A220A} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{EF01A9B2-CE17-4730-A2A0-7A938CAFB570} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{F0AD6E1F-C519-4626-B593-094291CFA214} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{F5E72400-0CC1-42BE-A12C-1C962537D42A} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{FA342803-DBA0-4859-83A7-D11D40A57A42} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{FC197991-A314-46C4-8726-EEED0A0A98C3} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Local\{FE30B749-4447-4B1B-BEBF-DA47E922AA84} (Empty Folder)Successfully deleted: C:\Users\P. Miller\AppData\Roaming\freefileviewer (Folder)Successfully deleted: C:\Users\P. Miller\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 (Folder)Successfully deleted: C:\Windows\SysWOW64\REN84A.tmp (File)Successfully deleted: C:\Windows\SysWOW64\REN84B.tmp (File)Registry: 1Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 12/20/2015 at 17:28:16.21End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008186 Share Posted December 21, 2015 dr web log... no threats detected... ad aware live still popping up saying malicious threats running in background though... everything seems fine though?? Dr.Web Scanner SE for Windows v9.1.3.11270© Doctor Web, Ltd., 1992-2013Scan session started 2015/12/20 18:28:53Module location : c:\users\p. miller\appdata\local\temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\=============================================================================OPTION [Automatic Apply Actions] NOOPTION [Turn Off Computer After Scan] NOOPTION [use Sound Alerts] NOOPTION [block Network] NOOPTION [Protect Process] NOOPTION [Protect Raw Disk] NOError to get time from server: The server name or address could not be resolved(12007)Error to get time from server: The server name or address could not be resolved(12007)Using language: "English"Available instances: 6Instances used: 6Platform: Windows 7 Ultimate x64/WOW (Build 7601), Service Pack 1API Version: 2.2Scanning Engine version: 10.0.10.12141Virus Finding Engine version: 7.0.17.11230Total 289 virus bases are loaded from c:\users\p. miller\appdata\local\temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687jL5ZDlVDZkjr1Q 9.0 4766e93dec84575a1d27ba7705c6c0c2201441b3 2015/12/20 09:30:38 388 records - OKLdJAh26tc 9.0 9aed727828f0b2d133db81da67712b9769843aeb 2014/04/10 09:22:45 2 records - OKZus05rwUFvB 9.0 7778dac636143780378412cd9685ed46cf2cbbf6 2015/12/19 15:05:24 17636 records - OKeAgfJba4 9.0 36f2b2844dea9c77898b2e44c467a9fc0ad687bd 2015/12/13 23:12:51 15429 records - OKUyzJ9xAhp5L 9.0 c7c701a55417638f6b5ecf7222ffa9305b3a2075 2015/12/06 23:35:31 19947 records - OKshhcsI54Y5 9.0 14db11ae234f545e7b37516e56c74c9e372a3c43 2015/11/29 23:14:42 13188 records - OKRABSBQuzJgtv 9.0 9fcde3efcfef325e6ce1bd5b7e5a3cfdbc5aeb5d 2015/11/22 23:16:27 22188 records - OKdgZFeUChp 9.0 6e08871f72918830a00e0ad912e6c0947698ea03 2015/11/15 23:13:16 23749 records - OKcIuj2GnxzZbD 9.0 e568b074bb7b5fdea735a310761319814493fab1 2015/11/08 23:10:33 18829 records - OKYSvRCQJ9JBvEDb 9.0 c9c16ffda04cd36fbe336f4a3567f61c3f1df4a5 2015/11/01 23:12:11 18050 records - OK5LSFGWp4J8K 9.0 75ee2e282fcd0fdfa43ad1010019966f468ee2cd 2015/10/26 00:16:02 23577 records - OKnki4QYy2 9.0 c6b5cada8d92400c6d52480711cc3883d2ed27e9 2015/10/19 00:13:35 20913 records - OKbxyCgGF20ro 9.0 5edd91c1764e51565b2587279c106c776b6359f6 2015/10/12 00:12:30 27690 records - OKx9KRyXip 9.0 d107e2c794addfa45084c04e0db18a323181a764 2015/10/05 00:13:47 21690 records - OKFtftEPyU67U4 9.0 c634ef197ce6f92b85d14f05833f41ef0ffeb245 2015/09/28 00:09:03 23582 records - OKXpprP20z5v 9.0 16f8b3f1fdf02007d9f764523081093c89ef9833 2015/09/21 00:12:03 25456 records - OKSk73gOX1 9.0 4270fbe142d6881c61c3fda7733782d4ef43ce94 2015/09/14 00:10:32 23387 records - OKkM5tKrfR 9.0 e80de836ea8293357d95675e64ec115874a6f3a9 2015/09/07 00:13:14 27958 records - OKAAlyDn281r1DZG 9.0 e5597a14ade7551d9cad1770ef06a25dc285354c 2015/08/31 00:11:05 28792 records - OKhLM0MOf2CA 9.0 3fb8c1df727c33708eccefdbf7babff78094a8f2 2015/08/24 00:13:56 20766 records - OKAnYt6WoX 9.0 f94dd13c04da613e95e1e057a8bfcdea6ca2457f 2015/08/17 00:13:20 29386 records - OK68issxJbbZR 9.0 556702f2bf85e36fdb27552c63ed9be5f0b2fa71 2015/08/10 00:13:40 12014 records - OKhsDRnpeHuU 9.0 8471eaee24d95e25c7270e80defab1d8fc476c4a 2015/08/03 11:07:40 16867 records - OKP3eHRqZAdGP7 9.0 8b05227834c558752a424ea2e0e37cb55c90df55 2015/07/27 00:10:33 23123 records - OKrrRWf3Qi0MD 9.0 6b28cbcbac0e3724f1dd827e674e3226c162bc1d 2015/07/20 00:09:19 30597 records - OKwgF3KnhS 9.0 cb5eca97fadc867a86f84cdb5b41f44654d612f0 2015/07/13 00:09:02 39956 records - OKkrAKpIiDQFtoZ 9.0 371874fcbacea4a1d3f7fe8f097330254b5e2f2a 2015/07/06 00:10:11 38752 records - OKDDMnXbl01 9.0 04bdeb8e49c1e7e4a7b1f548d78ec02fb5ee71d7 2015/06/29 00:09:48 41744 records - OKU4pRBJpzaW 9.0 4336c5b5898bc18ec37df82b9e27b1af61fd0c07 2015/06/22 00:11:48 29369 records - OKH7MFbDheozmsf 9.0 0a2afb98d72aa433bf08130572242c111c1d11e3 2015/06/15 00:11:54 19885 records - OK16ZcYAiUhgW6PBl 9.0 4cb2364a804cc48eb0e3137b095952c3db5b4e21 2015/06/08 00:10:47 16322 records - OKuJ8IeSJmLsk9McD 9.0 7e276abbe8175de578dcae95c9cede237c62ff3e 2015/06/01 00:12:30 21099 records - OKbhma8wu4xOhNl 9.0 ebcec45c9bcef792c92bfb165f95c26dd7c6926e 2015/05/25 00:09:25 16357 records - OKTBJ4H7DQbqZK 9.0 1af60658e8661f486c3860bf2bf2cf53d7ba256f 2015/05/18 00:09:24 12562 records - OKbIboCCoEMubFPZ 9.0 984fe93957b68cfc25a69525fd83a224dfcd5c95 2015/05/11 00:12:10 16387 records - OKIyLM8PT8XBy 9.0 fe75f061b8b7d024ab5fc9d202ce51c22a556815 2015/05/04 00:12:01 13791 records - OKMalIstTuBk7n6 9.0 5e3c3f1dd25b90fe54e2551f66679f79692eb0eb 2015/04/27 00:09:10 16980 records - OKy4w9jSBZMxJ 9.0 d68f395b637141250c62fa2e832ce105f4583364 2015/04/20 00:13:03 18642 records - OKIu39mcqCfDYZg 9.0 f64fa683abdc874b6ae4e3a7b890656e991573df 2015/04/13 00:11:51 12163 records - OKYcg6NDE9ROm7t7 9.0 e13b1316273ebe745dc5caf40a09ff3d6ec5bab6 2015/04/06 00:10:34 13386 records - OKe6AlhFXdnNlO 9.0 30d0c12d3bee4c3be8f801a4ff9b8825c18b787f 2015/03/30 00:11:03 14676 records - OKhrssaKEe 9.0 62b6c3b207fe75c810c4c28fcfe27e6af5b08e83 2015/03/23 00:11:37 14143 records - OK9SFi4VAOl5ff 9.0 7da8643f31ff10742007d1eb99585ab27fa8be26 2015/03/16 00:08:27 7225 records - OKf2eGeHwrUfWbkbI 9.0 ecbe71de674a8690e70250f7b8cca4ebb5fd7892 2015/03/09 00:09:27 8721 records - OK0CKakRWKTajG 9.0 3c45c3ec685ae8ede6b4a58657dde779529c7db4 2015/03/01 23:09:55 30503 records - OKYcl3Ulw6 9.0 274f8686e0d976f1df6f947e25ebc1ba3abd2315 2015/02/22 23:08:33 37169 records - OKahiJxiZfp77oNj 9.0 88bc309d8e117313bb9b9921677f4f8b3aeab06f 2015/02/15 23:11:15 11685 records - OK0B9golKe41ZdR 9.0 43abc95d1a8925b76d022af6998b94c76b84eff1 2015/02/08 23:17:42 22165 records - OK1McimDJRWxoyK 9.0 dd2377aaed6efc3a8c2ded6370656500fc316122 2015/02/01 23:10:22 13708 records - OKYKRLuum2q 9.0 cc29cfe74a887c101d217061befeb6ec7eea38bb 2015/01/25 23:08:03 18692 records - OKAVZZ9ooVP0rae 9.0 9f076b65af34c43bb442d83769b3fac941264de2 2015/01/18 23:11:48 18076 records - OKjz5fkPfk 9.0 d3d995d710664219c2cf1607fa53464e0562d400 2015/01/11 23:09:48 25264 records - OK7hR6lqsVBSHy 9.0 e69a0e5cfb74bc347ca5e2f6ed01ae1520678ed1 2015/01/04 23:08:59 21568 records - OKOktoXeyzcHJ 9.0 c05cc2f7998c2c61bbaa18cefe5492f0dad7bcb5 2014/12/28 23:10:30 14188 records - OK25H8LHQXmwW 9.0 78bdec9b9ec0e81d76c3eba7be4695a3d723ab57 2014/12/21 23:10:37 15664 records - OKZ9rTayVSOaVP 9.0 b41d7f1a4beec99ae86136111b16f20b730a71f6 2014/12/14 23:10:48 10192 records - OK6cSHKOYVU 9.0 0adad4ac08299ee2a6e07b33363a1d879c8f5436 2014/12/07 23:08:57 14500 records - OKE3zAKqmVAcZT 9.0 591a09f1189eaffe4a7b116b81a453bbccbf38fd 2014/11/30 23:11:11 12965 records - OKZGP9guuL5Lm7YW 9.0 ff306751677b955148a951c32dcf80cb3e5045fb 2014/11/23 23:10:16 16188 records - OKiEJj5CFWZ4fOWj 9.0 287d06b168e83271aca389c34754dfd8c88c4c9e 2014/11/16 23:10:43 14676 records - OK5NiEf0cyhVc 9.0 5706c05b0acb8a91833610be569d054df016720f 2014/11/09 23:08:47 7343 records - OKFXBkC2qVa0OIu7 9.0 6f304afcbb5533521bbde7012b510848d2e599b6 2014/11/02 23:07:01 6146 records - OKXwuSkrm4HPVXd4 9.0 eeebf2d591071c8e325f7c9e59526c454cacf8db 2014/10/26 23:08:23 6044 records - OK23n0QELrsBZj 9.0 469d8f18c75d5cef4ca98287ca0a280f4fcb17e3 2014/10/19 23:09:12 5207 records - OK7UDrZqOaJ 9.0 baa61e57099d2bf119d1d475012816a9a04f3f54 2014/10/12 23:09:12 5850 records - OKB0YdEFCieF8D8 9.0 e805122898a9a5fcc9035140245ec2c33ea6cd7b 2014/10/05 23:09:31 7211 records - OKyBkyfj45k6sj4 9.0 ad6b7b3e4adf4a64b70a88cd416ba2c2ce0e2a26 2014/09/28 23:08:55 6473 records - OKGVWtoUIZcVO 9.0 59c9c63f5fe29f00f274b25e11a5f4842ecbe268 2014/09/21 23:08:07 5969 records - OKgQOsie6RR 9.0 2bb4cabc49d2c0f36a6efed1005c848cbcb89c2b 2014/09/14 23:11:44 8883 records - OKaUE3V6DEHevXHG0 9.0 922af514dce67157f64555fab68f60102c500727 2014/09/07 23:08:25 7111 records - OKnn2oplAffY 9.0 b1a641c12ae38d20d35efd58fb18cdb0ce7559bc 2014/08/31 23:10:17 7511 records - OKMenmSKBGZs3bH7m 9.0 ee8c402a6930705bafca6dcf96c01a1adc943b17 2014/08/24 23:09:33 8997 records - OKpEh5dE6S 9.0 ba08046a4e0f13a356d4bd54f97e06373800da8a 2014/08/17 23:09:25 6958 records - OK93mJfYFyCZtHhOt 9.0 b0b4d9f078851c637f3860c0641e182576c91029 2014/08/10 23:10:32 8795 records - OK7ipTLbpnc 9.0 a22b9fe1fd166f5bef755afadeadf515768a70f0 2014/08/03 23:10:12 9849 records - OKXoSay7bup 9.0 136046052feb9c1d85867b2def97699207ef3f25 2014/07/27 23:09:01 12605 records - OKu3aq3ylOR0B 9.0 ca52acb0ff3d3bf9a4a365aedf76f03d5e071958 2014/07/20 23:08:43 10201 records - OKDpvtZ0siPciuF 9.0 557aa2724f0a3fee8a597be32b06f642535ae5dc 2014/07/13 23:08:56 4714 records - OKk0aGnBbWvtCwDi7 9.0 358fb1f6ae3ee7527116607d23c856d70bb57251 2014/07/07 11:41:50 8757 records - OKrqkSfjtQyr7liFL 9.0 e13560aed961937fc57a08984afafbad1a05b693 2014/06/29 23:09:58 10543 records - OKPQgI3Sno 9.0 3b1e56b3e7bdc81158c4189a9f9851a2a118387f 2014/06/22 23:09:41 16248 records - OKRIMG8rtv 9.0 12d7ca025886549d2938f844b28de1453a756340 2014/06/15 23:10:58 12083 records - OKR8ry80BcZ 9.0 b9cd3e62e9c418581add720c4a12e9627ccf11a9 2014/06/08 23:14:38 17772 records - OKDC2ATMtV 9.0 96d185472811ce5425a10b69e55c9124108801ad 2014/06/01 23:21:41 29483 records - OKV1t11MhXh7mnC 9.0 f2ec3cfad3d91dfc45bbdc8f4a8734dbecbaa40e 2014/05/25 23:10:18 21308 records - OKZJxVNZ23uhGsC 9.0 e6ba8d321c0211ff29df1a7f47f2f884f5468ae5 2014/05/18 23:12:33 15204 records - OKEN24CAzyPwIiI 9.0 37638c25321b4fa4f104a2f4e88096b7b6d51b7d 2014/05/11 23:12:50 25180 records - OKVj45T4wow 9.0 6b117d10c373e4f3fd1607d80c661c096b46d3a9 2014/05/04 23:12:28 29125 records - OKwZUvrGIKTnepyXZ 9.0 aabbb42cb3dcd9f9e3431d522f4a07d19324c39f 2014/04/27 23:08:03 26168 records - OKl09DEwKYU7lWV 9.0 998b5e375d07966f142db15fef4e785aba3c0112 2014/04/22 21:51:24 26824 records - OKoIoOf4ggk1i3RBO 9.0 e18dc92d3ae61dd662573b00fc59559d97fa97a2 2014/04/22 21:48:52 23470 records - OK94fUAbmc3PoHX5 9.0 1679fa51df872bb4d6b0dcdb4910ef0ac001b246 2014/04/22 21:46:22 7239 records - OKMztqE6aDg 9.0 f0b3f5c0058cdec01bfe55bc77062072c75fead7 2014/04/22 21:43:52 9893 records - OK2C7qRAhhI8yU8u 9.0 93e191da9673639ead32c992378a0ed31df3634a 2014/04/22 21:41:20 20363 records - OKK7rePFUqG6 9.0 8f89cdf0922d0b4b22da060f6ab2f61815b89176 2014/04/22 21:38:49 17106 records - OKwQUgSm7H4rAGt7w 9.0 92e71acd07f810bdfb8f026c39918860e4e2f6e3 2014/04/22 21:36:16 29679 records - OKh9VTEuizzRlI 9.0 7c6189c2ae53185a5d85c2a9cbcd497ec3f5c4a8 2014/04/22 21:33:42 26983 records - OKwE9nn4KO9wQpsmy 9.0 444eef3a56f2559102bc7762ce93bf2921dac78f 2014/04/22 21:31:10 20659 records - OKJ3RyFnQ7ndRER 9.0 571b5fda70d9531b5fb8103ba83a207f75f40cef 2014/04/22 21:28:39 12119 records - OKJBE79Y1BJc 9.0 6dc9b1ad12309ca9a4d58fe401806b23aaa10da7 2014/04/22 21:26:07 21955 records - OKlRD3ALKmqIqMH 9.0 a48b51b0048f8b0b7ba60a54f0dad06de3cd5731 2014/04/22 21:23:27 21349 records - OKZ1czfJnPzX1iSVd 9.0 dafcbe636ae116952a2e7f2aced33d668f2301d3 2014/04/22 21:20:54 11704 records - OK382NNond0pPDU5A 9.0 4ed384fc43f035da67c74ffee7042267c5e22847 2014/04/22 21:18:22 19301 records - OKSSwYTzLn 9.0 568007395fe169cb18638784a1d7604b1c0ef664 2014/04/22 21:15:51 15935 records - OK3fdngqjrmi 9.0 66326dfad818d74c628a1e7e9ae36b5e2baaa8e5 2014/04/22 21:13:21 12941 records - OKKXhB62j1Pm 9.0 dc43d524615bba2d22518d26562b7cb155d00cea 2014/04/22 21:10:49 18147 records - OKerQLMZ5qTw8 9.0 ca51db6dd9f2a0c6f7fb7f481366eeb02be6e785 2014/04/22 21:08:09 24291 records - OKGXFSdkjVL 9.0 320957460951b302643b221af69c0ffba5a32d3e 2014/04/22 21:05:37 22670 records - OKG3csJKzKR 9.0 9fd4c14e073f97e0db902042d7b3872bdf94d759 2014/04/22 21:03:05 21015 records - OKxLJqzU2KIWRW 9.0 1def9c91cbe7ff27a554351b21ec75d1d0c148ea 2014/04/22 21:00:34 20471 records - OKFVOTBvITRL3vG 9.0 04949673bcdd4513ed7702060b6e932435fa005b 2014/04/22 20:58:03 18641 records - OKxCWxFXmDhWZYho 9.0 6b61859be884671df81697f0eac128c795612f70 2014/04/22 20:55:30 32245 records - OKyVkCsUr8jn3mSQ 9.0 4ec622ccd51bd59fab113dc4f0b643201a6467f1 2014/04/22 20:52:49 33084 records - OKz8V3tge3nExb 9.0 e7ccabf37e58f43e2d7311c94ca926acee8ee44f 2014/04/22 20:50:17 30356 records - OKHOW1JQr5gI5in4a 9.0 9809e6392cb90433628b659e8c67f2ffbef755c4 2014/04/22 20:47:46 18457 records - OKWd75Bsp3 9.0 4cb5493896038853eb8f5bff3e658d9c7c5d7914 2014/04/22 20:45:12 19594 records - OK9HZtMyfxrgQmywr 9.0 596da0fc7611201124e64940ca663b9efa14b010 2014/04/22 20:42:41 22924 records - OKepatBUFtp 9.0 ca947f987cdbec36597bce617e6fa7e2306cd3f5 2014/04/22 20:40:09 24694 records - OKro6Ccjb6wBHIG 9.0 d057eca69e9775827f510219ac28c7cb933612b6 2014/04/22 20:37:37 24253 records - OKaBqjAe0U 9.0 f146abeb621c91cc543b3916d0867003aeb84f51 2014/04/22 20:35:06 18453 records - OK06Njv2lppO0sF4 9.0 e0a6aacf74138cfaceecb48b89df4e96e2c12058 2014/04/22 20:32:27 19662 records - OKGdAh6cJW 9.0 4ec3451d773324c09bc9a406ea860de99f27b80e 2014/04/22 20:29:57 11289 records - OKXjfrE5aZd6O6t 9.0 5e5318c78d4ea8af1d9b88f8832f0dbd026dbeac 2014/04/22 20:27:26 16486 records - OKAkwe6SYK8FJA1 9.0 b285959d38bcb97d0d7328ec2cd440c9dbfae6d3 2014/04/22 20:24:51 18051 records - OK1YjcIua6ABtga 9.0 b02b7b1ad127631461de06f5d3c048746778bd3d 2014/04/22 20:22:18 30970 records - OKACEhIjdSQdr 9.0 68cc3aaccc1732f9a744b7f14bdd11949de856f5 2014/04/22 20:19:41 36983 records - OKWWW9CMJJgIEmSyW 9.0 101ed543ba4ca604cf2949b3c3ad0fa84635c0b2 2014/04/22 20:17:08 34115 records - OKQWUm7nLFwvX 9.0 eb10458514145146340f64ef1f2b06a54a5cc45a 2014/04/22 20:14:37 19463 records - OKJ8ZDnLpZLrvpHX 9.0 14af81eabf6dbb783672ae9203d8f680c3e55276 2014/04/22 20:12:04 35067 records - OKP5WJeU5nV8ExZ8U 9.0 df1c288fbb39111fe3e85df5b0aec26e488eea24 2014/04/22 20:09:32 29822 records - OKFCsY15TU1LTqT 9.0 f60f90629201e0274dbadbdd9bfd1e0308a8db0f 2014/04/22 20:06:46 39172 records - OKrRuPC05R 9.0 b5e7545023a1f31557a0e6a5bc7c909736d71f20 2014/04/22 20:04:10 24654 records - OKChY78aZzStHt 9.0 c7f6b92a8b75923462f38e76ec11f6baef4f5294 2014/04/22 20:01:39 14062 records - OK1g2Saqa7 9.0 d0b26419ac5debb12e9323ca622f71f4e54d756b 2014/04/22 19:59:10 13350 records - OKN2qZ2qIBDKz 9.0 6b4126ae52136d79308cbc31d077d85f739e94f2 2014/04/22 19:56:39 26371 records - OK26atJPDPmtCAtQO 9.0 7451c4159c9a0873610ab7886b068e5d4e0b71e1 2014/04/22 19:54:06 25525 records - OKBw8yppxA 9.0 0bac69a7f164633099f60cb45c915d3904221c75 2014/04/22 19:51:34 33200 records - OKOPCzUuyvajWy8lH 9.0 4cc0d6cd63b249546a3b591fb28d5bd33d033c27 2014/04/22 19:49:00 46384 records - OKt9uiPCDWZvYBH 9.0 313acb61b4646553ec14cb3a306be0633f5254fe 2014/04/22 19:46:28 34270 records - OKwuHdnLhwsZ 9.0 28d0f8455513058ebce8573a1663558f37e9386e 2014/04/22 19:43:55 41611 records - OKX08JD4Ifh 9.0 46fa36770935379d9f1b5c17bcf83bcb9187c165 2014/04/22 19:41:23 36105 records - OKHthbfXCPcVo 9.0 e8584e9d8d4f79479cf06ecf19a93918d49c083e 2014/04/22 19:38:43 31319 records - OKhqSU3qZ5gh9OA 9.0 2370c7aef7c82d4c558327ae1e948fc8012a14c5 2014/04/22 19:36:12 28216 records - OKx6wcAQnHQ 9.0 2bf7c76b1847af2cd7ed54e33dbabe50d21f1738 2014/04/22 19:33:41 23589 records - OK9FUC4GLGvpVU7 9.0 fb5329c44984c794c2e7f8e59670fab98c6f67dd 2014/04/22 19:31:00 26946 records - OKKgtQrCarPsoc3U 9.0 824322cae4eba5a9e0e8b6779510b5fbded93faf 2014/04/22 19:28:28 34778 records - OKE9d9FUFJ4gy46L 9.0 5cdf04612fb00ae387effdc4c68b04c796be2528 2014/04/22 19:25:59 11271 records - OKMvlUg80Yb 9.0 0378036c350644aa4be148557b1bdf9351302347 2014/04/22 19:23:30 12046 records - OKmf6xI23RK 9.0 41dc063ae50ec3630446623bfad4ff37cc95ab99 2014/04/22 19:21:00 21747 records - OKfumDUCBPEZ 9.0 614753ec405c721146c6b176b95b358fd710d66f 2014/04/22 19:18:31 11540 records - OKzprNpFeCbuBof6r 9.0 46ae19df6cb2648c195d1b02026748f8d3e88121 2014/04/22 19:16:01 15568 records - OKocjmIp0Ur9DFb 9.0 63f7599f8352f3d170f4bca7e0c8b6ec65418535 2014/04/22 19:13:32 18805 records - OKpWbFBaVbcc4Pp7G 9.0 05b35cdf6d6c53c20629d85f239246cab6b2d371 2014/04/22 19:10:58 32488 records - OKsxwEM6fzF05 9.0 62780561f10bd7f8633f6b2daec25b7f9a0cfa8e 2014/04/22 19:08:28 15470 records - OKaSLwUftuFOB 9.0 ec1b6f2529b80459e55dd60da6779422eca89fed 2014/04/22 19:05:48 30093 records - OKwDvFGeMd 9.0 90daa877c8ea42e5654ac5c4ca82cf22f6f94db1 2014/04/22 19:03:19 16158 records - OKywaKcFAUJpeS 9.0 dd1400adc743aa0de78a89403c2e50079743002c 2014/04/22 19:00:49 19597 records - OKkVooNPWqCiS 9.0 529be65e7ad01e1c2a172c6993ef19fd8f110d5c 2014/04/22 18:58:20 18184 records - OKGOgYunBlr 9.0 02e1e26b5142c93f24f2e42a28abaf900aecc3dc 2014/04/22 18:55:43 29945 records - OKVyQyTR0wv 9.0 da70d2d52073f3beeec25e2b4d7aa577b2721097 2014/04/22 18:53:04 25519 records - OKvAPPWZifO 9.0 06d84ac65c6b6c4ba5ebbdd905ae4eb5a471b013 2014/04/22 18:50:35 20358 records - OKzMbjWgndVkrE 9.0 e57096ed2b59e20feb245c5b28138e09279807e1 2014/04/22 18:47:57 20133 records - OKAAkw8Fbb4oIq 9.0 86762e8f63c4438de1f5700dbd6730bad6960011 2014/04/22 18:45:26 27311 records - OKY1SzDIXe8oT 9.0 b5f485d5f387b1b8df892c8d48a6b2a16ed78798 2014/04/22 18:42:49 29434 records - OKIejv8P2s9chNfyV 9.0 a5b49f03dd10a5c4fdfe0e81e49c9d065ef6c13b 2014/04/22 18:40:19 26900 records - OKPmEqpf9AB9nLS5 9.0 ac37e50031668bc31ce52f771e8ab5f5a350ae43 2014/04/22 18:37:48 25164 records - OKaGlvzwmMQ 9.0 f90b98eaf14564bed9fa5e6474265b89443d70f3 2014/04/22 18:35:17 30226 records - OKzS5fldGjXGtCSd 9.0 07c4bf2ee9413e3b8ce15c1581cd74287adf9772 2014/04/22 18:32:48 16441 records - OKYmEwvFAERcGGDi 9.0 d4ae498f0584ad6846ca73b592aade67c50059bf 2014/04/22 18:30:07 26289 records - OKg10Vt0FRhK 9.0 0b5c80e032398a6132f29dadcad619123921dc59 2014/04/22 18:27:37 27278 records - OKe2ERIsGYTLKf3P8 9.0 b175c57ffe499bb44205d5ba8eed061c9b14a675 2014/04/22 18:25:08 17444 records - OKJLzcCFle4mrAH 9.0 43e39e4b55b1a8dfd57b09477ecea3d37f495af3 2014/04/22 18:22:39 21205 records - OKfjf3FgkNu2vY 9.0 5d68a84c5b90835e28dda2e232dd9e1ccbb19361 2014/04/22 18:20:11 11686 records - OKrkpD7nuzlkN 9.0 a93e42d5fa319da51d227608904537740907f594 2014/04/22 18:17:43 12677 records - OKHRstyT7HdvJ5bX 9.0 3ad2cf4dd2f84738e4bba951a96aaa7a554df1cf 2014/04/22 18:15:15 10118 records - OKWikyGL9iR 9.0 67d7eefc3e491ca1c65a069e60774c1e52dfeae3 2014/04/22 18:12:47 12602 records - OKFDkLyPsA1hAuaRl 9.0 9b9891be659e41099b65c8a15b8ed9c9e83666d3 2014/04/22 18:10:17 18298 records - OK5BPIpRyqZZ6I 9.0 64d066569435cea5586bae83f1e6c7acfca876f3 2014/04/22 18:07:48 17126 records - OKXlWqb8xQ8DLV 9.0 f5507ab054513dfe7c3eff3f798e1bb480f918eb 2014/04/22 18:05:19 20539 records - OK4TiHqSmKcEY 9.0 589ca78e07ed287a55644c346ae03319c8a6e198 2014/04/22 18:02:45 19330 records - OKA9NTO0AM 9.0 49292d128ed900b200fb934f145847e827c60e84 2014/04/22 18:00:16 19692 records - OKwd9p61Y5GJ 9.0 96b4d0a9418e03bb9717d0833d3a569d81b81cbe 2014/04/22 17:57:48 14727 records - OKbjxDsNlZdNb9rf2 9.0 d66c528875438ca5a68fdc9a8d6d0d76e13d4a62 2014/04/22 17:55:19 19485 records - OKPPW31uEVYSs 9.0 08dc0ce9b9101edcbe9bead11faec507f1252000 2014/04/22 17:52:47 22898 records - OKoof8Bu4yeL 9.0 5fbe8dd6991612445cc30286a0c4b56be960fe33 2014/04/22 17:50:18 20551 records - OKC8XpfBLwv 9.0 f3d36ab1089dc15ba34d772c8b5875d7e1fc782b 2014/04/22 17:47:51 9661 records - OKOz31ZXoSdfSE 9.0 5fddb08e944dafd5dd8b1cbf8cfe1876f5773b0d 2014/04/22 17:45:18 23632 records - OK5KlICPTJdtl5V8 9.0 ce7f5cba6f947ea3e569a89f218d36d155436e08 2014/04/22 17:42:50 12423 records - OK0Ff9hPWaP 9.0 2c6ead2f37554dc0343b7e050134c1cc3e925609 2014/04/22 17:40:22 15493 records - OKWqLqd43gK8UuGD 9.0 ba1d4e7832685b00542529f0b82016b0238ae260 2014/04/22 17:37:55 13065 records - OKt9jov9c6YCP17y5 9.0 6f941b57faf9ac4eccabe12629a7e9b1024c438e 2014/04/22 17:35:27 16238 records - OKQ1CHEYIbeR3dP 9.0 f8a15d2ce3ab868d2320e109ea68324c11c9b6a6 2014/04/22 17:33:00 11570 records - OKXs89wT46Ff5M 9.0 6b5e0ab5d87b7b01ce9945ef4acf76020524ce64 2014/04/22 17:30:32 15478 records - OKHv4ESPACQQ9A4SV 9.0 edfb0681e306e6235d7cc5209f96e1839109151b 2014/04/22 17:28:04 11881 records - OK7TUZj2S6A 9.0 5726e78e197a93b5461184c785819647e3e48d48 2014/04/22 17:26:44 13578 records - OKeYqfKsOTWf 9.0 5f08576ed775681458e092380fae8c0e0e9b78e5 2014/04/22 17:19:35 14292 records - OKzIF6mRiDl 9.0 3ce1da6e760bebe355a1524329ccf6c9a550ce8d 2014/04/22 17:16:48 14084 records - OKY09rGvzOQr 9.0 ad3cbd0116460cab4093521a21b986fa69a5ce1d 2014/04/22 17:14:00 19126 records - OKBEKmObdc 9.0 6d255fa3fe3d544eac59a0e21e0e43e3906acb8f 2014/04/22 17:11:12 14920 records - OKZt76QX96 9.0 75b8ee7e7400add524455366994f8469791deb98 2014/04/22 17:08:24 19017 records - OK2BbbYziJ 9.0 6402040da67b75785ed37a330450579d0e9058fd 2014/04/22 17:05:35 19691 records - OKmJPv2AqV 9.0 59ccae0a0cb400fee0caf15564848d13e7c21780 2014/04/22 17:02:46 23605 records - OKtTirAUkmM1 9.0 59c0d7578c4a38412e4722b3be89ac728a3b9e78 2014/04/22 16:59:58 19067 records - OKlnkw8n3Iw 9.0 2eb3f3d41c0b40d866bdbb7a6daa25e341126b46 2014/04/22 16:57:10 19019 records - OKbUVPR3pB 9.0 744861fd0f230020f9ccb1007b9f09e549c84b01 2014/04/22 16:54:21 28028 records - OKwPS0izsiC 9.0 9732a888bbf73fbda56ded1f5e02da69aa73664d 2014/04/22 16:51:32 29444 records - OKqgyo6dGnVB1rO 9.0 224a6bd3abea83ec5ece89501e36102dc73c65ad 2014/04/22 16:36:26 19353 records - OKomE6MNNy 9.0 0ef21e1c4eea8623141f9b17cf2562b31605d770 2014/04/22 12:40:23 20747 records - OKbsyfqRvCsuc 9.0 6820482690a03f39ad3665cc5a9808de01d10942 2014/04/22 12:37:54 28052 records - OKW0d95SZJ 9.0 8866b67c62d6ce9a0852e75bc9921686b5636d1f 2014/04/22 12:34:52 12183 records - OKDfQNhCsscJTkij 9.0 0710a4c31f20b7763347671b71a178b52a3e93e3 2014/04/22 12:32:24 19984 records - OKTbUaploBdXlg 9.0 b260708e3a613fbd5b187f6f2580d7831e1ac8b3 2014/04/22 12:29:56 22627 records - OKbrppKGs3ZXMsQm 9.0 21e0c014a474e21d583f2f28dfd7f9eed85664db 2014/04/22 12:27:24 49580 records - OK0IluN9Bsa 9.0 daaa1b77f2921a4bf63a3cc4904ac55a9088b8cd 2014/04/22 12:20:42 45195 records - OKGpYg3K5fB 9.0 803fccef8f2ac88fdfa5eca0dce65cb47c03fb0b 2014/04/22 12:18:42 165532 records - OKCtrNIbkcxrgXvKS 9.0 22587284810f30ced640e68cb221dee6729f0f1e 2011/12/04 01:00:00 170820 records - OKCL6dKaMK 9.0 a52232aae5ac2e30d29bd5ab2259aba559901ece 2011/12/04 00:00:00 171279 records - OKaiDadT4BF9KKr 9.0 9a6594c7e06f221c3c2bc8fcf8e8e3ea74999f90 2011/12/03 23:00:00 170253 records - OK1VfR22wFDmp 9.0 9ead04cd6ff15d9a41f86dc7895d470414569077 2011/12/03 22:00:00 170291 records - OK4wN3nzWD 9.0 e87facdf741f497cb46c726b1808b3905ecf793b 2011/12/03 21:00:00 170501 records - OKldqaN7qmNEcQ3 9.0 4e8425adbcd9f734ab1e487616417c68375fe9d5 2011/12/03 20:00:00 353582 records - OKjZtJhkykvfyz6 9.0 563abaecda3ebfa854a7e498cd9aa22c9ac943a2 2015/12/20 09:31:15 994 records - OKrNN2YknP32n 9.0 c4fb1b14d907d4fa8557e6d42a76ccdfe09cbaa4 2015/12/08 02:12:16 1736 records - OKcPeofN0fjpn1XLs 9.0 0a50b95b622bcf90e301253c7f9fc973c49d7a61 2015/10/20 12:13:32 1878 records - OKMFXWC8hmx 9.0 8587e958c9348cf87a673fcdead688d214bb3922 2015/09/08 05:23:54 2551 records - OKmIm3OlBHW4lklPC 9.0 3e1a972c05a972b6372860943c65584e152d50b1 2015/07/07 02:12:27 2757 records - OKt69c3B6HtTu6J 9.0 63a4560fe8261dcb877f00444f6f243063dd0ce1 2015/04/23 14:02:24 3760 records - OK4VvZcnrcx 9.0 e81e99bdf74201357f7a0f39c29dd7d195f8f9c5 2014/07/02 06:53:59 5666 records - OKqYsnHCgw5C7 9.0 de389c9fd2d308d4e0ecbcd709ad7fd47b541c19 2014/04/21 20:00:00 852776 records - OKkc3esWclz5hGhv 9.0 7e35509349c0fed123d2976b347552984d95fbdd 2015/12/20 09:31:05 184 records - OKbqGwWBTYvIHt7 9.0 52935ab591987c352ece047f8e15ca8f49755a2f 2015/12/06 23:30:32 1885 records - OKAtDZiewhIm 9.0 6291b8df91d3a0cc556c484b5138517bc91e3e45 2015/07/13 00:19:13 1905 records - OK4BpSXuuLszZ 9.0 f8f1b17b54b421c1d3e0bc0d46dd503b78743f06 2015/02/08 23:17:33 2089 records - OKXcLrtYAVbV4lX3 9.0 2380cbefdb6ebd03f6d8ac7d0843d4feb94ee997 2014/08/24 23:16:59 2228 records - OKb1TC1AgXESB 9.0 b8ded063967ed84ab15889704f8f26fdb1023f39 2014/04/23 08:08:37 2109 records - OKNj65Xndzm6qzS 9.0 d371332419b452a4c20ffe6f50897f26e792bfca 2014/04/23 08:06:20 1683 records - OK9JNphFEZix8j 9.0 966ded140f1fbfbea0099d396903e17b16652784 2014/04/23 08:03:58 1327 records - OK0iVLXOCskUE 9.0 39987baf5e40a19dbba3f099215083770867da24 2014/04/23 08:01:41 1590 records - OKWrKbj05U9Vr 9.0 d054ee546a2cdabe6413958780b1f554f0838165 2014/04/23 07:59:24 1680 records - OKJ95sbrhxH0IVoh 9.0 0d9d51dbfefdeb0c45b5eb50f289c2a089825644 2014/04/23 07:57:07 2078 records - OKfaza7GWOZkJDUl 9.0 4e4ece282576d87cbd22921cb513c45c5fa0f183 2014/04/23 07:54:39 1725 records - OKb8uip6KnmQwhA6 9.0 5b3960e30d7d0c2ee6fb3989307ed29be79af52b 2014/04/23 07:52:22 2050 records - OKV4Mci6nHy6 9.0 b5d9f5353eebe85edf426690440f6d57f21dd5cf 2014/04/23 07:50:02 1456 records - OK5IT8wgl8JSsC 9.0 57fe5b957b370eeab3451e8f0a44dfc2419f4b5b 2014/04/23 07:47:45 1421 records - OK73WF8yfM 9.0 2a15af2919f6585c023cebac5e533cb1a733e6cd 2014/04/23 07:45:28 1385 records - OKgt1U3enWrw8 9.0 3c9420d90793c478562ded9cc7f08487b3b61e7d 2014/04/23 07:43:10 1653 records - OKWlO0eKVXvH0i3k 9.0 621ef557f14b8e1fcfe29780fc03d67ddaadb39f 2015/12/20 09:30:53 1207 records - OKfKU9cBE4PHBI 9.0 cf1502fa8ca8452454f0b82daa35a60463e1f6d3 2015/12/06 23:31:44 2126 records - OK7ZjE2V5rnWuvIUa 9.0 17a3f6ba026e9df0540217c8de3cd8c627e09ba9 2015/11/01 23:30:39 2234 records - OKKudfTKi0 9.0 0d3265a8ee00f1dd865585fd7ce4d65efd4e62d3 2015/10/05 00:29:53 2234 records - OKjLbOI90TI 9.0 2a4d7aed64d4e01ef12aa812d664cb1830fdd15a 2015/09/07 00:28:28 1869 records - OKEhbsihRzsg4 9.0 13fa064d65248b0899aa48a4eb3390c889d807fa 2015/07/27 00:27:39 2032 records - OKbe9Mcc4ib 9.0 d8280728db266cc1029ec7ffc8bcf3a218d32df8 2015/06/29 00:28:29 2197 records - OKCUOoNCnT 9.0 ba40772bd2d61f6b1f6ee30e907530f24f8c1d15 2015/06/01 00:28:37 2087 records - OKdZdkFmtG3j 9.0 a7785b8d62326811fce0eef8d22adbebb731e808 2015/05/04 00:28:03 2353 records - OK3P3fMtzNM 9.0 f2b46a04bbe7d1b2e6a38a5b232717e1d3617e18 2015/03/30 00:28:20 2711 records - OKuKie8pggFl 9.0 f7a6d3471ebdc5ebc4a0e498aac05e5813497d9d 2015/02/22 23:26:59 1923 records - OKRGMHeOXk0R 9.0 f24440350cc4287730115570e23747e8afcea664 2015/01/04 23:28:05 2162 records - OKg1glmh6hQcRevuS 9.0 56085c2b93d8ce980fbd426e9d603680fc4fc289 2014/11/16 23:27:59 2498 records - OKjVNxlWuvE1 9.0 50cc13779e27fc8a3eba89e55279bc0dac5b8d7a 2014/10/05 23:27:03 2378 records - OKmK1ipp0ebIW 9.0 e82f4789e3433561901b1d028fdce82333890bd6 2014/08/10 23:26:16 2957 records - OKBiysflojApc7 9.0 347e0eb2853f4319982f10520b7937817385ad30 2014/07/13 23:26:15 2706 records - OK82RG1KTl2S0 9.0 8b53627861f805024750643bc849f62d872146c4 2014/06/08 23:27:35 2619 records - OK8YOa1k9t 9.0 be36c8cded57a23371e304407ff416ab2ce1bedd 2014/05/11 23:26:46 2805 records - OKKiPWtDo75zKk 9.0 0ce826f9f5bb27437160141138ad14a95d0d62e3 2014/04/23 06:45:32 2194 records - OKVjWp0L6kzSRu 9.0 ac2176b4060dde47fa8701965fe334bfeec38385 2014/04/23 06:43:15 2290 records - OKgt44WHU5F 9.0 069076ecbbf9ee57a7e45b7ce5bdcb076a5bde33 2014/04/23 06:40:59 2844 records - OK90g0L3izr 9.0 93bb72ee5d44a9dd56d68f1f6b4dd217026fb514 2014/04/23 06:38:42 2352 records - OKgfV3T6ECIcc1W3S 9.0 23ea89b07aaa0b52e933e9544a917374850e92de 2014/04/23 06:36:25 2062 records - OK Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008188 Share Posted December 21, 2015 oH0OgUFyk 9.0 408277cd0e245b6f5ee0ec5500f44cd1d6621362 2014/04/23 06:34:08 3440 records - OKQPYxFKRwcQjG5k 9.0 e60ab00ab50f88c40b8baf63289154557bd89b42 2014/04/23 06:31:51 1485 records - OKwC0iXqDhkqt 9.0 f441a07c2ae48aee499880feddbc15a3c0341ebe 2014/04/23 06:29:34 2214 records - OKDjxSIpOsKRk 9.0 351045b1d0cc8fcb1e9a21ebf31a00525cec430a 2014/04/23 06:27:17 1426 records - OKtUq3s2aQG0EHw8 9.0 5b5df2ca49a465acd13c33cf42f578449785ef5b 2014/04/23 06:25:00 1641 records - OK15IzR3GOiji1s 9.0 5d198f0077aad8972f3e966b97bd409a196e9959 2014/04/23 06:22:43 1742 records - OKhOOOBSwHR 9.0 10557b8d95199ed42f383a105ad7d89915a35580 2014/04/23 06:20:32 2016 records - OKmn8Q6rI3D3Nzbpu 9.0 5f6a82ed64c99751253f0840c718f1b4a892fea2 2014/04/23 06:18:15 1620 records - OKyClXiOrt9 9.0 1749aaa98d3c15b9432150904cd51b30db2b674c 2014/04/23 06:15:58 1658 records - OKXP07MxKR5zzZ3dR 9.0 492d40a2fd1eddde369b0493f254b9d6ee8a368b 2014/04/23 06:13:42 1465 records - OKVGeCoUGwIX 9.0 e5617f3c54bc972424f2329980b9efc36aa014f7 2014/04/23 06:11:25 1588 records - OKPUPt6r1ISR 9.0 0b56d5980578aab119b35d76a746f5cb8bbbb508 2014/04/23 06:09:08 1702 records - OKXKh4u7HpRs5KfFI 9.0 f3918b6d267d49dce3fa46184dc0c0db935cab3d 2014/04/23 06:06:51 1659 records - OK40XDOc27C 9.0 9fe4b352329008daa56264e84c34bf18772db259 2014/04/23 06:04:34 1670 records - OK9UOhFDyi9aZM 9.0 11bb8567a1b9a1e2756619f984d6e1c4652d0aee 2014/04/23 06:02:17 1729 records - OKi9rWy4pywuXDZj 9.0 f4d5a4ffd1c52a1fb29f42e93ebb0a8b72358939 2014/04/23 06:00:00 1523 records - OKDRPoPVv6N 9.0 ac2c722f9c2bdc4b3623772722d0122bf41a0f04 2014/04/23 05:57:35 1805 records - OK3c9wWuByi8n4y7i 9.0 d88b8dde0fa8abd2bdf406e4d28fbf55acb0c3fd 2014/04/21 19:00:00 26456 records - OKtaIf7G0a6Nv 9.0 c1c3bd93b288b0fc8227424f39af9e0026153942 2014/04/21 18:00:00 74279 records - OKEST236u7 9.0 b3f8f9f4cd3c58fea13cab5f088f342da910dc88 2014/04/21 17:00:00 1 record - OKTotal records count: 6724739Anti-rootkit module version ( ver: 10.0.201511160, api: 7.07 )Using 117974833 as Dr.Web ® Key fileOPTION [Automatic Apply Actions] YES-----------------------------------------------------------------------------Start scanning-----------------------------------------------------------------------------Command line used:-rpcep:\pipe\B29D1B0 -rpcpr:npLimit the use of the computer resources to 100%Instances used for this session: 6Object(s) to scan: - Scan processes in memory - Scan boot sectors - Scan system restore points - Scanning for rootkits - C:\aaw7boot.log - C:\autoexec.bat - C:\bootmgr - C:\BOOTSECT.BAK - C:\config.sys - C:\csb.log - C:\grldr - C:\hiberfil.sys - C:\installer_log.txt - C:\IO.SYS - C:\IPH.PH - C:\JavaRa.log - C:\MGlogs.zip - C:\MGtools.exe - C:\msdia80.dll - C:\MSDOS.SYS - C:\pagefile.sys - C:\RHDSetup.log - C:\rkill.log - C:\scramble.log - C:\service.log - C:\TDSSKiller.3.0.0.19_28.01.2014_19.02.51_log.txt - C:\w7ldr - C:\wizard.txt - C:\Windows\system32\ - C:\Windows\SysWOW64\ - C:\Users\P. Miller\Documents\ - C:\Windows\TEMP\ - C:\Users\PA8BC~1.MIL\AppData\Local\Temp\Error to send CureIt! statistics: The server name or address could not be resolved (12007)>Computer\Motherboard\SYSTEM BIOS is LHA archiveComputer\Motherboard\SYSTEM BIOS\ep35ds3l.BIN - OkComputer\Motherboard\SYSTEM BIOS\awardext.rom - OkComputer\Motherboard\SYSTEM BIOS\ACPITBL.BIN - OkComputer\Motherboard\SYSTEM BIOS\AwardBmp.bmp - OkComputer\Motherboard\SYSTEM BIOS\ggroup.bin - OkComputer\Motherboard\SYSTEM BIOS\ffgroup.bin - OkComputer\Motherboard\SYSTEM BIOS\awardeyt.rom - OkComputer\Motherboard\SYSTEM BIOS\_EN_CODE.BIN - OkComputer\Motherboard\SYSTEM BIOS\ICH9RAID.BIN - OkComputer\Motherboard\SYSTEM BIOS\ICH8AHCI.BIN - OkComputer\Motherboard\SYSTEM BIOS - OkComputer\Motherboard\SYSTEM BIOS - archive\Device\HarddiskVolume1\Windows\system32\ntoskrnl.exe - Ok\Device\HarddiskVolume1\Windows\system32\hal.dll - Ok\Device\HarddiskVolume1\Windows\system32\kdcom.dll - Ok\Device\HarddiskVolume1\Windows\system32\mcupdate_GenuineIntel.dll - Ok\Device\HarddiskVolume1\Windows\system32\PSHED.dll - Ok\Device\HarddiskVolume1\Windows\system32\CLFS.SYS - Ok\Device\HarddiskVolume1\Windows\system32\CI.dll - Ok\Device\HarddiskVolume1\Windows\system32\drivers\Wdf01000.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\WDFLDR.SYS - Ok\Device\HarddiskVolume1\Windows\system32\drivers\ACPI.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\WMILIB.SYS - Ok\Device\HarddiskVolume1\Windows\system32\drivers\msisadrv.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\pci.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\vdrvroot.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\partmgr.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\compbatt.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\BATTC.SYS - Ok\Device\HarddiskVolume1\Windows\system32\drivers\volmgr.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\volmgrx.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\pciide.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\PCIIDEX.SYS - Ok\Device\HarddiskVolume1\Windows\System32\drivers\mountmgr.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\vmbus.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\winhv.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\atapi.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\ataport.SYS - Ok\Device\HarddiskVolume1\Windows\system32\drivers\amdxata.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\fltmgr.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\fileinfo.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\FSPFltd2.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\msrpc.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\ksecdd.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\Lbd.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\Ntfs.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\cng.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\pcw.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\Fs_Rec.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\ndis.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\NETIO.SYS - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\ksecpkg.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\fwpkclnt.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\vmstorfl.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\volsnap.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\rdyboost.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\mup.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\hwpolicy.sys - Ok\Device\HarddiskVolume1\Windows\System32\DRIVERS\fvevol.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\disk.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\CLASSPNP.SYS - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\Null.SYS - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\Beep.SYS - Ok\Device\HarddiskVolume1\Windows\System32\drivers\vga.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\VIDEOPRT.SYS - Ok\Device\HarddiskVolume1\Windows\System32\drivers\watchdog.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\Msfs.SYS - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\Npfs.SYS - Ok\Device\HarddiskVolume1\Windows\system32\drivers\HDAudBus.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\usbuhci.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\USBPORT.SYS - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\usbehci.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\fdc.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\cdrom.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\GEARAspiWDM.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\blbdrive.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\CompositeBus.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\mssmbios.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\rdpbus.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\termdd.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\kbdclass.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\mouclass.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\swenum.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\ks.sys - Ok\Device\HarddiskVolume1\Windows\system32\drivers\umbus.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\usbhub.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\flpydisk.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\hidusb.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\HIDCLASS.SYS - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\HIDPARSE.SYS - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\USBD.SYS - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\kbdhid.sys - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\USBSTOR.SYS - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\mouhid.sys - Ok\Device\HarddiskVolume1\Windows\System32\win32k.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\Dxapi.sys - Ok\Device\HarddiskVolume1\Windows\System32\drivers\dxg.sys - Ok\Device\HarddiskVolume1\Windows\System32\TSDDD.dll - Ok\Device\HarddiskVolume1\Windows\System32\framebuf.dll - Ok\Device\HarddiskVolume1\Windows\system32\DRIVERS\cdfs.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\crashdmp.sys - Ok\Device\HarddiskVolume1\Windows\System32\Drivers\dump_dumpata.sys - file not found\Device\HarddiskVolume1\Windows\System32\Drivers\dump_atapi.sys - file not found\Device\HarddiskVolume1\Windows\System32\Drivers\dump_dumpfve.sys - file not found\Device\HarddiskVolume1\Windows\System32\Drivers\fastfat.SYS - Ok\Device\HarddiskVolume1\users\p. miller\appdata\local\temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\b9b8733.sys - file not found\Device\HarddiskVolume1\Users\PA8BC~1.MIL\AppData\Local\Temp\CD7D08F.sys - file not found\Device\HarddiskVolume1\Windows\System32\ntdll.dll - Ok\Device\HarddiskVolume1\Windows\System32\smss.exe - Ok\Device\HarddiskVolume1\Windows\System32\apisetschema.dll - OkSystem Idle Process - file not foundSystem Process - file not found\Device\HarddiskVolume1\Windows\System32\csrss.exe - Ok\Device\HarddiskVolume1\Windows\System32\wininit.exe - Ok\Device\HarddiskVolume1\Windows\System32\winlogon.exe - Ok\Device\HarddiskVolume1\Windows\System32\services.exe - Ok\Device\HarddiskVolume1\Windows\System32\lsass.exe - Ok\Device\HarddiskVolume1\Windows\System32\lsm.exe - Ok\Device\HarddiskVolume1\Windows\System32\svchost.exe - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe - Ok\Device\HarddiskVolume1\Windows\explorer.exe - Ok\Device\HarddiskVolume1\Windows\System32\ctfmon.exe - Ok\Device\HarddiskVolume1\Program Files\SUPERAntiSpyware\SASCORE64.EXE - Ok\Device\HarddiskVolume1\Windows\System32\dllhost.exe - Ok\Device\HarddiskVolume1\Windows\System32\wbem\unsecapp.exe - Ok\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe - Ok>\Device\HarddiskVolume1\Users\P. Miller\Desktop\fq2xfz3x.exe is BINARYRES container>>\Device\HarddiskVolume1\Users\P. Miller\Desktop\fq2xfz3x.exe\data001 - packed by BINARYRES>>\Device\HarddiskVolume1\Users\P. Miller\Desktop\fq2xfz3x.exe\data002 is BINARYRES container\Device\HarddiskVolume1\Users\P. Miller\Desktop\fq2xfz3x.exe - container\Device\HarddiskVolume1\Users\P. Miller\Desktop\fq2xfz3x.exe:Zone.Identifier - Ok\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\w33bNkri.exe - Ok>\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\x9MHngNiUxQP.exe is BINARYRES container>>\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\x9MHngNiUxQP.exe\data006 is JS-HTML container>>\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\x9MHngNiUxQP.exe\data007 is ZLIB container\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\x9MHngNiUxQP.exe - container\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\GdPu3nAKBo8gT.exe - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ntdll.dll - Ok\Device\HarddiskVolume1\Windows\System32\User32.dll - Ok\Device\HarddiskVolume1\Windows\System32\kernel32.dll - Ok\Device\HarddiskVolume1\Windows\System32\cryptbase.dll - Ok\Device\HarddiskVolume1\Windows\System32\sxs.dll - Ok\Device\HarddiskVolume1\Windows\System32\sxssrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\winsrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\basesrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\csrsrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\KernelBase.dll - Ok\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll - Ok\Device\HarddiskVolume1\Windows\System32\gdi32.dll - Ok\Device\HarddiskVolume1\Windows\System32\usp10.dll - Ok\Device\HarddiskVolume1\Windows\System32\msvcrt.dll - Ok\Device\HarddiskVolume1\Windows\System32\lpk.dll - Ok\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL - Ok\Device\HarddiskVolume1\Windows\System32\mswsock.dll - Ok\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll - Ok\Device\HarddiskVolume1\Windows\System32\profapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\advapi32.dll - Ok\Device\HarddiskVolume1\Windows\System32\sechost.dll - Ok\Device\HarddiskVolume1\Windows\System32\imm32.dll - Ok\Device\HarddiskVolume1\Windows\System32\nsi.dll - Ok\Device\HarddiskVolume1\Windows\System32\msctf.dll - Ok\Device\HarddiskVolume1\Windows\System32\ws2_32.dll - Ok\Device\HarddiskVolume1\Windows\System32\mpr.dll - Ok\Device\HarddiskVolume1\Windows\System32\netutils.dll - Ok\Device\HarddiskVolume1\Windows\System32\wkscli.dll - Ok\Device\HarddiskVolume1\Windows\System32\UXInit.dll - Ok\Device\HarddiskVolume1\Windows\System32\netjoin.dll - Ok\Device\HarddiskVolume1\Windows\System32\sspicli.dll - Ok\Device\HarddiskVolume1\Windows\System32\winsta.dll - Ok\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll - Ok\Device\HarddiskVolume1\Windows\System32\ubpm.dll - Ok\Device\HarddiskVolume1\Windows\System32\credssp.dll - Ok\Device\HarddiskVolume1\Windows\System32\authz.dll - Ok\Device\HarddiskVolume1\Windows\System32\srvcli.dll - Ok\Device\HarddiskVolume1\Windows\System32\scesrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\secur32.dll - Ok\Device\HarddiskVolume1\Windows\System32\scext.dll - Ok\Device\HarddiskVolume1\Windows\System32\msprivs.dll - Ok\Device\HarddiskVolume1\Windows\System32\psapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\dssenh.dll - Ok\Device\HarddiskVolume1\Windows\System32\efsutil.dll - Ok\Device\HarddiskVolume1\Windows\System32\efscore.dll - Ok\Device\HarddiskVolume1\Windows\System32\efssvc.dll - Ok\Device\HarddiskVolume1\Windows\System32\slc.dll - Ok\Device\HarddiskVolume1\Windows\System32\winnsi.dll - Ok\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL - Ok\Device\HarddiskVolume1\Windows\System32\gpapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\scecli.dll - Ok\Device\HarddiskVolume1\Windows\System32\efslsaext.dll - Ok\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll - Ok\Device\HarddiskVolume1\Windows\System32\LIVESSP.DLL - Ok\Device\HarddiskVolume1\Windows\System32\pku2u.dll - Ok\Device\HarddiskVolume1\Windows\System32\TSpkg.dll - Ok\Device\HarddiskVolume1\Windows\System32\rsaenh.dll - Ok\Device\HarddiskVolume1\Windows\System32\wdigest.dll - Ok\Device\HarddiskVolume1\Windows\System32\schannel.dll - Ok\Device\HarddiskVolume1\Windows\System32\logoncli.dll - Ok\Device\HarddiskVolume1\Windows\System32\dnsapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\netlogon.dll - Ok\Device\HarddiskVolume1\Windows\System32\msv1_0.dll - Ok\Device\HarddiskVolume1\Windows\System32\wship6.dll - Ok\Device\HarddiskVolume1\Windows\System32\cryptsp.dll - Ok\Device\HarddiskVolume1\Windows\System32\kerberos.dll - Ok\Device\HarddiskVolume1\Windows\System32\negoexts.dll - Ok\Device\HarddiskVolume1\Windows\System32\bcrypt.dll - Ok\Device\HarddiskVolume1\Windows\System32\ncrypt.dll - Ok\Device\HarddiskVolume1\Windows\System32\cngaudit.dll - Ok\Device\HarddiskVolume1\Windows\System32\wevtapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\cryptdll.dll - Ok\Device\HarddiskVolume1\Windows\System32\samsrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\lsasrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\sspisrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\msasn1.dll - Ok\Device\HarddiskVolume1\Windows\System32\userenv.dll - Ok\Device\HarddiskVolume1\Windows\System32\crypt32.dll - Ok\Device\HarddiskVolume1\Windows\System32\shlwapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\ntmarta.dll - Ok\Device\HarddiskVolume1\Windows\System32\pcwum.dll - Ok\Device\HarddiskVolume1\Windows\System32\wmsgapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\sysntfy.dll - Ok\Device\HarddiskVolume1\Windows\System32\oleaut32.dll - Ok>\Device\HarddiskVolume1\Windows\System32\ole32.dll is BINARYRES container\Device\HarddiskVolume1\Windows\System32\ole32.dll - container\Device\HarddiskVolume1\Windows\System32\clbcatq.dll - Ok\Device\HarddiskVolume1\Windows\System32\Wldap32.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\wmiutils.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll - Ok\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\WmiDcPrv.dll - Ok\Device\HarddiskVolume1\Windows\System32\rpcss.dll - Ok\Device\HarddiskVolume1\Windows\System32\umpo.dll - Ok\Device\HarddiskVolume1\Windows\System32\devrtl.dll - Ok\Device\HarddiskVolume1\Windows\System32\SPInf.dll - Ok\Device\HarddiskVolume1\Windows\System32\umpnpmgr.dll - Ok\Device\HarddiskVolume1\Windows\System32\devobj.dll - Ok\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll - Ok\Device\HarddiskVolume1\Windows\System32\wintrust.dll - Ok>\Device\HarddiskVolume1\Windows\System32\setupapi.dll - packed by BINARYRES>>\Device\HarddiskVolume1\Windows\System32\setupapi.dll - packed by MS COMPRESS>>>\Device\HarddiskVolume1\Windows\System32\setupapi.dll is BINARYRES container\Device\HarddiskVolume1\Windows\System32\setupapi.dll - container\Device\HarddiskVolume1\Windows\System32\RpcEpMap.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\WinMgmtR.dll - Ok\Device\HarddiskVolume1\Windows\System32\wevtsvc.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\wbemess.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSD.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\NCProv.dll - Ok\Device\HarddiskVolume1\Windows\System32\ncobjapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\repdrvfs.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\esscli.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\wbemcore.dll - Ok\Device\HarddiskVolume1\Windows\System32\vssapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\WMIsvc.dll - Ok\Device\HarddiskVolume1\Windows\System32\vsstrace.dll - Ok\Device\HarddiskVolume1\Windows\System32\atl.dll - Ok\Device\HarddiskVolume1\Windows\System32\profsvc.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\SBTE.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\lavalicense.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\lavamessage.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\sbap.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ntdsapi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\wbem\fastprox.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\wbem\wbemsvc.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\RpcRtRemote.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\rsaenh.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\cryptsp.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\wbemcomn.dll - Ok\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\mstask.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\taskschd.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\winsta.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\wbem\wbemprox.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ntmarta.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\fltLib.dll - Ok\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - Ok\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\cryptnet.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\gpapi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\bcryptprimitives.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\bcrypt.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ncrypt.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\SensApi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\xmllite.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\CEAPI.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\version.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\sfc_os.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\sfc.dll - Ok\Device\HarddiskVolume1\Windows\System32\wow64cpu.dll - Ok\Device\HarddiskVolume1\Windows\System32\wow64win.dll - Ok\Device\HarddiskVolume1\Windows\System32\wow64.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\cryptbase.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\sspicli.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\gdi32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\msasn1.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\clbcatq.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\lpk.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\User32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\normaliz.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\oleaut32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\msvcrt.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\Wldap32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\profapi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\usp10.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\advapi32.dll - Ok>\Device\HarddiskVolume1\Windows\SysWOW64\ole32.dll is BINARYRES container\Device\HarddiskVolume1\Windows\SysWOW64\ole32.dll - container\Device\HarddiskVolume1\Windows\SysWOW64\kernel32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\rpcrt4.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ws2_32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\crypt32.dll - Ok>\Device\HarddiskVolume1\Windows\SysWOW64\nsi.dll - packed by FLY-CODE\Device\HarddiskVolume1\Windows\SysWOW64\nsi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\userenv.dll - Ok>\Device\HarddiskVolume1\Windows\SysWOW64\wintrust.dll - packed by FLY-CODE\Device\HarddiskVolume1\Windows\SysWOW64\wintrust.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\sechost.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\iertutil.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\msctf.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\shlwapi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\KernelBase.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\imm32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\imagehlp.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\shell32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\wininet.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\psapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\FXSRESM.dll - Ok\Device\HarddiskVolume1\Users\P. Miller\Filezilla\FileZilla FTP Client\fzshellext_64.dll - Ok\Device\HarddiskVolume1\Windows\System32\ksuser.dll - Ok\Device\HarddiskVolume1\Windows\System32\normaliz.dll - Ok\Device\HarddiskVolume1\Windows\System32\netprofm.dll - Ok\Device\HarddiskVolume1\Windows\System32\provsvc.dll - Ok\Device\HarddiskVolume1\Windows\System32\hgcpl.dll - Ok\Device\HarddiskVolume1\Windows\System32\mstask.dll - Ok\Device\HarddiskVolume1\Windows\System32\taskschd.dll - Ok\Device\HarddiskVolume1\Windows\System32\FXSAPI.dll - Ok\Device\HarddiskVolume1\Windows\System32\FXSST.dll - Ok\Device\HarddiskVolume1\Windows\System32\imapi2.dll - Ok\Device\HarddiskVolume1\Windows\System32\SyncCenter.dll - Ok\Device\HarddiskVolume1\Windows\System32\srchadmin.dll - Ok\Device\HarddiskVolume1\Windows\System32\PortableDeviceApi.dll - Ok\Device\HarddiskVolume1\Windows\System32\PortableDeviceTypes.dll - Ok\Device\HarddiskVolume1\Windows\System32\WPDShServiceObj.dll - Ok\Device\HarddiskVolume1\Windows\System32\nlaapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\netshell.dll - Ok\Device\HarddiskVolume1\Windows\ehome\ehSSO.dll - Ok\Device\HarddiskVolume1\Windows\System32\msxml6.dll - Ok\Device\HarddiskVolume1\Windows\System32\wercplsupport.dll - Ok\Device\HarddiskVolume1\Windows\System32\werconcpl.dll - Ok>\Device\HarddiskVolume1\Windows\System32\wscui.cpl is ZLIB container\Device\HarddiskVolume1\Windows\System32\wscui.cpl - container\Device\HarddiskVolume1\Program Files\Internet Explorer\ieproxy.dll - Ok\Device\HarddiskVolume1\Windows\System32\UIAnimation.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\ieframe.dll - Ok\Device\HarddiskVolume1\Windows\System32\bthprops.cpl - Ok\Device\HarddiskVolume1\Windows\System32\QAGENT.DLL - Ok\Device\HarddiskVolume1\Windows\System32\ActionCenter.dll - Ok\Device\HarddiskVolume1\Windows\System32\WWanAPI.dll - Ok\Device\HarddiskVolume1\Windows\System32\wscapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\wscinterop.dll - Ok\Device\HarddiskVolume1\Windows\System32\wwapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\wlanutil.dll - Ok\Device\HarddiskVolume1\Windows\System32\wlanapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\QUTIL.DLL - Ok\Device\HarddiskVolume1\Windows\System32\pnidui.dll - Ok\Device\HarddiskVolume1\Windows\System32\HelpPaneProxy.dll - Ok\Device\HarddiskVolume1\Windows\System32\AltTab.dll - Ok\Device\HarddiskVolume1\Windows\System32\Syncreg.dll - Ok\Device\HarddiskVolume1\Windows\System32\DXP.dll - Ok\Device\HarddiskVolume1\Windows\System32\es.dll - Ok\Device\HarddiskVolume1\Windows\System32\winspool.drv - Ok\Device\HarddiskVolume1\Windows\System32\prnfldr.dll - Ok\Device\HarddiskVolume1\Windows\System32\batmeter.dll - Ok\Device\HarddiskVolume1\Windows\System32\stobject.dll - Ok\Device\HarddiskVolume1\Windows\System32\actxprxy.dll - Ok\Device\HarddiskVolume1\Windows\System32\msi.dll - Ok\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll - Ok\Device\HarddiskVolume1\Windows\System32\SensApi.dll - Ok\Device\HarddiskVolume1\Windows\System32\framedynos.dll - Ok\Device\HarddiskVolume1\Windows\System32\avrt.dll - Ok\Device\HarddiskVolume1\Windows\System32\wdmaud.drv - Ok\Device\HarddiskVolume1\Windows\System32\winmm.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\networkexplorer.dll - Ok\Device\HarddiskVolume1\Windows\System32\hcproviders.dll - Ok\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - Ok\Device\HarddiskVolume1\Windows\System32\msls31.dll - Ok\Device\HarddiskVolume1\Windows\System32\msftedit.dll - Ok\Device\HarddiskVolume1\Windows\System32\wer.dll - Ok\Device\HarddiskVolume1\Windows\System32\gameux.dll - Ok\Device\HarddiskVolume1\Windows\System32\linkinfo.dll - Ok\Device\HarddiskVolume1\Windows\System32\shdocvw.dll - Ok\Device\HarddiskVolume1\Windows\System32\cryptnet.dll - Ok>\Device\HarddiskVolume1\Windows\System32\timedate.cpl is ZLIB container\Device\HarddiskVolume1\Windows\System32\timedate.cpl - container\Device\HarddiskVolume1\Windows\System32\IconCodecService.dll - Ok\Device\HarddiskVolume1\Windows\System32\ntshrui.dll - Ok\Device\HarddiskVolume1\Windows\System32\cscapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\cscdll.dll - Ok\Device\HarddiskVolume1\Windows\System32\cscui.dll - Ok\Device\HarddiskVolume1\Windows\System32\EhStorShell.dll - Ok\Device\HarddiskVolume1\Windows\System32\version.dll - Ok\Device\HarddiskVolume1\Users\P. Miller\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll - Ok\Device\HarddiskVolume1\Windows\System32\apphelp.dll - Ok\Device\HarddiskVolume1\Windows\System32\powrprof.dll - Ok\Device\HarddiskVolume1\Windows\System32\ExplorerFrame.dll - Ok\Device\HarddiskVolume1\Windows\System32\samcli.dll - Ok\Device\HarddiskVolume1\Windows\System32\winbrand.dll - Ok\Device\HarddiskVolume1\Windows\System32\WindowsCodecs.dll - Ok\Device\HarddiskVolume1\Windows\System32\xmllite.dll - Ok\Device\HarddiskVolume1\Windows\System32\dwmapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll - Ok\Device\HarddiskVolume1\Windows\System32\hid.dll - Ok\Device\HarddiskVolume1\Windows\System32\SndVolSSO.dll - Ok\Device\HarddiskVolume1\Windows\System32\duser.dll - Ok\Device\HarddiskVolume1\Windows\System32\dui70.dll - Ok\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_2b299db671e86e03\GdiPlus.dll - Ok\Device\HarddiskVolume1\Windows\System32\uxtheme.dll - Ok\Device\HarddiskVolume1\Windows\System32\propsys.dll - Ok\Device\HarddiskVolume1\Windows\System32\samlib.dll - Ok\Device\HarddiskVolume1\Windows\System32\shacct.dll - Ok\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll - Ok\Device\HarddiskVolume1\Windows\System32\cryptui.dll - Ok>\Device\HarddiskVolume1\Windows\System32\authui.dll is ZLIB container\Device\HarddiskVolume1\Windows\System32\authui.dll - container\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\System32\imagehlp.dll - Ok\Device\HarddiskVolume1\Windows\System32\iertutil.dll - Ok\Device\HarddiskVolume1\Windows\System32\shell32.dll - Ok\Device\HarddiskVolume1\Windows\System32\urlmon.dll - Ok\Device\HarddiskVolume1\Windows\System32\wininet.dll - Ok\Device\HarddiskVolume1\Windows\System32\msutb.dll - Ok\Device\HarddiskVolume1\Windows\System32\MsCtfMonitor.dll - Ok\Device\HarddiskVolume1\Windows\System32\esent.dll - Ok\Device\HarddiskVolume1\Windows\System32\cryptsvc.dll - Ok\Device\HarddiskVolume1\Program Files\Internet Explorer\sqmapi.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\cimwin32.dll - Ok\Device\HarddiskVolume1\Windows\System32\wbem\wmiprov.dll - Ok\Device\HarddiskVolume1\Program Files (x86)\Lavasoft\Ad-Aware\WSCUpdate.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\cryptdll.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\msv1_0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\credssp.dll - Ok>\Device\HarddiskVolume1\Windows\SysWOW64\secur32.dll - packed by FLY-CODE\Device\HarddiskVolume1\Windows\SysWOW64\secur32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\dui70.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\duser.dll - Ok>\Device\HarddiskVolume1\Windows\SysWOW64\msimg32.dll - packed by FLY-CODE\Device\HarddiskVolume1\Windows\SysWOW64\msimg32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ktmw32.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\dwmapi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\dnsapi.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\mswsock.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\uxtheme.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\apphelp.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\WindowsCodecs.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\oleacc.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\winmm.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\webio.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\winhttp.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\mpr.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\IconCodecService.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\ExplorerFrame.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\urlmon.dll - Ok\Device\HarddiskVolume1\Windows\SysWOW64\comdlg32.dll - Ok\Device\HarddiskVolume1\Windows\System32\cabinet.dll - Ok>\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\BHVf26x0bOP8A.dll is BINARYRES container>>\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\BHVf26x0bOP8A.dll\data003 is BINARYRES container\Device\HarddiskVolume1\Users\P. Miller\AppData\Local\Temp\57DE3487-98E59D51-8FF0CCDF-7BBB0687\BHVf26x0bOP8A.dll - container\device\harddiskvolume1\users\guest\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini - Ok\device\harddiskvolume1\program files\internet explorer\f12.dll - Ok\device\harddiskvolume1\windows\system32\msmpeg2vdec.dll - Ok\device\harddiskvolume1\windows\system32\ieetwcollector.exe - Ok\device\harddiskvolume1\windows\system32\dxptaskringtone.dll - Ok\device\harddiskvolume1\windows\system32\searchindexer.exe - Ok\device\harddiskvolume1\windows\system32\certenroll.dll - Ok\device\harddiskvolume1\windows\system32\webservices.dll - Ok\device\harddiskvolume1\windows\system32\dshowrdpfilter.dll - Ok\device\harddiskvolume1\windows\system32\msdtcvsp1res.dll - Ok\device\harddiskvolume1\windows\system32\tsworkspace.dll - Ok\device\harddiskvolume1\windows\system32\firewallcontrolpanel.dll - Ok\device\harddiskvolume1\windows\system32\certpoleng.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe - Ok\device\harddiskvolume1\program files\itunes\itunesminiplayer.dll - Ok\device\harddiskvolume1\program files (x86)\windows mail\winmail.exe - Ok\device\harddiskvolume1\windows\system32\certcredprovider.dll - Ok\device\harddiskvolume1\windows\system32\ieetwcollectorres.dll - Ok\device\harddiskvolume1\windows\system32\msmpeg2enc.dll - Ok\device\harddiskvolume1\windows\system32\deviceuxres.dll - Ok\device\harddiskvolume1\windows\system32\peerdistsh.dll - Ok\device\harddiskvolume1\windows\system32\peerdistsvc.dll - Ok\device\harddiskvolume1\program files (x86)\common files\mssoap\binaries\mssoap30.dll - Ok\device\harddiskvolume1\windows\system32\macromed\flash\flash64_20_0_0_228.ocx - Ok>\device\harddiskvolume1\windows\syswow64\macromed\flash\flash32_20_0_0_228.ocx - packed by BINARYRES>>\device\harddiskvolume1\windows\syswow64\macromed\flash\flash32_20_0_0_228.ocx is WISE container\device\harddiskvolume1\windows\syswow64\macromed\flash\flash32_20_0_0_228.ocx - container>\device\harddiskvolume1\program files\windows media player\wmpdmc.exe is ZLIB container\device\harddiskvolume1\program files\windows media player\wmpdmc.exe - container>\device\harddiskvolume1\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll is ZLIB container\device\harddiskvolume1\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll - container\device\harddiskvolume1\windows\system32\dhcpcmonitor.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v4.0.30319\eventlogmessages.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe - Ok\device\harddiskvolume1\windows\syswow64\dot3gpclnt.dll - Ok\device\harddiskvolume1\windows\system32\sharemediacpl.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework\v4.0.30319\aspnet_rc.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe - Ok\device\harddiskvolume1\windows\system32\themeservice.dll - Ok\device\harddiskvolume1\program files (x86)\quicktime\qtsystem\quicktime.cpl - Ok\device\harddiskvolume1\windows\system32\ehstorauthn.exe - Ok>\device\harddiskvolume1\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe is NET container\device\harddiskvolume1\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe - container\device\harddiskvolume1\windows\system32\wabsyncprovider.dll - Ok\device\harddiskvolume1\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll - Ok\device\harddiskvolume1\windows\system32\magnification.dll - Ok\device\harddiskvolume1\windows\system32\oobe\cmisetup.dll - Ok\device\harddiskvolume1\windows\system32\taskbarcpl.dll - Ok\device\harddiskvolume1\windows\system32\oobe\windeploy.exe - Ok\device\harddiskvolume1\windows\system32\oobe\winsetup.dll - Ok>\device\harddiskvolume1\windows\system32\oobe\msoobeui.dll is ZLIB container\device\harddiskvolume1\windows\system32\oobe\msoobeui.dll - container\device\harddiskvolume1\windows\system32\microsoft-windows-kernel-power-events.dll - Ok\device\harddiskvolume1\windows\system32\dot3gpclnt.dll - Ok\device\harddiskvolume1\program files (x86)\common files\microsoft shared\windows live\wlidcredprov.dll - Ok\device\harddiskvolume1\windows\system32\hotstartuseragent.dll - Ok\device\harddiskvolume1\windows\system32\oobe\oobeldr.exe - Ok\device\harddiskvolume1\program files\superantispyware\saskutil64.sys - Ok\device\harddiskvolume1\program files\superantispyware\sasdifsv64.sys - Ok>\device\harddiskvolume1\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll is ZLIB container\device\harddiskvolume1\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll - container\device\harddiskvolume1\windows\system32\tsusbredirectiongrouppolicyextension.dll - Ok\device\harddiskvolume1\windows\system32\oobe\audit.exe - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v4.0.30319\servicemodelevents.dll - Ok\device\harddiskvolume1\program files\bonjour\mdnsnsp.dll - Ok\device\harddiskvolume1\windows\system32\drivers\mwac.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mbam.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wudfrd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wudfpf.sys - Ok\device\harddiskvolume1\windows\system32\drivers\winusb.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wfplwf.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wanarp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\viaide.sys - Ok\device\harddiskvolume1\windows\system32\drivers\vhdmp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\vgapnp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\usbcir.sys - Ok\device\harddiskvolume1\windows\system32\drivers\umpass.sys - Ok\device\harddiskvolume1\windows\system32\drivers\udfs.sys - Ok\device\harddiskvolume1\windows\system32\drivers\uagp35.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tunnel.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tdx.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tdtcp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tdpipe.sys - Ok\device\harddiskvolume1\windows\system32\drivers\srvnet.sys - Ok\device\harddiskvolume1\windows\system32\drivers\srv2.sys - Ok\device\harddiskvolume1\windows\system32\drivers\srv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\spldr.sys - Ok\device\harddiskvolume1\windows\system32\drivers\smb.sys - Ok\device\harddiskvolume1\windows\system32\drivers\serial.sys - Ok\device\harddiskvolume1\windows\system32\drivers\secdrv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rspndr.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rdpwd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rdpdr.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rdpcdd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rdbss.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rasacd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ql40xx.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ql2300.sys - Ok\device\harddiskvolume1\windows\system32\drivers\pacer.sys - Ok\device\harddiskvolume1\windows\system32\drivers\peauth.sys - Ok\device\harddiskvolume1\windows\system32\drivers\pcmcia.sys - Ok\device\harddiskvolume1\windows\system32\drivers\nv_agp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\nvstor.sys - Ok\device\harddiskvolume1\windows\system32\drivers\nvraid.sys - Ok\device\harddiskvolume1\windows\system32\drivers\netbt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\nwifi.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mstee.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mspqm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\msdsm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\msahci.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mrxsmb.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mrxdav.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mpsdrv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mpio.sys - Ok\device\harddiskvolume1\windows\system32\drivers\modem.sys - Ok\device\harddiskvolume1\windows\system32\drivers\megasr.sys - Ok\device\harddiskvolume1\windows\system32\drivers\luafv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\lsi_fc.sys - Ok\device\harddiskvolume1\windows\system32\drivers\lltdio.sys - Ok\device\harddiskvolume1\windows\system32\drivers\isapnp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\irenum.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ipnat.sys - Ok\device\harddiskvolume1\windows\system32\drivers\iirsp.sys - Ok>\device\harddiskvolume1\windows\system32\drivers\http.sys is BINARYRES container\device\harddiskvolume1\windows\system32\drivers\http.sys - container\device\harddiskvolume1\windows\system32\drivers\hpsamd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\hidir.sys - Ok\device\harddiskvolume1\windows\system32\drivers\hidbth.sys - Ok\device\harddiskvolume1\windows\system32\drivers\afd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\agp440.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aliide.sys - Ok\device\harddiskvolume1\windows\system32\drivers\amdide.sys - Ok\device\harddiskvolume1\windows\system32\drivers\amdk8.sys - Ok\device\harddiskvolume1\windows\system32\drivers\amdppm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\amdsbs.sys - Ok\device\harddiskvolume1\windows\system32\drivers\appid.sys - Ok\device\harddiskvolume1\windows\system32\drivers\arc.sys - Ok\device\harddiskvolume1\windows\system32\drivers\arcsas.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswsnx.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswsp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswstm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswvmm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\bxvbda.sys - Ok\device\harddiskvolume1\windows\system32\drivers\bowser.sys - Ok\device\harddiskvolume1\windows\system32\drivers\bridge.sys - Ok\device\harddiskvolume1\windows\system32\drivers\cmbatt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\cmdide.sys - Ok\device\harddiskvolume1\windows\system32\drivers\csc.sys - Ok\device\harddiskvolume1\windows\system32\drivers\dfsc.sys - Ok\device\harddiskvolume1\windows\system32\drivers\evbda.sys - Ok\device\harddiskvolume1\windows\system32\drivers\errdev.sys - Ok\device\harddiskvolume1\windows\system32\drivers\exfat.sys - Ok\device\harddiskvolume1\program files\winrar\rarext.dll - Ok\device\harddiskvolume1\program files\winrar\rarext32.dll - Ok\device\harddiskvolume1\windows\system32\vaultcredprovider.dll - Ok\device\harddiskvolume1\windows\system32\wat\watadminsvc.exe - Ok\device\harddiskvolume1\program files\alwil software\avast5\aswwebrepie64.dll - Ok\device\harddiskvolume1\program files\alwil software\avast5\aswwebrepie.dll - Ok>\device\harddiskvolume1\program files\my lockbox\mylbx.exe - packed by ASPROTECT>>\device\harddiskvolume1\program files\my lockbox\mylbx.exe is BINARYRES container>>>\device\harddiskvolume1\program files\my lockbox\mylbx.exe\data002 is ZLIB container\device\harddiskvolume1\program files\my lockbox\mylbx.exe - container\device\harddiskvolume1\program files\internet explorer\iedvtool.dll - Ok>\device\harddiskvolume1\program files (x86)\aim\aim.exe is BINARYRES container\device\harddiskvolume1\program files (x86)\aim\aim.exe - container\device\harddiskvolume1\program files\alwil software\avast5\ashsha64.dll - Ok\device\harddiskvolume1\program files\alwil software\avast5\ashshell.dll - Ok\device\harddiskvolume1\program files\alwil software\avast5\avastui.exe - Ok\device\harddiskvolume1\windows\syswow64\macromed\flash\flashplayerupdateservice.exe - Ok\device\harddiskvolume1\program files\alwil software\avast5\avastsvc.exe - Ok\device\harddiskvolume1\windows\system32\portabledevicestatus.dll - Ok>\device\harddiskvolume1\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe is BINARYRES container\device\harddiskvolume1\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe - container\device\harddiskvolume1\users\ - file not found\device\harddiskvolume1\program files (x86)\itunes\ituneshelper.exe - Ok\device\harddiskvolume1\windows\system32\drivers\vwififlt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\vwifibus.sys - Ok\device\harddiskvolume1\windows\system32\drivers\vsmraid.sys - Ok\device\harddiskvolume1\windows\system32\drivers\vmbushid.sys - Ok\device\harddiskvolume1\windows\system32\drivers\vms3cap.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wimmount.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ws2ifsl.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wmiacpi.sys - Ok\device\harddiskvolume1\windows\system32\drivers\wacompen.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tsusbflt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tssecsrv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\tcpipreg.sys - Ok\device\harddiskvolume1\windows\system32\drivers\usbprint.sys - Ok\device\harddiskvolume1\windows\system32\drivers\usbohci.sys - Ok\device\harddiskvolume1\windows\system32\drivers\usbccgp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\usbaudio.sys - Ok\device\harddiskvolume1\windows\system32\drivers\usbaapl64.sys - Ok\device\harddiskvolume1\windows\system32\drivers\uliagpkx.sys - Ok>\device\harddiskvolume1\program files (x86)\skype\phone\skype.exe is BINARYRES container>>\device\harddiskvolume1\program files (x86)\skype\phone\skype.exe\data001 is JS-HTML container\device\harddiskvolume1\program files (x86)\skype\phone\skype.exe - container\device\harddiskvolume1\windows\system32\drivers\rt64win7.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rootmdm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rdprefmp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rdpencdd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rassstp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\raspppoe.sys - Ok\device\harddiskvolume1\windows\system32\drivers\rasl2tp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\raspptp.sys - Ok\device\harddiskvolume1\windows\system32\drivers\storport.sys - Ok\device\harddiskvolume1\windows\system32\drivers\storvsc.sys - Ok\device\harddiskvolume1\windows\system32\drivers\stexstor.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ssudmdm.sys - Ok\device\harddiskvolume1\program files (x86)\skype\updater\updater.exe - Ok\device\harddiskvolume1\windows\system32\drivers\sisraid4.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sisraid2.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sfloppy.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sffp_sd.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sffp_mmc.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sffdisk.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sermouse.sys - Ok\device\harddiskvolume1\windows\system32\drivers\serenum.sys - Ok\device\harddiskvolume1\windows\system32\drivers\scfilter.sys - Ok\device\harddiskvolume1\windows\system32\drivers\sbp2port.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ssudbus.sys - Ok\device\harddiskvolume1\windows\system32\drivers\processr.sys - Ok\device\harddiskvolume1\windows\system32\drivers\parport.sys - Ok\device\harddiskvolume1\windows\system32\drivers\qwavedrv.sys - Ok\device\harddiskvolume1\windows\system32\wpdbusenum.dll - Ok\device\harddiskvolume1\windows\system32\drivers\filetrace.sys - Ok\device\harddiskvolume1\windows\system32\drivers\fsdepends.sys - Ok\device\harddiskvolume1\windows\system32\drivers\gagp30kx.sys - Ok\device\harddiskvolume1\windows\system32\drivers\discache.sys - Ok\device\harddiskvolume1\windows\system32\drivers\drmkaud.sys - Ok\device\harddiskvolume1\windows\system32\drivers\dxgkrnl.sys - Ok\device\harddiskvolume1\windows\system32\drivers\e1g6032e.sys - Ok\device\harddiskvolume1\windows\system32\drivers\elxstor.sys - Ok\device\harddiskvolume1\windows\system32\drivers\b57nd60a.sys - Ok\device\harddiskvolume1\windows\system32\drivers\brfiltlo.sys - Ok\device\harddiskvolume1\windows\system32\drivers\brfiltup.sys - Ok\device\harddiskvolume1\windows\system32\drivers\brserid.sys - Ok\device\harddiskvolume1\windows\system32\drivers\brserwdm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\brusbmdm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\brusbser.sys - Ok\device\harddiskvolume1\windows\system32\drivers\bthmodem.sys - Ok\device\harddiskvolume1\windows\system32\drivers\circlass.sys - Ok\device\harddiskvolume1\windows\system32\drivers\crcdisk.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ati2erec.dll - Ok\device\harddiskvolume1\windows\system32\sppuinotify.dll - Ok\device\harddiskvolume1\windows\system32\drivers\agilevpn.sys - Ok\device\harddiskvolume1\windows\system32\drivers\acpipmi.sys - Ok\device\harddiskvolume1\windows\system32\drivers\adp94xx.sys - Ok\device\harddiskvolume1\windows\system32\drivers\adpahci.sys - Ok\device\harddiskvolume1\windows\system32\drivers\adpu320.sys - Ok\device\harddiskvolume1\windows\system32\drivers\amdsata.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswhwid.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswmonflt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswrdr2.sys - Ok\device\harddiskvolume1\windows\system32\drivers\aswrvrt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\asyncmac.sys - Ok\device\harddiskvolume1\windows\system32\drivers\atikmdag.sys - Ok\device\harddiskvolume1\windows\system32\drivers\nsiproxy.sys - Ok\device\harddiskvolume1\windows\system32\drivers\nfrd960.sys - Ok\device\harddiskvolume1\windows\system32\drivers\netbios.sys - Ok\device\harddiskvolume1\windows\system32\drivers\netaapl64.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ndproxy.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ndiswan.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ndisuio.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ndistapi.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ndiscap.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ohci1394.sys - Ok\device\harddiskvolume1\windows\system32\drivers\lsi_scsi.sys - Ok\device\harddiskvolume1\windows\system32\drivers\lsi_sas2.sys - Ok\device\harddiskvolume1\windows\system32\drivers\lsi_sas.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mtconfig.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mspclock.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mskssrv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mshidkmdf.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mrxsmb20.sys - Ok\device\harddiskvolume1\windows\system32\drivers\mrxsmb10.sys - Ok\device\harddiskvolume1\windows\system32\drivers\monitor.sys - Ok\device\harddiskvolume1\windows\system32\drivers\megasas.sys - Ok\device\harddiskvolume1\windows\system32\drivers\msiscsi.sys - Ok\device\harddiskvolume1\program files (x86)\teamviewer\version6\teamviewer_service.exe - Ok\device\harddiskvolume1\windows\system32\drivers\ksthunk.sys - Ok\device\harddiskvolume1\windows\system32\drivers\htcvcomv64.sys - Ok\device\harddiskvolume1\windows\system32\drivers\hidbatt.sys - Ok\device\harddiskvolume1\windows\system32\drivers\hcw85cir.sys - Ok\device\harddiskvolume1\windows\system32\drivers\hdaudio.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ipmidrv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\ipfltdrv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\intelppm.sys - Ok\device\harddiskvolume1\windows\system32\drivers\intelide.sys - Ok\device\harddiskvolume1\windows\system32\drivers\iastorv.sys - Ok\device\harddiskvolume1\windows\system32\drivers\i8042prt.sys - Ok\device\harddiskvolume1\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe - Ok\device\harddiskvolume1\windows\syswow64\peerdistsh.dll - Ok\device\harddiskvolume1\program files\dvd maker\dvdmaker.exe - Ok\device\harddiskvolume1\program files (x86)\samsung\kies\kiestrayagent.exe - Ok>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe is BINARYRES container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data001 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data002 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data003 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data004 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data005 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data006 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data007 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data008 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data009 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data010 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data011 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data012 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data013 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data014 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data015 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data016 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data017 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data018 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data019 is JS-HTML container>>\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe\data020 is JS-HTML container\device\harddiskvolume1\program files (x86)\google\chrome\application\47.0.2526.106\installer\chrmstp.exe - container\device\harddiskvolume1\windows\system32\eventproviders\spcmsg.dll - Ok\device\harddiskvolume1\windows\system32\wbem\wmiapsrv.exe - Ok\device\harddiskvolume1\program files\java\jre6\bin\jp2ssv.dll - Ok\device\harddiskvolume1\program files\java\jre6\bin\jp2iexp.dll - Ok\device\harddiskvolume1\program files\ipod\bin\ipodservice.exe - Ok\device\harddiskvolume1\windows\system32\wbem\win32_tpm.dll - Ok\device\harddiskvolume1\program files (x86)\java\jre7\bin\jabswitch.exe - Ok\device\harddiskvolume1\windows\system32\wbem\ntevt.dll - Ok>\device\harddiskvolume1\windows\system32\speech\speechux\speechux.dll is ZLIB container\device\harddiskvolume1\windows\system32\speech\speechux\speechux.dll - container\device\harddiskvolume1\users\p. miller\appdata\roaming\microsoft\windows\start menu\programs\startup\dropbox.lnk - Ok\device\harddiskvolume1\users\p. miller\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini - Ok\device\harddiskvolume1\windows\system32\uiautomationcore.dll - Ok\device\harddiskvolume1\windows\system32\drivers\1394ohci.sys - Ok\device\harddiskvolume1\windows\system32\biocredprov.dll - Ok\device\harddiskvolume1\windows\system32\locationnotifications.exe - Ok\device\harddiskvolume1\windows\system32\displayswitch.exe - Ok\device\harddiskvolume1\program files (x86)\rocketdock\rocketdock.exe - Ok\device\harddiskvolume1\windows\syswow64\mf.dll - Ok\device\harddiskvolume1\windows\syswow64\itss.dll - Ok>\device\harddiskvolume1\windows\syswow64\calc.exe is ZLIB container\device\harddiskvolume1\windows\syswow64\calc.exe - container\device\harddiskvolume1\windows\syswow64\osk.exe - Ok\device\harddiskvolume1\windows\syswow64\cmd.exe - Ok\device\harddiskvolume1\program files (x86)\openoffice.org 3\program\quickstart.exe - Ok\device\harddiskvolume1\program files (x86)\malwarebytes anti-malware\mbamservice.exe - Ok\device\harddiskvolume1\windows\servicing\cbsmsg.dll - Ok\device\harddiskvolume1\windows\syswow64\ehstorshell.dll - Ok>\device\harddiskvolume1\windows\syswow64\dhcpcmonitor.dll - packed by FLY-CODE\device\harddiskvolume1\windows\syswow64\dhcpcmonitor.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework\v1.1.4322\aspnet_rc.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe - Ok\device\harddiskvolume1\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe - Ok\device\harddiskvolume1\windows\syswow64\magnification.dll - Ok\device\harddiskvolume1\windows\system32\documentperformanceevents.dll - Ok\device\harddiskvolume1\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v2.0.50727\eventlogmessages.dll - Ok\device\harddiskvolume1\windows\microsoft.net\framework64\v2.0.50727\aspnet_rc.dll - Ok\device\harddiskvolume1\windows\system32\dxptasksync.dll - Ok Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008189 Share Posted December 21, 2015 =============================================================================\device\harddiskvolume1\program files\windows media player\wmpdmccore.dll - Ok\device\harddiskvolume1\program files\windows media player\wmpmediasharing.dll - Ok\device\harddiskvolume1\program files (x86)\java\jre7\bin\jp2ssv.dll - Ok\device\harddiskvolume1\program files (x86)\java\jre7\bin\ssv.dll - Ok\device\harddiskvolume1\program files (x86)\java\jre7\bin\jp2iexp.dll - Ok\device\harddiskvolume1\program files (x86)\windows live\messenger\msgrapp.dll - Ok\device\harddiskvolume1\program files (x86)\google\update\googleupdate.exe - Ok\device\harddiskvolume1\program files (x86)\windows live\mail\mailcomm.dll - Ok\device\harddiskvolume1\program files (x86)\mozilla maintenance service\maintenanceservice.exe - Ok\device\harddiskvolume1\windows\syswow64\schannel.dll - Ok\device\harddiskvolume1\windows\syswow64\ac3filter.acm - Ok\device\harddiskvolume1\windows\syswow64\iccvid.dll - Ok\device\harddiskvolume1\windows\syswow64\scecli.dll - Ok\device\harddiskvolume1\windows\syswow64\rasplap.dll - Ok\device\harddiskvolume1\windows\syswow64\napmontr.dll - Ok\device\harddiskvolume1\windows\syswow64\rasmontr.dll - Ok>\device\harddiskvolume1\windows\syswow64\magnify.exe is ZLIB container\device\harddiskvolume1\windows\syswow64\magnify.exe - container\device\harddiskvolume1\windows\syswow64\napinsp.dll - Ok\device\harddiskvolume1\windows\syswow64\ifmon.dll - Ok>\device\harddiskvolume1\windows\syswow64\dfrgui.exe is ZLIB container\device\harddiskvolume1\windows\syswow64\dfrgui.exe - container\device\harddiskvolume1\windows\syswow64\ieframe.dll - Ok\device\harddiskvolume1\windows\syswow64\webcheck.dll - Ok\device\harddiskvolume1\windows\syswow64\netlogon.dll - Ok\device\harddiskvolume1\windows\syswow64\netiohlp.dll - Ok\device\harddiskvolume1\windows\syswow64\perfhost.exe - Ok\device\harddiskvolume1\windows\syswow64\iedkcs32.dll - Ok>\device\harddiskvolume1\windows\syswow64\regsvr32.exe - packed by FLY-CODE\device\harddiskvolume1\windows\syswow64\regsvr32.exe - Ok\device\harddiskvolume1\windows\syswow64\wdmaud.drv - Ok\device\harddiskvolume1\windows\syswow64\fdeploy.dll - Ok\device\harddiskvolume1\windows\syswow64\winrnr.dll - Ok\device\harddiskvolume1\windows\syswow64\sirenacm.dll - Ok\device\harddiskvolume1\windows\syswow64\midimap.dll - Ok\device\harddiskvolume1\windows\syswow64\shdocvw.dll - Ok\device\harddiskvolume1\windows\syswow64\whhelper.dll - Ok\device\harddiskvolume1\windows\syswow64\lhacm.acm - Ok\device\harddiskvolume1\windows\syswow64\themeui.dll - Ok\device\harddiskvolume1\windows\syswow64\logoncli.dll - Ok\device\harddiskvolume1\windows\syswow64\dot3cfg.dll - Ok\device\harddiskvolume1\windows\syswow64\polstore.dll - Ok\device\harddiskvolume1\windows\syswow64\inetcomm.dll - Ok>\device\harddiskvolume1\windows\syswow64\hnetmon.dll - packed by FLY-CODE\device\harddiskvolume1\windows\syswow64\hnetmon.dll - Ok\device\harddiskvolume1\windows\syswow64\pnrpnsp.dll - Ok\device\harddiskvolume1\windows\syswow64\pnkbstra.exe - Ok\device\harddiskvolume1\windows\syswow64\unregmp2.exe - Ok\device\harddiskvolume1\program files\windows media player\wmpnssui.dll - Ok\device\harddiskvolume1\program files\windows media player\setup_wm.exe - Ok\device\harddiskvolume1\program files\windows media player\wmpnscfg.exe - Ok\device\harddiskvolume1\program files\windows media player\wmpnetwk.exe - Ok>\device\harddiskvolume1\windows\syswow64\imaadp32.acm - packed by FLY-CODE\device\harddiskvolume1\windows\syswow64\imaadp32.acm - Ok\device\harddiskvolume1\windows\syswow64\wlancfg.dll - Ok\device\harddiskvolume1\windows\syswow64\cleanmgr.exe - Ok\device\harddiskvolume1\windows\syswow64\nlaapi.dll - Ok\device\harddiskvolume1\windows\syswow64\wlgpclnt.dll - Ok\device\harddiskvolume1\windows\syswow64\msvidctl.dll - Ok>\device\harddiskvolume1\windows\syswow64\mshtml.dll - packed by BINARYRES\device\harddiskvolume1\windows\syswow64\mshtml.dll - Ok\device\harddiskvolume1\windows\syswow64\mscoree.dll - Ok\device\harddiskvolume1\windows\syswow64\nshipsec.dll - Ok\device\harddiskvolume1\windows\syswow64\nshhttp.dll - Ok\device\harddiskvolume1\windows\syswow64\wshelper.dll - Ok\device\harddiskvolume1\windows\syswow64\nshwfp.dll - Ok\device\harddiskvolume1\windows\syswow64\msvbvm60.dll - Ok\device\harddiskvolume1\windows\syswow64\userinit.exe - Ok\device\harddiskvolume1\windows\syswow64\tsbyuv.dll - Ok\device\harddiskvolume1\windows\syswow64\msyuv.dll - Ok\device\harddiskvolume1\windows\syswow64\msacm32.drv - Ok\device\harddiskvolume1\windows\syswow64\msadp32.acm - Ok\device\harddiskvolume1\windows\syswow64\msgsm32.acm - Ok\device\harddiskvolume1\windows\syswow64\msg711.acm - Ok\device\harddiskvolume1\windows\syswow64\msvidc32.dll - Ok\device\harddiskvolume1\windows\syswow64\msrle32.dll - Ok\device\harddiskvolume1\windows\syswow64\dskquota.dll - Ok\device\harddiskvolume1\windows\syswow64\cscobj.dll - Ok\device\harddiskvolume1\windows\syswow64\mscories.dll - Ok\device\harddiskvolume1\windows\syswow64\srchadmin.dll - Ok\device\harddiskvolume1\windows\system32\d3d11.dll - Ok\device\harddiskvolume1\windows\system32\d3d10core.dll - Ok\device\harddiskvolume1\windows\system32\w32time.dll - Ok\device\harddiskvolume1\windows\system32\l3codeca.acm - Ok\device\harddiskvolume1\windows\system32\l2nacp.dll - Ok\device\harddiskvolume1\windows\system32\p2phost.exe - Ok\device\harddiskvolume1\windows\system32\actionqueue.dll - Ok\device\harddiskvolume1\windows\system32\p2pcollab.dll - Ok\device\harddiskvolume1\windows\system32\p2pnetsh.dll - Ok\device\harddiskvolume1\windows\syswow64\rpcnsh.dll - Ok\device\harddiskvolume1\windows\system32\p2psvc.dll - Ok\device\harddiskvolume1\windows\syswow64\gpprefcl.dll - Ok\device\harddiskvolume1\windows\syswow64\gptext.dll - Ok\device\harddiskvolume1\windows\syswow64\gpscript.dll - Ok\device\harddiskvolume1\windows\syswow64\gpprnext.dll - Ok\device\harddiskvolume1\windows\syswow64\appmgmts.dll - Ok\device\harddiskvolume1\windows\syswow64\fwcfg.dll - Ok>\device\harddiskvolume1\windows\syswow64\authui.dll is ZLIB container\device\harddiskvolume1\windows\syswow64\authui.dll - container\device\harddiskvolume1\windows\syswow64\authfwcfg.dll - Ok\device\harddiskvolume1\windows\syswow64\rundll32.exe - Ok\device\harddiskvolume1\windows\syswow64\ntshrui.dll - Ok\device\harddiskvolume1\program files\common files\microsoft shared\ink\mraut.dll - Ok\device\harddiskvolume1\windows\system32\actioncentercpl.dll - Ok\device\harddiskvolume1\windows\system32\wcspluginservice.dll - Ok>\device\harddiskvolume1\windows\syswow64\iyuv_32.dll - packed by FLY-CODE\device\harddiskvolume1\windows\syswow64\iyuv_32.dll - Ok\device\harddiskvolume1\windows\syswow64\explorer.exe - Ok\device\harddiskvolume1\program files\common files\microsoft shared\ink\ipseventlogmsg.dll - Ok\device\harddiskvolume1\programdata\microsoft\windows\start menu\programs\startup\desktop.ini - Ok\device\harddiskvolume1\windows\system32\windowspowershell\v1.0\psevents.dll - Ok\device\harddiskvolume1\users\p. miller\appdata\local\dropbox\update\dropboxupdate.exe - Ok\device\harddiskvolume1\windows\system32\spool\tools\printbrmengine.exe - Ok\device\harddiskvolume1\windows\system32\mfreadwrite.dll - Ok\device\harddiskvolume1\windows\system32\rasplap.dll - Ok\device\harddiskvolume1\windows\system32\taskmgr.exe - Ok\device\harddiskvolume1\windows\system32\napipsec.dll - Ok\device\harddiskvolume1\windows\system32\racengn.dll - Ok\device\harddiskvolume1\windows\system32\davclnt.dll - Ok\device\harddiskvolume1\windows\system32\napmontr.dll - Ok\device\harddiskvolume1\windows\system32\rasmontr.dll - Ok>\device\harddiskvolume1\windows\system32\narrator.exe is BINARYRES container>>\device\harddiskvolume1\windows\system32\narrator.exe\data001 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data002 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data003 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data004 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data005 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data006 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data007 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data008 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data009 is NET container>>\device\harddiskvolume1\windows\system32\narrator.exe\data010 is NET container\device\harddiskvolume1\windows\system32\narrator.exe - container>\device\harddiskvolume1\windows\system32\magnify.exe is ZLIB container\device\harddiskvolume1\windows\system32\magnify.exe - container\device\harddiskvolume1\windows\system32\radarrs.dll - Ok\device\harddiskvolume1\windows\system32\iassvcs.dll - Ok\device\harddiskvolume1\windows\system32\radardt.dll - Ok\device\harddiskvolume1\windows\system32\wat\watux.exe - Ok\device\harddiskvolume1\windows\system32\pautoenr.dll - Ok\device\harddiskvolume1\windows\system32\napinsp.dll - Ok\device\harddiskvolume1\windows\system32\tapisrv.dll - Ok\device\harddiskvolume1\windows\system32\tabsvc.dll - Ok\device\harddiskvolume1\windows\system32\rasmans.dll - Ok\device\harddiskvolume1\windows\system32\rasauto.dll - Ok\device\harddiskvolume1\windows\system32\qagentrt.dll - Ok\device\harddiskvolume1\windows\system32\eapsvc.dll - Ok\device\harddiskvolume1\windows\system32\mctadmin.exe - Ok\device\harddiskvolume1\windows\system32\ocsetup.exe - Ok\device\harddiskvolume1\windows\system32\mcxdriv.dll - Ok\device\harddiskvolume1\windows\system32\pcaevts.dll - Ok\device\harddiskvolume1\windows\system32\wcnnetsh.dll - Ok\device\harddiskvolume1\windows\system32\pcadm.dll - Ok\device\harddiskvolume1\windows\system32\ncryptui.dll - Ok\device\harddiskvolume1\windows\system32\mciavi32.dll - Ok\device\harddiskvolume1\windows\system32\icardres.dll - Ok\device\harddiskvolume1\windows\system32\tcpmon.dll - Ok\device\harddiskvolume1\windows\system32\wcncsvc.dll - Ok\device\harddiskvolume1\windows\system32\schedsvc.dll - Ok\device\harddiskvolume1\windows\system32\scardsvr.dll - Ok\device\harddiskvolume1\windows\system32\pcasvc.dll - Ok\device\harddiskvolume1\windows\system32\mcx2svc.dll - Ok\device\harddiskvolume1\windows\system32\mblctr.exe - Ok\device\harddiskvolume1\windows\system32\wbiosrvc.dll - Ok\device\harddiskvolume1\windows\system32\wbengine.exe - Ok\device\harddiskvolume1\windows\system32\tbssvc.dll - Ok\device\harddiskvolume1\windows\system32\webcheck.dll - Ok\device\harddiskvolume1\windows\system32\werfault.exe - Ok\device\harddiskvolume1\windows\system32\setupetw.dll - Ok\device\harddiskvolume1\windows\system32\setupcl.exe - Ok\device\harddiskvolume1\windows\system32\setupugc.exe - Ok\device\harddiskvolume1\windows\system32\netcenter.dll - Ok\device\harddiskvolume1\windows\system32\wevtfwd.dll - Ok\device\harddiskvolume1\windows\system32\webio.dll - Ok\device\harddiskvolume1\windows\system32\nettrace.dll - Ok\device\harddiskvolume1\windows\system32\netiohlp.dll - Ok\device\harddiskvolume1\windows\system32\perftrack.dll - Ok\device\harddiskvolume1\windows\system32\netmsg.dll - Ok\device\harddiskvolume1\windows\system32\reagent.dll - Ok\device\harddiskvolume1\windows\system32\recovery.dll - Ok\device\harddiskvolume1\windows\system32\relpost.exe - Ok\device\harddiskvolume1\windows\system32\netdiagfx.dll - Ok\device\harddiskvolume1\windows\system32\netevent.dll - Ok\device\harddiskvolume1\windows\system32\perfctrs.dll - Ok\device\harddiskvolume1\windows\system32\certcli.dll - Ok\device\harddiskvolume1\windows\system32\aeevts.dll - Ok\device\harddiskvolume1\windows\system32\wersvc.dll - Ok\device\harddiskvolume1\windows\system32\wecsvc.dll - Ok\device\harddiskvolume1\windows\system32\webclnt.dll - Ok\device\harddiskvolume1\windows\system32\termsrv.dll - Ok\device\harddiskvolume1\windows\system32\sessenv.dll - Ok\device\harddiskvolume1\windows\system32\sensrsvc.dll - Ok\device\harddiskvolume1\windows\system32\seclogon.dll - Ok\device\harddiskvolume1\windows\system32\regsvc.dll - Ok\device\harddiskvolume1\windows\system32\perfproc.dll - Ok\device\harddiskvolume1\windows\system32\perfos.dll - Ok\device\harddiskvolume1\windows\system32\perfnet.dll - Ok\device\harddiskvolume1\windows\system32\perfdisk.dll - Ok\device\harddiskvolume1\windows\system32\peerdist.dll - Ok\device\harddiskvolume1\windows\system32\netman.dll - Ok\device\harddiskvolume1\windows\system32\iedkcs32.dll - Ok\device\harddiskvolume1\windows\system32\regsvr32.exe - Ok\device\harddiskvolume1\windows\system32\ie4uinit.exe - Ok\device\harddiskvolume1\windows\system32\aelupsvc.dll - Ok\device\harddiskvolume1\windows\system32\certprop.dll - Ok\device\harddiskvolume1\windows\system32\defragsvc.dll - Ok\device\harddiskvolume1\windows\system32\sdiageng.dll - Ok\device\harddiskvolume1\windows\system32\sdiagprv.dll - Ok\device\harddiskvolume1\windows\system32\adsldpc.dll - Ok\device\harddiskvolume1\windows\system32\sdiagschd.dll - Ok\device\harddiskvolume1\windows\system32\idlisten.dll - Ok\device\harddiskvolume1\windows\system32\wdfres.dll - Ok\device\harddiskvolume1\windows\system32\rdpcorets.dll - Ok\device\harddiskvolume1\windows\system32\sdclt.exe - Ok\device\harddiskvolume1\windows\system32\rdpwsx.dll - Ok\device\harddiskvolume1\windows\system32\rdpclip.exe - Ok\device\harddiskvolume1\windows\system32\rdpcfgex.dll - Ok\device\harddiskvolume1\windows\system32\rdpendp.dll - Ok\device\harddiskvolume1\windows\system32\adtschema.dll - Ok\device\harddiskvolume1\windows\system32\vdsvd.dll - Ok\device\harddiskvolume1\windows\system32\vdsdyn.dll - Ok\device\harddiskvolume1\windows\system32\vdsbas.dll - Ok\device\harddiskvolume1\windows\system32\mdsched.exe - Ok\device\harddiskvolume1\windows\system32\sdengin2.dll - Ok\device\harddiskvolume1\windows\system32\sdrsvc.dll - Ok\device\harddiskvolume1\windows\system32\rdpudd.dll - Ok\device\harddiskvolume1\windows\system32\rdpdd.dll - Ok\device\harddiskvolume1\windows\system32\fdeploy.dll - Ok\device\harddiskvolume1\windows\system32\bdesvc.dll - Ok\device\harddiskvolume1\windows\system32\fdphost.dll - Ok\device\harddiskvolume1\windows\system32\fdrespub.dll - Ok>\device\harddiskvolume1\windows\syswow64\drivers\wimmount.sys - packed by FLY-CODE>>\device\harddiskvolume1\windows\syswow64\drivers\wimmount.sys - packed by FLY-CODE\device\harddiskvolume1\windows\syswow64\drivers\wimmount.sys - Ok\device\harddiskvolume1\windows\system32\dfdwiz.exe - Ok\device\harddiskvolume1\windows\system32\mfplat.dll - Ok\device\harddiskvolume1\windows\system32\mfplay.dll - Ok\device\harddiskvolume1\windows\system32\ifmon.dll - Ok>\device\harddiskvolume1\windows\system32\dfrgui.exe is ZLIB container\device\harddiskvolume1\windows\system32\dfrgui.exe - container\device\harddiskvolume1\windows\system32\dfdts.dll - Ok\device\harddiskvolume1\windows\system32\ff_vfw.dll - Ok\device\harddiskvolume1\windows\system32\wisptis.exe - Ok\device\harddiskvolume1\windows\system32\uiribbon.dll - Ok\device\harddiskvolume1\windows\system32\display.dll - Ok>\device\harddiskvolume1\windows\system32\winsatapi.dll is ZLIB container\device\harddiskvolume1\windows\system32\winsatapi.dll - container\device\harddiskvolume1\windows\system32\zipfldr.dll - Ok\device\harddiskvolume1\windows\system32\diagcpl.dll - Ok\device\harddiskvolume1\windows\system32\diagperf.dll - Ok\device\harddiskvolume1\windows\system32\bitsigd.dll - Ok\device\harddiskvolume1\windows\system32\vmstorfltres.dll - Ok\device\harddiskvolume1\windows\system32\dispci.dll - Ok\device\harddiskvolume1\windows\system32\winsat.exe - Ok\device\harddiskvolume1\windows\system32\dimsroam.dll - Ok\device\harddiskvolume1\windows\system32\dimsjob.dll - Ok\device\harddiskvolume1\windows\system32\winrnr.dll - Ok\device\harddiskvolume1\windows\system32\winhttp.dll - Ok\device\harddiskvolume1\windows\system32\ui0detect.exe - Ok\device\harddiskvolume1\windows\system32\wiaservc.dll - Ok\device\harddiskvolume1\windows\system32\listsvc.dll - Ok\device\harddiskvolume1\windows\system32\hidserv.dll - Ok\device\harddiskvolume1\windows\system32\midimap.dll - Ok\device\harddiskvolume1\windows\system32\difxapi.dll - Ok\device\harddiskvolume1\windows\system32\shwebsvc.dll - Ok\device\harddiskvolume1\windows\system32\themecpl.dll - Ok\device\harddiskvolume1\windows\system32\whhelper.dll - Ok\device\harddiskvolume1\windows\system32\chkwudrv.dll - Ok\device\harddiskvolume1\windows\system32\whealogr.dll - Ok\device\harddiskvolume1\windows\system32\dhcpqec.dll - Ok\device\harddiskvolume1\windows\system32\dhcpcore6.dll - Ok\device\harddiskvolume1\windows\system32\shsvcs.dll - Ok\device\harddiskvolume1\windows\system32\themeui.dll - Ok\device\harddiskvolume1\windows\system32\dhcpcore.dll - Ok\device\harddiskvolume1\windows\system32\wkssvc.dll - Ok\device\harddiskvolume1\windows\system32\ikeext.dll - Ok\device\harddiskvolume1\windows\system32\wmphoto.dll - Ok\device\harddiskvolume1\windows\system32\vmbusres.dll - Ok\device\harddiskvolume1\windows\system32\umrdp.dll - Ok\device\harddiskvolume1\windows\system32\mmcss.dll - Ok\device\harddiskvolume1\windows\system32\lmhsvc.dll - Ok\device\harddiskvolume1\windows\system32\kmsvc.dll - Ok\device\harddiskvolume1\windows\system32\imaadp32.acm - Ok\device\harddiskvolume1\windows\system32\wlanpref.dll - Ok\device\harddiskvolume1\windows\system32\clusapi.dll - Ok\device\harddiskvolume1\windows\system32\elshyph.dll - Ok\device\harddiskvolume1\windows\system32\wlanconn.dll - Ok\device\harddiskvolume1\windows\system32\oleres.dll - Ok\device\harddiskvolume1\windows\system32\oleaccrc.dll - Ok\device\harddiskvolume1\windows\system32\wlancfg.dll - Ok\device\harddiskvolume1\windows\system32\cleanmgr.exe - Ok\device\harddiskvolume1\windows\system32\blbevents.dll - Ok\device\harddiskvolume1\windows\system32\wlansvc.dll - Ok\device\harddiskvolume1\windows\system32\nlasvc.dll - Ok\device\harddiskvolume1\windows\system32\lltdsvc.dll - Ok\device\harddiskvolume1\windows\system32\wlgpclnt.dll - Ok\device\harddiskvolume1\windows\syswow64\biocredprov.dll - Ok\device\harddiskvolume1\windows\system32\oobefldr.dll - Ok\device\harddiskvolume1\windows\system32\connect.dll - Ok\device\harddiskvolume1\windows\system32\powercpl.dll - Ok\device\harddiskvolume1\windows\system32\powercfg.cpl - Ok\device\harddiskvolume1\windows\system32\comres.dll - Ok\device\harddiskvolume1\windows\system32\dot3cfg.dll - Ok\device\harddiskvolume1\windows\system32\cofiredm.dll - Ok\device\harddiskvolume1\windows\system32\iologmsg.dll - Ok\device\harddiskvolume1\windows\system32\loadperf.dll - Ok\device\harddiskvolume1\windows\system32\localspl.dll - Ok\device\harddiskvolume1\windows\system32\locator.exe - Ok\device\harddiskvolume1\windows\system32\polstore.dll - Ok\device\harddiskvolume1\windows\system32\comdlg32.dll - Ok\device\harddiskvolume1\windows\system32\dot3svc.dll - Ok\device\harddiskvolume1\windows\system32\inetcomm.dll - Ok\device\harddiskvolume1\windows\system32\energy.dll - Ok\device\harddiskvolume1\windows\system32\hnetmon.dll - Ok\device\harddiskvolume1\windows\system32\pnpts.dll - Ok\device\harddiskvolume1\windows\system32\pnrpnsp.dll - Ok\device\harddiskvolume1\windows\system32\snmptrap.exe - Ok\device\harddiskvolume1\windows\system32\pnrpauto.dll - Ok\device\harddiskvolume1\windows\system32\pnrpsvc.dll - Ok\device\harddiskvolume1\windows\system32\unregmp2.exe - Ok\device\harddiskvolume1\windows\system32\dnsrslvr.dll - Ok\device\harddiskvolume1\windows\system32\fntcache.dll - Ok\device\harddiskvolume1\windows\system32\eqossnap.dll - Ok\device\harddiskvolume1\windows\system32\tquery.dll - Ok\device\harddiskvolume1\windows\syswow64\l3codeca.acm - Ok\device\harddiskvolume1\windows\system32\apilogen.dll - Ok\device\harddiskvolume1\windows\system32\mp4sdecd.dll - Ok\device\harddiskvolume1\windows\system32\appidapi.dll - Ok\device\harddiskvolume1\windows\system32\rpchttp.dll - Ok\device\harddiskvolume1\windows\system32\wpd_ci.dll - Ok\device\harddiskvolume1\windows\syswow64\p2pcollab.dll - Ok\device\harddiskvolume1\windows\system32\rpcnsh.dll - Ok\device\harddiskvolume1\windows\syswow64\p2pnetsh.dll - Ok\device\harddiskvolume1\windows\system32\apphlpdm.dll - Ok\device\harddiskvolume1\windows\system32\lpksetup.exe - Ok\device\harddiskvolume1\windows\system32\appmgr.dll - Ok\device\harddiskvolume1\windows\system32\mprmsg.dll - Ok\device\harddiskvolume1\windows\system32\wpcsvc.dll - Ok\device\harddiskvolume1\windows\system32\upnphost.dll - Ok\device\harddiskvolume1\windows\system32\sppsvc.exe - Ok\device\harddiskvolume1\windows\system32\spoolsv.exe - Ok\device\harddiskvolume1\windows\system32\ipnathlp.dll - Ok\device\harddiskvolume1\windows\system32\mprdim.dll - Ok\device\harddiskvolume1\windows\system32\ipsecsvc.dll - Ok\device\harddiskvolume1\windows\system32\mpssvc.dll - Ok\device\harddiskvolume1\windows\system32\iphlpsvc.dll - Ok\device\harddiskvolume1\windows\system32\ipbusenum.dll - Ok\device\harddiskvolume1\windows\system32\gpprefcl.dll - Ok\device\harddiskvolume1\windows\system32\gptext.dll - Ok\device\harddiskvolume1\windows\system32\gpscript.dll - Ok\device\harddiskvolume1\windows\system32\gpprnext.dll - Ok\device\harddiskvolume1\windows\system32\appmgmts.dll - Ok\device\harddiskvolume1\windows\system32\appidsvc.dll - Ok\device\harddiskvolume1\windows\system32\appinfo.dll - Ok\device\harddiskvolume1\windows\system32\gpsvc.dll - Ok\device\harddiskvolume1\windows\system32\msvidctl.dll - Ok\device\harddiskvolume1\windows\system32\mscms.dll - Ok\device\harddiskvolume1\windows\system32\mssha.dll - Ok\device\harddiskvolume1\windows\system32\wsmres.dll - Ok\device\harddiskvolume1\windows\system32\wsqmcons.exe - Ok\device\harddiskvolume1\windows\system32\dsound.dll - Ok>\device\harddiskvolume1\windows\system32\mshtml.dll - packed by BINARYRES\device\harddiskvolume1\windows\system32\mshtml.dll - Ok\device\harddiskvolume1\windows\system32\osbaseln.dll - Ok\device\harddiskvolume1\windows\system32\jscript9.dll - Ok\device\harddiskvolume1\windows\system32\usercpl.dll - Ok\device\harddiskvolume1\windows\system32\mspaint.exe - Ok\device\harddiskvolume1\windows\system32\nshipsec.dll - Ok\device\harddiskvolume1\windows\system32\nshhttp.dll - Ok\device\harddiskvolume1\windows\system32\wshelper.dll - Ok\device\harddiskvolume1\windows\system32\nshwfp.dll - Ok\device\harddiskvolume1\windows\system32\msicofire.dll - Ok\device\harddiskvolume1\windows\system32\msobjs.dll - Ok\device\harddiskvolume1\windows\system32\msaudite.dll - Ok\device\harddiskvolume1\windows\system32\iscsilog.dll - Ok\device\harddiskvolume1\windows\system32\wshext.dll - Ok\device\harddiskvolume1\windows\system32\wsepno.dll - Ok\device\harddiskvolume1\windows\system32\usbperf.dll - Ok\device\harddiskvolume1\windows\system32\msimsg.dll - Ok\device\harddiskvolume1\windows\system32\mstscax.dll - Ok\device\harddiskvolume1\windows\system32\rstrtmgr.dll - Ok\device\harddiskvolume1\windows\system32\ksproxy.ax - Ok\device\harddiskvolume1\windows\system32\mscoree.dll - Ok\device\harddiskvolume1\windows\system32\wsdmon.dll - Ok\device\harddiskvolume1\windows\system32\usbmon.dll - Ok\device\harddiskvolume1\windows\system32\wscsvc.dll - Ok\device\harddiskvolume1\windows\system32\wsmsvc.dll - Ok\device\harddiskvolume1\windows\system32\vssvc.exe - Ok\device\harddiskvolume1\windows\system32\sstpsvc.dll - Ok\device\harddiskvolume1\windows\system32\ssdpsrv.dll - Ok\device\harddiskvolume1\windows\system32\nsisvc.dll - Ok\device\harddiskvolume1\windows\system32\msscntrs.dll - Ok\device\harddiskvolume1\windows\system32\msiexec.exe - Ok\device\harddiskvolume1\windows\system32\iscsiexe.dll - Ok\device\harddiskvolume1\windows\system32\msdtc.exe - Ok\device\harddiskvolume1\windows\system32\msdtckrm.dll - Ok\device\harddiskvolume1\windows\system32\userinit.exe - Ok\device\harddiskvolume1\windows\system32\tsbyuv.dll - Ok\device\harddiskvolume1\windows\system32\msyuv.dll - Ok\device\harddiskvolume1\windows\system32\msacm32.drv - Ok\device\harddiskvolume1\windows\system32\msadp32.acm - Ok\device\harddiskvolume1\windows\system32\msgsm32.acm - Ok\device\harddiskvolume1\windows\system32\msg711.acm - Ok\device\harddiskvolume1\windows\system32\msvidc32.dll - Ok\device\harddiskvolume1\windows\system32\msrle32.dll - Ok\device\harddiskvolume1\windows\system32\lsdelete.exe - Ok\device\harddiskvolume1\windows\system32\dskquota.dll - Ok\device\harddiskvolume1\windows\system32\cscobj.dll - Ok\device\harddiskvolume1\windows\system32\mscories.dll - Ok\device\harddiskvolume1\windows\system32\cscsvc.dll - Ok\device\harddiskvolume1\windows\system32\credui.dll - Ok\device\harddiskvolume1\windows\system32\prflbmsg.dll - Ok\device\harddiskvolume1\windows\system32\srcore.dll - Ok\device\harddiskvolume1\windows\system32\trkwks.dll - Ok\device\harddiskvolume1\windows\system32\srvsvc.dll - Ok\device\harddiskvolume1\windows\system32\browser.dll - Ok\device\harddiskvolume1\windows\system32\bubbles.scr - Ok\device\harddiskvolume1\windows\system32\fundisc.dll - Ok\device\harddiskvolume1\windows\system32\authfwcfg.dll - Ok\device\harddiskvolume1\windows\system32\quartz.dll - Ok\device\harddiskvolume1\windows\system32\audioses.dll - Ok\device\harddiskvolume1\windows\system32\wudfsvc.dll - Ok\device\harddiskvolume1\windows\system32\wuaueng.dll - Ok\device\harddiskvolume1\windows\system32\autochk.exe - Ok\device\harddiskvolume1\windows\system32\auditcse.dll - Ok\device\harddiskvolume1\windows\system32\rundll32.exe - Ok\device\harddiskvolume1\windows\system32\audiosrv.dll - Ok\device\harddiskvolume1\windows\system32\stikynot.exe - Ok\device\harddiskvolume1\windows\system32\cttune.exe - Ok\device\harddiskvolume1\windows\system32\ntprint.dll - Ok\device\harddiskvolume1\windows\system32\ktmw32.dll - Ok\device\harddiskvolume1\windows\system32\fthsvc.dll - Ok\device\harddiskvolume1\windows\system32\ntvdm64.dll - Ok\device\harddiskvolume1\windows\system32\atiesrxx.exe - Ok\device\harddiskvolume1\windows\system32\bthserv.dll - Ok\device\harddiskvolume1\windows\system32\wwanadvui.dll - Ok\device\harddiskvolume1\windows\system32\dwrite.dll - Ok\device\harddiskvolume1\windows\system32\dwmredir.dll - Ok\device\harddiskvolume1\windows\system32\dwmcore.dll - Ok\device\harddiskvolume1\windows\system32\wwancfg.dll - Ok\device\harddiskvolume1\windows\system32\fwcfg.dll - Ok\device\harddiskvolume1\windows\system32\xwizards.dll - Ok\device\harddiskvolume1\windows\system32\wwansvc.dll - Ok\device\harddiskvolume1\windows\system32\swprv.dll - Ok\device\harddiskvolume1\windows\system32\qwave.dll - Ok\device\harddiskvolume1\windows\system32\fveapi.dll - Ok\device\harddiskvolume1\windows\system32\sysmain.dll - Ok\device\harddiskvolume1\windows\system32\iyuv_32.dll - Ok\device\harddiskvolume1\windows\system32\dxpserver.exe - Ok\device\harddiskvolume1\windows\system32\sxproxy.dll - Ok\device\harddiskvolume1\windows\system32\fxsevent.dll - Ok\device\harddiskvolume1\windows\system32\fxsmon.dll - Ok\device\harddiskvolume1\windows\system32\uxsms.dll - Ok\device\harddiskvolume1\windows\system32\axinstsv.dll - Ok\device\harddiskvolume1\windows\system32\fxssvc.exe - Ok\device\harddiskvolume1\windows\system32\microsoft-windows-hal-events.dll - Ok\device\harddiskvolume1\windows\system32\tzutil.exe - Ok>\device\harddiskvolume1\program files\common files\microsoft shared\ink\mip.exe is ZLIB container\device\harddiskvolume1\program files\common files\microsoft shared\ink\mip.exe - container\device\harddiskvolume1\windows\system32\itss.dll - Ok\device\harddiskvolume1\windows\system32\wmp.dll - Ok\device\harddiskvolume1\windows\system32\apds.dll - Ok\device\harddiskvolume1\windows\system32\dxgi.dll - Ok\device\harddiskvolume1\windows\system32\intl.cpl - Ok\device\harddiskvolume1\windows\microsoft.net\framework\v4.0.30319\microsoft.windows.applicationserver.applications.dll - Ok\device\harddiskvolume1\windows\system32\onex.dll - Ok\device\harddiskvolume1\windows\system32\mf.dll - Ok\device\harddiskvolume1\windows\system32\msdt.exe - Ok\device\harddiskvolume1\windows\system32\udwm.dll - Ok\device\harddiskvolume1\windows\system32\sysprep\sysprep.exe - Ok\device\harddiskvolume1\windows\system32\sud.dll - Ok\device\harddiskvolume1\windows\system32\drt.dll - Ok\device\harddiskvolume1\windows\system32\tsmf.dll - Ok\device\harddiskvolume1\windows\system32\dccw.exe - Ok\device\harddiskvolume1\windows\system32\wusa.exe - Ok\device\harddiskvolume1\windows\system32\wdc.dll - Ok\device\harddiskvolume1\windows\system32\pdh.dll - Ok\device\harddiskvolume1\windows\system32\van.dll - Ok\device\harddiskvolume1\windows\system32\wpc.dll - Ok\device\harddiskvolume1\windows\system32\ncsi.dll - Ok>\device\harddiskvolume1\windows\system32\calc.exe is ZLIB container\device\harddiskvolume1\windows\system32\calc.exe - container\device\harddiskvolume1\windows\system32\osk.exe - Ok\device\harddiskvolume1\windows\system32\wfs.exe - Ok\device\harddiskvolume1\windows\system32\pots.dll - Ok\device\harddiskvolume1\windows\system32\fms.dll - Ok\device\harddiskvolume1\windows\system32\rtm.dll - Ok\device\harddiskvolume1\windows\system32\msra.exe - Ok\device\harddiskvolume1\windows\system32\dwm.exe - Ok\device\harddiskvolume1\windows\system32\ulib.dll - Ok\device\harddiskvolume1\windows\system32\wdi.dll - Ok\device\harddiskvolume1\windows\system32\vds.exe - Ok\device\harddiskvolume1\windows\system32\sens.dll - Ok\device\harddiskvolume1\windows\system32\pla.dll - Ok\device\harddiskvolume1\windows\system32\cmd.exe - Ok\device\harddiskvolume1\windows\system32\alg.exe - Ok\device\harddiskvolume1\windows\system32\bfe.dll - Ok\device\harddiskvolume1\windows\system32\qmgr.dll - Ok\device\harddiskvolume1\windows\system32\dps.dll - Ok\device\harddiskvolume1\windows\system32\spreview\spreview.exe - Ok\device\harddiskvolume1\users\p. miller\appdata\roaming\microsoft\windows\start menu\programs\startup\openoffice.org 3.2.lnk - Ok\device\harddiskvolume1\windows\system32\wdiasqmmodule.dll - Ok\device\harddiskvolume1\windows\system32\bdehdcfglib.dll - Ok\device\harddiskvolume1\windows\system32\syncinfrastructure.dll - Ok\device\harddiskvolume1\windows\system32\rdrleakdiag.exe - Ok\device\harddiskvolume1\program files\common files\microsoft shared\windows live\wlidcredprov.dll - Ok\device\harddiskvolume1\program files\common files\microsoft shared\windows live\wlidnsp.dll - Ok\device\harddiskvolume1\program files\common files\microsoft shared\windows live\wlidsvc.exe - Ok\device\harddiskvolume1\windows\system32\drivers\rdpvideominiport.sys - Ok\device\harddiskvolume1\windows\syswow64\certcredprovider.dll - Ok\device\harddiskvolume1\program files (x86)\bonjour\mdnsnsp.dll - Ok\device\harddiskvolume1\windows\system32\drivers\rimserial_amd64.sys - Ok\device\harddiskvolume1\windows\system32\microsoft-windows-kernel-processor-power-events.dll - Ok\device\harddiskvolume1\program files (x86)\common files\apple\apple application support\apsdaemon.exe - Ok\device\harddiskvolume1\windows\system32\portabledevicesyncprovider.dll - Ok\device\harddiskvolume1\windows\system32\d3d10level9.dll - Ok\device\harddiskvolume1\program files\bonjour\mdnsresponder.exe - Ok>\device\harddiskvolume1\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exe is ZIP archive\device\harddiskvolume1\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exe - Ok\device\harddiskvolume1\users\p. miller\appdata\roaming\dropbox\bin\dropbox.exe - archive\device\harddiskvolume1\windows\microsoft.net\framework64\v3.0\windows communication foundation\servicemodelevents.dll - Ok\device\harddiskvolume1\program files (x86)\common files\adobe\arm\1.0\armsvc.exe - Ok\device\harddiskvolume1\windows\system32\d3d10_1core.dll - Ok\device\harddiskvolume1\windows\system32\smartcardcredentialprovider.dll - Ok\device\harddiskvolume1\windows\syswow64\smartcardcredentialprovider.dll - Ok\device\harddiskvolume1\program files\windows mail\winmail.exe - Ok\device\harddiskvolume1\program files\windows media player\wmpsideshowgadget.exe - Ok>\device\harddiskvolume1\program files\common files\microsoft shared\ink\tabskb.dll is ZLIB container\device\harddiskvolume1\program files\common files\microsoft shared\ink\tabskb.dll - container\device\harddiskvolume1\program files\windows defender\mpevmsg.dll - Ok\device\harddiskvolume1\program files\windows defender\mpsvc.dll - Ok\device\harddiskvolume1\program files\common files\microsoft shared\windows live\windowslivelogin.dll - Ok\device\harddiskvolume1\program files\common files\microsoft shared\ink\rtscom.dll - Ok\device\harddiskvolume1\windows\system32\wudfplatform.dll - Ok\device\harddiskvolume1\program files\common files\microsoft shared\ink\inputpersonalization.exe - Ok\device\harddiskvolume1\windows\ehome\ehsched.exe - Ok\device\harddiskvolume1\windows\ehome\ehrecvr.exe - Ok\device\harddiskvolume1\program files\windows nt\accessories\wordpad.exe - Ok\device\harddiskvolume1\program files\windows sidebar\sidebar.exe - Ok\device\harddiskvolume1\program files\common files\microsoft shared\ink\mshwlatin.dll - Ok\device\harddiskvolume1\windows\servicing\trustedinstaller.exe - Ok\Registry\AutoRun:Body:b408a37269fb2766db248093acdc6e8e28e63aa1 - Ok\Registry\AutoRun:Body:6a65576325bafb8e7250bcb4b01a77476c878f4a - Ok\Registry\AutoRun:Body:ed117af4602e3d6ee19817a6fd1c2e6a5cd9a3ec - Ok\Registry\AutoRun:Body:bdc7564b6ae185dd4ac928ead0f97fd30f9ce014 - Ok\Registry\AutoRun:Body:b0723c842881f1611397b42a14f6a9d0771cd7f7 - Ok\Registry\AutoRun:Body:ca667fb5da4b8c8896ef34f29309ce1f7c6da0dd - Ok\Registry\AutoRun:Body:76f3936fb2fe60223cf498e6bdaf81c4676fe599 - Ok\Registry\AutoRun:Body:366d13bcd41cc1cefb1e85eddbf1c7892f7c0844 - Ok\Registry\AutoRun:Body:1353b9fbb8face9f4ff662f25432ffe1c4c03db7 - Ok\Registry\AutoRun:Body:c65133079d0edf35dc9f8e8a4b5773c44f6e4573 - Ok\Registry\AutoRun:Body:98a5b665938f6e499c4e237a51a413f1927cfa3c - Ok\Registry\AutoRun:Body:bf6d7ccc60beae38a8355bef65a7a5070dbab397 - Ok\Registry\AutoRun:Body:348552e1670da7f7900c7653a0114bf031bd56cd - Ok\Registry\AutoRun:Body:e7c6318a10ae283fdb45e14bfdd97f04cc07496c - Ok\Registry\AutoRun:Body:bcf4499d32094d7e71b6c3d786eebffcfc88310c - Ok\Registry\AutoRun:Body:10f93fac45cca74ee05cca38c1e4128eed6051e0 - Ok\Registry\AutoRun:Body:b5f675beb8bfbd5f1ae845f2172ee8449780f1ab - Ok\Registry\AutoRun:Body:7249b5c5c24918570f59a686d0f597b38e78d805 - Ok\Registry\AutoRun:Body:1ec927b39ca6969f14968b83182554ffa7f242ec - Ok\Registry\AutoRun:Body:b8761f590d575c02878fbcafc7086e6c0c4ac7cb - Ok\Registry\AutoRun:Body:275e0e1f66857c4263df720e815f941e422a9d1d - Ok\Registry\AutoRun:Body:a35508b36c45ff1155cd9522c8bc7e9bd9a71a12 - Ok\Registry\AutoRun:Body:e4ad4fa4a7f2f00ab74a05e20723bbfa2b27dd31 - Ok\Registry\AutoRun:Body:8e5c714b340d50723da0aa55f89ba1ef3c92c8b5 - Ok\Registry\AutoRun:Body:2f727c3f538a9802fbc54bf77b3b34fc8f8e8810 - Ok\Registry\AutoRun:Body:21843df8745e90029ecd2f87bbc7a8467d0f4355 - Ok\Registry\AutoRun:Body:ce15eed8d1bff9af8214acd633fa7b35166c944c - Ok\Registry\AutoRun:Body:a98eca4590109c348fb8a63b22867c602db8b2aa - Ok\Registry\AutoRun:Body:6fc317f403a48567a588faae263a782c2fc39612 - Ok\Registry\AutoRun:Body:08a6644f2b7161b146ec43ef444cba0b4ae11c8b - Ok\Registry\AutoRun:Body:9606ddaf95c35dbb244f95716bc6c2908bc15058 - Ok\Registry\AutoRun:Body:35c7832695d3b0f61958b7dbabcf74c37b9c22fe - Ok\Registry\AutoRun:Body:9fcc4c5b69be3b0f0ded26b4d7307f16314e9b11 - Ok\Registry\AutoRun:Body:e75074d0beb7547a9b2788f256f38e9a4a1469df - Ok\Registry\AutoRun:Body:38d158ee99b5464452364e45918d44a4d9bf23ef - Ok\Registry\AutoRun:Body:a747cb0555142be8b1782501c0c091f7ef42d490 - Ok\Registry\AutoRun:Body:a9f3ed33d62537c56c63a4186ced23b368466fab - Ok\Registry\AutoRun:Body:ec1c50fc24e9258d034e841c86ee934b1c0e5fe0 - Ok\Registry\AutoRun:Body:52c108203499b3f232d3ef9075ff7b985aef3d4c - Ok\Registry\AutoRun:Body:f3d252074744491bd175d0e11cbefb5ba14edf40 - Ok\Registry\AutoRun:Body:ef9505aa11428f025fb3048ed9ad21e91308a29d - Ok\Registry\AutoRun:Body:f72200e3f49b28093afd8809c589543bb400e037 - Ok\Registry\AutoRun:Body:482b05fd9c4bb7cbcd836c27fa40fc34e9737d02 - Ok\Registry\AutoRun:Body:cd4cf499d0f8b8d5a25a02329e99c62b13c9bf47 - Ok\Registry\AutoRun:Body:09d768fefba257442fef3347117ef3d1b409e158 - Ok\Registry\AutoRun:Body:e541951ae9de3bc8b489791cc7157ea15bee1629 - Ok\Registry\AutoRun:Body:ed2da24add31f62a659a7f603d7b45aac44772e3 - Ok\Registry\AutoRun:Body:6e9eb27abc588cdaccd71b066ab9dfe544f6d6e8 - Ok\Registry\AutoRun:Body:1489f923c4dca729178b3e3233458550d8dddf29 - Ok\Registry\AutoRun:Body:e2469bad3070dcbeee034355da19b2ebe346eaf6 - Ok\Registry\AutoRun:Body:6c598c070fa267604cfa677af3811f5c6f95c9ec - Ok\Registry\AutoRun:Body:1546e0f2479cc3fcdd66283acb7046af9e622e1a - Ok\Registry\AutoRun:Body:c465a107295a530790110b866da290d17e4836e9 - Ok\Registry\AutoRun:Body:6bd2c440b01d938ad37d57514cf64017385d6f42 - Ok\Registry\AutoRun:Body:bfeffdc34c7ecf01adbda9abc0a2999f70a64fb6 - Ok\Registry\AutoRun:Body:5d48c951d1ec15941a12c263a53899b82afc3cbb - Ok\Registry\AutoRun:Body:4e0948c11385865145e24f06b2928b91962b3c2b - Ok\Registry\AutoRun:Body:be9748cba5ca651cea1ef09ea748d5c0a92c848d - Ok\Registry\AutoRun:Body:c4b14a2cc2b819c47ee2e15f5e854aaef33e2876 - Ok\Registry\AutoRun:Body:6cf50f6938b3756a92bf7fc4be8107afcece0111 - Ok\Registry\AutoRun:Body:e48734463f89752a2657c5d4e28dbc003d30b81b - Ok\Registry\AutoRun:Body:c7093eb535b1ec98596392fb4fe72635b0b20a27 - Ok\Registry\AutoRun:Body:1256d0c503e243639256989c2580767230f9fc82 - Ok\Registry\AutoRun:Body:daff1b7b3bacdb2302c9e48cadaa36df7fe77240 - Ok\Registry\AutoRun:Body:14a6981ec238c25149df6439758cbd5772c63bc2 - Ok\Registry\AutoRun:Body:e966f4185179a1499ee6062c45463e3a9cd7595b - Ok\Registry\AutoRun:Body:b0b453cad9f9f13f618a58ff0f730aa32746dd15 - Ok\Registry\AutoRun:Body:8ca935b98fbbf2e0bf6968e183b70f211f17e8ca - Ok\Registry\AutoRun:Body:3853ea46c45c78894fe6230985939def4b0a4cbc - Ok\Registry\AutoRun:Body:452594730add7b718f9fd76f4ae9d00b16dd113a - Ok\Registry\AutoRun:Body:0a95e90b019635a6dc86f517fe5aa3b0932137ac - Ok\Registry\AutoRun:Body:b73c464e6d1d050616a47debc104c3cf95eea706 - Ok\Registry\AutoRun:Body:405bb2931b608e81ccba3fa33686684bdb25acfe - Ok\Registry\AutoRun:Body:7b471f23b0844c99e6a7a7994caf5ae1d3a013aa - Ok\Registry\AutoRun:Body:e5ae52012bd91c08feb2f50f75a2f90b98950245 - Ok\Registry\AutoRun:Body:49872ada180782ba05b433e2451bf62483dd8d2f - Ok\Registry\AutoRun:Body:a417cf269e9e0d263726678146ceed15745a38c2 - Ok\Registry\AutoRun:Body:7e3ee0f1cc7d7bb28aa7f5896e6595e4fb08da0d - Ok\Registry\AutoRun:Body:9c1faf2c727e4b34f9a5134a87cb00242b88d368 - Ok\Registry\AutoRun:Body:0f61bfc52f9a2810e5cd19c6df420d43a0ea4722 - Ok\Registry\AutoRun:Body:33f4c9ace5742c66c6691763474096975054c3c9 - Ok\Registry\AutoRun:Body:69f54bd8cc5322074ede9c8bcccc082d6b6c6f5c - Ok\Registry\AutoRun:Body:2337105f2a596671273988c05d585e17d08f8f3e - Ok\Registry\AutoRun:Body:a282dd9fa5915034b346e6531b0cdc0fe2613109 - Ok\Registry\AutoRun:Body:2db7c618e19a69c62930007cddd11922f5c35a2b - Ok\Registry\AutoRun:Body:c2e3dbebc14df99fab8ca9714bc76b5f9f169b3f - Ok\Registry\AutoRun:Body:4a422f06804a2f83c4a8f793ede32f6c01c94bf8 - Ok\Registry\AutoRun:Body:5a449a68ef0c6cbc426efe22acbf569a0e5dd266 - Ok\Registry\AutoRun:Body:3f209c93b8905232959731bacdcf796f59083f5b - Ok\Registry\AutoRun:Body:c5be12241990e57ed40fab34a8cb1712f4c5c574 - Ok\Registry\AutoRun:Body:18b9110c65c40b198e341ae1744ece73589e8962 - Ok\Registry\AutoRun:Body:1a0e6dea4c7cb7cf7f4dfa6b655b724e29b57eeb - Ok\Registry\AutoRun:Body:14d875eacf73529e91d5c2816b307e8e4fcf6e88 - Ok\Registry\AutoRun:Body:df81718481c2d0f45a93b62928c4dd8377773c29 - Ok\Registry\AutoRun:Body:65aa5e1e209fdd0d203c8593ad52abeb1a1fed3a - Ok\Registry\AutoRun:Body:7d837fcb139f45023e81841acc83a73a4b2c6041 - Ok\Registry\AutoRun:Body:1e0ae6de312665d7d2c7e7caf3752819cf6e2a08 - Ok\Registry\AutoRun:Body:94684850d3d39238e851c724091ff6759391cb38 - Ok\Registry\AutoRun:Body:db8c6d1546ed084fc626d681f6620ef5a5b1b843 - Ok\Registry\AutoRun:Body:cfcd06d1bfa99ce186e0ac1b2bf11ca7111d9b21 - Ok\Registry\AutoRun:Body:4e771e2f7e293494937d4b88b09e27c61d5944dd - Ok\Registry\AutoRun:Body:92c62417a3a586dadda73e43be5245c2966cb8b3 - Ok\Registry\AutoRun:Body:a99c995dd7a2293b880b0d8e877f6eb89b061acc - Ok\Registry\AutoRun:Body:dd5ca370e842bc3fb0970fb9b63e48abfc1b2318 - Ok\Registry\AutoRun:Body:8ff7c4069f7fd33148bdc52951c1175585a67a59 - Ok\Registry\AutoRun:Body:09e721643191d3eefe8aa48ae1670f240304ddde - Ok\Registry\AutoRun:Body:d13a59aca0ad9aed899d27298fb9e712ba16339a - Ok\Registry\AutoRun:Body:e7f404760d44a3817d3791408dae899865c900d9 - Ok\Registry\AutoRun:Body:b013dbd0877797763c889415614123b75e6fb133 - Ok\Registry\AutoRun:Body:eed96573de2cea9290e074062c796b0d400a35f2 - Ok\Registry\AutoRun:Body:e7f2e7b96464c87dfa7ea533907a9bca9c101863 - Ok\Registry\AutoRun:Body:f1983a334550435ab19e82d5006b691177f5ea4c - Ok\Registry\AutoRun:Body:54b3389ddf7ad531adecf4708f83149e864cc85f - Ok\Registry\AutoRun:Body:0943e29349a40bbbcd51e1baf47ac52a36e33897 - Ok\Registry\AutoRun:Body:4ac58f58437bc41a4984ac9c826c9dc5cdb3d828 - Ok\Registry\AutoRun:Body:fa58708f00b22151d8b3dbf015d0ea296f7ea198 - Ok\Registry\AutoRun:Body:467e4f6601b293c9f76cd5693d607a354d3d20cc - Ok\Registry\AutoRun:Body:3608c4fe4fb89e22ceddac1895b178ca97c9e42c - Ok\Registry\AutoRun:Body:7b738ddc67b1e3c1f157a860e00dbfac29a6ed86 - Ok\Registry\AutoRun:Body:e21945d223b1ff9b3f29ef408630e07d403fc75d - Ok\Registry\AutoRun:Body:1ebb55a22c9f14b8c1b776036578e6419ff050ce - Ok\Registry\AutoRun:Body:ddca8dae4c2602745516e83b5ed7a4909f287c32 - Ok\Registry\AutoRun:Body:25148eb772c43211259fdb867296d7a94facda23 - Ok\Registry\AutoRun:Body:feffc024aa1f2c005b92b4551833c338a0a90c78 - Ok\Registry\AutoRun:Body:5f72164e928ae08d588370760c472286b45488ad - Ok\Registry\AutoRun:Body:027bf2a159eebf3343b1f056814a134b9c8bcc10 - Ok\Registry\AutoRun:Body:28b74c8659889bb8832f99ae52665db229acf38d - Ok\Registry\AutoRun:Body:baec97c672380e37ff935b1b32eef824e129f365 - Ok\Registry\AutoRun:Body:fcf356a70ab3436b97aefe9fe1271b27f84d53c3 - Ok\Registry\AutoRun:Body:77fc5b8a80dac27b46ce1b582135759bcc616474 - Ok\Registry\AutoRun:Body:0ec565074e4c25161a5500f40db395a6ffd70e56 - Ok\Registry\AutoRun:Body:43c6cd19f1032a94dc6da4d33ae64223e784a470 - Ok\Registry\AutoRun:Body:9003157ce8cc9d5550adf9b1ef677881ac34ecc3 - Ok\Registry\AutoRun:Body:44486b13cda82e54a31194a3588857803f9d1e57 - Ok\Registry\AutoRun:Body:993c65e44a65e25c4abab767f51f6ee298c5e146 - Ok\Registry\AutoRun:Body:eef5cb4adcaa3348ef6101bb83615fa23830b7f0 - Ok\Registry\AutoRun:Body:0c7a6d157daa7e7f7ca199cb2aa4c467ec5ab2dc - Ok\Registry\AutoRun:Body:be9c18c651c41d43af504e65b3cb2100fc83c409 - Ok\Registry\AutoRun:Body:dac9da49225f303fe58f97a2b87e9fc211b1b848 - Ok\Registry\AutoRun:Body:b8cb6b3de866f2fd1f17996fee01cec4748a03e8 - Ok\Registry\AutoRun:Body:1201d8d88b724c8eaa8dc3afed6c013d6d47ef87 - Ok\Registry\AutoRun:Body:33d77db420652eeb057204e8e75f6f0e5e1e1013 - Ok\Registry\AutoRun:Body:3ff236a75ad2fce41c21c5ebcb90ef396be539ec - Ok\Registry\AutoRun:Body:123f60af486cc4f96f01aa4434d01c2436fe3c7e - Ok\Registry\AutoRun:Body:d742c6b01fe4b5d54ee43a031637753232284e8b - Ok\Registry\AutoRun:Body:c625bbf0a44848a848212debb4f79650f0f01e6e - Ok\Registry\AutoRun:Body:28daa205cc637404499adf696cad93c021047f54 - Ok\Registry\AutoRun:Body:d57a1666669b4d19d45a3cbcabf16eec32bac127 - Ok\Registry\AutoRun:Body:755baaf580a66a5916d1a50f275310c629f333ea - Ok\Registry\AutoRun:Body:8c4cd62b6b48cae90e39e756f16ea1dbfa807997 - Ok\Registry\AutoRun:Body:36ed242c478ad485eb7023ea4e42bb1a06b79f73 - Ok\Registry\AutoRun:Body:0cb2517e65265f18a1f047389b407f6bafd09121 - Ok\Registry\AutoRun:Body:5ec6bec2999a9ec72719baa7cd32f36e6287b635 - Ok\Registry\AutoRun:Body:091de81bd146ab7b29692c293d2411f2accad4ec - Ok\Registry\AutoRun:Body:1bf5dc622ba9884a20d88648d3b54f3ee60e9a33 - Ok\Registry\AutoRun:Body:3d9e1528c5c5f955bb3c0baf4412850f7b2ac721 - Ok\Registry\AutoRun:Body:425813ff2a2780a1e738187868a27ab3c1d07dd8 - Ok\Registry\AutoRun:Body:2ddb47d02c73687d2ab5b1dce52241575d1afdbc - Ok\Registry\AutoRun:Body:2e08dfe5f6258610e92dd200ae8fa74d5815be27 - Ok\Registry\AutoRun:Body:71bddf659bddd7fbfbf4ed30901bcde45ad0cb2d - Ok\Registry\AutoRun:Body:c33c8e4002e1ed1c3a5cbf318575624432c7cdc6 - Ok\Registry\AutoRun:Body:4b0258793e217f002d7c470630fc4bdab8f832d9 - Ok\Registry\AutoRun:Body:b17dfc33fc1a1c3e127bfe2a3b98eb13efee4b43 - Ok\Registry\AutoRun:Body:0631db29e299a763699243e52a9a72a3ca5792c0 - Ok\Registry\AutoRun:Body:ebdfe07b17cdefa84748c3908eba777cbd393399 - Ok\Registry\AutoRun:Body:401afd08f96cce885461dcab3f1a7717210c89ae - Ok\Registry\AutoRun:Body:b029d91940e01fba9e8c1c384f2af6a1398fe862 - Ok\Registry\AutoRun:Body:fa2abdff1b370b561d849f9c3e4c11b7044e6689 - Ok\Registry\AutoRun:Body:c5629a1afab7c158cc2be20458a2883f8c02f3cc - Ok\Registry\AutoRun:Body:b2029e04803f3edbfcd88a1957eade9bd38d2714 - Ok\Registry\AutoRun:Body:093e0cd5d0fcb4c5c367e26bd7449aeb331e760c - Ok\Registry\AutoRun:Body:0c1629fc1fcaf581bc361c1f872ca51709364bf4 - Ok\Registry\AutoRun:Body:0b8968797122b5651296c11750085c12ad23a4a3 - Ok\Registry\AutoRun:Body:2b8780c5ea526ceb7f1c822229cdea0ad6511653 - Ok\Registry\AutoRun:Body:9278940d66796c3d6a1add92e3a5a409a04a5043 - Ok\Registry\AutoRun:Body:8128325f04c436849a552178bd17afad691aa3c2 - Ok\Registry\AutoRun:Body:8048e69240f5b16d5a5d3b60a43fb4d886a94b9f - Ok\Registry\AutoRun:Body:e637ba9aa7db66ae1dbb51c3da376648396a861a - Ok\Registry\AutoRun:Body:c756a852332c871e49e587d6424062d82d32aa84 - Ok\Registry\AutoRun:Body:1ed90e6765ec264105cc0797e491b08bdea5a209 - Ok\Registry\AutoRun:Body:6364e21a89dddeaf7d874aac775f579969237bf6 - Ok\Registry\AutoRun:Body:1642bb3e7ba48d7e065e6d50b4e345c7d34df47a - Ok\Registry\AutoRun:Body:2c5b15226a25b81495f84a64e9f92bcc4188b46b - Ok\Registry\AutoRun:Body:b7b84e63eed5f82e08459c2a3572f93e1feb2f9c - Ok\Registry\AutoRun:Body:99d0785e3f2b5730c9a4ceb4fa3b3a9abed99354 - Ok\Registry\AutoRun:Body:3c02a1ac5e8068e013500218d967240e3c6808ae - Ok\Registry\AutoRun:Body:32d80ae6471687032dfa49970f4b47ee45b4679a - Ok\Registry\AutoRun:Body:31d23fa6ca5d53e47b7438c6b265fb4bf2eeeab9 - Ok\Registry\AutoRun:Body:5dc9d2da719c4622a8b7eaa3e9d9fbabd76b677d - Ok\Registry\AutoRun:Body:72aaead091cb728822ac5e4f7ac8873c0c42aa22 - Ok\Registry\AutoRun:Body:0ebcae7e546c757e2d8bd902d2320d8cf071d62c - Ok\Registry\AutoRun:Body:92aee74558ff1d99a1a9764cbe510f0ef86ea485 - Ok\Registry\AutoRun:Body:8c3a1c3936042162f9e41cbd0244b3932d59eb26 - Ok\Registry\AutoRun:Body:8321e0ec2545a8dd81014d2a8c477a87efd619e0 - Ok\Registry\AutoRun:Body:a04af6bdede5a719205588bcf59af9d1f4e09497 - Ok\Registry\AutoRun:Body:a9295bc6bff61dc19082b0e66403cf442e76ce9a - Ok\Registry\AutoRun:Body:4cd406f63be74ccb0bffa128b770ac3ca8a2647d - Ok\Registry\AutoRun:Body:722ff23af0f603de31239e059ed13fce397433b7 - Ok\Registry\AutoRun:Body:e9a7e17cc7d4f78b30a4cf434d223330bdbb4b93 - Ok\Registry\AutoRun:Body:21b532fc71b1571d4277021a5da7e2f22381214d - Ok\Registry\AutoRun:Body:e8e6c3589e029194073c232e076a5b87b72c2fa2 - Ok\Registry\AutoRun:Body:0beb4f306617f3b1c0a3ed49c12474f1e35fd994 - Ok\Registry\AutoRun:Body:fa8a20c74e59f84d9a80691fe380b6ce368370f1 - Ok\Registry\AutoRun:Body:7bf479e0468c19d03f4caa0451735a1c40a1510a - Ok\Registry\AutoRun:Body:4f6e970a95566773fd1be8d903862c0b8edb439b - Ok\Registry\AutoRun:Body:b94d0e6026b9eb704d976045d92be3c73f506945 - Ok\Registry\AutoRun:Body:9cf2540d764329c458b4287355f4080cef27b2c4 - Ok\Registry\AutoRun:Body:67401099ec3b415743462c12afab5486d9605060 - Ok\Registry\AutoRun:Body:440ff9e67e50f66ec3d119046ba3abf68135571d - Ok\Registry\AutoRun:Body:b10fdfc15c5ea29b3af4e67be8f31e730f65721c - Ok\Registry\AutoRun:Body:029792df551ddb522a0a252ee37c3537b1f682a0 - Ok\Registry\AutoRun:Body:87205e1b18f9592ea37668c266b08a0a4bb8fc9b - Ok\Registry\AutoRun:Body:d189fc48a8e2bffe2f03f0dd3807840ecac82d48 - Ok\Registry\AutoRun:Body:dfa73cbe473d867a63f1d515d5ba5c987511627a - Ok\Registry\AutoRun:Body:4edcb60df1c86b5338c732b527201a9866feafdf - Ok\Registry\AutoRun:Body:3dea8d5301041fe68eb84492534b8cf243dcd3ad - Ok\Registry\AutoRun:Body:78cb1f5502e49d836ffaf84ee8ab62c5d654a60c - Ok\Registry\AutoRun:Body:042faf49acb41eba2e45e3f9fccfa22835547518 - Ok\Registry\AutoRun:Body:438f6651562016ec4c14b9dacf1cd976eb996bd7 - Ok\Registry\AutoRun:Body:4e4269d14e0c0c656670dbdcad4477bc9121242c - Ok\Registry\AutoRun:Body:fe01b86296e9a079d539d72f7d5128b3957e0356 - Ok\Registry\AutoRun:Body:26d87f436399daefe9c394134c51b41279fe7e50 - Ok\Registry\AutoRun:Body:1529841961d1e1b12fde0b7d10c842203783c9e1 - Ok\Registry\AutoRun:Body:6a6df875ad2de09e90408337d59a5eabcda1c605 - Ok\Registry\AutoRun:Body:4e18f984a534f653ed6d6ef32b6e5d159bfe0860 - Ok\Registry\AutoRun:Body:63ec4eb9cbcaa773f70222ece102a896d1c0577c - Ok\Registry\AutoRun:Body:dfff8f53483fbe525bfef2318950bda98b0f4995 - Ok\Registry\AutoRun:Body:28f8b6ad83429c80bd5fbe6bb1dc2999e323db69 - Ok\Registry\AutoRun:Body:bc2a0f78c9a6b1d9c381ea49d7c236b1e0e65ac9 - Ok\Registry\AutoRun:Body:bafc45ac22fddd10b8bc243989cb504e5f03436b - Ok\Registry\AutoRun:Body:07ca812bbab255022c4bcf1562b4e548e4ca996e - Ok\Registry\AutoRun:Body:fc157564b9889b7733efb6550952b335aa832c7a - Ok\Registry\AutoRun:Body:f5ca4a9babdfdb34f6cfd4219629f33697f84fc3 - Ok\Registry\AutoRun:Body:cd0676bd541a8dcca8876c4d2ac414fe3462a338 - Ok\Registry\AutoRun:Body:f74adab5fead5d5eca11f5403de148dfd135a6e8 - Ok\Registry\AutoRun:Body:b293ecd6d300cddead857c892136c28fa5fe7467 - Ok\Registry\AutoRun:Body:75f1a351871c97c57a3c15f9e4508e63cc9d80ef - Ok\Registry\AutoRun:Body:412b565879ea704da0d54f491121c63d409d5ec9 - Ok\Registry\AutoRun:Body:cf480fd1a06940978680022abba4836d3fddee91 - Ok\Registry\AutoRun:Body:d67724ccd6dca3684f473ed0b2b3981e34c84552 - Ok\Registry\AutoRun:Body:bf62adc3a97afec17b96403462b0335afdabf5e4 - Ok\Registry\AutoRun:Body:5132c98a5e02798a6da9ab5909b43de92ed843f1 - Ok\Registry\AutoRun:Body:0c900dad6dd746ce43aec57aebb828c13531ce53 - Ok\Registry\AutoRun:Body:2515ea4b609e5f900db4f39dea0c86d00933880b - Ok\Registry\AutoRun:Body:67128039ea13145d24383f59c6e6a6f6c3c3d81a - Ok\Registry\AutoRun:Body:69e5258b801038052dabc66e3100b4bc80d2ac5c - Ok\Registry\AutoRun:Body:c72d1b895c83e09e09f6d5a7a053d516da77d696 - Ok\Registry\AutoRun:Body:e84646a02c97c99ea52579ba5e8319944471c4c1 - Ok\Registry\AutoRun:Body:2eb27821aa3e340e4c0fb0a1a141a1eb8ed8803f - Ok\Registry\AutoRun:Body:f966a894b9f824f801094ee32542eb4b0b78ff4e - Ok\Registry\AutoRun:Body:1fce3b5f78d1761cc939aab3fa84249ab85a01a4 - Ok\Registry\AutoRun:Body:b35dfa615f137cfac00709c6cbae81b5a792691b - Ok\Registry\AutoRun:Body:8d549132de95d4de877661a9b496b6de58d785dd - Ok\Registry\AutoRun:Body:050d85883f01cc2fa3a93aa0a055b42d4a433d8e - Ok\Registry\AutoRun:Body:02d63407ad78ba2988ee0220d31f3571a233c978 - Ok\Registry\AutoRun:Body:8dcc5a9c0c264c575a96ec2b285a4d095f9c9b02 - Ok\Registry\AutoRun:Body:b500429dc916429c05322ac7e3e93a76ed90250a - Ok\Registry\AutoRun:Body:d3765c564b7ea2198ba282a3d5d9d793de5e9a8e - Ok\Registry\AutoRun:Body:47ceed9ce8d800a5b0a67fb0e041d30cc582ab9d - Ok\Registry\AutoRun:Body:2e9c0baceb57353493e4b894e13dbdd4cb9b78fd - Ok\Registry\AutoRun:Body:993926a6e79988c9c5eb1d668f280fb8ad50a65c - Ok\Registry\AutoRun:Body:6160eb98ebfd33755b0e654a34dffe3aac8879c9 - Ok\Registry\AutoRun:Body:675171578a6c54245643f5119bd83af889a3f6b7 - Ok\Registry\AutoRun:Body:0949b508bad7b1743ce65a33d6a41091fbea88b8 - Ok\Registry\AutoRun:Body:83f7dcf6674327e9d6e8158b2d9928b07e61cc9b - Ok\Registry\AutoRun:Body:793003a8a7538d8dc6b6da15fcf4a93557f0e013 - Ok\Registry\AutoRun:Body:7e0c7323231b6edc042f2e2f51731d6a913d5e8f - Ok\Registry\AutoRun:Body:62546cb6557f5871069f11e72a59d142c01823ad - Ok\Registry\AutoRun:Body:ad8c3ff5d2b49715dae685e20c784deda9b44eb5 - Ok\Registry\AutoRun:Body:387c8af666ea0cc1590030abb998306ed7bedcdb - Ok\Registry\AutoRun:Body:4233890d1d99b2e1bf09ea9a0f57c0631002afdb - Ok\Registry\AutoRun:Body:780c3d06fddfadd6d06b50d1c109ce545e33c108 - Ok\Registry\AutoRun:Body:424e0b105a726a4575b57c29b82d62609b89b033 - Ok\Registry\AutoRun:Body:c1f025996d62d23f5f68fe64aaf9f02a8d5428f9 - Ok\Registry\AutoRun:Body:3ffaf84b8c99532693cfd023cb43b53c5eba0992 - Ok\Registry\AutoRun:Body:6446947b17511bef145eb4aea68cceeceab5d037 - Ok\Registry\AutoRun:Body:f5954cdbc5263f271a6c280882850135a3eaf838 - Ok\Registry\AutoRun:Body:8ace91547ce5a06cdbfbd090444cfe244a46e33a - Ok\Registry\AutoRun:Body:e5b23d8a9379558894db058e0ae9d41eaf58ec3e - Ok\Registry\AutoRun:Body:16f91b07cac3334fffcbb8ba616045e7fcec84d7 - Ok\Registry\AutoRun:Body:19ea7a280ac526733948a1dafe213078cadb2bbf - Ok\Registry\AutoRun:Body:a5af0909f9f7ec9bd3ef35e1d68a83281887747b - Ok\Registry\AutoRun:Body:82e455ffa07a7a63765c13f585930af975aebe8d - Ok\Registry\AutoRun:Body:f8a53e7da73b8cf5121c03331c1ca6e58e6c2332 - Ok\Registry\AutoRun:Body:4f8492f42d4d8671011190489659b2716ebf436b - Ok\Registry\AutoRun:Body:2e2501ea7d84e8a52ef8389859b82bc932465f95 - Ok\Registry\AutoRun:Body:8f0f01ada2329c2bcaa1e2874b40ea2917141ae1 - Ok\Registry\AutoRun:Body:54df28f8670e65c47198a1d8a083d46db050483d - Ok\Registry\AutoRun:Body:f1d973ca0fd06a9b76e302ae9e4f78ae8168f109 - Ok\Registry\AutoRun:Body:2d1e384fcc11a193f8996bdc8a632a1bcdec52d3 - Ok\Registry\AutoRun:Body:9601302313d2302b0c6df3e0d78b1232336ab1db - Ok\Registry\AutoRun:Body:545bb187bcaee07f6c54d62591e9206fe2f314d0 - Ok\Registry\AutoRun:Body:e3a89cdbd4401e96006fb1d70a2a67a4cf60d134 - Ok\Registry\AutoRun:Body:e400edb091ac503465637a906cba91af0c1df4cc - Ok\Registry\AutoRun:Body:c6cd5f86fbe3115575603f443d8d175b864d3ea7 - Ok\Registry\AutoRun:Body:a5606b3d53ab7cba4f30b9f46e977bccd3725856 - Ok\Registry\AutoRun:Body:72ece78efc373c6f20f662382852092bfbc70f08 - Ok\Registry\AutoRun:Body:2244ed3fb17809684141bbf831560bc005d21d2a - Ok\Registry\AutoRun:Body:6ddeb96c844798b8587f7471e9e8b5640b3a4450 - Ok\Registry\AutoRun:Body:66595455626795586c727b48a83d4be001987e6b - Ok\Registry\AutoRun:Body:d7828e29bc00ac526168acf1729dcaf713c73090 - Ok\Registry\AutoRun:Body:b43e8701c5bb3a5e0a8f1b77bed316c52a07834a - Ok\Registry\AutoRun:Body:be86c97db6071d699b28c219869b4f608a46ce5f - Ok\Registry\AutoRun:Body:7199b6220f70d11f7dbf4afbf17aaa8bc35ea524 - Ok\Registry\AutoRun:Body:4be2f3960016ffc77f2db4324b91f226ea6d4433 - Ok\Registry\AutoRun:Body:de71b49cce7dc272f47ca6652e5dd214b195416a - Ok\Registry\AutoRun:Body:6578555927eaa9ca8d249ffd67d6912c86419267 - Ok\Registry\AutoRun:Body:c7a284604d7dd0784b02a5859aec7d8bf5bf72d3 - Ok\Registry\AutoRun:Body:330956a29605abbdcae7d98b323383a0cc4b2e68 - Ok\Registry\AutoRun:Body:456ff2979b7d6433fa6d51002fb195e05a46d602 - Ok\Registry\AutoRun:Body:10a20481ea3781189441b4c760dc78cc362d33e7 - Ok\Registry\AutoRun:Body:559016e44c510841e11469433e794e4c2d9767b0 - Ok\Registry\AutoRun:Body:ecb689672024bf9f888ae8c84c9b47b7f65068cb - Ok\Registry\AutoRun:Body:b67eb05ac8280d35d361277cc9ab44067e37583d - Ok\Registry\AutoRun:Body:84bfba6f544db744b1bdcb64d3d5a01c151990c8 - Ok\Registry\AutoRun:Body:7814ccccd5c9295424db6043299c6941615387a8 - Ok\Registry\AutoRun:Body:655c3eef40b2855a57d9f04fe479ace540670bb8 - Ok\Registry\AutoRun:Body:aae11c92c30642157e4bcd69fae44124066d8f38 - Ok\Registry\AutoRun:Body:4ebc2b9b63cc9d56b43ec18ae5f81e6b8d894b0c - Ok\Registry\AutoRun:Body:ad731f3d17828d9f2e23dc7fa4e1e42e35b16542 - Ok\Registry\AutoRun:Body:66dc4b8ebb6e3921d62d0d13e1ce019b56d4eccb - Ok\Registry\AutoRun:Body:f68f8046d4c9e3ddc53865deb79ceee7110bcd5f - Ok\Registry\AutoRun:Body:1c01b0663aa096104f2480969abf4bc87a0a6900 - Ok\Registry\AutoRun:Body:59112866449870f6f56cb726f4105e0bd74a9e6f - Ok\Registry\AutoRun:Body:4a31b55dbac9b9cecefdbf6375a5d778e6b98c83 - Ok\Registry\AutoRun:Body:7060b911f66331ac5f1e26e7dcd87b14c9b4f61a - Ok\Registry\AutoRun:Body:921b4f44c2f193638af9e9e9bc6db282a4a8cc78 - Ok\Registry\AutoRun:Body:a1f494de1e8902410671ca1b4d954efa3baeef71 - Ok\Registry\AutoRun:Body:6ccb1a9142608bdca23ff506a9cf0af7cb6f79fb - Ok\Registry\AutoRun:Body:f1c26ec3f3a2b8c18c9e158a55ca489ae765e76c - Ok\Registry\AutoRun:Body:2de891c33f472a9570402a6429dee2a83a177fba - Ok\Registry\AutoRun:Body:b03b23f766cb972f1c192512c4a5e0aaf32d8712 - Ok\Registry\AutoRun:Body:f2991b55d97c772786dc934ef9da4f56baf12223 - Ok\Registry\AutoRun:Body:f59d2e85221b536a1e359c8dc9236c779550bef5 - Ok\Registry\AutoRun:Body:44975b86363638846cd37481e2ad9f7043cc6483 - Ok\Registry\AutoRun:Body:9c287efb0e79c26576805e27ffd92d5e3d23e380 - Ok\Registry\AutoRun:Body:2a15939a0b99f4196c7a768ac92a5177df94d314 - Ok\Registry\AutoRun:Body:3990c2792326e22235a703f5af10bbb8ddd44390 - Ok\Registry\AutoRun:Body:172744754f9952da69b5349ced6157d72d086436 - Ok\Registry\AutoRun:Body:c2b07003bbb902b2909df36ea0999e0acc2390ce - Ok\Registry\AutoRun:Body:9fd29cef3aa3f0a5f9db0a904913be1af4e2a9fa - Ok\Registry\AutoRun:Body:a8922f665cdbbe408a83b70f6703bad8077f45f7 - Ok\Registry\AutoRun:Body:d63d16fb387675e20de2703d79782a10b663d84f - Ok\Registry\AutoRun:Body:819c812baf16019ac99f953d0058394ef49f5f3e - Ok\Registry\AutoRun:Body:71df807cbd4ff660bf22c0ee0654499e9da78d36 - Ok\Registry\AutoRun:Body:ebb97f4046ae2bff45e6cd0d9f65405317b0f3b9 - Ok\Registry\AutoRun:Body:e5e4668015ba7a5a13c94531e5809086a4f297ff - Ok\Registry\AutoRun:Body:cecc0d7b67cf65b3359300cd11667bc0473bacff - Ok\Registry\AutoRun:Body:d3eab56eb58355589ba161701d933994e3ad1d3b - Ok\Registry\AutoRun:Body:3cd1b1b7aa2da940c35ff852a79722a126464b8a - Ok\Registry\AutoRun:Body:6dfedb0b8421df45b174e127e8b42c3d420d67ac - Ok\Registry\AutoRun:Body:efec449f759f7c1934f93461325e42a91e00c543 - Ok\Registry\AutoRun:Body:29036d36bcad9947b34b4b91b43bd341abdb7c41 - Ok\Registry\AutoRun:Body:c10fa95d6ab65a698a1dbda8aba84a32dd1deec8 - Ok\Registry\AutoRun:Body:fc493ba0bc41b4e2f660e784bbd8db69100ddc6a - Ok\Registry\AutoRun:Body:a463c1b090dcb0e10b02b564bf8a052184d72d73 - Ok\Registry\AutoRun:Body:a9d20154789996fda5cf5c5152de205ef2ab50aa - Ok\Registry\AutoRun:Body:0c6f8d0a376c24c739dbdea37a9ee520c5e9bb0d - Ok\Registry\AutoRun:Body:1065aef04fd5bd864c15ffb91c7f210a3ceea189 - Ok\Registry\AutoRun:Body:5b0d78e0c1863c842b7b9190ec7a905ad732db13 - Ok\Registry\AutoRun:Body:28179159ef464c6353a00e48fac8789ec60d13ab - Ok\Registry\AutoRun:Body:5cc9c8e57fb69274495ed51264b2065cd2b0f806 - Ok\Registry\AutoRun:Body:4f82f460b8f0c5b3aae7890ccaf297b8fdcc062a - Ok\Registry\AutoRun:Body:225446ca47e4ff64e5ce678118dc8d9654426030 - Ok\Registry\AutoRun:Body:f446934bec0c7c82e6ed480d3a048b09af9e2b64 - Ok\Registry\AutoRun:Body:a2801e78b797b063b9c262ab37c94c0d1c7b03d4 - Ok\Registry\AutoRun:Body:22079759f1b1186734b4f8dd27139212610ab58c - Ok\Registry\AutoRun:Body:9900b5cfbe0f25ef46f43ac36e08952729392cd3 - Ok\Registry\AutoRun:Body:328112d61b0f4a8790ad649eaa852a8a55ad8722 - Ok\Registry\AutoRun:Body:771192f0f3146d4b85b1227ddedf98409040c853 - Ok\Registry\AutoRun:Body:a9a53d392547bda43b6624cf3b35555633fb0bc7 - Ok\Registry\AutoRun:Body:56f1359d892a0349ad7d24a72d478ec1ba1a5701 - Ok\Registry\AutoRun:Body:40122970f47c4f577b0a8fa5a786615fcfb733e8 - Ok\Registry\AutoRun:Body:58abdb3f495658cf9411beff9c6c9fd01da43a7d - Ok\Registry\AutoRun:Body:b4bd34f661e11315092361d6ad640c42d01bf013 - Ok\Registry\AutoRun:Body:f03b9ae052c5d5ab6fab8280d468d14fe40ad8e6 - Ok\Registry\AutoRun:Body:3f7cadca34ee8922c09049376394a1393ec80276 - Ok\Registry\AutoRun:Body:84d6ebc6d98e0ce5956c729b1e79a2d8e42648b7 - Ok\Registry\AutoRun:Body:f914ea5cc3e98338986f26d37ec3c92d672af5dc - Ok\Registry\AutoRun:Body:148f2ea7701a8553d5daf74a8965ce818b5011f2 - Ok\Registry\AutoRun:Body:caa8adcf0578c0b700e151b722b6d2e6a226e3fd - Ok\Registry\AutoRun:Body:6528325b814349550956c774788308880a415048 - Ok\Registry\AutoRun:Body:f9203947ef216e59ea61d9b7f6681dad05f939ca - Ok\Registry\AutoRun:Body:5d4bf442e0c721a79487453ad484d4ac4d56a089 - Ok\Registry\AutoRun:Body:164c5c00ea58b70739b616426e753f9d073bd307 - Ok\Registry\AutoRun:Body:4eecf73097c36aab9162cc9c0a9e2e224ae59174 - Ok\Registry\AutoRun:Body:e6ac1965f2bf35c2b6ed6a8e3b343074103cdaec - Ok\Registry\AutoRun:Body:2197f8a6139ea420bf78752067f0278f40cd15af - Ok\Registry\AutoRun:Body:f71e710a53f9b3e310cc1035a084471e7cf91175 - Ok\Registry\AutoRun:Body:69fb8329d290153301ce55efd9ff4df834d9a54f - Ok\Registry\AutoRun:Body:97bc30ce70f15d7a25fc06a5a54a4c16842d5e5c - Ok\Registry\AutoRun:Body:20f4c828005f66ac52cfb83eabce52676aa29c30 - Ok\Registry\AutoRun:Body:a2b32a2b7173ea6d56231557bf5a9a288e65edc3 - Ok\Registry\AutoRun:Body:d100e78e6984115220e896523a9ab88c5c08590e - Ok\Registry\AutoRun:Body:07030716044f42cb8d4a2cf63f6daeec2641cdcf - Ok\Registry\AutoRun:Body:a669c0e1ab25ca0824f40513f888b82d2ffe2777 - Ok\Registry\AutoRun:Body:a8d6c18cff05c0e11bf9956b051144d53bdcd701 - Ok\Registry\AutoRun:Body:8712c4a3d2166574944d0515d8aa0c0e8267aafd - Ok\Registry\AutoRun:Body:9a38e22f0e175cda83a7df527b7b62ee0374cb00 - Ok\Registry\AutoRun:Body:8c52e53c191baadfa28b861dbce594681c8ab568 - Ok\Registry\AutoRun:Body:70b32d94ab77e02805e69e43c3213fcbb4edfa48 - Ok\Registry\AutoRun:Body:ccee3d9c5a7f6b8ad1385fbbd6484099ce07f24e - Ok\Registry\AutoRun:Body:d91fe49152819c79cd8b9b7565d784d69373d326 - Ok\Registry\AutoRun:Body:18ad238265c1e46fc3cf7eaf3e3e5146f107e24d - Ok\Registry\AutoRun:Body:3d622b55755520a3c37b6c185bf6ebad9186a132 - Ok\Registry\AutoRun:Body:9b7e1f9a59e77357934aaacfc68cbd585bf5cb84 - Ok\Registry\AutoRun:Body:e6ee965d1b37ac2d9bddca54603c5d082490d970 - Ok\Registry\AutoRun:Body:cecdd3f4bca2067287d6050e4f7bcbc1bf32abdf - Ok\Registry\AutoRun:Body:b64e68b84213f2024c53a0f041dc48d563805bf0 - Ok\Registry\AutoRun:Body:c89adebab8b128bce232df506666cbf087aa8b1f - Ok\Registry\AutoRun:Body:0f341d02b4fae0db5f132c2372379e8dc6b9ab46 - Ok\Registry\AutoRun:Body:b06e88d5bc9ec2b4794fb2c27e8e99ccbf2cd45e - Ok\Registry\AutoRun:Body:68750e7aaf60c3ceee0f7f60ad9efd67d4d45016 - Ok\Registry\AutoRun:Body:1ddc5fa10f0dd8a0784b037807354a4447b8d323 - Ok\Registry\AutoRun:Body:e2de0abdea16065a2bd74bc0d068178645f54f67 - Ok\Registry\AutoRun:Body:ed025914fdc48e1d51f15a7f019aed4b3d58160f - Ok\Registry\AutoRun:Body:1b80485b064eae0712b7eb4631e773654efb7ad8 - Ok\Registry\AutoRun:Body:c1ff0a80ead7a9907818a6ad94fdc4fc172969cc - Ok\Registry\AutoRun:Body:f5390f8e4afa18e56edadb1ad9821821549639ce - Ok\Registry\AutoRun:Body:5b47def5aa4ca4207b8d1614a4d3f5829e01c853 - Ok\Registry\AutoRun:Body:224feab05e907429ee86c0cb3ae47e997598233b - Ok\Registry\AutoRun:Body:79c429264e018718b87575b3226b261001a35106 - Ok\Registry\AutoRun:Body:3ce4ad8bb7c12e70392699f4a3c7ccdb19e88e4f - Ok\Registry\AutoRun:Body:34351fd06436c9fcc25a8fb8f8519569ae2480b2 - Ok\Registry\AutoRun:Body:cd26c62075c938fab6fc55b21ff032ac6cacda55 - Ok\Registry\AutoRun:Body:1e075fa5b237bab56280ce1e880f6d1070ce3a3d - Ok\Registry\AutoRun:Body:e50d1f097e5baa7f15ddab8f46c5ec9ee5a8ef54 - Ok\Registry\AutoRun:Body:126fa070146096a48f4e446c431ec2af7a60d2f0 - Ok\Registry\AutoRun:Body:7dd94e17ace95fdc7a6607123d07571f75a88413 - Ok\Registry\AutoRun:Body:e8d34ad1b7f87e8d07046f16491472791e41a91e - Ok\Registry\AutoRun:Body:d068b7cd84b76f8a2a8f84aaae0e8595dbea7b6e - Ok\Registry\AutoRun:Body:233bd21705753e4f1f568eeb3c758bbd2e8dd034 - Ok\Registry\AutoRun:Body:e66656b86978f162a6f1b0127c69969ddb98db45 - Ok\Registry\AutoRun:Body:41897bd428a3f07b06cb08889404d577c0c61424 - Ok\Registry\AutoRun:Body:29981e3972f5684ef5a1f675f08c6698e7a359a6 - Ok\Registry\AutoRun:Body:d999b0e34fcd23233f3e4e6ead31f0117fa94751 - Ok\Registry\AutoRun:Body:ebb9e131e6ee474eb8208448b5f9f94a99f08ed0 - Ok\Registry\AutoRun:Body:bc579a89c7f0d64ae2e1df3dde54b8df2cbc3340 - Ok\Registry\AutoRun:Body:3df4bbf916a5ac3a5818dccef815a55ee21a480f - Ok\Registry\AutoRun:Body:107d7b3efd58e98efa4960a3128b990cba4ecc30 - Ok\Registry\AutoRun:Body:a4cedbd436cb0200e12e70ad3b753368bc73287a - Ok\Registry\AutoRun:Body:a08241b8c5d071851af262c1c4a77cb46de33c24 - Ok\Registry\AutoRun:Body:082c5376186792d2d031a8784f3f9b17de746f38 - Ok\Registry\AutoRun:Body:8c111f517e4b73396592c8635945247332350135 - Ok\Registry\AutoRun:Body:3415b577b976d8484740899a75e2e4d971b152fe - Ok\Registry\AutoRun:Body:ff687a2648ca87e117845e846167f3f69c771a68 - Ok\Registry\AutoRun:Body:f4a57ff029416d888f79ac98a4dabfe9bb290314 - Ok\Registry\AutoRun:Body:ea81ed51da5baeecdeca45202b195af2ed6fb97c - Ok\Registry\AutoRun:Body:f2046b1c986c0d0d489b5b435f2430577c47d70f - Ok\Registry\AutoRun:Body:71b5692c5532c74d815f270cf81bb2f9bc5c2aad - Ok\Registry\AutoRun:Body:c2e28d26b2afd0a4c7caf5d8106b8be630cc5ab5 - Ok\Registry\AutoRun:Body:b1ba8c7ff4fbd1a1ade37f9a1edf27bb003cff33 - Ok\Registry\AutoRun:Body:d0ce8e46caeb11b085eb2b6985dd5d29de119a18 - Ok\Registry\AutoRun:Body:9f7079258b61c7899e8a82b79a49d8fc49b8b4c1 - Ok\Registry\AutoRun:Body:c7d620d165b788df0587a1d5f9aa042d690a6564 - Ok\Registry\AutoRun:Body:68ed011d26aa8295e7f3ab848d56e69b9ee22b05 - Ok\Registry\AutoRun:Body:791faa6a93c7a09b2dfc0ebbe28430b58aedb73e - Ok\Registry\AutoRun:Body:5fc42ca9906725029277cb9524531639bd5f16bf - Ok\Registry\AutoRun:Body:724deb02b170a2c3f39f15a59844dae5ba7eec3c - Ok\Registry\AutoRun:Body:78584465ab1cf4620b379df7bd4ca30127d90775 - Ok\Registry\AutoRun:Body:f82846f62e8815410b941b83b780e211b9ba99b0 - Ok\Registry\AutoRun:Body:ab5aa9bb2a65921c4524d63858cdda11f047fa91 - Ok\Registry\AutoRun:Body:131e9fec5aa1e5a8ce52d159e3932d4332909603 - Ok\Registry\AutoRun:Body:d4ceac8957aead9fa3f713f2860c5d9b8c8cd8ba - Ok\Registry\AutoRun:Body:3090775d1a9ccb1553dbbb1295ea3b793d012115 - Ok\Registry\AutoRun:Body:6cdb32f421e8219cfe6c1b2f5ae65f6e480e16d6 - Ok\Registry\AutoRun:Body:598ecf61eafc138ae90c04438000304c905c99bc - Ok\Registry\AutoRun:Body:69fbaefb5dbcd90bc6c7cabb86ce282c733fb762 - Ok\Registry\AutoRun:Body:822bcc64304de2cf6804f67ebec144c739960dd0 - Ok\Registry\AutoRun:Body:e5a305d46d7dce2d01c98dcb70101a9535a405cb - Ok\Registry\AutoRun:Body:79637eebd36e75a48988db4d02c0e74202e0b68e - Ok\Registry\AutoRun:Body:46cbd13ad89bbf3b43e79cef99feedf0d4ec3868 - Ok\Registry\AutoRun:Body:b7c99ce7bb69464d135783a1fb7e7f344f5f48dc - Ok\Registry\AutoRun:Body:9a2b66ad6a270745ddb7ac755ae1ffa4656ec460 - Ok\Registry\AutoRun:Body:629ec70c9723371793778ff07ad102f27524295a - Ok\Registry\AutoRun:Body:d9d28594ce738af8a7c8686415581277d17ff75a - Ok\Registry\AutoRun:Body:3378e04d76ffae6e1164af9ab2221e9dc5a6a055 - Ok\Registry\AutoRun:Body:78c9deece2ff38634cb67300bfad7ec47e5871ce - Ok\Registry\AutoRun:Body:7e6282019ced2b2d8d53f9e63d62cfab2326179f - Ok\Registry\AutoRun:Body:9ad7f548264d7380bcb9340c94268b3c8b725e83 - Ok\Registry\AutoRun:Body:08fe5da0ce46367ad8be5e50dd1f76fdfee66181 - Ok\Registry\AutoRun:Body:5de570255a415974cb7fd0de13fddd66ca7427f7 - Ok\Registry\AutoRun:Body:7b0b77a30372294538b18164899aa8b582352aae - Ok\Registry\AutoRun:Body:f0faf9d6e73c0337f5a7c9264a5f40d78d75c230 - Ok\Registry\AutoRun:Body:a2cc44829b069d495b67a01f8c41bb3ffee86396 - Ok\Registry\AutoRun:Body:acae941a963000a0c91ae0581f1c8b59244a3248 - Ok\Registry\AutoRun:Body:a67960eb1fdafbfcc136afc04e63dd9b241e0a21 - Ok\Registry\AutoRun:Body:5f3296bf76341c2797e20bf59d4b22d9c4fe5099 - Ok\Registry\AutoRun:Body:4bf0ecaf03ac8efea61dad7c831325f837a19789 - Ok\Registry\AutoRun:Body:6dfb15ef3c316fdb395908743a6dea732ed1b2af - Ok\Registry\AutoRun:Body:cf7fc32c493fa5df4759bc576628d52a1de5f93e - Ok\Registry\AutoRun:Body:19d8780e6b4f29ef0034a1edc53d8320fa81ecef - Ok\Registry\AutoRun:Body:964749208fe5e25d584da91002988bdaf810730d - Ok\Registry\AutoRun:Body:5c2c719d3274f9e8dbd08f123cc946c00b8a611a - Ok Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008191 Share Posted December 21, 2015 \Registry\AutoRun:Body:cd565fe2995e44ff7805873535c4f19012f2fd04 - Ok\Registry\AutoRun:Body:9a0129bf086be902ab63a304364a3d5de7d4f0af - Ok\Registry\AutoRun:Body:30ebe455e84267a0ac8276ada42ea38684cc112b - Ok\Registry\AutoRun:Body:e9e3fd0c843c9c2715068b4c4d83683a066820aa - Ok\Registry\AutoRun:Body:ffb833e0c7ef3cde74f7436bac7ea2b8e94bb4dd - Ok\Registry\AutoRun:Body:a93a95a77c6017a3280bdaff253b541a264025f9 - Ok\Registry\AutoRun:Body:ea5c87908d84ccfcad96b49903957baabd10ca87 - Ok\Registry\AutoRun:Body:a299e2b1fb6a1c5d36347292ee8c55a7d76950f1 - Ok\Registry\AutoRun:Body:63fabfa0d1b1e82f10d4131146ea10dc60a346de - Ok\Registry\AutoRun:Body:023796175a0a9a5fa087ad4ca47df4b3f2852160 - Ok\Registry\AutoRun:Body:753908fe71ff9f4cb852bbd4c79135ddbae38c00 - Ok\Registry\AutoRun:Body:97088927d041598a59ca1a9e3e9c0e48086297b4 - Ok\Registry\AutoRun:Body:cec80b3ef714fcbf04820d05112361e7a59f5ab8 - Ok\Registry\AutoRun:Body:7dc3f4c9c5d0e0156efd7980f2e34d8a5baee3cd - Ok\Registry\AutoRun:Body:f2088b08c6bde546667655b8e5baf87979df639d - Ok\Registry\AutoRun:Body:ee40222264cd2bcf1c95057738080b2aef6dc3f2 - Ok\Registry\AutoRun:Body:842f1a56ced3001d478eea84745ee7033f44924f - Ok\Registry\AutoRun:Body:c54e2750a40527b92351ca6c46b5dea9acae3226 - Ok\Registry\AutoRun:Body:f6890f13ea23f48d809654091357d12e9f81b909 - Ok\Registry\AutoRun:Body:6ac5d416e279089110bdfb453018f3e0230b29c1 - Ok\Registry\AutoRun:Body:55d3c8a2d7afd74e75a83badb7a0742bb5d8a18d - Ok\Registry\AutoRun:Body:9c6e945abc4899c1143539060b355e0b9f845241 - Ok\Registry\AutoRun:Body:3f94a16f00663e795ead702366b9c1390491273a - Ok\Registry\AutoRun:Body:46a14d88660c98612df4d096b99286e88d02b973 - Ok\Registry\AutoRun:Body:5d73807670d1ce2b16c84465419b6556c3c252de - Ok\Registry\AutoRun:Body:0a69ca67a73128ed1e6661f607d547ab5d4feee2 - Ok\Registry\AutoRun:Body:150c0ca4d2b37b5ca898e02d6fb8c6b02e3cea23 - Ok\Registry\AutoRun:Body:b8f82112ffa1ec4c3bfc8b70e7361948f6db05c8 - Ok\Registry\AutoRun:Body:ccd3b2c46a7641334faf302103255eb78bfa2f8e - Ok\Registry\AutoRun:Body:5044411093fd065bf9672a7f4fb5c359d1fd695d - Ok\Registry\AutoRun:Body:f641c06215cfb3cc72633d41dcdae109ebec2034 - Ok\Registry\AutoRun:Body:adbc3ea9e0eaf7e6239fc32afaf21984f93f1f28 - Ok\Registry\AutoRun:Body:27f02e0f694fca2730cc0f85c21671a9419f0675 - Ok\Registry\AutoRun:Body:394b8d433a37ac11519bde8b8cf122c40f604f7a - Ok\Registry\AutoRun:Body:f039da1945b9ceb8dcc3206a2a15bb53bbbb1b92 - Ok\Registry\AutoRun:Body:bd3998613028f22290954f54832e79cc142ef0ef - Ok\Registry\AutoRun:Body:f2599ed16bc330a4a7cc55d2154672e695bcb537 - Ok\Registry\AutoRun:Body:ba58e31d0c2827755cce49966c2586370fe12c73 - Ok\Registry\AutoRun:Body:c3203664873e0977f8c620c6b8e0bd481a9a1f93 - Ok\Registry\AutoRun:Body:7d3ba63b79c87c70f52368c4beb270fa06fc0ee8 - Ok\Registry\AutoRun:Body:81524e7cd6976fd0c69a5744ebce7aa9e7b921e6 - Ok\Registry\AutoRun:Body:b0f93886e3f96f83b5f6004a7ba5090269deba40 - Ok\Registry\AutoRun:Body:4c0bc43e6266f939a8bf882f4ee39937fb463cbc - Ok\Registry\AutoRun:Body:6f2ae1042da3575d11ec21e739eba6261baea8b4 - Ok\Registry\AutoRun:Body:b52f5215c39e7f710040442d9a803a8d5548887c - Ok\Registry\AutoRun:Body:ca06e06b3367865a79b8e9b35002e7a9ea015ed6 - Ok\Registry\AutoRun:Body:f4242a1a7a7d1310cd35850f84758cbc3a5a0705 - Ok\Registry\AutoRun:Body:f42a638c5234be6eccc0673e4992491b67f7b17e - Ok\Registry\AutoRun:Body:2017e7150c8c023df3f54c8b4a5b847ec2ecf961 - Ok\Registry\AutoRun:Body:e482988ed982cef629bebb57ab1124c4689abb47 - Ok\Registry\AutoRun:Body:81abbe0771b9d5d1e06037973769593e31cbe796 - Ok\Registry\AutoRun:Body:098cdae9ce1faa202d9721b32eaab218abf5e044 - Ok\Registry\AutoRun:Body:caed4b6655f5860352875dde0d66f0cc1731bd1f - Ok\Registry\AutoRun:Body:465650648c4126eb5750602a1a67d3831272bae9 - Ok\Registry\AutoRun:Body:ef0c50602f7be5f9928b2a3d5598208bb30c6b81 - Ok\Registry\AutoRun:Body:2d25df52ba3710ded4ffc62709639e1ccf68c54e - Ok\Registry\AutoRun:Body:b6c544e90479ce833a2b72b9061d09c8011b9330 - Ok\Registry\AutoRun:Body:eeb18e574d21d8aacf97f1e0efb42729dd7940b2 - Ok\Registry\AutoRun:Body:118d61de0548761e9c632d6523d21862186c21a8 - Ok\Registry\AutoRun:Body:e0ae60c6ddbe884326ce90af01383687006c0484 - Ok\Registry\AutoRun:Body:26f777b7815b34fe5338e0e56994cdb6f14ddeaf - Ok\Registry\AutoRun:Body:551a719f71664dab3dac9dc96dba987800532d61 - Ok\Registry\AutoRun:Body:0ab5c541d4987e25f1b7028e5739e5f2b6063e03 - Ok\Registry\AutoRun:Body:728c25285a8affa1a7945172f159ab42d01ea8be - Ok\Registry\AutoRun:Body:ede790ceb19b6ee3b71827b9633f2ea44b1c44e7 - Ok\Registry\AutoRun:Body:6008ccc82602c421bbf345f7776f011b971dc9b9 - Ok\Registry\AutoRun:Body:1310b770dd85963af718c6ea5f779510cf6f5339 - Ok\Registry\AutoRun:Body:807af47f59ab2748b43e2a97cf1bdd4a22a7fe99 - Ok\Registry\AutoRun:Body:34af5983bad2ba48208c9b99224cee81d55be7ac - Ok\Registry\AutoRun:Body:03dcc274ce2c74455ab14b20fde51ddccf2bad63 - Ok\Registry\AutoRun:Body:3b8afac4bb8fddc8dbd335796b39273fb5ec4633 - Ok\Registry\AutoRun:Body:8a15834790ca1be89e466037fefcaaa4df2447c8 - Ok\Registry\AutoRun:Body:9ac8a7b32b16e14106996cc581bce9d578eafa18 - Ok\Registry\AutoRun:Body:d83414565b4672bf49401184f3c0d82c8d0d9b37 - Ok\Registry\AutoRun:Body:eadd5571e0a3fdd55b3914ca080f60057a2b1c16 - Ok\Registry\AutoRun:Body:2cba080823b1864f8633029de3c8f06ffd851c79 - Ok\Registry\AutoRun:Body:0fa1d202a6287da8356d1b5505ba36063dd70957 - Ok\Registry\AutoRun:Body:bf5e3a3cf86c67ef56acdf0e99e22e1ec6e00dfd - Ok\Registry\AutoRun:Body:e2658e2c121f58a8f80d12d5f361f69d83b3b9be - Ok\Registry\AutoRun:Body:6c582404cafe3ac257043e1457f2a17c669c2f68 - Ok\Registry\AutoRun:Body:fc6bcbf910767613e37ad943c096ae8aac9d89a4 - Ok\Registry\AutoRun:Body:1dd40b6d706aac87491753408d42a1c277e0cc9f - Ok\Registry\AutoRun:Body:aa33d546f6001cdb5c00113b8a2371591957e0c6 - Ok\Registry\AutoRun:Body:31554ed23cd7e750cf0933f9ffd6f7886e42eb8c - Ok\Registry\AutoRun:Body:1c8173804db2751a1efb7f5da73336c2dd419e9f - Ok\Registry\AutoRun:Body:58a0ba67fc85d1c898eb6893ddcaabdfa8998526 - Ok\Registry\AutoRun:Body:c76a48a558e0de19445b65535b781d7e48205d3d - Ok\Registry\AutoRun:Body:a9eb747a2367eaa676999e9fcd5d7359655e150a - Ok\Registry\AutoRun:Body:73fde43038c770ca94fe7bf07c3f230a241127fc - Ok\Registry\AutoRun:Body:a80e30ddc15f0403f5484ba86939d0d751e392d9 - Ok\Registry\AutoRun:Body:039a880dad0dc1b593672a36f5335e4a0bfba602 - Ok\Registry\AutoRun:Body:ec6741b0a6dec7ace1369ce1c7ed1f4cc95459a3 - Ok\Registry\AutoRun:Body:e8b50ad5a43c77f52b685c8903b9cc0637e4e270 - Ok\Registry\AutoRun:Body:56f0676c9d7ecaf4d66d15856dc5d8d30967d16f - Ok\Registry\AutoRun:Body:387135e8a4614d66f539a754abd3768adc0f5d2f - Ok\Registry\AutoRun:Body:ded0c44d5268f2a25cfd9bb4c93a30832572478d - Ok\Registry\AutoRun:Body:1536cd1dd7ce99a81dd3e410a8d2557991122e7b - Ok\Registry\AutoRun:Body:de060368990ba245a1d90587de9bf119d6c98097 - Ok\Registry\AutoRun:Body:656ebb11636a84c2064cc87a5e24a2e2960d162f - Ok\Registry\AutoRun:Body:82b1e8be73f782d56a48856f5b129224ceab2b7d - Ok\Registry\AutoRun:Body:6d3471f52a2802670fabf0857183a7cb4545cb1d - Ok\Registry\AutoRun:Body:1dca4abe8ace17f7162bd6ee081c5c8ae931f3fa - Ok\Registry\AutoRun:Body:45f4d639949cc595e516c54c0c7809fb94647982 - Ok\Registry\AutoRun:Body:bd4ff679afac36b942c1ab64112d41ba2ad67850 - Ok\Registry\AutoRun:Body:99e2c51a66a047fa4faf4f4fbc32e09bad7693a4 - Ok\Registry\AutoRun:Body:2e10ee21a6a8e530334e674c2a0a9f24e116947f - Ok\Registry\AutoRun:Body:e8694443b78547407f6bc8b669420d067472fd4d - Ok\Registry\AutoRun:Body:6b1f293201d912a21437710c66aa7c6a31fa6005 - Ok\Registry\AutoRun:Body:88c0130c352c4a01a0e68e39c836affbd70940c3 - Ok\Registry\AutoRun:Body:5860c565976afdd7a6b4010bf6fdcd19a8a56d0a - Ok\Registry\AutoRun:Body:4bfa60e616f19fc0d49ab5d43ad8707af6078e1d - Ok\Registry\AutoRun:Body:3efd6658983945510b81936e5139f69b15f04635 - Ok\Registry\AutoRun:Body:d3e57ecdc5520fba66f26cdf020143833865d661 - Ok\Registry\AutoRun:Body:acd22d3714b679881398ca5a49dd4d200768b266 - Ok\Registry\AutoRun:Body:ab51ced75988dd17a1767d0650f4ddf8fd8ce6a4 - Ok\Registry\AutoRun:Body:cd67cdaf1b8bf85aed691aed34e1d77de7d1109f - Ok\Registry\AutoRun:Body:1180305071046ab71fde0040a546b1df89fe6e8a - Ok\Registry\AutoRun:Body:591063a1f91cfd1d873eba8b29f28c5595664239 - Ok\Registry\AutoRun:Body:f7030d26950712f3d280ef5bf0df10368b8838c2 - Ok\Registry\AutoRun:Body:b305e688358896a055f33943ff6c3bcb0faa1e2a - Ok\Registry\AutoRun:Body:582bc3c7dab5457b3d5be28d1d0a7671e3e93a04 - Ok\Registry\AutoRun:Body:c7d7edff449f8f8f25846580e47fd47cdd3887f3 - Ok\Registry\AutoRun:Body:f36129c6ba4c3e43793cb28e7fd7084ba82190c8 - Ok\Registry\AutoRun:Body:965d3c961fa5d632d6ddd181178f1c93631e92f3 - Ok\Registry\AutoRun:Body:7bf513763ac2d49e39e628a93b52f07feef75554 - Ok\Registry\AutoRun:Body:9b808267c9174732e0ed2024dd4f6386b85a8b5d - Ok\Registry\AutoRun:Body:a00b839358b2ac9a586132354d0e441848764767 - Ok\Registry\AutoRun:Body:e6de0d91424a08661bd9c6402d64c3559d2e647c - Ok\Registry\AutoRun:Body:39f1d5e0bd82e97da2587e0f7ca5c8ea69cdc359 - Ok\Registry\AutoRun:Body:21373803294319b07113f7f47551093a3f577c18 - Ok\Registry\AutoRun:Body:0915a1c807b67e8b805a62de5cfc5407231a03dc - Ok\Registry\AutoRun:Body:af0e263bf8f63e77d3a68cf24bd8428db3e60b3e - Ok\Registry\AutoRun:Body:0d71455d66001011857f9bd50e19c47edae492c9 - Ok\Registry\AutoRun:Body:88a8e81894dffc854ac27332626c237edffc6fbe - Ok\Registry\AutoRun:Body:745629ad58425206742b5827290cec6c2b10d30e - Ok\Registry\AutoRun:Body:f5f61f9afc34e181b7950d4a4402a8dfd2a924cb - Ok\Registry\AutoRun:Body:2476d887d4703f93da90413a37b0256e5e9f2d3f - Ok\Registry\AutoRun:Body:f3b69cdd58de508b527dc785d0a3fc0e517b11a0 - Ok\Registry\AutoRun:Body:fe761c295968f1cba67c924a860f2c9e4dd7c244 - Ok\Registry\AutoRun:Body:cb4ab1467041a1719cf25e5150ec6c5a5bf023a4 - Ok\Registry\AutoRun:Body:b4268f048970e2e1792d8e4114958f7f2d1daea3 - Ok\Registry\AutoRun:Body:0d47c249d0f15617fccb9938f98f3bc364cff920 - Ok\Registry\AutoRun:Body:c4883748bcd88ab506094d1c38a6f620274b9e5a - Ok\Registry\AutoRun:Body:70fe4368d9177c83c170a11721b950ed7bd8954c - Ok\Registry\AutoRun:Body:c93a5bd6ba219803ea5b96b60f9e33c0e6a7166c - Ok\Registry\AutoRun:Body:86385f5052cc5ff78f4ea2258b46755ec65bfbc2 - Ok\Registry\AutoRun:Body:a2899bbd1af03cca6dd9c422095a31f650595916 - Ok\Registry\AutoRun:Body:e1d70a9c3ceac5813328f0e4b5ab3ea2f27ceea9 - Ok\Registry\AutoRun:Body:2e2c235fea2cb6b65d5123700ee67501770e2378 - Ok\Registry\AutoRun:Body:04a6777a99f1489823ea11002d2c9811c1ee8b17 - Ok\Registry\AutoRun:Body:05b6a91998001b8bea9c4a9f0a35ba4beab45cd8 - Ok\Registry\AutoRun:Body:00859983b46f53e2e87c06a05f599f87c68f6484 - Ok\Registry\AutoRun:Body:33c2d3e01d1861894c32d2ce00dcdacd0d88d5dd - Ok\Registry\AutoRun:Body:5eb06e4f7f7786c73e652f5961fcd48fa00d614c - Ok\Registry\AutoRun:Body:f8211159659728ad3561af8f4df55a6a05a97a63 - Ok\Registry\AutoRun:Body:8d0afc04e47772619b70035167cae06b36788b02 - Ok\Registry\AutoRun:Body:b7fc3f7adeea2ccedf48161523faa91f158b2728 - Ok\Registry\AutoRun:Body:6096a6fcb744d881b3b5e131bb50d80360b1d2b8 - Ok\Registry\AutoRun:Body:f909d00447d8ee5c57fa44087b6cd392ddb5f337 - Ok\Registry\AutoRun:Body:bada0475f38eb922724f714c6e9d2a906d12c9d1 - Ok\Registry\AutoRun:Body:804995f625d2ab32bc47fc5d85c1766429d17c38 - Ok\Registry\AutoRun:Body:f20e2fc45edab423db89863a56fbeeb751d849d0 - Ok\Registry\AutoRun:Body:49a8aa58bd64091165ecabadf5c1931020abebd7 - Ok\Registry\AutoRun:Body:1d90c246204bc077d2a62458e59a9dcebaacd09f - Ok\Registry\AutoRun:Body:561375652f006348f35702333ca0f28430dd0e63 - Ok\Registry\AutoRun:Body:bff05a74703fafb6463ffd7baf2682c2e49aa5d9 - Ok\Registry\AutoRun:Body:5ec1637d12f19458086595429bb9956a854e9e64 - Ok\Registry\AutoRun:Body:3044d97016215433961d590df49c827ea24ac953 - Ok\Registry\AutoRun:Body:9af1bca22f495a08a25b8060aef542f09f728f57 - Ok\Registry\AutoRun:Body:7944752606e06495151f860b042f0fe463714ac8 - Ok\Registry\AutoRun:Body:c2c25cd4e73c624105805c0d6dd4aec8e4c29db9 - Ok\Registry\AutoRun:Body:8fc3f298d5fd8d3ea0c5fba811df5698ae80d19b - Ok\Registry\AutoRun:Body:fa0f81fb4e97938a2db6a807b043402f067cad54 - Ok\Registry\AutoRun:Body:e97eaaf1490d610a199990214627ef572949c0c0 - Ok\Registry\AutoRun:Body:32b69665bcfb512ee835b41df9e44724fefbee71 - Ok\Registry\AutoRun:Body:d59546877b6c3db9837f55741aa5c02a34641015 - Ok\Registry\AutoRun:Body:5d826c00071a40bdc36065fcb314d10d05fb3f78 - Ok\Registry\AutoRun:Body:f0d814423dfab65ee820f4009f516e1c446c2f5c - Ok\Registry\AutoRun:Body:3c57bc49596e1558c69764b0f88f98e5cb3db09a - Ok\Registry\AutoRun:Body:c146220cc6ecd82c348486f90eed448c888495d6 - Ok\Registry\AutoRun:Body:30d379b0a2c0b8286dcc8edce05167e79f8f2e8c - Ok\Registry\AutoRun:Body:23128c946fbf55347bf80002f29ff513ac2fc7e1 - Ok\Registry\AutoRun:Body:ed48f0a5ef4678a58c0a73aeed312d3235dd378d - Ok\Registry\AutoRun:Body:4f285d7858dd5b2938268ed1249c68b44c70e60d - Ok\Registry\AutoRun:Body:e1957a7da605b9921f38de8f821c1a25acff5f64 - Ok\Registry\AutoRun:Body:8ebf5930ebd95b337c1a50d79845a4991a6c1992 - Ok\Registry\AutoRun:Body:a3447e39f0b623153cd203eef5f862c9d13c57a1 - Ok\Registry\AutoRun:Body:9aa1f04afb0a4aa5d8ce0d3dead20700376a6e3f - Ok\Registry\AutoRun:Body:4ff2baca48e59dc23f6ed2e4cdf511598be100a9 - Ok\Registry\AutoRun:Body:a2f2d5cd1a75913c090d8408322d930847657134 - Ok\Registry\AutoRun:Body:b54fd274ddbcb0ffa0b8df2f928596a865bb8055 - Ok\Registry\AutoRun:Body:cae361f4fe9471d93d12b062a372abdb56fa4f44 - Ok\Registry\AutoRun:Body:ac47dc0fdabd0a56374ccbdbd817d7ce11a4dc7a - Ok\Registry\AutoRun:Body:98665ddf06f2be43b74316e68eda842b3a913ea9 - Ok\Registry\AutoRun:Body:1e2048ff12d5fea6c8c6cfaf3a18f28ea146f660 - Ok\Registry\AutoRun:Body:e3e9431b34ba8ac281c409126a202795cc3f67ad - Ok\Registry\AutoRun:Body:950a821d5d0153babcf2b588118b4f5c81ca4d49 - Ok\Registry\AutoRun:Body:c67984f3bf418e7554e1941165b2f52be4f5f6d8 - Ok\Registry\AutoRun:Body:fe97c2f6cbf12f988183721795fabf81870df721 - Ok\Registry\AutoRun:Body:508d67861c8f3817324a04989f20afa63122da30 - Ok\Registry\AutoRun:Body:c50e58f2348bb7f46ebf2d3e7e631db01f1c9098 - Ok\Registry\AutoRun:Body:a033eaca649db9d0aaa955246c88fdc652d7db26 - Ok\Registry\AutoRun:Body:10dbf815a0171cc519ccb3c85b0d9ef1fe441c9f - Ok\Registry\AutoRun:Body:8b076ca70e7e335601f2b047f569959d42613317 - Ok\Registry\AutoRun:Body:55f4a34659402d61ec91449675e8c7ed40c69244 - Ok\Registry\AutoRun:Body:6a5cbeefe87d7d83ba0abcca753174d2bc9b9b90 - Ok\Registry\AutoRun:Body:0e9fc2258dc7de9d2e63aac2d989ca2cdd759f2b - Ok\Registry\AutoRun:Body:3091128b08d3981d16eb2fe0bc8ce1076cd1350a - Ok\Registry\AutoRun:Body:1e2f2a06fa37a0bfd0ee37ea19e32078c5143be7 - Ok\Registry\AutoRun:Body:f0418ae64c44eb5b76662dacf82d4b80836263f8 - Ok\Registry\AutoRun:Body:c84061383b95122dc1df1f60edf50d6f7f5ea5d8 - Ok\Registry\AutoRun:Body:32248d00b0cfccaecdf28e45cffad1b614085ef2 - Ok\Registry\AutoRun:Body:ce6af6303dd5a08003e9c0706691d3319fd5d71a - Ok\Registry\AutoRun:Body:ccb9d8eb44f5f218c9ab586c05a9e99b66c766f8 - Ok\Registry\AutoRun:Body:8089b0a2bdb1e7e3b140d9b3df737c63a5c7ba51 - Ok\Registry\AutoRun:Body:5c0819255450cbc83d959f8858ddb4d0adf910e3 - Ok\Registry\AutoRun:Body:27a98403b5b7d77028acf25c9c4508969dd6953f - Ok\Registry\AutoRun:Body:629266fd867d9efa62b38435030621db5bc7d733 - Ok\Registry\AutoRun:Body:28ed975616b19a1e653abb098c07c4ff2c6f158b - Ok\Registry\AutoRun:Body:63169e65785b760c2a82118f1ca0ae9464039d2a - Ok\Registry\AutoRun:Body:b6f06f304ef72b52929fbc3a5756a1d017a54b70 - Ok\Registry\AutoRun:Body:110d8b3d1b275cb8af6013daed8bccd6af27da54 - Ok\Registry\AutoRun:Body:bb300464ab16651e33d7bea9afd8d01c5975573b - Ok\Registry\AutoRun:Body:5dc7efa9ddd3c96e80129936956dcf0aae6a2443 - Ok\Registry\AutoRun:Body:be2a06492a176c125fd8e17ac4a3abd608e8ecd1 - Ok\Registry\AutoRun:Body:6a311bffad7f7020efbe2bb710d44467f2f36518 - Ok\Registry\AutoRun:Body:7951f88696dc7a2aead0ee9542c425a484e17500 - Ok\Registry\AutoRun:Body:8476ec795b1f940ccb815712289411b34b2a3fc7 - Ok\Registry\AutoRun:Body:b7c36f2f96967945a1e35ece6a7ba53157723c8b - Ok\Registry\AutoRun:Body:adc72b2971b9e6b94dbea601ce6fab080e1581bc - Ok\Registry\AutoRun:Body:1d485a4fa60da94453d59f4e0c1af59d79f6ac4b - Ok\Registry\AutoRun:Body:3bbde8a253a55411ccac8da5c716c953c01acf04 - Ok\Registry\AutoRun:Body:795d3ed45051f0cb436b5bc3ac52ecd5a7ad8512 - Ok\Registry\AutoRun:Body:d663852de31d69ac1b663c35544958c6a65d863b - Ok\Registry\AutoRun:Body:c38391f7ef651bbb72fb3725893b025a0487f310 - Ok\Registry\AutoRun:Body:3c18e23873827da5b2cb8a1ee94fe5e6682ecd32 - Ok\Registry\AutoRun:Body:ccbd364f2f41d85d8f490edcbe22624615cc3124 - Ok\Registry\AutoRun:Body:0e7d982f3d5d8b8d5ca0d984bba7b60e5c576156 - Ok\Registry\AutoRun:Body:053b193f47bbd626eb1783c5935c834cc6e27921 - Ok\Registry\AutoRun:Body:228a75a320578b8a79bd544322e11e797e5fa241 - Ok\Registry\AutoRun:Body:e87b1fafb5dd1964c4f0b22f29a5cf266e07c835 - Ok\Registry\AutoRun:Body:9045f8bb67cb7b77d447a49835565381e5fcbe3e - Ok\Registry\AutoRun:Body:37678775703736062a1c8e1909d10b5584f47f11 - Ok\Registry\AutoRun:Body:3907253f7074a28243f429b2753fa8ab75b73f56 - Ok\Registry\AutoRun:Body:724c73acb5fcd0f6e5494012f1bed5f37f2074ed - Ok\Registry\AutoRun:Body:cf974b472059e29875a27393b994d4eb54b06eab - Ok\Registry\AutoRun:Body:19e7cd00da9e9482a25854192ea2c7305ecbecc8 - Ok\Registry\AutoRun:Body:f4d4ddb4d99753a04c48eae9c2c9f4737d56dd60 - Ok\Registry\AutoRun:Body:825134902a3e8a671f2ec384b6bd455ee5e31018 - Ok\Registry\AutoRun:Body:98e09346e140286a278b9ca03aa6d976bf6d1186 - Ok\Registry\AutoRun:Body:60bfc2eb3948808c1f915ee56fdd400d4d406479 - Ok\Registry\AutoRun:Body:4a5f943e4f29db25843e91948dc94318c618a344 - Ok\Registry\AutoRun:Body:a1d2b4961450ad14656febf04b4ffe6851452360 - Ok\Registry\AutoRun:Body:4be1d384c8f452acfb9d1cb885ad9d90b1c8b3e1 - Ok\Registry\AutoRun:Body:90c0f66d6e163973677038f6b844e4a700848037 - Ok\Registry\AutoRun:Body:122508747e2eb987ada71a871b4db5cc125a1fb9 - Ok\Registry\AutoRun:Body:b523bd192045271b4e9d337bc29adfe97913a1b5 - Ok\Registry\AutoRun:Body:f9ef7cfba084dba1a1ab94ddb8a396bd9cd20c59 - Ok\Registry\AutoRun:Body:87966ef3c259b7806c2a88a436438047ea6516ed - Ok\Registry\AutoRun:Body:f35d81ddc8b6f4eed1211bbef0bd56007262acd1 - Ok\Registry\AutoRun:Body:80f7510cf05fbc24443958479fbae341f1301e89 - Ok\Registry\AutoRun:Body:6a5daa1b254f2801f412d7ddb157addfbbb6ffa7 - Ok\Registry\AutoRun:Body:fa55d6a048068780de7a27e42f13dfef4475c130 - Ok\Registry\AutoRun:Body:b73d9cba9be6299494587f050bdb057dab67cf61 - Ok\Registry\AutoRun:Body:ca282b2cbd088601cf1d4f4968caa44261bc1ff3 - Ok\Registry\AutoRun:Body:5755357be506d44c8a608355ede7740316a4d154 - Ok\Registry\AutoRun:Body:60db638b9d080bf9c8bf7ff743158227df7cf146 - Ok\Registry\AutoRun:Body:9eed612ef7f3290f48c38df747abd729f858a498 - Ok\Registry\AutoRun:Body:ac2a041ec9b978a4c9143207c060d9eaeae06e9d - Ok\Registry\AutoRun:Body:648cb97b22fe44240f3afa11545d953edf9cb3e8 - Ok\Registry\AutoRun:Body:1831bd01cfafc95fe2693ca97dd845d67e84248b - Ok\Registry\AutoRun:Body:f279443c525a92520e319d87f00495becd2d7bcf - Ok\Registry\AutoRun:Body:767b0e0d3fcfbf506b4d5d28466008941067590b - Ok\Registry\AutoRun:Body:58cb41f525f37afd0b29a5d3bc9d0e1917605364 - Ok\Registry\AutoRun:Body:45f3385eb5cc0306c6de68fb5cfc3cb61f983855 - Ok\Registry\AutoRun:Body:ac5c5c3bf988043a540bc4c3ffd9ff2a2235a388 - Ok\Registry\AutoRun:Body:2210b457f3e0195684462fa844dc54bf41c0bf5e - Ok\Registry\AutoRun:Body:68bac5eefc9f63259f1bf82b8cf8ef313823e581 - Ok\Registry\AutoRun:Body:0b936ccedeb17f02c1869e3d55601498a2a832bf - Ok\Registry\AutoRun:Body:70990df584ea5e7461cf699ae55c7b6880c3af26 - Ok\Registry\AutoRun:Body:325f690f5d503999a005b8d6c151831d7347fc96 - Ok\Registry\AutoRun:Body:64ebe7aca05a4f6514d387caaa698d60eaa4500c - Ok\Registry\AutoRun:Body:6842cde7a7887cad44e3cc45d2b456ccf9326441 - Ok\Registry\AutoRun:Body:deac8bc40042131a7bfd5945fc8e91627023bc03 - Ok\Registry\AutoRun:Body:959c092cd91e75e97470ff83726a8e0b38fadfef - Ok\Registry\AutoRun:Body:cbdcb2c71138fd7506bfa7dd14a397c73bcde0f2 - Ok\Registry\AutoRun:Body:f9bbc4a3ed844223d2f6f24644a86e62bcd733ec - Ok\Registry\AutoRun:Body:9ff8fdcf86559d9875c5ca278eca30352e40281a - Ok\Registry\AutoRun:Body:f9e540122e9d0df464231346cabf4050c8923521 - Ok\Registry\AutoRun:Body:c99fce98c229cbf50f5ac2dbb349c3dede5184d6 - Ok\Registry\AutoRun:Body:e01f97ba4cdfe28ac33fad28932a7af4bbf753ce - Ok\Registry\AutoRun:Body:025d872fc4c94013af1f85636998c8ab34137715 - Ok\Registry\AutoRun:Body:8218b165b77e5bba89165156bff9a1a78938d1ff - Ok\Registry\AutoRun:Body:93f494600fac326544440bb41ddc754cc621622a - Ok\Registry\AutoRun:Body:b4db63a01baf56b9ccc36b1172e036e046c6ae2c - Ok\Registry\AutoRun:Body:da6bf66d622a1daeb14daaded058383b0e1a9432 - Ok\Registry\AutoRun:Body:4fbfe434c5e650df419e290c80e35b03e0b6316f - Ok\Registry\AutoRun:Body:2440f60b9baf97293216ff8a898fed14a12f981f - Ok\Registry\AutoRun:Body:e8acf24a793b45b82fe7ae37f361abcf7eed464c - Ok\Registry\AutoRun:Body:1da0883a0ff05c37e6038ec8d47f140075e35b57 - Ok\Registry\AutoRun:Body:66af615796283e3ff2b9b34bded8fcd66a0667a9 - Ok\Registry\AutoRun:Body:1effa94655c89145e5cea7c4c812171a4772ecbe - Ok\Registry\AutoRun:Body:88597090b414f245d4c49a64a2535db668c413fa - Ok\Registry\AutoRun:Body:326b367e5dc9e8cad0963c0d1421a9a7838dfc73 - Ok\Registry\AutoRun:Body:243c81eb87ea8e2c92ae723b71db035f01b8f40d - Ok\Registry\AutoRun:Body:e32ad9c4ece8564c911fe5a0e67bb01bc573af4f - Ok\Registry\AutoRun:Body:1169ba5ed0ff3d96ed15d386ae8d30f11e7c3236 - Ok\Registry\AutoRun:Body:f64103ff36ae30551506d0fa747c2cf271d8719f - Ok\Registry\AutoRun:Body:f050a3272661c1d2c52cc2c5755d3de68f126f4d - Ok\Registry\AutoRun:Body:db58887095b058cd02ba71a249a32521cd2d5c33 - Ok\Registry\AutoRun:Body:10a59647deb021ee0464328167d615cb56656bbf - Ok\Registry\AutoRun:Body:27d944d9b2fe9c79e34341b19e0f257a66d6e217 - Ok\Registry\AutoRun:Body:7bb9792fffc3e508e7b453f6b0fdf46ed3738db1 - Ok\Registry\AutoRun:Body:8b304374a63edc9cf89a35109ae745dfdaba6be6 - Ok\Registry\AutoRun:Body:808df982db6cffb8575a373816b7e8887bb48ea9 - Ok\Registry\AutoRun:Body:3cf783badc5d22f5a8d884babf3cabee955194f2 - Ok\Registry\AutoRun:Body:a43ebab0c65c727dbddb84ec43dd0eed47c3f1c1 - Ok\Registry\AutoRun:Body:5e6acf00efdda67910b0b50c5d3837648c9ab39e - Ok\Registry\AutoRun:Body:3c25bbf98a98f16ff3e114ffabd6a0b64f5d004d - Ok\Registry\AutoRun:Body:4995c98395c0e3ce6aeaaef0e39f073ead6a77bc - Ok\Registry\AutoRun:Body:6bde467ecb18a61e045433505cfe42c1c4ec0340 - Ok\Registry\AutoRun:Body:a16202cd9c2d53f847cc38b7ef1aec9f461f67d9 - Ok\Registry\AutoRun:Body:f6eae13fc0b837e596e98f182e5498db06ee7fad - Ok\Registry\AutoRun:Body:bdaf8f9a570f00ceb43c6e2dae9c1e403aacc487 - Ok\Registry\AutoRun:Body:3aae46846338345215ed4224e52102c3535f033b - Ok\Registry\AutoRun:Body:63a848a3408417d0498ebe3d1854fc82a19de59d - Ok\Registry\AutoRun:Body:4c374f838da36982feb361942454771b17cc972a - Ok\Registry\AutoRun:Body:0f1b32e002f3ccdbb4194b81b6e9917eb4f414f9 - Ok\Registry\AutoRun:Body:0a54b6e4f3e86aee61d694619f6458249b8443b9 - Ok\Registry\AutoRun:Body:d5d763631fef779d594d41b7fe232a1722499a0d - Ok\Registry\AutoRun:Body:8cc4daeec6fab435ca7eec68725c934b35ee9480 - Ok\Registry\AutoRun:Body:f3ba3f4cd123647850253661b3e7a47b9d1d7445 - Ok\Registry\AutoRun:Body:4ad3fc391c922afefed2b27bd83838b4eec6b64d - Ok\Registry\AutoRun:Body:282a99ae08174710b98f8d1161fd1d5b03366ecf - Ok\Registry\AutoRun:Body:f8d3d098140a328059e43575b72abb7442fbbab4 - Ok\Registry\AutoRun:Body:0e3e8655e4925ce190a98134ebec1e19da2e307a - Ok\Registry\AutoRun:Body:b227c3dfc25b8a67bd72d86799aab4a939cbb01b - Ok\Registry\AutoRun:Body:49e2a3cd83b9c513191e4c1542903d92759d624f - Ok\Registry\AutoRun:Body:39f95e8892e407d0ff4e60a09d48ac72c0db8f0b - Ok\Registry\AutoRun:Body:15818ef250783d5de167853b8e0f41f6850e9b04 - Ok\Registry\AutoRun:Body:b468bc74a7f49392ca9c943802169aa03d84364a - Ok\Registry\AutoRun:Body:f643f97ce2f3f804b4053aa59fa3734261a192de - Ok\Registry\AutoRun:Body:40d75d0ba796ef07dd38c5a3dea953104f6fadd0 - Ok\Registry\AutoRun:Body:156f8a7faa52d4e81631995e3fa25018650105eb - Ok\Registry\AutoRun:Body:ce86727c1e3276d008382c2de17f8d1c9943c83e - Ok\Registry\AutoRun:Body:e5ff3ac1f77872363d0776fa88845b6263584f8d - Ok\Registry\AutoRun:Body:adeffe464a0dc4fadf2609930703aea23d3bc547 - Ok\Registry\AutoRun:Body:3df85663b8cc63a96ff06dc4414b3963e7f2e934 - Ok\Registry\AutoRun:Body:3a06e0bcf344933b8f8ca6b92e0d5a0e50e3693c - Ok\Registry\AutoRun:Body:2f907a6d935750ccdb57fcab5bc21b1ca634c908 - Ok\Registry\AutoRun:Body:ee44f73d5b2944063826083637fec9993aadfc32 - Ok\Registry\AutoRun:Body:38d1bc21a9e7a9363ec0d9f6bb72fffb4ebed2ec - Ok\Registry\AutoRun:Body:f42b995dde3a4a831f8e8f3fba7b49bba0a5f45d - Ok\Registry\AutoRun:Body:efbbbb19c92df01f653eee16931dabc5f2986ff3 - Ok\Registry\AutoRun:Body:9930a68b9b8ba2bc254e4a7e0c9074769376ddb2 - Ok\Registry\AutoRun:Body:838257d5547ade578d3c94ad3d38dcfdc769af6c - Ok\Registry\AutoRun:Body:b1148acaba6f1b4adaf2f5eafbbbe606270490e2 - Ok\Registry\AutoRun:Body:3667b85359b8512b820b3815408172f547ae3911 - Ok\Registry\AutoRun:Body:406ca6647f2ca4622c8a9870c99fcf1809925e90 - Ok\Registry\AutoRun:Body:db2688ca0f0ac8be37cfcb5b7ccb7f7cd473080b - Ok\Registry\AutoRun:Body:9ea53bd0eb6224cc4153e32324b5405314161573 - Ok\Registry\AutoRun:Body:7a1a32f0f724bc56bb879f3522b22c5089cc21d8 - Ok\Registry\AutoRun:Body:a23cd38d0bb5213eb3a21c38f49ad91f9afc7687 - Ok\Registry\AutoRun:Body:4646212cfb7646a8ff4772be282dfb7d7afd89e5 - Ok\Registry\AutoRun:Body:73c56118c1bcc83822ca976bd0eb07273da7a7ec - Ok\Registry\AutoRun:Body:11c3548ed6573c9ca4067cad5367653f58946c59 - Ok\Registry\AutoRun:Body:fb54d455c9b2476be051bffb72d318e1aa47e171 - Ok\Registry\AutoRun:Body:839a8db039a98090dd84b10573ddd7653aaf5365 - Ok\Registry\AutoRun:Body:7525fbf67acefd740ca5c5b4fe914017dbf1fb1b - Ok\Registry\AutoRun:Body:925a22b2859a7b684afff0ffc99489490ce2ce6e - Ok\Registry\AutoRun:Body:b752de015d9cb62c1073f36f2106fa82f3003c39 - Ok\Registry\AutoRun:Body:0eee149e8c62996ac807c75d5abee13b3d1db315 - Ok\Registry\AutoRun:Body:fb213c0fe39e845255f19949395a3bbfec00aecf - Ok\Registry\AutoRun:Body:7021e06418e5eb48f370817181a65406962bd8e5 - Ok\Registry\AutoRun:Body:99b79fcc6d2e0e9f6f7dbe401c1721b36d45c5e8 - Ok\Registry\AutoRun:Body:5b7909e25fbbd8c72502a575e3fc600c7efc9f04 - Ok\Registry\AutoRun:Body:73cbcf84d43607caf10ea0c12e1c5a3ac1205377 - Ok\Registry\AutoRun:Body:9c0f61726a98a54ac01dc72226564d6af4641c79 - Ok\Registry\AutoRun:Body:af432a866f8963b845076c95c6736175a4887acc - Ok\Registry\AutoRun:Body:712e6c8e7ab341b6830bd63d9c7a04466ef69bfd - Ok\Registry\AutoRun:Body:3bbfa2099cd1ca653064c7ae347fdd903fec317d - Ok\Registry\AutoRun:Body:1ab6009b567c206a384f2b4a127432054ab6d6ac - Ok\Registry\AutoRun:Body:5fe54d459531cc1022ecc279421b14f9b18ff057 - Ok\Registry\AutoRun:Body:a16badbc5eb1ca4f894653f0af0e48cba6892119 - Ok\Registry\AutoRun:Body:4d9d167c53fd055e77fa40647578e34c2e90c093 - Ok\Registry\AutoRun:Body:aad11f519c5eddd2fc75084601ed11cca0829951 - Ok\Registry\AutoRun:Body:0ab1fefd64c621205ec779d7a2751ad5fc1f14fe - Ok\Registry\AutoRun:Body:c1e4478c278f2535f0e12cf5d6c6ce0bb22f76df - Ok\Registry\AutoRun:Body:dc624b2d660f0269ca452fc58f3fbe21c393522e - Ok\Registry\AutoRun:Body:5b5872242d871a7fa0150c1322b5dfb047e6e045 - Ok\Registry\AutoRun:Body:901d1ec3f0418f80f7d986e63c17761a7cb9426d - Ok\Registry\AutoRun:Body:75b032a50ad882d04ce2ff919b6518afe2431ef8 - Ok\Registry\AutoRun:Body:75ada295226b57650824a7744627adeaea0e227d - Ok\Registry\AutoRun:Body:e028bad744a96b488b22b93eb56b2cf9269b2fa7 - Ok\Registry\AutoRun:Body:48f621e40c42bfa5d22b3425d85d62ffca3c6d31 - Ok\Registry\AutoRun:Body:b20227ed4c1a90711471044fde7817cce82388aa - Ok\Registry\AutoRun:Body:3e716349e9bd6f9ea2c2fe2584b09bf2e28d6a07 - Ok\Registry\AutoRun:Body:69d8b2e99713b3a85ee16134d332d9f0f4ec23c3 - Ok\Registry\AutoRun:Body:eabe582addd31efc703a759e17dc74a5b999d543 - Ok\Registry\AutoRun:Body:8d4b3058966c55c67efbc52a785dfa5412c20069 - Ok\Registry\AutoRun:Body:9b37f025dc9f58b20d3830ce3162f1e62321990a - Ok\Registry\AutoRun:Body:447b343ba647752b8005db9b0999c2d2a992d339 - Ok\Registry\AutoRun:Body:fbf1dc7564c99eb93af1f0f74e2e69649f0881a1 - Ok\Registry\AutoRun:Body:c39b7b1c4b9074ee644c586cd4f627a8de746599 - Ok\Registry\AutoRun:Body:e9ddbc539b0ee8dde19d4707e27b01aaf25ef280 - Ok\Registry\AutoRun:Body:ccc339d471cc968f119ab3338615ad7b1e0e0feb - Ok\Registry\AutoRun:Body:471991c031703a4e87df3a3b0b32c648d5e22fbf - Ok\Registry\AutoRun:Body:8ef8819ecaf976afd4df6da0d77878e326b1d9cb - Ok\Registry\AutoRun:Body:36dbf64826344ac5fc492e3d1021b4e1d1af1cc0 - Ok\Registry\AutoRun:Body:d8b095780a71b1aadacb5cc123cb67df08e2da65 - Ok\Registry\AutoRun:Body:715c7b078f700414de90fc9f0748b6ca470e2611 - Ok\Registry\AutoRun:Body:6f8bdd44a7e3e0ff2f2ebc2f4ee79595f5c48220 - Ok\Registry\AutoRun:Body:dc89ba59e16dd3b80ee377bad7a46eb87d399f26 - Ok\Registry\AutoRun:Body:f3ade9972e2a3a976ddb7f15850f60e4a31f8287 - Ok\Registry\AutoRun:Body:dbfb29be27524670bc4efefb0c6c21fbc541ec46 - Ok\Registry\AutoRun:Body:39d93cfacee6ddf1107bacc82ebacb93a1171ca0 - Ok\Registry\AutoRun:Body:baccb05e58097e97049e505d23301c356e5b80de - Ok\Registry\AutoRun:Body:c3d915ce644bd36ebbced0326ed7cdb5330ba50c - Ok\Registry\AutoRun:Body:45ea7c6dd3a87071a8a3a38b8b56a5a919a45c69 - Ok\Registry\AutoRun:Body:52137da1ac3f61739cbf88d430a9a1190e6f5c33 - Ok\Registry\AutoRun:Body:c3e34f1bbf58e5775df052f3b3df106fb704a7c4 - Ok\Registry\AutoRun:Body:55112266f7a178d8e07e45cc2b9ed59605f03631 - Ok\Registry\AutoRun:Body:739fc153c56d16863478643bed9fa14325fcf6c1 - Ok\Registry\AutoRun:Body:7bc2a971ff9e349a50346bb7bdfb6330ad8b680d - Ok\Registry\AutoRun:Body:ff3faf1a3f501db269b6360c035d083e56e7e4e6 - Ok\Registry\AutoRun:Body:cc3b382c1b0d912e3fde26b54e93b691bf257e69 - Ok\Registry\AutoRun:Body:f662aab85eb5d082af2fc751a3f3b0cab182df1b - Ok\Registry\AutoRun:Body:1d417aef96b2ee02b2a2bb67c26943054d9fe46d - Ok\Registry\AutoRun:Body:394d54d3da448c4048780c1a29da9cc108a38535 - Ok\Registry\AutoRun:Body:2e8394aa1e57a98b1fcf68ab20804497abd245e0 - Ok\Registry\AutoRun:Body:4010dcf81cc903f88178d28ef7892bec0fc58d4d - Ok\Registry\AutoRun:Body:886db63488586a80567b7cd44d128e5817fd67ba - Ok\Registry\AutoRun:Body:9139fd8f12e7041f61116b7900b0b253104067fc - Ok\Registry\AutoRun:Body:c83bd7de84726af68b96675d6ae5ab996ee20423 - Ok\Registry\AutoRun:Body:2d13a0a1c841fda33924be8027440c2023cd897b - Ok\Registry\AutoRun:Body:54075e7777e31715fb9f04ce5742c0787d4881af - Ok\Registry\AutoRun:Body:511dc75b96f17a79f91d038e61544050e6c4ab65 - Ok\Registry\AutoRun:Body:c340371b886fef22e1dbd79a1deadaccab2946f6 - Ok\Registry\AutoRun:Body:920bd1544a76e2c8c993b0508b5820617ca25853 - Ok\Registry\AutoRun:Body:236bcd898453f0a017cf6ac87f9747a6597abd25 - Ok\Registry\AutoRun:Body:f9bc72bbdd0cc69abfed9e484aecd490fdbb9cd3 - Ok\Registry\AutoRun:Body:c43af7bf731d0600bc3a70de2e5c1337610630eb - Ok\Registry\AutoRun:Body:9ef5faeedf67d772ba5bf8df81761c44bc4555bb - Ok\Registry\AutoRun:Body:63b13492c58f3f5fae7d94ec944fe5436ac5f152 - Ok\Registry\AutoRun:Body:dea5f067139549bd301359e7b7828fabadd9df7b - Ok\Registry\AutoRun:Body:3ee7efe5e470091eeb7f5f02a6c55422fcb0b262 - Ok\Registry\AutoRun:Body:8113b53bd965089b180c5f91bfd146d25cf070ee - Ok\Registry\AutoRun:Body:62e39b1152d856cbf1e6a8bada81ec88f6534a5c - Ok\Registry\AutoRun:Body:952630e110add6f96c9aaaad7307195a0d931d7f - Ok\Registry\AutoRun:Body:75190639e38c8e46261d4d34aec225fd6fc216ac - Ok\Registry\AutoRun:Body:5a512e0e0c6600ad5df11a5851ca5314aa212dfe - Ok\Registry\AutoRun:Body:6302db09f6be05c97c7be06aae2a9100ad2c1b3a - Ok\Registry\AutoRun:Body:ca56469ab322daf8b9f806df0dad9289f32dd904 - Ok\Registry\AutoRun:Body:6e64e8c2d95b7ba921ecd70f3ba7bc24bef5d3c6 - Ok\Registry\AutoRun:Body:f621bbe5d7d1a531a1702b5fb72ed4544f8e4ed3 - Ok\Registry\AutoRun:Body:6eea5f1be14638a7b73e633941c34de32728b656 - Ok\Registry\AutoRun:Body:316b2bb25d5f8d0a295f1ad1eefdc159be08ced8 - Ok\Registry\AutoRun:Body:5ed6fbfbc62c70dc8aae979c4eb618697ca2bd4c - Ok\Registry\AutoRun:Body:87883ae9036ad7889e2c95642f5ad81eda62f0ee - Ok\Registry\AutoRun:Body:ff2579998b8d10ac4d0dad269a68594c53cdb4fe - Ok\Registry\AutoRun:Body:3301d4dde108dda4af8c4f96ab5dd4b5af059237 - Ok\Registry\AutoRun:Body:43f41ee67a7f4cb24cd34e4e004e8b223b27c779 - Ok\Registry\AutoRun:Body:5da6fe2b014e190b79d888a1d000eaa434753905 - Ok\Registry\AutoRun:Body:674419ee7a593b1016da0b232d9e5b1f9339e350 - Ok\Registry\AutoRun:Body:482d8e649fe0a1438cde9184d731dab3a9507414 - Ok\Registry\AutoRun:Body:4f45041b3739ffd56e7b286fc22d508e76a16edf - Ok\Registry\AutoRun:Body:228aca5ad156464b45b53212d40bc0b92596b744 - Ok\Registry\AutoRun:Body:9cfc2db83bb8057e17bab29b38bc03b294e99faf - Ok\Registry\AutoRun:Body:158b3e8e26675f8efd88353732c4efc895873ce2 - Ok\Registry\AutoRun:Body:3183d4f5d9fd975b23cdf2b1453259958416a9a5 - Ok\Registry\AutoRun:Body:e40a1e8bb6bf0f56376543622cb519719f49d714 - Ok\Registry\AutoRun:Body:20f5a22eaceccaedab2e254cd7fd89e59e4cbf6b - Ok\Registry\AutoRun:Body:9bd0ee92657e8bd092ebef52dd86cc4fcf1a88ef - Ok\Registry\AutoRun:Body:633057a579392d83e6f3b01cf4efae8f5c72b60b - Ok\Registry\AutoRun:Body:5061028e7f9bc77cf3ca183afb2799241657ec5e - Ok\Registry\AutoRun:Body:ae60665daaf40e28f688ed1405beaff2ca62256c - Ok\Registry\AutoRun:Body:b7f93b1b1afc701552127be165f23d4523ba1c97 - Ok\Registry\AutoRun:Body:0ca7b0bdcc638a83a3b1fc3310ad3d3eb1c2d559 - Ok\Registry\AutoRun:Body:2cc3554abf44b5c0e1e49de5bd6b5f4b8eb8ce77 - Ok\Registry\AutoRun:Body:f0103633ff6bf997b76f7867ab956955a0c93b0e - Ok\Registry\AutoRun:Body:3e9ddc2bc48cc1ba7086578a8d9a58ab52a73129 - Ok\Registry\AutoRun:Body:e74ed348e453f038c61ac7460ee96dc1c7dfcd6a - Ok\Registry\AutoRun:Body:c9f7c1f786a8859b7785b1e517f0220dd4f88498 - Ok\Registry\AutoRun:Body:fe7d45574cb6382fe63615e913a675a36facf206 - Ok\Registry\AutoRun:Body:25c50fef900fc5e1232202e7d875de3e0cb118f6 - Ok\Registry\AutoRun:Body:732cecb7f694182c37ff06a45b938493c6fe5b20 - Ok\Registry\AutoRun:Body:312d1f2936930c35a8e25348ba4a465f17a06f3b - Ok\Registry\AutoRun:Body:4c8d02b1c4562e85b6272dced175ccdafeb4adb8 - Ok\Registry\AutoRun:Body:444729bb39c2cf2f325d8a581448fdde700db98f - Ok\Registry\AutoRun:Body:a3bf015a3ef58b5cda58c8a27f101e1d058e7b9f - Ok\Registry\AutoRun:Body:d69068b8fdad53616b4bbdb400402f62e58e3385 - Ok\Registry\AutoRun:Body:5bb02e7134de16a9629912ccf144b87b28fb444d - Ok\Registry\AutoRun:Body:f3de751f6e176994cedd6983c013d7cac8f58ace - Ok\Registry\AutoRun:Body:0b2927e5f59c901a9344c16b6eebb89ef416e39b - Ok\Registry\AutoRun:Body:0ab97f8fe6f6561b3f1dafde9b65db89e3ccf0fb - Ok\Registry\AutoRun:Body:d914b123f6c6289708afa7fbf0d4e2a2b2fe2d9b - Ok\Registry\AutoRun:Body:e2193ba9263c8736157cc8e12d8fd6b64e41aef8 - Ok\Registry\AutoRun:Body:9bf2715c7e21a35a0e34f3732b3e30d91d9a5365 - Ok\Registry\AutoRun:Body:0ec4d1a1219bca8fecf1988c6795874fd4a52549 - Ok\Registry\AutoRun:Body:d26fc2a5bd5da6e917d5d93687951b629fd45742 - Ok\Registry\AutoRun:Body:1711f7186847c66f8382b8936f1e6ba19bfd1b4a - Ok\Registry\AutoRun:Body:381c8e10a857ea6ff5576f8c09b303a9cd57cfaa - Ok\Registry\AutoRun:Body:191bc87def7ce0ede6f0061df7c68f549a355375 - Ok\Registry\AutoRun:Body:e53877fb91d0c60d9e9e18d64182491b54588d13 - Ok\Registry\AutoRun:Body:9ef7d440e970ec866032534e0d3b503b49c49c44 - Ok\Registry\AutoRun:Body:4fb82e9884c843c406e25ab6230f03252739d768 - Ok\Registry\AutoRun:Body:a08ec8779c1947e8fb62f91410e3bba61276d92b - Ok\Registry\AutoRun:Body:5515e6e65e58a22ddf7a9a42a3ed66a994cb0415 - Ok\Registry\AutoRun:Body:b278e42c503fbb389c08e98f5c875972386971ba - Ok\Registry\AutoRun:Body:f8ca31d413504f414bf247a954ef8da7abffb3d1 - Ok\Registry\AutoRun:Body:a784cdf424bf80882f99150cc078f1ddb6cfce0c - Ok\Registry\AutoRun:Body:89394cdc68c2eda4f7732c85d7fbe4666daa686c - Ok\Registry\AutoRun:Body:352c3cc69572714f18c5799035c8a93a761273a7 - Ok\Registry\AutoRun:Body:ff98e0e939a5dc797184619177aad3601ddf10ca - Ok\Registry\AutoRun:Body:363ac5e4b25e66493ae7b70282127e62a33a4e1a - Ok\Registry\AutoRun:Body:23205ad14d39bd99dd8dceebe807a0a52aeae5c6 - Ok\Registry\AutoRun:Body:80ed6cb59b2f1cc8d3b2e0764554ef121445ad00 - Ok\Registry\AutoRun:Body:05ee01c1601961694b2f28dc7d72ea5ad2f6ebd7 - Ok\Registry\AutoRun:Body:e491271940e4834f11eb2e63f2001ea955f5a8b4 - Ok\Registry\AutoRun:Body:95db0b643a285e82177e4349cda47cb37c96f891 - Ok\Registry\AutoRun:Body:ff16c1192ff04eeca1bbe21bc4977bc61880746a - Ok\Registry\AutoRun:Body:46b968fa36d7eb47d26aeb1f49bc7f800fc21d84 - Ok\Registry\AutoRun:Body:b265ce994b5ecdf576eb4d17a887acd5aaf18e55 - Ok\Registry\AutoRun:Body:2df0451ee2d7a8181250c8a81e7707b2762e718b - Ok\Registry\AutoRun:Body:56861f0074ba11b3a8df56f05936eff477e81e9d - Ok\Registry\AutoRun:Body:ed2c2afa5abc2b5f38d5165f479166f75806be2f - Ok\Registry\AutoRun:Body:72c93d6f5b18ef999aab7a6970490101d74389d8 - Ok\Registry\AutoRun:Body:2fa444f8717c5fbd33c76635557d4f7cf646848b - Ok\Registry\AutoRun:Body:cef8baa9e09d20d2dfa8f645b8a0dde3aaa7eb05 - Ok\Registry\AutoRun:Body:aa37663cc7182b4c4a7d8e5f3e7de60006cd821a - Ok\Registry\AutoRun:Body:2ecd413d6a9ef4e0b02b289e2529d27af8c57e1f - Ok\Registry\AutoRun:Body:348439d38f02450972cfac0a6d2ce1aa36a16c85 - Ok\Registry\AutoRun:Body:683ce7e29be1103bee0a69cad78cfd892bce476f - Ok\Registry\AutoRun:Body:06a6b94fd2c82ec1a83b62b3511b532b2d4ff6f8 - Ok\Registry\AutoRun:Body:e6f0b071a9938e6d79d0ef607b8080386e4be928 - Ok\Registry\AutoRun:Body:2b4ddbd3d066b581c9e17cf2316c6ae62512e71d - Ok\Registry\AutoRun:Body:30a2684d74bee310196fee19a6de4ca7b62b29f2 - Ok\Registry\AutoRun:Body:768096c5c9bb1b71be03712586ba40bb64c78e82 - Ok\Registry\AutoRun:Body:86ec2963db180b6b3a1520fe8e780c9fc6d9fd12 - Ok\Registry\AutoRun:Body:d0ace69f9f1fdd2ee700318d0f329f179b089a4d - Ok\Registry\AutoRun:Body:5a67554977ee6a26cdfb38a01f2a645aba5fcfdf - Ok\Registry\AutoRun:Body:c1debb8eb0d82af88e62eb73549483a1b53253aa - Ok\Registry\AutoRun:Body:a759bb0d86785da2e70449e8b09af76a8a069688 - Ok\Registry\AutoRun:Body:92c73107e9ee2d950ff39b4f14209f9ef07168e9 - Ok\Registry\AutoRun:Body:6e85fe0957c234dccb9cecb53c0d8197342e8ef0 - Ok\Registry\AutoRun:Body:799d90ecea7266b8f5dc3b2b6556f29047e16256 - Ok\Registry\AutoRun:Body:8be27a056e6e35381b8c7a2f7189372cc2c87a6a - Ok\Registry\AutoRun:Body:0ca6775022909967a4b507626a31c36041d06d0e - Ok\Registry\AutoRun:Body:3d74aeee43133f89f0f106f97170b5476dd8c1ba - Ok\Registry\AutoRun:Body:efb3a9b49fabb047cf5a299a7b29192780367a5d - Ok\Registry\AutoRun:Body:1692c164923d5f0cd4369ed8de0480f29164d5f7 - Ok\Registry\AutoRun:Body:413bc2ef7494414c21a49684853503fda3fc7183 - Ok\Registry\AutoRun:Body:4f93a3c67dc4f29f34dd81d4e1a5464200e7712d - Ok\Registry\AutoRun:Body:dc0e020b8012199b92782ed862d6bc75333bcc1e - Ok\Registry\AutoRun:Body:99b23fdc0c3f039f51668a1c661c33392d42b7f4 - Ok\Registry\AutoRun:Body:68c045df63aa1b62632234f852542d590f6066f0 - Ok\Registry\AutoRun:Body:a804f5f79187c19916a3b4650f48fdc0d41ef642 - Ok\Registry\AutoRun:Body:8e72bd3dfdca96ea30d456e412adb76e4076a431 - Ok\Registry\AutoRun:Body:514d88628c28526284287eb52cfef1cd7516400c - Ok\Registry\AutoRun:Body:e466e9499f49f0484ba3273ff97d9818055fd927 - Ok\Registry\AutoRun:Body:db29ee58d6a3f47730998d0216c10d0eaa581cd9 - Ok\Registry\AutoRun:Body:9e608db851f3482a2252cb8844948e1542194ecd - Ok\Registry\AutoRun:Body:75d2fa78408b4ac501bf4d8aa4fefa90bd1903fd - Ok\Registry\AutoRun:Body:08bc6805f848d47f432791018cbe51f364b15df5 - Ok\Registry\AutoRun:Body:29aaad85e0527dbb524f120b8d2032cb1530f991 - Ok\Registry\AutoRun:Body:d31d2d23787dc9a6a18bd441c1963b7d643e1d63 - Ok\Registry\AutoRun:Body:79e336342124ba279591d4de4057daf26f9d9ead - Ok\Registry\AutoRun:Body:44d9d46c488dffe81413e47780f1b2854e376a93 - Ok\Registry\AutoRun:Body:11ea36731929b604be6bfefade5a039d95addcc5 - Ok\Registry\AutoRun:Body:74087b220a767c2205c54bd6416e1dfd8eb3dc89 - Ok\Registry\AutoRun:Body:2878eacb5db980d0b3c707fb32a1f363dbdff1c9 - Ok\Registry\AutoRun:Body:a14d7cf83632cc0e91fbccc533f7c5363dd98839 - Ok\Registry\AutoRun:Body:5cfdd84a443b7e9ebde586c6025624475c2b626c - Ok\Registry\AutoRun:Body:0d4583a284ad353de6b2e229d52e63682faf0ee0 - Ok\Registry\AutoRun:Body:b3f94cae9e352248c2fba631260f3bf58f51aaf9 - Ok\Registry\AutoRun:Body:20e0d8d7bae08667bf8bb6a2bb9b347bdf4efa93 - Ok\Registry\AutoRun:Body:82349d21b4aa93adbf691cc2bab10074ba3e3fc0 - Ok\Registry\AutoRun:Body:bf3b83c5a2c215eaf54a9516fafa51120dfc0ce9 - Ok\Registry\AutoRun:Body:41a6e1c966b47526df3fb54e51533da06ae5eb72 - Ok\Registry\AutoRun:Body:a02513a3596830b36502d237e4062a29a9e7f373 - Ok\Registry\AutoRun:Body:75fe3139d81713740efd54366775654cfd1a1ed3 - Ok\Registry\AutoRun:Body:a3681348f7695a9b54d9d627843335e1a8021448 - Ok\Registry\AutoRun:Body:faecb2627496b3e2f0097042e796bb7bf196e3c7 - Ok\Registry\AutoRun:Body:d2d77c1cd527fea59c090a194a8157be6b890c28 - Ok\Registry\AutoRun:Body:8e9c98f3306420eaf143b3f89127e32dde4ca272 - Ok\Registry\AutoRun:Body:fc27f02e941f5ec8580a84f1230c585e79375bb9 - Ok\Registry\AutoRun:Body:dfc2c025f1ff5ebee6fb8c9cddde3169c812b3eb - Ok\Registry\AutoRun:Body:d1244612730a38a7345e15256e6caea0e025aaa3 - Ok\Registry\AutoRun:Body:a81bc40cd77d36c5ba810cdcd6ef384e1bb4a3b4 - Ok\Registry\AutoRun:Body:3720c077e68d31fe22660d64aa963261d9f97cfd - Ok\Registry\AutoRun:Body:b6ef98b70c4ed4e6d557a20a079571c30fb4a3d5 - Ok\Registry\AutoRun:Body:d776307515a9cb8a03ffcf808c4379d63171cccf - Ok\Registry\AutoRun:Body:c09cf00930ca87607b523d2fb36cee1d3ab294d4 - Ok\Registry\AutoRun:Body:c18f0c935d398b455d93469d35b2c952011df292 - Ok\Registry\AutoRun:Body:8b4f741e1ef70fb1c62c971bc85a9379820d6bde - Ok\Registry\AutoRun:Body:a40f5eb8fa4ef45517a3cde1d0fce0249416ae4b - Ok\Registry\AutoRun:Body:2377cdc365869a4e46475d9fe4cbb2ac43f0031e - Ok\Registry\AutoRun:Body:12928a4d28acc37c975c0486553f9c64c7e70a1b - Ok\Registry\AutoRun:Body:d7bfb0373846de5395785acc1c61de1f688f7eec - Ok\Registry\AutoRun:Body:4227343abc1bb651398259478c9a2955735f4974 - Ok\Registry\AutoRun:Body:b50050fca436673dd4926910c926ece1e9dfb15a - Ok\Registry\AutoRun:Body:630efc7dad70a60ee5c0f444da2e3799731540d9 - Ok\Registry\AutoRun:Body:b5097786e5d8fb419059ecff60dd242d7da2a96d - Ok\Registry\AutoRun:Body:c4436432e735fede8aba19882018348261649647 - Ok\Registry\AutoRun:Body:b7234e96eb1e8c7e773fcdf385e9e7e2f192070b - Ok\Registry\AutoRun:Body:13eebc89a4375ac82a3f1e5d149290b76baac02a - Ok\Registry\AutoRun:Body:b7750f943a261e10e8585ca349a187ee8da47bfb - Ok\Registry\AutoRun:Body:00fbc08bbd25c2adfca3f98ec04334947c39b685 - Ok\Registry\AutoRun:Body:d632b03c2641761974f111308e7276fb99379cdd - Ok\Registry\AutoRun:Body:f74ec15f3889e4e9b85172f12e9b9de85a738652 - Ok\Registry\AutoRun:Body:719ead022cea120e8d1ff60893b11bff435832b9 - Ok\Registry\AutoRun:Body:dae69516fbce3e4bb8b0d6281bdb0598b8e21b3b - Ok\Registry\AutoRun:Body:62299474bae9c45ce80e8f36d33939c70bdf1c26 - Ok\Registry\AutoRun:Body:2f0bff55a77fffbbef63b93d469f2ac412e9bc47 - Ok\Registry\AutoRun:Body:74ba34fe0eed86b5ceebf04d1f05d7e290abf29a - Ok\Registry\AutoRun:Body:c57a099e45b41515d71c490ad09484560b5df454 - Ok\Registry\AutoRun:Body:210ded6c86d0612821516d3256894c5b0ee45a5a - Ok\Registry\AutoRun:Body:010f708395e67c4bf7330ac68ff5acadce95e39d - Ok\Registry\AutoRun:Body:24a3f446e59151a24dbe1201897fafc9c43c98c1 - Ok\Registry\AutoRun:Body:7e34f9a2fb6042c2407db273305ca9d21aa553bc - Ok\Registry\AutoRun:Body:596a3495cd32b1c7b93560e74ec1b6e6abf72d04 - Ok\Registry\AutoRun:Body:ceb73f33f08275cbf33d88f7b880b49ca84b9e40 - Ok\Registry\AutoRun:Body:c5699b5e706e274be975be23c8e5fcdfed95494f - Ok\Registry\AutoRun:Body:71f3d6e6be0218f3b5bf61d1cb9032b7199ff7e1 - Ok\Registry\AutoRun:Body:f9b45249aae406671a8e173b6732a258684c0e62 - Ok\Registry\AutoRun:Body:31f9099a1162b3e54015c07d34acc6790ff6c60d - Ok\Registry\AutoRun:Body:ac7319193b66bce506bc961871a186ca1dc42ce9 - Ok\Registry\AutoRun:Body:e4371c91c9a757cb0e7613745772e2d835be7d42 - Ok\Registry\AutoRun:Body:0b55e11aaec6b505448b0edda8905ae2a1774f04 - Ok\Registry\AutoRun:Body:ece7db11d892572bca43ff991654f5721e81af62 - Ok\Registry\AutoRun:Body:27874a25b5fdd5e7bc573fdcb619e7ced13102fb - Ok\Registry\AutoRun:Body:d42ac212e892a45641c5abf17e0b409ce0a3257e - Ok\Registry\AutoRun:Body:134baea8a523e932882c647847a8b4cf4c81ec3c - Ok\Registry\AutoRun:Body:1f3cb58bc49d29a33802e09d7724808ee0060511 - Ok\Registry\AutoRun:Body:2fcf3b63629b0693867e93bf424ebd4fb3b20dd0 - Ok\Registry\AutoRun:Body:20368bceb1d58d8e01856f6050d34f50697fc3b2 - Ok\Registry\AutoRun:Body:0f142fefa4ce5b9ab5cfb95f7fbfcd2c37914dd3 - Ok\Registry\AutoRun:Body:847b132e8fb2ffa621cbc9509d8e2afdf38e8b2e - Ok\Registry\AutoRun:Body:45baa3a04943bbe1d6d46e6be002b6eecfbe75c3 - Ok\Registry\AutoRun:Body:59af32f5ed0ec61b4c0bb73f2370580358f92a54 - Ok\Registry\AutoRun:Body:50b71689273aec9720e25787a9bb0db91a8f9f59 - Ok\Registry\AutoRun:Body:1bf592a2a542f66aa4bb7d937403ab199d288398 - Ok\Registry\AutoRun:Body:e41bccb89a400634db24cb7906b3b1efee50118f - Ok\Registry\AutoRun:Body:22931ac0ce4b3d5af672b5102306f8572f2a4bdb - Ok\Registry\AutoRun:Body:7b3a54d392b60bb3d1daa7a3578b73f4457066b6 - Ok\Registry\AutoRun:Body:ca2a4a7c5d74cae702d86f972a07675d0d1fd2ae - Ok\Registry\AutoRun:Body:6efdd50796397c3907df7ba9f36744235e7f1fed - Ok\Registry\AutoRun:Body:ed290af3a91b6bfe5d4cb9c53115afdb6d6204d9 - Ok\Registry\AutoRun:Body:acce905fdee8ed152b4a25ace1b18df9ae57af57 - Ok\Registry\AutoRun:Body:486abe3ea10072404380087a601b7958b6753eab - Ok\Registry\AutoRun:Body:ccd34beb17b5e8caf7a503573071a0f5867a3e75 - Ok\Registry\AutoRun:Body:efedf87cc4d1799ebd3c7c0b43441899894e7647 - Ok\Registry\AutoRun:Body:a54cfb4e3a6b8d99b2caf2c14715bdf04812e6d7 - Ok\Registry\AutoRun:Body:f6028b433195e20726ae56b4637eb5c1eb10c6c7 - Ok\Registry\AutoRun:Body:0188f26c36fd11fc2982df42815b97ad49f25d94 - Ok\Registry\AutoRun:Body:34753754da358c36205114c32ee8c5d43dcee029 - Ok\Registry\AutoRun:Body:4a59b01be482cf8349f4dc0f96407cfd1e74823e - Ok\Registry\AutoRun:Body:8270d53322ffe387cdfdb808e31160f7d163001b - Ok\Registry\AutoRun:Body:6ca2f255f0bbaa6578f97359e7fcc55400b2ce14 - Ok\Registry\AutoRun:Body:5df73259e007ccda119da22739e2c6f15433e64f - Ok\Registry\AutoRun:Body:c95025c354095f3b08be3051a38fd1db70623444 - Ok\Registry\AutoRun:Body:85d3f5deb8f2ab19853e2321a3b7f6f9a9430f4c - Ok\Registry\AutoRun:Body:900c1b9df3bcac116509f5e2a62de765e4af74fc - Ok\Registry\AutoRun:Body:9ecc26962ceeefaa2781f361492d5dbf7eeebfbe - Ok\Registry\AutoRun:Body:80d87a19a86b8e40991ffecbf763e3fd3e9b493b - Ok\Registry\AutoRun:Body:ca44190f4b17628eed964a9b844b58d31c8451a5 - Ok\Registry\AutoRun:Body:e0b6fc2834449cea1fc8e1b9bc4dcccf9d3b36e8 - Ok\Registry\AutoRun:Body:f8d728ab8fb2f489cc5c323ac54afdce388330f7 - Ok\Registry\AutoRun:Body:d09d3f4dc12506e97c970a7d13b66244dab81b59 - Ok\Registry\AutoRun:Body:d6453bc749f3fa155e03485448a1341f3e49d603 - Ok\Registry\AutoRun:Body:6a066c20b205dee62ac7b030b540173a42202ac7 - Ok\Registry\AutoRun:Body:00ebb2cb0d381cab6352eb2e7abdff0b4db83671 - Ok\Registry\AutoRun:Body:f0d20af76da44ae05828783bd81de81afbf6a8eb - Ok\Registry\AutoRun:Body:9be111dd87e6cfc2a92d8463cbf247c3644c81f9 - Ok\Registry\AutoRun:Body:538296df95856334a65940dd54287228f3bdcbb3 - Ok\Registry\AutoRun:Body:bae04fb6dd3b62f58244b67f5e5e4e11715e040d - Ok\Registry\AutoRun:Body:ea463c9317349cf572db12c3a20041653f46bb44 - Ok\Registry\AutoRun:Body:b7db87dfd492b1d04f429ff15d5e3808d4bb1148 - Ok\Registry\AutoRun:Body:09fac2c2a2b5a9ef3053f58e0a8cca6497839b68 - Ok\Registry\AutoRun:Body:5c18c0b56a8b37ace3bcaccfc4134f844ae8ca73 - Ok\Registry\AutoRun:Body:10e018d2eac5bcb1f3668989dd08dbf084aca441 - Ok\Registry\AutoRun:Body:24e63e98bcfbb14ec1327316a49031e528f86ef6 - Ok\Registry\AutoRun:Body:732e6320b17b802c63ace16bdba15955d47caa06 - Ok\Registry\AutoRun:Body:484b82970faa6deb60ced9ed87807f3e2d04dab5 - Ok\Registry\AutoRun:Body:d2e136f067ce57fbac555aca5b2b5cb39fd3be29 - Ok\Registry\AutoRun:Body:f07eea442fd83dd8fc28e8f019a0c1ccfccdfec4 - Ok\Registry\AutoRun:Body:44b33d0b9af18773079a31d26cd01200f5fabdd3 - Ok\Registry\AutoRun:Body:5f94f5f18ff9d8f4703f4e4fe9d2685095687944 - Ok\Registry\AutoRun:Body:8b6631a143cdc63fa3d8be229968018a17778ab0 - Ok\Registry\AutoRun:Body:aa3a9c2f5567470b91001bbb7ed6377784ee74dd - Ok\Registry\AutoRun:Body:d0e8373a1faaf50bb2b6a462008c88c9322f87b6 - Ok\Registry\AutoRun:Body:198a9b25c71a9ed41fc3ba777b8fa19f1b6510d4 - Ok\Registry\AutoRun:Body:8d4b47745c913d282c57548cf83c17077d9a9fac - Ok\Registry\AutoRun:Body:7a36ad2a806a0a490f660298fba4de72f0d106f7 - Ok\Registry\AutoRun:Body:d9c8e7b95fa2e9d3546f3bd2cd3b5b3e081899d2 - Ok\Registry\AutoRun:Body:96fb70ce1dce348337aa2e390d7d0ebd6e915e46 - Ok\Registry\AutoRun:Body:3ecadabd294e0e61c12d5aafb2c14d191ac72d3f - Ok\Registry\AutoRun:Body:2d89048dc4e497f08a0bd5e1b532468b39116d87 - Ok\Registry\AutoRun:Body:e523f7cb9db9ee8c9640e78d8c4e0f00497cfb33 - Ok\Registry\AutoRun:Body:810b24196685609459bd10dc949ee7dc4b662ffd - Ok\Registry\AutoRun:Body:bb73e242a8c5b1558605a7f424699f206d22ca49 - Ok\Registry\AutoRun:Body:0b7caee99850786c8e7af451839bf8d71af1e84e - Ok\Registry\AutoRun:Body:d44367a0ab5b1a836fbe46c6e2a85d7a1cff15c0 - Ok\Registry\AutoRun:Body:696c2425860bffc3e98339e8f56303c7c369e061 - Ok\Registry\AutoRun:Body:655cbf910123a26bb868b7cc43f74ed345c37043 - Ok\Registry\AutoRun:Body:ac681107810115e673c0f8ead2db2c1189ba02fa - Ok\Registry\AutoRun:Body:2392fe6cd1737a911b556c0699aee480009e821e - Ok\Registry\AutoRun:Body:3850af50f158ac277d02f4f65d43e5b08bd67c60 - Ok\Registry\AutoRun:Body:7b681ea43ff1b7c93dc6177d8f142b46143a72f6 - Ok\Registry\AutoRun:Body:45c035dac8e879324befdbd0ad84ba5513863284 - Ok\Registry\AutoRun:Body:bc9eea3f4e11273246ec49e1a16f2c2632f2bf34 - Ok\Registry\AutoRun:Body:4fed1fe1585700430862736cf3cd95e6faa6546d - Ok\Registry\AutoRun:Body:29754bb3bbfc717330e15462b18a655c2f242e9e - Ok\Registry\AutoRun:Body:d0ac7f206b8a6ea39bdf8f2baca5eefd2cdafc6b - Ok\Registry\AutoRun:Body:6d5892fad1f43fb694ea2922b52341574ffabff9 - Ok\Registry\AutoRun:Body:696899c1f2eed0c71309860ec4d807cc2e10f75b - Ok\Registry\AutoRun:Body:a31e1b65b85dc109d6f5ac20c1d379518734dc02 - Ok\Registry\AutoRun:Body:f13bbe7548ccc82da8cae22699002df0271ae1b0 - Ok\Registry\AutoRun:Body:d76d0bbae40d80490d52c410ffb89ac8c1972b77 - Ok\Registry\AutoRun:Body:ab76ac6ea657f14d9d9a04fa62a618378d6b5fa8 - Ok\Registry\AutoRun:Body:e1bfdb312159e276ba41eaa051053a3b6de688bc - Ok\Registry\AutoRun:Body:af2045995eb1bfc9f0e7e46cb8d5aef839ce1372 - Ok\Registry\AutoRun:Body:e8368fbda5caa195e5c3dde1c5b75256236eab68 - Ok\Registry\AutoRun:Body:dc2af5709095dd6df1b525fcbc2544394528726c - Ok\Registry\AutoRun:Body:54a98edf2f9ba766f8ffcd71692bf194c65be462 - Ok\Registry\AutoRun:Body:6bf148a5507e07bf75590d68f3fbadaf8ad955dc - Ok\Registry\AutoRun:Body:5c68f90b916f3d59807112a29fdeca5aefdb4c31 - Ok\Registry\AutoRun:Body:bec3f01c18d636fb68111f29281dac9fb8eb3855 - Ok\Registry\AutoRun:Body:6ec524ad4f508f43184725601c666ed7431ae7bf - Ok\Registry\AutoRun:Body:314e4000552d4aa4f549567fa19adb6ef01dba0d - Ok\Registry\AutoRun:Body:100aadb847228ce66f3c4dd1b0a1d5c7ea28df9f - Ok\Registry\AutoRun:Body:4cfa4e925be0e3635bb419dab74bd8774908b1ac - Ok\Registry\AutoRun:Body:6cef633fdcc71f6ba84d50d906fb4e75eb2dbfd6 - Ok\Registry\AutoRun:Body:813e50e4ea382261be642ecc9ad3e0d504beb6a1 - Ok\Registry\AutoRun:Body:fdd164f7f7c9fb2f0426de4d7ea36d721b10a017 - Ok\Registry\AutoRun:Body:e8a10d7becaf0d69096383fd8ad6f399d92bbc54 - Ok\Registry\AutoRun:Body:30e93da97e50c975c6d9ec4420132f5efa536cfb - Ok\Registry\AutoRun:Body:02ff56c30692830d5578ca4462671c93fc2a7dc6 - Ok\Registry\AutoRun:Body:93ca0567be4d31613fa1f8fa85029d2ff5a50824 - Ok\Registry\AutoRun:Body:8399337e45e171906c3f80ca691f245e9240228f - Ok\Registry\AutoRun:Body:ad1657c1c0c7d9de80ffc48b066090a365941e93 - Ok\Registry\AutoRun:Body:d48072079f1c69306e84def9cf0f4a6895652d80 - Ok\Registry\AutoRun:Body:6a70b6174624ecb4f2ab4f35117a54f2dc8703c6 - Ok\Registry\AutoRun:Body:cc07b82ecfd57b97b7d566658ce2572666d4337a - Ok\Registry\AutoRun:Body:563e47aed999386c33e097e8f390b659f0d52421 - Ok\Registry\AutoRun:Body:f194d3e26386a5b5ac4ba3c2c822f26ae240b868 - Ok\Registry\AutoRun:Body:40c0425801543139ee6ed077e4a811264b92ff8c - Ok\Registry\AutoRun:Body:6ef9042966ae341bf36bce62c52dc5b2cca71fb7 - Ok\Registry\AutoRun:Body:c1fa830312299fc86a61115933e0dafe468815b9 - Ok\Registry\AutoRun:Body:5658f0d2990cf42ae2bddc4379ba4bfeef02273b - Ok\Registry\AutoRun:Body:92a8185e8d22f537eb1b100f7b5077271d0f77ab - Ok\Registry\AutoRun:Body:83b82c92849b221267cddb8b8829f5bc28605403 - Ok\Registry\AutoRun:Body:35b8b31b906f9bdb534f3c6777e59732ea469690 - Ok\Registry\AutoRun:Body:160e61bf39460a6b4c0f4ee2bd555456a7776a41 - Ok\Registry\AutoRun:Body:0c5ec517e927473817b1358f139d13cb4af67acc - Ok\Registry\AutoRun:Body:b2b73edf404c0747b6ed23a8aa3966a6c5dd121f - Ok\Registry\AutoRun:Body:e15eb88cc9a06339c8d9d3d54247ccedab41d0d8 - Ok\Registry\AutoRun:Body:45a83b83467f9240a6dbfacbdbe327fc919f2bd5 - Ok\Registry\AutoRun:Body:2115bc9e585d26ed729f33c9a21cac58b2758c92 - Ok\Registry\AutoRun:Body:1dcc7786ea3f249686b91e4fd824346b38eb05ec - Ok\Registry\AutoRun:Body:a6b522cd216ec8f35f1eecc9550eeb8ca5ea935e - Ok\Registry\AutoRun:Body:9c64d9e5920f934c189d48ca740885ac2daa3542 - Ok\Registry\AutoRun:Body:6d1077ba17cd0a74bbe6b6e082a5f7d7406daa9e - Ok\Registry\AutoRun:Body:d5d01bec9847a0c0147c9104bd44c58d85717b5c - Ok\Registry\AutoRun:Body:2c227b2233988525ddfb8ee11738aec583f18b2b - Ok\Registry\AutoRun:Body:e03b7348883ef7192a620df6a96f07385ec60855 - Ok\Registry\AutoRun:Body:1813704a6c0928e46b2f3438fc347ba40e9fc7c4 - Ok\Registry\AutoRun:Body:bc8c8b7ef8c1da78e0c4a805e28ac28579977505 - Ok\Registry\AutoRun:Body:378afffa6c81fc35bf31dbaceb02d891e5035b40 - Ok\Registry\AutoRun:Body:eae38907444cc3e1bb68c3a7035a804d5dbc26cf - Ok\Registry\AutoRun:Body:e81a8bf3ff5e3a4c192ee9dea56a80a08c47132a - Ok\Registry\AutoRun:Body:722f4dac2fb8ec2a571aaf65991eae04611687e4 - Ok\Registry\AutoRun:Body:6f13826325924e825e6e170ce71381d0631782f0 - Ok\Registry\AutoRun:Body:62eae07f0ad5a99bf068c030004ae797dfdb6102 - Ok\Registry\AutoRun:Body:2aba27f513c80595311dda48bfe6da1eebc1f428 - Ok\Registry\AutoRun:Body:508584c0f1989181ca4dfa32448a81b8b7cdabbe - Ok\Registry\AutoRun:Body:22d5093567bb5984a0996fa013242c8743ce34da - Ok\Registry\AutoRun:Body:4ec5b3f3d7378b0b42bf8358e05cd32a72b4e000 - Ok\Registry\AutoRun:Body:d5a8896d5562ca98f0dc74b6ce038c44e382f3be - Ok\Registry\AutoRun:Body:75e38778940d30eba8406a36746733b79da125ff - Ok\Registry\AutoRun:Body:e4b4eb6cc4c0382dabe70a6128cc345a0062d10b - Ok\Registry\AutoRun:Body:1e6b563fd13c0bc192700b0564f96f1fed1c1aa4 - Ok\Registry\AutoRun:Body:a086c49751169abdd418443c49e7847560545a2f - Ok\Registry\AutoRun:Body:0c1ae9dbc5dd1c654110b90bcfb3faf95fcd6fae - Ok\Registry\AutoRun:Body:548f859de86b10451e11df8712de22c4dff43ccd - Ok\Registry\AutoRun:Body:3128b645f2e7cffa0c01c0b506065a3203143414 - Ok\Registry\AutoRun:Body:4fd2a7be7177e81c5958ae01d2438d190c8db437 - Ok\Registry\AutoRun:Body:341b1f2c98bb6ec5aaa348ba870565d04488dd19 - Ok\Registry\AutoRun:Body:b872da6d0bb32a6a5ea6d4ef7b53062c024a8e65 - Ok\Registry\AutoRun:Body:423e6901522b16df52e3f374936159a588f070da - Ok\Registry\AutoRun:Body:1fe9312b6f2e547249832c4c55120e10a59e0f0e - Ok\Registry\AutoRun:Body:2f42ff5f12807ccef8b36e30a183e51424d1344c - Ok\Registry\AutoRun:Body:9a8c0dbf22bf1577c327d75c6b29749239372bad - Ok\Registry\AutoRun:Body:bf3b974e67399aee23df03c8f3c21ccf52e182fd - Ok\Registry\AutoRun:Body:9b17643285599c3f233013d14f3658974b7abcb6 - Ok\Registry\AutoRun:Body:eca700d0b32ff9acb2b06f4ab60d60b3b951cc6f - Ok\Registry\AutoRun:Body:8461562ea042aa78901d4382d1ae823c6ff2f7ab - Ok\Registry\AutoRun:Body:e9609002c1e71138b44e30925fd7337d41e692ae - Ok\Registry\AutoRun:Body:8ad3207c80958e998f7ec6fc54a1e3325f30641e - Ok\Registry\AutoRun:Body:4321563842430743477b3d298defcca8fe7c014c - Ok\Registry\AutoRun:Body:2458efc4456c414d55aff1597ade452b41080a0b - Ok\Registry\AutoRun:Body:c4181ef7b45ade68cb8bf6d88d4720d477bc43fb - Ok\Registry\AutoRun:Body:a13635c8ce0a2d82e3731d42f32b49cdcb11fd0a - Ok\Registry\AutoRun:Body:c2bd81c805b78997e8d091d5b8ff8d4567e13611 - Ok\Registry\AutoRun:Body:af5963de04070beda9d939998707b9f23cf99a35 - Ok\Registry\AutoRun:Body:e2fae85431e99417b241f9e59ec1d1491648d375 - Ok\Registry\AutoRun:Body:66f0be639709122adc3fb56e348e5f83199d18be - Ok\Registry\AutoRun:Body:efcd84f5eddbc5c48db4ba78982809d5bd172de1 - Ok\Registry\AutoRun:Body:430067249d559bf370cfec3f9c695116854ff7e6 - Ok\Registry\AutoRun:Body:a232bfe29a48a68e3aedc810e3913a0eea1d8644 - Ok\Registry\AutoRun:Body:b1088f286c588d27cbf39f80295d69283087229a - Ok\Registry\AutoRun:Body:1fde6ae0ef129c45582acd9da4a041032a9f14e0 - Ok\Registry\AutoRun:Body:3afb0d6f30dab477019413aee9fd3bb881f63ba7 - Ok\Registry\AutoRun:Body:0d212bc255786c3c399b17a384c56fcccf17a450 - Ok\Registry\AutoRun:Body:0cdb8405fd5a80fd770294df94f45bbb3629abb8 - Ok\Registry\AutoRun:Body:937b2b8fe1014379110eb28c0852e097a9653927 - Ok\Registry\AutoRun:Body:74d7be2208e71ad003fb2fae7607f390804fe357 - Ok\Registry\AutoRun:Body:f483b071feb929a32c400e1ae6071294cad05f00 - Ok\Registry\AutoRun:Body:ceaaf2b5021369f6ba1a8ce0540ca4c41ad21004 - Ok\Registry\AutoRun:Body:4f5f4cffeaecdbc17a9c7d389e0efd0ca92a1fb3 - Ok\Registry\AutoRun:Body:a97ad65d669ee060579e316f30243a9bb664f950 - Ok\Registry\AutoRun:Body:683bbb3f50c3fafc3db4e196bae6863d18c0daf3 - Ok\Registry\AutoRun:Body:1b846b0e5391a70ff83ca0aed62f36aa5b9f291f - Ok\Registry\AutoRun:Body:16efaf799248a7059652d47dab8fdc763af19bef - Ok\Registry\AutoRun:Body:f75c84e0e78d8bae3cb7064a5705b96c660f22e2 - Ok\Registry\AutoRun:Body:f9f781d9c299ecc0eca75f27c7244afd18a32c4a - Ok\Registry\AutoRun:Body:ece67e9bc84d6d0f4085ab681137ac9054316829 - Ok\Registry\AutoRun:Body:45b109565c32abf8777897f0dbea4713c021e7fb - Ok\Registry\AutoRun:Body:c85db2e5e5fc45721c9e044a17805362b0ab9b84 - Ok\Registry\AutoRun:Body:783900bd1ab3b4b00dea0739dbbd1a31009e6391 - Ok\Registry\AutoRun:Body:ece2555f238dbe60feaca86c3069e07e260e0969 - Ok\Registry\AutoRun:Body:d7f8c7b92f8ed8ad8b8f843582b0353885eb6407 - Ok\Registry\AutoRun:Body:7818fd4f77be836b0d6a0338692aabb2810055e6 - Ok\Registry\AutoRun:Body:1e030bf15c886733a091af7f144a8d0ba29ec2db - Ok\Registry\AutoRun:Body:0a1b787bf69ce0802d3f89b945af8f50fee42980 - Ok\Registry\AutoRun:Body:005c6881e314eb8d8ac86be16d73f20b183966f4 - Ok\Registry\AutoRun:Body:aa25e66288e007f6209d18160217b1844c47a6e1 - Ok\Registry\AutoRun:Body:d83c1b0c8400deaa81ba69c9084c07332a102d50 - Ok\Registry\AutoRun:Body:3e68fe09ee2f861eafea64693b534b3ba6454054 - Ok\Registry\AutoRun:Body:dc533b61d898880b98a1fe32205b2c4c9e917770 - Ok\Registry\AutoRun:Body:5ce2f61adc02da5e82fdb37654334a37e6c98971 - Ok\Registry\AutoRun:Body:8d372021123f7e1e1bd2e3ff914a275dcf80eb46 - Ok\Registry\AutoRun:Body:0843adce4dc6d38716d03244d0418b14c7d73379 - Ok\Registry\AutoRun:Body:ab95e9a43ba386e5995ff5b2e0b3cdc373c4b060 - Ok\Registry\AutoRun:Body:b0965071edc955a219ec3bd19e9324dcd9ce8c8c - Ok\Registry\AutoRun:Body:58cab485588fcb04174a3e6f2bdb887599763edb - Ok\Registry\AutoRun:Body:6f4097d416bc9338b925e454ebf039aada3ea1cb - Ok\Registry\AutoRun:Body:913b9b173387a27b36d60d1bbf55520d27e1cbe2 - Ok\Registry\AutoRun:Body:bd47688f7470dfa05108b3a62b3aae9273bdc545 - Ok\Registry\AutoRun:Body:f975e1bf2ae5c2fca58d7673a1e48a73785cc12f - Ok\Registry\AutoRun:Body:abc49860b61773363441e58b4ee1685b4dc47a2a - Ok\Registry\AutoRun:Body:573949104669022abc6647c715f5362743b4afb0 - Ok\Registry\AutoRun:Body:abdf8f8ec28d8d384baf4255f4938b817bfd9b35 - Ok\Registry\AutoRun:Body:7b0b5bb6543faf031940b69af56b1bde26e5deb6 - Ok\Registry\AutoRun:Body:228477528436395ec6ba7f456be702f179f8b842 - Ok\Registry\AutoRun:Body:2f5cbabc3d7a3f09bb9c3e97bfe75e2703d4d863 - Ok\Registry\AutoRun:Body:1a97729f9deaf97e88e6ba74e4213026ac7bfac0 - Ok\Registry\AutoRun:Body:7bfba6b5017625c4f208742d1e33e7caaabcb299 - Ok\Registry\AutoRun:Body:706fec24cc3c40a5277ef5c77b30bbf6fb39e4a6 - Ok\Registry\AutoRun:Body:9db45a05fa8251548501be6cfe8b6b39b74d2348 - Ok\Registry\AutoRun:Body:f4b115a4a12adb354a844cf4899ad50e5da7aa13 - Ok\Registry\AutoRun:Body:366034c12bce587780fbe40226a635b9d0785cd0 - Ok\Registry\AutoRun:Body:2fec74e8029d88596e690ce14a574618392efb8d - Ok\Registry\AutoRun:Body:1f78b6935fd1f30f84fd547adecbd2e0b4ee6a63 - Ok\Registry\AutoRun:Body:cbb3c5443b80e6f4bc4626472aca159574fd9700 - Ok\Registry\AutoRun:Body:77a2170d44716cf2f00e02cc96ea8497131090b4 - Ok\Registry\AutoRun:Body:ac8fc68d351e2aa961996fdb8e6e262adbf81e2d - Ok\Registry\AutoRun:Body:ef8ba929bc5e67799548c32155ee3c224e961b85 - Ok\Registry\AutoRun:Body:34b135787f8c6734bb1a0d797b80a013c317860d - Ok\Registry\AutoRun:Body:d5fe0bcc10e597007c49a70020a3b3d793214c80 - Ok\Registry\AutoRun:Body:9c531e79e752dd21249efb4678ee035db6cc249c - Ok\Registry\AutoRun:Body:6437d78f0f7a8eb705fc53b38db84929eb107627 - Ok\Registry\AutoRun:Body:b8d4f7767e6d5e417b08930b8d64ac012c4720b8 - Ok\Registry\AutoRun:Body:5380459c1d5b11ce5176ee8008339f7a378ae362 - Ok\Registry\AutoRun:Body:f925a6f9db537bf33e478bbd3296101ef542c586 - Ok\Registry\AutoRun:Body:ae6beba60a4f2aa622566acc0341465f3339e67d - Ok\Registry\AutoRun:Body:9da06d1529f3cf0e55302857bd3f7262e0f63ba3 - Ok\Registry\AutoRun:Body:1327d7443651574e0918b81c3cfff6842fdb7bb6 - Ok\Registry\AutoRun:Body:c7b0d26379b3f41b120fc8de9f359d7e6ed4b486 - Ok\Registry\AutoRun:Body:ec91b19e845bad92c95a8b652688ef9a5c8298aa - Ok\Registry\AutoRun:Body:81c2cf9cc1a0bc8b5c9537f84d48b9528e84e6a2 - Ok\Registry\AutoRun:Body:fd18cfdfc296fa8849d9257c468a0ea32d39a556 - Ok\Registry\AutoRun:Body:11b29b0464f2f5f054823c3e60173a560879636e - Ok\Registry\AutoRun:Body:41196c2bbeaafe3150fc4ba5a3fc2595f7a56242 - Ok\Registry\AutoRun:Body:d2e217509fe241a41b718126ebabf7ae0bc62221 - Ok\Registry\AutoRun:Body:a0e2b53ed9f6f6a0c4b153423fd658f964bf3253 - Ok\Registry\AutoRun:Body:fdc53e82e37cf4ddb4a346f00d1611ffaf5ada74 - Ok\Registry\AutoRun:Body:fc64cb7a45c568cbd83267f5c84d3ad03d544e59 - Ok\Registry\AutoRun:Body:9aa095e869a0a0210058fbb2ec7e001979ca43a8 - Ok\Registry\AutoRun:Body:a48cfd92691b6ca5509f7a2766610ea05e4a756e - Ok\Registry\AutoRun:Body:4628089a8077f18bcf8cb94c2938bda569757714 - Ok\Registry\AutoRun:Body:bc512d04e69284a77a31e42c9c2e9708953c10c2 - Ok\Registry\AutoRun:Body:4bdacc8561d65028f905f8137602fa13342bd04a - Ok\Registry\AutoRun:Body:dc1624dc8eff0d7146bafa95da2609f9f2968f8e - Ok\Registry\AutoRun:Body:951fe6193c6d89dfacd40656445e63c27bcc65c0 - Ok\Registry\AutoRun:Body:c1592dac7f962fb49fe0bc1ccacee3e07caed21e - Ok\Registry\AutoRun:Body:b88b768e99f7761068bb135146800b6777921ac3 - Ok\Registry\AutoRun:Body:e54cc3e554cea3d440ccea53d5a9d3f2ebf5b8d7 - Ok\Registry\AutoRun:Body:02d128e40b2ae52af0217401c9d68b2adab0a4eb - Ok\Registry\AutoRun:Body:e3dc93f69c82a56940672db7222630526992d9d1 - Ok\Registry\AutoRun:Body:9ce15cbc031133c4cc8e34a7a66eb79651d6533f - Ok\Registry\AutoRun:Body:2306f801cc0c402cbfa8818bf5b4c365c2fd6779 - Ok\Registry\AutoRun:Body:c58f38e9cdbc7767609cd2339097c554f1d3fb1e - Ok\Registry\AutoRun:Body:ec7ba1fdfab8dbed178b276472c1478808e1e673 - Ok\Registry\AutoRun:Body:513b3a27bed23717805d5ad99b317d29666c3b07 - Ok\Registry\AutoRun:Body:543abb4d584159d53d246f69e98e3d4d0747054e - Ok\Registry\AutoRun:Body:4a119c05dd60e1d01725e7387093b75f95e81e60 - Ok\Registry\AutoRun:Body:575b66b727638c912b63f1e1d42572f0da0e0b2b - Ok\Registry\AutoRun:Body:a93e567899e617b5776065d470733e24a3a67f45 - Ok\Registry\AutoRun:Body:0fa41fc40c54dafb00f7a76066d10afd8267aaf4 - Ok\Registry\AutoRun:Body:73d59eeee4ac9cd4f5b8bdb39f995bf29dadba7d - Ok\Registry\AutoRun:Body:87804d18a34a331c327896460c9679e53c39c75c - Ok\Registry\AutoRun:Body:04e6ecc57ada33286d088c98baff34c4c672b4ee - Ok\Registry\AutoRun:Body:2aa1e1de42798a1b7a5d0c3bb55b05b11bc048b4 - Ok\Registry\AutoRun:Body:24c0f7eb98c39e6d17fe67fc4bd566adcdd04664 - Ok\Registry\AutoRun:Body:217c6717537919fec5d71c9b50f904bb2366cf88 - Ok\Registry\AutoRun:Body:9673938975ddb046d834bee28b14621d17440688 - Ok\Registry\AutoRun:Body:c387053b278266e6e6ad90baa1b69dc7fba8cbf6 - Ok\Registry\AutoRun:Body:2eda923abf1350cdc57a0a23ef9b8daac2733d2e - Ok\Registry\AutoRun:Body:817a7144f81e84a615b093a4e1bdec5dd97e2ad2 - Ok\Registry\AutoRun:Body:39397f12761d6a92840ca5ec3dc37b291c08f821 - Ok\Registry\AutoRun:Body:70fcf1088515a057d1a82d8e542ee803c76255d9 - Ok\Registry\AutoRun:Body:dbe8d4c0eaa89ed50328be92bf2b817af07a35ce - Ok\Registry\AutoRun:Body:1075d4f669d98757b19ea49353ea48f9ce48c49b - Ok\Registry\AutoRun:Body:fe3d7392b6380376e5ae8557c28e17e52f4b9cdd - Ok\Registry\AutoRun:Body:49a0d37e01f6138dfd38d95656cbff532f2516ce - Ok\Registry\AutoRun:Body:55324b812db3afee8cd6a4999dee57f33320a089 - Ok\Registry\AutoRun:Body:30483b57fa726a2a7dc74584622da443636865d6 - Ok\Registry\AutoRun:Body:4d59d6226c35fb3d9361b455311a809773a75833 - Ok\Registry\AutoRun:Body:0102cb9bf910fcdedccae91000fc9e9d0d51aa9c - Ok\Registry\AutoRun:Body:c8c369b32342c548dec6a66a4a07585c5d121f0f - Ok\Registry\AutoRun:Body:8ba24db9f543a1913b89e577472a7a0be015caa1 - Ok\Registry\AutoRun:Body:77d5f7e55d0cd48ac9d0f7c2bbad1f158e91f43c - Ok\Registry\AutoRun:Body:7aef492200ae8772f4fe7bd6e7c0a8bc9639af56 - Ok\Registry\AutoRun:Body:7520bec053e321c5c937e2087a5a53913d13f447 - Ok\Registry\AutoRun:Body:e9b3f892e1ac4a54122a9c04b21bc68374cb3bb0 - Ok\Registry\AutoRun:Body:28ef6c9f0b3cb670ab12d181f7e58b9a4d02ffe4 - Ok\Registry\AutoRun:Body:b2015eabfbfc17ae475fbc57664c3de2f99d8b21 - Ok\Registry\AutoRun:Body:64d51f54b4836da88d67e627a7d1faad9cef9236 - Ok\Registry\AutoRun:Body:d77637b7e329fb082d588436b623ea87f1e992b8 - Ok\Registry\AutoRun:Body:6cd8243d58c07c143dc10875bc4938c6cf296e2b - Ok\Registry\AutoRun:Body:0b3a29b1b31c04ef5233be7e33a56dcaaf1449ed - Ok\Registry\AutoRun:Body:75f08b0608e60fafece831976f4bf8032175a058 - Ok\Registry\AutoRun:Body:4b18dea379cb6bb5d2ba045fa19188acb7fde457 - Ok\Registry\AutoRun:Body:e0327dbc215ff5f99038448515c5de23d36f06a7 - Ok\Registry\AutoRun:Body:98bf740e0de541d06cd5d2c6985f6ea016b2f4b9 - Ok\Registry\AutoRun:Body:08b5928d2b36609240baf1bfb8d54af261b78348 - Ok\Registry\AutoRun:Body:0254ac7f07f2afffe142f090307c08dc3ded8ad1 - Ok\Registry\AutoRun:Body:e088676021e6a51fd072f23beef0f6e873a2eecf - Ok\Registry\AutoRun:Body:5a49f7ffd841cb90a75dd2b5776d4a98fee8b375 - Ok\Registry\AutoRun:Body:a83a74771189556b7c31a23d6ca38c30f8f6fbea - Ok\Registry\AutoRun:Body:791583b3092f5900cf9fe6d630cc1f1cd5203280 - Ok\Registry\AutoRun:Body:3048ffad22cb70803f3003809eee2ac598504d3c - Ok\Registry\AutoRun:Body:495d080cd8372bf4799bafb6c2b3a6ccf64c4e86 - Ok\Registry\AutoRun:Body:3f30625dc8d9515097126993f2d26837c89ae634 - Ok\Registry\AutoRun:Body:d28495561ffc2fe23f8a7b4baf0caae266f8d0d1 - Ok\Registry\AutoRun:Body:966842a63b2638ad24c2faea8f45c35640fffecb - Ok\Registry\AutoRun:Body:2356d3eabe2bef0c2b4c119b77bbc0b96e620670 - Ok\Registry\AutoRun:Body:12a8bcf8536418156a839915913acd320cfb7d54 - Ok\Registry\AutoRun:Body:084a8248dbfadd3d49bd1e54e5e65e820a0d7fbb - Ok\Registry\AutoRun:Body:23501622d46feb9a3857259d92e267fbfafd2569 - Ok\Registry\AutoRun:Body:571e30d619d05a85f93046deebd4eb0366de0f47 - Ok\Registry\AutoRun:Body:3a5b24397a10e721ad10b214ec943bd7ee03496a - Ok\Registry\AutoRun:Body:54bb59ec21dd5135f91e3beed3ced5fb9cd8b146 - Ok\Registry\AutoRun:Body:c897c1e66afd7fd8b312d918dafe6f3f8eb129a2 - Ok\Registry\AutoRun:Body:ebaf8dcd63cccb07bc31d57cfddc33c52d84940f - Ok\Registry\AutoRun:Body:17bd880ed658c0269da8bbb164665744fa33e885 - Ok\Registry\AutoRun:Body:85e1295e4d9d9061c7c88c024f287c7f03a8ccca - Ok\Registry\AutoRun:Body:ee65875d4b0bae30906dbae4c2ffc0d7ee44c58a - Ok\Registry\AutoRun:Body:95ee092b133736b4d6d823363b434e7fed312db1 - Ok\Registry\AutoRun:Body:b3180626548c4d06718852c2b0e4dc0afc02aec3 - Ok\Registry\AutoRun:Body:b9f09ed196579b0034239fdcbac6e1a261548050 - Ok\Registry\AutoRun:Body:641d0d95f9eaec103ad9336b36385492233d9953 - Ok\Registry\AutoRun:Body:88e92979936e0b40ed355f4d87bc0d475dba6f58 - Ok\Registry\AutoRun:Body:1f06a8f345ceca2c080363a9f80c3930fbe62314 - Ok\Registry\AutoRun:Body:ba9ebb1f4fd2d5596b4a17015c5202dc032f6e2d - Ok\Registry\AutoRun:Body:2ce843fcfa2989ba3ef2355e708141bd2a2c4d6d - Ok\Registry\AutoRun:Body:eb527e9ae6efff51efdf941615ad818fb1d95416 - Ok\Registry\AutoRun:Body:ea5a62e1ac144f3c9d45eef999c7225f67c5eb90 - Ok\Registry\AutoRun:Body:e0bfeb261df22c52d91e4fbe837f4b22c4a583e1 - Ok\Registry\AutoRun:Body:9d30aba76e8e4a4bcdd784390412dc411b86d77e - Ok\Registry\AutoRun:Body:de69103156fd5e84994f9624d8cf86c2043c2eeb - Ok\Registry\AutoRun:Body:f132159512f83adaebc36c906792aa500c7c2b9f - Ok\Registry\AutoRun:Body:2cf49b1362b17ab4b1b7faeccbb3574c3a6d1138 - Ok\Registry\AutoRun:Body:e803c2134e3f6a4718df86230892bece8590ccdd - Ok\Registry\AutoRun:Body:37e108e51f27f19e58d6b77e97b5224eaf78c6e7 - Ok\Registry\AutoRun:Body:6a3e226eaf23a1e3e8a1460d1dc4603358790657 - Ok\Registry\AutoRun:Body:6500085d301fc6b056a3f40d331b30cf2799bf03 - Ok\Registry\AutoRun:Body:547ab08db41d03d4c75f5dc076d547f0798f5247 - Ok\Registry\AutoRun:Body:28083e2a2d9105976af07c58102d9b2e32fba33f - Ok\Registry\AutoRun:Body:bd27e610111bcd26e40d984d3df7e6d248c6d5c8 - Ok\Registry\AutoRun:Body:0670c4a9df0c36462cf45de98458b122f923bc60 - Ok\Registry\AutoRun:Body:ae756d4243c6f1c0b1dd3a017987b4a8148de3de - Ok\Registry\AutoRun:Body:652b9270386f1c27d4c069240f5b3adb92f2001f - Ok\Registry\AutoRun:Body:ec8d47ce36618c96e7d04342f05b950e4741357c - Ok\Registry\AutoRun:Body:fc6587319e1b2bd6fe5a8ec807ebdf3f342be68d - Ok\Registry\AutoRun:Body:93bdc16647aa4a2044f8f21b869f54f70a779641 - Ok\Registry\AutoRun:Body:02f3bf623a97c42d264c7328e60fdf373fdc1804 - Ok\Registry\AutoRun:Body:b3e1059715ee00a26a85228c3ae48c2e5c9a5785 - Ok\Registry\AutoRun:Body:1ede754dc1a6001db5e3274842f9237de79d28d4 - Ok\Registry\AutoRun:Body:654c49384d8b58e1976224dd2117bfb9e7d07827 - Ok\Registry\AutoRun:Body:f166ef095fa1279d7eab46cca305124f4882ed20 - Ok\Registry\AutoRun:Body:86a4d91ac5c723eb7f7d6bfbb3ff3f2a52790c2f - Ok\Registry\AutoRun:Body:ca8014ce9369072be028cf1efcb49c2b542c8299 - Ok\Registry\AutoRun:Body:0e4bdf983b0119e66e7a12db023d5fa98dc6fca2 - Ok\Registry\AutoRun:Body:081c60c3261219c2ccad9eccb81b7fb303a273b1 - Ok\Registry\AutoRun:Body:c430574d884f9c4f2033131c94787939a0d79695 - Ok\Registry\AutoRun:Body:1f69c016046a10d0dd5369c204c5f8b944da4475 - Ok\Registry\AutoRun:Body:0c1df27ce326e4a156060a37ac011e70567733e0 - Ok\Registry\AutoRun:Body:163e7345c1f68d76d0df775a19dd38bea34b61f9 - Ok\Registry\AutoRun:Body:bb76747395a50603fb1b4da29ec88f75069d5a65 - Ok Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008193 Share Posted December 21, 2015 I have just attached the whole dr web file here..... ad aware live still saying malicious threat in background..... but everything seems fine???cureit.log Link to post Share on other sites More sharing options...
kevinf80 Posted December 21, 2015 ID:1008194 Share Posted December 21, 2015 Uninstall Lavasoft ad aware, is no good.... Regarding cureit.log, I did ask that you attach the log because of size... One last scan please, this may take a few hours as is very thorough... Scan with ESET Online ScannerThis step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Please visit ESET Online Scanner website.Click there Run ESET Online Scanner.If using Internet Explorer:Accept the Terms of Use and click Start. Allow the running of add-on.If using Mozilla Firefox or Google Chrome:Download esetsmartinstaller_enu.exe that you'll be given link to. Double click esetsmartinstaller_enu.exe. Allow the Terms of Use and click Start.To perform the scan:Make sure that Remove found threats is unchecked. Scan archives is checked. In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked. Under “Enable Stealth Technology select “Change” select any extra drives in that window. Click Start The program will begin to download it's virus database. The speed may vary depending on your Internet connection. When completed, the program will begin to scan. This may take several hours. Please, be patient. Do not do anything on your machine as it may interrupt the scan. When the scan is done, click Finish. A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.Please include this logfile in your next reply.Don't forget to re-enable protection software! Thank you, Kevin.... Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008318 Share Posted December 21, 2015 eset log ESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=3e08209c3c48ce429784e3d0b0c0bf2e# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-12-24 01:41:20# local_time=2011-12-23 08:41:20 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=6.1.7600 NT# compatibility_mode=512 16777215 100 0 51328567 51328567 0 0# compatibility_mode=770 16774141 100 100 355373 260046086 0 0# compatibility_mode=5893 16776573 100 94 0 76226382 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=304544# found=8# cleaned=8# scan_time=7948C:\Users\P. Miller\AppData\Local\Mozilla\Firefox\Profiles\gm3oq43n.default\Cache\9\C2\CD3CEd01 JS/Kryptik.ET trojan (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\5c0a2e4a-7dc90254 multiple threats (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\959d564-5efaf6e2 a variant of Java/Exploit.CVE-2011-3544.G trojan (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\473a5bc4-6d1f6060 Java/TrojanDownloader.OpenStream.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\7a899eb3-450473dc multiple threats (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\252241c6-2ce01b63 multiple threats (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1a66d17c-54acc7c2 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 CC:\Users\P. Miller\Downloads\installer_snood_4_0_English.exe Win32/Toggle application (deleted - quarantined) 00000000000000000000000000000000 CESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# EOSSerial=3e08209c3c48ce429784e3d0b0c0bf2e# end=init# utc_time=2015-12-21 04:47:45# local_time=2015-12-21 11:47:45 (-0500, Eastern Standard Time)# country="United States"# osver=6.1.7601 NT Service Pack 1Update InitUpdate DownloadUpdate FinalizeUpdated modules version: 27300# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# EOSSerial=3e08209c3c48ce429784e3d0b0c0bf2e# end=updated# utc_time=2015-12-21 04:50:46# local_time=2015-12-21 11:50:46 (-0500, Eastern Standard Time)# country="United States"# osver=6.1.7601 NT Service Pack 1# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7777# api_version=3.1.1# EOSSerial=3e08209c3c48ce429784e3d0b0c0bf2e# engine=27300# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-12-21 08:09:49# local_time=2015-12-21 03:09:49 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 0 202272039 0 0# scanned=469522# found=22# cleaned=0# scan_time=11942sh=792943B8B54A04CB14C14FC6008162500098BC5A ft=1 fh=1d44cfe7ba4f6f3a vn="a variant of Win32/Adware.ConvertAd.ADA application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\00000000-1450474738-0000-0000-001D7D0D6B51\knsv7AD5.tmpfs"sh=7B1AEB6FE1D1999D6AB37EE841C4C4BFD9D8549A ft=1 fh=fcc4f93c911c3f9e vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_014010180\ospd_us_014010180.exe.xBAD"sh=BDA9FBDA3EB3D37F33465F0DBC9BCF2E3C20333F ft=1 fh=c71c0011da327b98 vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_014010180\ospd_us_014010180\onesoftperday_widget.exe"sh=E8233769C754D5BCBB157625FEFF5D52ACD2F12E ft=1 fh=2dada1fe5e5925e6 vn="a variant of Win32/Adware.EoRezo.BG application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_014010180\ospd_us_014010180\predm.exe"sh=57536DC77664360A6AA746F221B35E20663E2836 ft=1 fh=860219a624f0006b vn="a variant of Win64/Adware.CouponMarvel.L application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FlashBeat\UOSFF64.dll.xBAD"sh=A92D500C88CB3ACAB8ECD549A25BD6410FF8BA91 ft=1 fh=1f9ae4b8236bed09 vn="a variant of Win32/Adware.CouponMarvel.Q application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FlashBeat\FlashBeat\NSISHelper.dll"sh=0A813F6308A671974AEFD3024A01579F4AD8B211 ft=1 fh=25e5a56764cfb35d vn="a variant of Win32/Adware.CouponMarvel.U application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FlashBeat\FlashBeat\UOSFF32.dll"sh=16C341BD53861B532B34128DAF03DC6202E7F714 ft=1 fh=328e118f0a5818ec vn="a variant of Win32/Adware.ConvertAd.ACA.gen application" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51\1047.tmp"sh=8C61F8C9D0DC0E7714E919663B8AD5565B3AAED6 ft=1 fh=c71c00119c2addd4 vn="a variant of Win32/Adware.ConvertAd.PZ application" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51\onsl4EEF.tmp"sh=82C5A4DD1A4DB9B41C06D8A9F6AD69F64EA0BFCF ft=1 fh=58bb4bd90435a08b vn="a variant of Win32/Adware.ConvertAd.PU application" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\00000000-1450456806-0000-0000-001D7D0D6B51\rnsl4EEE.exe"sh=DAD06B933DE6DB546E4EDC1854AC7FDDFD01ABA8 ft=1 fh=f0ffbba310ca7c08 vn="a variant of Win32/Adware.EoRezo.AJ application" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\ospd_us_014010180\upospd_us_014010180.exe.xBAD"sh=6E9534385F0BA45B9B2BBFB5A2407263AF2ECDD2 ft=1 fh=663cc5043bd3b37d vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\ospd_us_014010180\ospd_us_014010180\Download\myoffergroup_us6.exe"sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\SmartWeb\SmartWebHelper.exe.xBAD"sh=080016256C564232771ED8D6EFFC94ECAECAD316 ft=1 fh=bfc1d533ef10baf8 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\P. Miller\AppData\Local\SmartWeb\SmartWeb\swhk.dll"sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\MGtools\Process.exe"sh=7513AB7A813C4F3DB55BEE384C086C7723BB8004 ft=1 fh=516f82df92e2c0cb vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\P. Miller\Desktop\Old Firefox Data\gm3oq43n.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\ctypes\FirefoxCtype.dll"sh=D7B30C8A2D612A75A8C600637102EC278A9340CB ft=1 fh=ddf746018d6b4517 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\P. Miller\Desktop\Old Firefox Data\gm3oq43n.default\extensions\{9eb64fa9-57c4-4a41-9940-e12e0418b693}\Plugins\npFirefoxPlugin.dll"sh=B6E288C4C6C8675352C61E52D7BB216BA88DBFB1 ft=1 fh=4f69242c7b123870 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\P. Miller\Downloads\SetupImgBurn_2.5.2.0.exe"sh=8E6A280CEFB00FAAF7FDE4016B5E0DDA4C7CB102 ft=1 fh=0ae8027486b57fb8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\P. Miller\Downloads\winscp429setup(2).exe"sh=8E6A280CEFB00FAAF7FDE4016B5E0DDA4C7CB102 ft=1 fh=0ae8027486b57fb8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\P. Miller\Downloads\winscp429setup.exe"sh=6B7392086BFE81C9C47D0D041CD900A239011F74 ft=1 fh=a2718fd4c56b599b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\P. Miller\Malware Removal\CCleaner\CCleaner64(1).exe"sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\P. Miller\Malware Removal\CCleaner\ccsetup410.exe" Link to post Share on other sites More sharing options...
kevinf80 Posted December 21, 2015 ID:1008326 Share Posted December 21, 2015 What is the current status of your system, any remaining issues or concerns? Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008327 Share Posted December 21, 2015 no, everything seems to be good..... anything else I need to do? Link to post Share on other sites More sharing options...
kevinf80 Posted December 21, 2015 ID:1008333 Share Posted December 21, 2015 Run a final threat scan with Malwarebytes, if log is clear we can clean up etc.... Link to post Share on other sites More sharing options...
withavision Posted December 21, 2015 Author ID:1008358 Share Posted December 21, 2015 No threats detected Link to post Share on other sites More sharing options...
Recommended Posts