1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress launchpage.org browser hijacker

Discussion in 'Virus & Other Malware Removal' started by specialdelivery, Apr 3, 2017.

Advertisement
  1. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    # AdwCleaner v6.045 - Logfile created 18/04/2017 at 08:30:59
    # Updated on 28/03/2017 by Malwarebytes
    # Database : 2017-04-17.1 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Andy - MACMINI
    # Running from : C:\Users\Andy\Downloads\adwcleaner_6.045.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Andy\Desktop\Save
    [-] Folder deleted: C:\Program Files\Earth Networks
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
    [-] File deleted: C:\Users\Andy\Desktop\WeatherBug®.lnk
    [-] File deleted: C:\Users\Andy\Desktop\SysInfo.exe


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****

    [-] Shortcut disinfected: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    [-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [-] Shortcut disinfected: C:\Users\Andy\Desktop\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\Desktop\Unused Items\Avast SafeZone Browser.lnk
    [-] Shortcut disinfected: C:\Users\Andy\Desktop\Unused Items\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
    [-] Shortcut disinfected: C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    [-] Shortcut disinfected: C:\Users\Aida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\Desktop\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk


    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\PRODUCTSETUP
    [-] Key deleted: HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\Earth Networks
    [#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
    [#] Key deleted on reboot: HKCU\Software\Earth Networks
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
    [#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
    [#] Key deleted on reboot: [x64] HKCU\Software\Earth Networks
    [-] Value deleted: HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
    [#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
    [#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]


    ***** [ Web browsers ] *****

    [-] [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [5558 Bytes] - [18/04/2017 08:30:59]
    C:\AdwCleaner\AdwCleaner[S0].txt - [7910 Bytes] - [18/04/2017 08:29:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5704 Bytes] ##########
     
  2. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    I had run AdwCleaner and I tried HitmanPro after the post on Monday at 10:44 PM (MBAM log).
    The browser mis-direction remained. Internet speed was normal.

    Logs for those 2 programs follow:

    # AdwCleaner v6.045 - Logfile created 18/04/2017 at 08:30:59
    # Updated on 28/03/2017 by Malwarebytes
    # Database : 2017-04-17.1 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Andy - MACMINI
    # Running from : C:\Users\Andy\Downloads\adwcleaner_6.045.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Andy\Desktop\Save
    [-] Folder deleted: C:\Program Files\Earth Networks
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
    [-] File deleted: C:\Users\Andy\Desktop\WeatherBug®.lnk
    [-] File deleted: C:\Users\Andy\Desktop\SysInfo.exe


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****

    [-] Shortcut disinfected: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    [-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [-] Shortcut disinfected: C:\Users\Andy\Desktop\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\Desktop\Unused Items\Avast SafeZone Browser.lnk
    [-] Shortcut disinfected: C:\Users\Andy\Desktop\Unused Items\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Andy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
    [-] Shortcut disinfected: C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    [-] Shortcut disinfected: C:\Users\Aida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\Desktop\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    [-] Shortcut disinfected: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk


    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\PRODUCTSETUP
    [-] Key deleted: HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\Earth Networks
    [#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
    [#] Key deleted on reboot: HKCU\Software\Earth Networks
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
    [#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
    [#] Key deleted on reboot: [x64] HKCU\Software\Earth Networks
    [-] Value deleted: HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
    [#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
    [#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]


    ***** [ Web browsers ] *****

    [-] [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [5558 Bytes] - [18/04/2017 08:30:59]
    C:\AdwCleaner\AdwCleaner[S0].txt - [7910 Bytes] - [18/04/2017 08:29:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5704 Bytes] ##########

    Code:
    HitmanPro 3.7.18.284
    www.hitmanpro.com
    
       Computer name . . . . : MACMINI
       Windows . . . . . . . : 6.1.1.7601.X64/4
       User name . . . . . . : MacMini\Andy
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (31 days left)
    
       Scan date . . . . . . : 2017-04-18 10:02:56
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 6m 15s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 721
    
       Objects scanned . . . : 1,781,140
       Files scanned . . . . : 113,447
       Remnants scanned  . . : 545,604 files / 1,122,089 keys
    
    Malware _____________________________________________________________________
    
       C:\Users\Andy\Downloads\CuteWriter.exe -> Quarantined
          Size . . . . . . . : 2,395,080 bytes
          Age  . . . . . . . : 885.6 days (2014-11-14 20:20:29)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : 0FB29505CA2665F7CFCB824F609B017BDF21EE176D1F976B045393009A6847AD
          Product  . . . . . : CutePDF Writer                                             
          Publisher  . . . . : Acro Software Inc.                                         
          Description  . . . : CutePDF Writer Setup                                       
          Version  . . . . . : 3.0.0.8
          RSA Key Size . . . : 2048
          LanguageID . . . . : 0
          Authenticode . . . : Valid
        > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Asparnet.gen
          Fuzzy  . . . . . . : 101.0
    
    
    Potential Unwanted Programs _________________________________________________
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\instance.dat (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\mia.lib (WeatherBug) -> Deleted
          Size . . . . . . . : 592,638 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:38:04)
          Entropy  . . . . . : 6.6
          SHA-256  . . . . . : 128D0C4C8CAC6EEDB1F7ABC3E1F1486B00B5A983FC685540993FE5239BE54F11
          Fuzzy  . . . . . . : 2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\backbone.analytics.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\backbone.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\backbone.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\bootstrap.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\jquery.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\json2.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\stacktrace.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\10755C93\underscore.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1194B90A\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1194B90A\dWeather.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1194B90A\runtime.html (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\background.png (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\client.html (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\layout.xml (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\MiniBugIcon.ico (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\noconnection.html (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\runtime.html (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\1382EDFA\testPage.html (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2AF55881\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2AF55881\GalaSoft.MvvmLight.Extras.WPF4.xml (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2AF55881\GalaSoft.MvvmLight.WPF4.xml (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2AF55881\Microsoft.Practices.ServiceLocation.xml (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2AF55881\System.Windows.Interactivity.xml (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2AF55881\WeatherBug.exe.config (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2F536942\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\2F536942\dWeatherUnitTests.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\4D8E513\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\4D8E513\backbone.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\4D8E513\jquery.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\4D8E513\json2.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\4D8E513\underscore.min.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\557E91D7\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\557E91D7\qunit.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\CustomActions.exe (WeatherBug) -> Deleted
          Size . . . . . . . : 5,632 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 4.3
          SHA-256  . . . . . : 584FA82C4CE8B930C0EEBF080E0C167FB18C9120A5640100DC4953029E79E912
          Product  . . . . . : CustomActions
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\GalaSoft.MvvmLight.Extras.WPF4.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 25,600 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 5.4
          SHA-256  . . . . . : 3345E7FA7D1DFDD9326C44AA03492B370F09D9BCB060CF8D850745C79CCDA7AF
          Product  . . . . . : GalaSoft.MvvmLight.Extras
          Publisher  . . . . : GalaSoft Laurent Bugnion @ http://www.galasoft.ch
          Description  . . . : GalaSoft.MvvmLight.Extras
          Version  . . . . . : 4.2.30.23173
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\GalaSoft.MvvmLight.WPF4.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 28,672 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : ED43C76EACB1E8754967485B2F502022EB80AB9AA55F3A5A5F8D887CA2B1F2B1
          Product  . . . . . : GalaSoft.MvvmLight
          Publisher  . . . . : GalaSoft Laurent Bugnion @ http://www.galasoft.ch
          Description  . . . : GalaSoft.MvvmLight
          Version  . . . . . : 4.2.30.23173
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\Hardcodet.Wpf.TaskbarNotification.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 44,032 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : 34D229B5C780D4D57F07BC9CF87091A173D3CBCA306A5622D49C9C0DB8472228
          Product  . . . . . : NotifyIcon WPF
          Publisher  . . . . : hardcodet.net
          Description  . . . : NotifyIcon for WPF
          Version  . . . . . : 1.0.5.0
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\Microsoft.Maps.MapControl.WPF.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 287,744 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.1
          SHA-256  . . . . . : 33BFF8398F8B303612F6D9D69D50FA07D9B82306891A369C31615F7602314171
          Product  . . . . . : Bing Maps WPF Control
          Publisher  . . . . : Microsoft
          Description  . . . : Bing Maps WPF Control
          Version  . . . . . : 1.0.0.0
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\Newtonsoft.Json.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 366,592 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.0
          SHA-256  . . . . . : CC06F2DD607A4BE704D24DF33256914233FBF62E21EC2128075B16C3C98ECA92
          Product  . . . . . : Json.NET
          Publisher  . . . . : Newtonsoft
          Description  . . . : Json.NET .NET 3.5
          Version  . . . . . : 4.5.11.15520
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\NLog.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 380,928 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:48)
          Entropy  . . . . . : 6.1
          SHA-256  . . . . . : F5CE37262FC9DA3AA595F5C969CED7626528348F556C18F943EEC325BB0A0746
          Product  . . . . . : NLog v2.0.0.2000
          Publisher  . . . . : NLog
          Description  . . . : NLog for .NET Framework 3.5
          Version  . . . . . : 2.0.0.0
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\System.Windows.Interactivity.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 39,936 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:48)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : 4AACE8C8A330AE8429CD8CC1B6804076D3A9FFD633470F91FD36BDD25BB57876
          Product  . . . . . : System.Windows.Interactivity
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : System.Windows.Interactivity
          Version  . . . . . : 2.0.20525.0
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\WeatherBug.exe (WeatherBug) -> Deleted
          Size . . . . . . . : 146,736 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : 755F71307061DEEEB36CF8548233E621A2ACBCF625E73C05F64455B8F401AB1D
          Product  . . . . . : WeatherBug
          RSA Key Size . . . : 2048
          LanguageID . . . . : 0
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -9.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\WeatherBugLib.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 478,208 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:48)
          Entropy  . . . . . : 6.7
          SHA-256  . . . . . : FAC9A6F74546387369229CEC731D96F41122C6988514C9CC040EFAB4BB5E9813
          Product  . . . . . : WeatherBugLib
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\609C82D7\WebResources.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 4,096 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:48)
          Entropy  . . . . . : 3.6
          SHA-256  . . . . . : CB02898B37C3C30CD89C5D760178E769C478839888860F00E6CBE37337095658
          Product  . . . . . : WebResources
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\76981FF9\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\76981FF9\timeSpan.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\88EF8CFE\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\88EF8CFE\bootstrap.min.css (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B16299D3\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B16299D3\configuration.json (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B16299D3\dWeather.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B16299D3\dWeather_dMiniExtensions.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B16299D3\locations.json (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B2735F12\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B2735F12\configuration.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B2890989\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\B2890989\qunit.css (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\D759BF7C\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\D759BF7C\environment.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\D759BF7C\shell.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\F1B200E5\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\F1B200E5\glyphicons-halflings-white.png (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\F1B200E5\glyphicons-halflings.png (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\configurationStore.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\dataStore.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\locationStore.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\notificationCenter.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\settingsStore.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\ED87AFBD\FB6F57A0\timeEventSource.js (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mDown.dll\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mDown.dll\mDownExec.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 508,928 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.6
          SHA-256  . . . . . : A649286D522F03D1C574A4848859FDD4EFB350FA2BA8B8C5414A2B191BAE273D
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mFileBagIDE.dll\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mFileBagIDE.dll\bag\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mFileBagIDE.dll\bag\ga.exe (WeatherBug) -> Deleted
          Size . . . . . . . : 47,104 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : 7A8A1A0C31AC5FB39A6B50C2149FEB8CA24249FDDEF877F254E82142B622B53E
          Product  . . . . . : CustomActions
          Publisher  . . . . : Microsoft
          Description  . . . : ga
          Version  . . . . . : 1.0.0.0
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : -8.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mFileBagIDE.dll\bag\ga.exe.config (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mFileBagIDE.dll\mFileBagEXE.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 97,280 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 4D7193CF3F82CC62B247FCADC41510B3772A0354B0B8871DE60ABE7C3E072263
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mIDEFunc.dll\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 101,888 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 2BDB19E3CC8CC7E403DF6A53A105E0EE4763E1E36B8F0127501484916582E7DF
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mMSI.dll\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mMSI.dll\mMSIExec.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 444,416 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.6
          SHA-256  . . . . . : 733F822CFC5B5B7713910BAF0B75EFD753D40A66E364B45786BE0DFF098D94D5
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mWinRun.dll\ (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\mWinRun.dll\mWinRunExec.dll (WeatherBug) -> Deleted
          Size . . . . . . . : 407,040 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:36:47)
          Entropy  . . . . . : 6.6
          SHA-256  . . . . . : D1CADC0997A5F47A0E30E974811223E03B23011F350CBBFCE820423B617A83AB
          Fuzzy  . . . . . . : -2.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\OFFLINE\{FA77A43D-F6ED-4924-87B5-517C061388C6} (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.dat (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe (WeatherBug) -> Deleted
          Size . . . . . . . : 4,149,021 bytes
          Age  . . . . . . . : 533.9 days (2015-11-01 11:38:04)
          Entropy  . . . . . : 6.6
          SHA-256  . . . . . : 5240038BD802FB39860B5CF543E0D5FCB836857F8835C1E517B3BD6B2637BC55
          Needs elevation  . : Yes
          Product  . . . . . : WeatherBug®                                                                                                                                                                                                                                                                                                 
          Publisher  . . . . : Earth Networks, Inc.                                                                                                                                                                                                                                                                                       
          Description  . . . : WeatherBug Installation                                                                                                                                                                                                                                                                                     
          Version  . . . . . : 10.0.7.4
          Copyright  . . . . : All rights reserved                                                                                                                                                                                                                                                                                         
          LanguageID . . . . : 1033
          Fuzzy  . . . . . . : -12.0
    
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.lnk (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.msi (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.par (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\{1B9604EE-B104-45C8-8551-5F63BA631E23} (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\{1B9604EE-B104-45C8-8551-5F63BA631E23}.native.bitness.log (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\{1B9604EE-B104-45C8-8551-5F63BA631E23}.native.data.log (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\{1B9604EE-B104-45C8-8551-5F63BA631E23}.native.elements.log (WeatherBug) -> Deleted
       C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\{1B9604EE-B104-45C8-8551-5F63BA631E23}.native.weight.log (WeatherBug) -> Deleted
       HKLM\SOFTWARE\Classes\Applications\WeatherBugSetup.exe\ (WeatherBug) -> Deleted
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B9604EE-B104-45C8-8551-5F63BA631E23}\ (WeatherBug) -> Deleted
       HKLM\SOFTWARE\Wow6432Node\MimarSinan\InstallAware\Ident.Cache\{1B9604EE-B104-45C8-8551-5F63BA631E23}\ (WeatherBug) -> Deleted
    
    Cookies _____________________________________________________________________
    
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:246059135.log.optimizely.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:4177821143.log.optimizely.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:627870150.log.optimizely.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:abmr.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:acronis.122.2o7.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ad.360yield.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adaptv.advertising.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:addthis.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adfarm1.adition.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adingo.jp
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adnxs.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ads.converge-digital.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ads.kiosked.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ads.linkedin.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ads.stickyadstv.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adscale.de
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adsrvr.org
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:adtechus.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:advertising.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:agkn.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:amgdgt.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:at.atwola.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:atdmt.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:atemda.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:bidswitch.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:bluekai.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:casalemedia.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:chango.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:connexity.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:contextweb.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:crwdcntrl.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:d.adroll.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:demdex.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:doubleclick.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:dpm.demdex.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:everesttech.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:flashtalking.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:go.sonobi.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:gssprt.jp
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ib.mookie1.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ih.adscale.de
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:imrworldwide.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:krxd.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:lijit.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:liverail.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:mathtag.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:media6degrees.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:mediaplex.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:ml314.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:mxptint.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:nexac.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:openx.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:oracle.112.2o7.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:owneriq.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:pixel.rubiconproject.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:pubmatic.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:revsci.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:rfihub.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:rlcdn.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:rubiconproject.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:scorecardresearch.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:simpli.fi
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:sitescout.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:skimresources.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:smartadserver.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:swid.switchads.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:sxp.smartclip.net
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:taboola.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:tap.rubiconproject.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:tap2-cdn.rubiconproject.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:tapad.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:trc.taboola.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:tremorhub.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:tubemogul.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:turn.com
       C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6cqw19ra.default\cookies.sqlite:virool.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:177031030.log.optimizely.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:acuityplatform.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:acxiom-online.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:ad.mlnadvertising.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adadvisor.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adaptv.advertising.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:addthis.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adform.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adgrx.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adnxs.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:ads.pubmatic.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:ads.undertone.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adsrvr.org
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adsymptotic.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:adtechus.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:advertising.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:agkn.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:amgdgt.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:at.atwola.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:atdmt.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:audienceiq.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:basebanner.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:bidswitch.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:bluekai.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:c1.adform.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:casalemedia.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:chango.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:connexity.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:crwdcntrl.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:demdex.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:doubleclick.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:dpm.demdex.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:everesttech.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:eyereturn.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:eyeviewads.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:gwallet.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:imrworldwide.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:krxd.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:legolas-media.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:lijit.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:liverail.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:match.rundsp.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:mathtag.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:media6degrees.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:metrigo.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:mookie1.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:mxptint.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:network.realmedia.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:nexac.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:openx.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:owneriq.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:ox-d.ms2.servedbyopenx.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:pixel.rubiconproject.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:pixel.sitescout.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:pubmatic.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:realmedia.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:revsci.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:rfihub.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:rlcdn.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:rs.gwallet.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:ru4.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:rubiconproject.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:scorecardresearch.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:serving-sys.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:simpli.fi
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:sitescout.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:taboola.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:tapad.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:tidaltv.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:track.adform.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:trc.taboola.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:tremorhub.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:tribalfusion.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:tubemogul.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:turn.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:vindicosuite.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:vizu.com
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:w55c.net
       C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\2g51o86s.default\cookies.sqlite:wtp101.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:adobe.tt.omtrdc.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:bankofamerica.tt.omtrdc.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:bofa.demdex.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:tt.omtrdc.net
       C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\03E6L2C7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\0BZKISUL.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\0FLH6VVE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\0HROKZ92.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\0SPJX2DP.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\0WKA51DX.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\1IHS4M4Y.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\2650DW51.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\29IUJ569.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\29KYKJIW.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\2RXQS2CL.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\2STV1XJF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\2Z7ZC510.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\356SFUQ2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\3GQGBS43.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\3P6DOD2K.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\3XM8IKTD.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\46XK3DO0.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\4F40LN8N.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\4U024TH6.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\53GH8K77.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\53IB2ZKJ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\5HVQXB9F.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\5L5CERED.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\5NDEVPOD.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\600KK1BC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\67F6SOMJ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\67M8FYB1.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\6ABN79G6.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\6EANUYKR.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\6YXJ5YVE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\6Z8HAQCB.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\7J35SMGQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\7U0KIGXL.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\7VSQMBFK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\7Y4WV5DK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\7Y6R7YED.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\8F3RH9UE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\8ZKFZBA9.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\90I5781K.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\ATUWCIJG.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\B731M065.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\BA08HVTZ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\BVSNB27J.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\C47VACPU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\CB9RAIEQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\CTGUNJZ7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\DPZMRLEH.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\DVMTSP4F.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\E0L69RG4.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\EGXNWVNQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\F8DYC23H.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\F8JU2664.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\FDCN6IQY.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\FEPE9VIU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\FGVNCDIW.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\FTDOGXLV.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\FXW897HB.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\G7RLV2W5.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\GDQ0MY0N.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\GH7D5STC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\GZDTM8LV.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\H3JP90SQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\H4H8JRJR.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\HETBDU1W.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\HJBN3HW0.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\HS8GOLPF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\I3XYQRW2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\I74O450B.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\ICLWTK4T.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\J6F5YOR4.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\JGMFNHBQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\JHBRMFPI.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\JHH2U6ZA.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\JI8K709J.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\K6VEZW2K.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\K7GJFS94.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\KF8A5SWU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\KN58V26X.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\KYUDYHMA.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\LGPVEUPF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\LKP2X23A.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\04U20F47.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\0D9YG9L3.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\0R0EKFW3.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\0W7KFETG.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\17RG5YYC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ODCZKPP.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UJSLZ8I.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\2TR6BMWN.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\2YWEO3BY.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\328I8ENG.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\32IWWCPC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3F8MNXY7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3VYMNKXC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3XGJ4ADN.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YAT6LH2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\496Q3QHK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\53C1ISV0.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\56URZJ13.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DVDTICP.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\744YSI9I.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\773POH5J.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\77LW6P0H.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\77Z0W4KH.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\7FRO4QQ4.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\7OBDLVCD.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\7PM2X67Q.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\7VPY0EWL.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\837KCTR2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\8M757GML.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\8TC3631I.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\96G5Q849.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IAFRJXF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9KZ6Z8DP.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Z5R8MY5.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\A7M1Z1Y8.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\A8AZ7BX4.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH9IYIEQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALIIHM9S.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AS3RBNM9.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AW7H4BIR.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\B6DK04CB.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\B8UBH05L.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\BSF02276.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\C7NWRSGY.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\CAEH47RK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\CBRZ6Q0F.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\CE576O2I.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGFSHSH1.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\CMLBJTDE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\DIOJPWXU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ED3N94H1.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ENF72BRE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\F6V3AR10.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\FD41IQ2S.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGCOFLM0.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\FH6NJ64J.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\FK4E2RZA.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\FOKFB4QF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\GOMK4CAV.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\GTBW53YN.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVFOBEZW.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\GY5HZMWJ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBRMJM4C.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\HCCH17Q3.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\HECPVZLJ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\HENNPSSQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\HHCGH5U0.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\HLFVZMVM.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1KPCEIB.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I32E4AMN.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I42BJ5UU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IKEH2Q2G.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IUSD4ZYM.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXX8ESBE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\K5E0Q1SO.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\KBJRK3MM.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\KEQ9PYN4.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\KOVC9UZ0.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\L7HZ235Y.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCHZQFK5.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCJL6NEG.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\LJRI5ZDI.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYN2TBYV.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4BTRWEU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8A61QA2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\MCH124P8.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NIZVW8FV.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKUNTVD7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NSFIM0OS.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\O8RVJQSR.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\O90JSCS7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OESCEFP2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF6T9PUG.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OID2XZGO.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OLTGGJJB.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMXBP3A5.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWMPLFMR.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\PEVJ585U.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\PXKKZ2NU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0IF7RAT.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\QFAK1MU8.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\QM84NYBK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\QNMGBW5O.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQQ2VT1X.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXYJFJND.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\R2BIBHXW.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RFCJ0J05.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RFMB5XWV.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RPVUZV7Z.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\SGK9KD66.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ6PO173.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\SKR467RX.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\STKP3UBM.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\SV4F5JON.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\T89GA6IC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGQMAET4.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\U5DGPWFW.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCY34NZB.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\UEHYO63O.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\UM9NUPIA.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\URLJQD5H.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\V238Q41L.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\VIOG8TEL.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJGUWNTY.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\WFEI55T6.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIA5CFMF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\WL31LB4I.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\WN72UYDA.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\WSHBV39A.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJWFQ83S.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\XYVTPR94.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIKWRC26.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKZPGK8L.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWLGVC2T.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\LPGZJVHQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\LUAWB27A.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\MD22MB56.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\MDW1H7RZ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\MN9V0Z6A.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\MXMK74Z7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\MZEDSP7T.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\N1S39YJW.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\NBFH0X28.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\NG7IRM1J.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\NP6FKVWI.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\NZS776AQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\O8D6VMVA.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\ORW79B95.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\OWKJRN4H.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\OX4E3FEC.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\P5HX3CL1.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\P6H9FB62.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\PABLJU00.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\PHK6PBFT.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\PYTBFCK3.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\QLQ72DRD.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\R45SO202.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\RMCFJUE7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\RO0OBECF.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\RZ35PVOE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\S4XN5R1S.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\SV31CV9V.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\T202NB8A.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\T5MJCHXP.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\TCS0LG9B.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\TDKDNYSR.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\TPEDUOZX.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\TQQMDP3U.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\TSSQREKE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\U0KZ5HJU.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\U4MZQKE7.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\U9XJ6VT2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\UD6AK9XP.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\UT92QPNY.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\VKTKYVYL.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\VKV0YI39.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\VOW0XH60.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\VQW0SCNM.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\VR914U6H.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\W4TVPNZS.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\WPRVTCGK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\WXTW8HJZ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\XL7NP22Y.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\XRQ59B8R.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Y91OSPA2.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\YELTRDFE.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\YK65TQRQ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\YO9S9230.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Z3XCNO9W.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Z6FTIOAZ.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\Z95W32TK.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\ZGA6P5M8.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\ZH83HFFI.txt
       C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\ZT00XAU3.txt
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:122.2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:254a.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:262855726.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:2785851102.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:3180020731.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:3212741224.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:37441550.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:4399750608.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:526710254.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:6302942175.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:69071259.log.optimizely.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:abmr.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:acuityplatform.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ad.360yield.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adaptv.advertising.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adbrn.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:addthis.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adfarm1.adition.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adform.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adgrx.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adhigh.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adnxs.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adobe.tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ads.avocet.io
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ads.creative-serving.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ads.servebom.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ads.stickyadstv.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adsrvr.org
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adsymptotic.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:adtechus.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:advertising.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:aexp.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:agkn.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:amazoncustomerservice.d2.sc.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:angsrvr.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:api.taboola.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:at.atwola.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:atdmt.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:atwola.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:bankofamerica.tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:basebanner.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:bidr.io
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:bidswitch.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:bizrate.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:bluekai.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:bofa.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:c.appier.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:casalemedia.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:citicorpcreditservic.tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:connexity.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:contextweb.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:crwdcntrl.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:cxense.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:dcs.us.webtrends.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:deltaairlines.tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:dmtracker.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:domdex.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:dotomi.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:doubleclick.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:dpm.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:dsp.linksynergy.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:dynamicyield.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:erne.co
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:everesttech.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:eyereturn.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:eyeviewads.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:fidelity.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:flashtalking.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:foxnews.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:geconsumerfinance.112.2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:go.sonobi.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:gwallet.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:hearstmagazines.112.2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ib.mookie1.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:idgenterprise.d1.sc.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:igodigital.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:imrworldwide.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:in.getclicky.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ipredictive.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:kiplinger.112.2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:korrelate.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:krxd.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:legolas-media.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:lenovo.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:lijit.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:linksynergy.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:lintv.122.2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:loyaltypartner.122.2o7.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:match.adsby.bidtheatre.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:match.rundsp.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:mathtag.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:media6degrees.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:mediaplex.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ml314.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:mookie1.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:mxptint.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:nexac.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:openx.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:outbrain.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:owneriq.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:pentonmediainc.tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:pixel-a.sitescout.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:pixel.rubiconproject.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:pixel.sitescout.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:po.st
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:pool.admedo.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:pubmatic.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:revsci.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:rfihub.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:rlcdn.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:ru4.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:rubiconproject.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:sandbox.bidswitch.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:scorecardresearch.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:sears.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:simpli.fi
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:sitescout.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:skimresources.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:smartadserver.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:southwestairlines.tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:sp.adbrn.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:statcounter.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:stats.yieldify.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:statse.webtrendslive.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:swid.switchads.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:taboola.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tap-secure.rubiconproject.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tap-t.rubiconproject.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tap.rubiconproject.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tap2-cdn.rubiconproject.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tapad.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tdameritrade.demdex.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tidaltv.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:track.spots.im
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:trc.taboola.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tremorhub.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tribalfusion.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tt.omtrdc.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:tubemogul.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:turn.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:u3s.mathtag.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:univide.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:virool.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:visualdna.com
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:w55c.net
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:weborama.fr
       C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\cookies.sqlite:wtp101.com
    
    
    
    **** Exceeded the 100k character limit - more to follow *****
     
  3. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    Following AdwCleaner and HitmanPro, I saw the browser mis-direction problem remained. I did not touch the PC until Wednesday evening. Browser links were then working with no mis-direction seen. I had put the URLs for the most common mis-directed destinations in Avast's web filter, and no blocked site notices appeared, so it looked as if there were no attempts to reach those sites.

    As to the "Chinese characters": Upon closer inspection I saw Chinese and other graphics symbols in the text lines of both the OTL and Extras log files when viewing them in the Thunderbird message viewer pane. Thunderbird will sometimes display attachments in the viewer pane without any extra action by the operator. I don't know if this is a setting that can be changed. Wordpad did not show this.

    I have run your most recent OTL script (the one I questioned as a possible log file - sorry). The OTL log follows:

    OTL logfile created on: 4/19/2017 10:47:00 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.18617)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    15.91 Gb Total Physical Memory | 13.56 Gb Available Physical Memory | 85.22% Memory free
    31.82 Gb Paging File | 28.99 Gb Available in Paging File | 91.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 334.13 Gb Free Space | 71.75% Space Free | Partition Type: NTFS
    Drive D: | 465.05 Gb Total Space | 434.03 Gb Free Space | 93.33% Space Free | Partition Type: HFS
    Drive Y: | 2746.08 Gb Total Space | 198.05 Gb Free Space | 7.21% Space Free | Partition Type: NTFS
    Drive Z: | 2746.08 Gb Total Space | 198.05 Gb Free Space | 7.21% Space Free | Partition Type: NTFS
    Computer Name: MACMINI | User Name: Andy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2017/04/18 08:35:07 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\bin\rubyw.exe
    PRC - [2017/04/18 08:33:25 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\bin\rubyw.exe
    PRC - [2017/04/13 23:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
    PRC - [2017/04/01 05:04:24 | 009,162,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2017/04/01 05:04:08 | 000,261,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2017/03/21 08:15:16 | 023,819,304 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2017/03/01 17:12:26 | 003,201,520 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2017/03/01 17:12:26 | 002,401,264 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2017/02/02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2017/01/20 08:57:12 | 002,780,112 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    PRC - [2016/11/01 22:51:00 | 004,463,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2016/10/14 14:48:58 | 007,382,232 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2016/10/14 14:28:06 | 000,567,088 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2016/10/02 00:49:50 | 001,260,544 | ---- | M] (The NWJS Community) -- C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
    PRC - [2016/10/02 00:49:48 | 007,711,966 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
    PRC - [2016/06/18 02:09:45 | 004,596,296 | ---- | M] (UltimateOutsider) -- C:\Users\Andy\Downloads\GWX_control_panel.exe
    PRC - [2016/04/25 21:44:56 | 000,421,768 | ---- | M] (Acronis International GmbH) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    PRC - [2016/04/16 12:56:00 | 009,698,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    PRC - [2016/02/03 15:43:08 | 000,602,112 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    PRC - [2016/02/03 15:39:54 | 001,550,848 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    PRC - [2015/12/10 21:23:26 | 001,173,816 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2015/12/10 21:22:54 | 000,522,552 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2015/12/10 21:22:32 | 000,231,736 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    PRC - [2015/12/09 11:42:32 | 001,132,792 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    PRC - [2015/12/02 16:10:32 | 000,134,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    PRC - [2014/02/24 21:28:16 | 000,248,736 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    PRC - [2014/01/31 18:54:34 | 000,291,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2014/01/31 18:54:33 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2013/10/23 18:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe
    PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    PRC - [2009/05/05 17:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2009/05/05 17:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
    ========== Modules (No Company Name) ==========
    MOD - [2017/04/18 08:37:08 | 000,026,624 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    MOD - [2017/04/18 08:37:07 | 000,126,976 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    MOD - [2017/04/18 08:37:07 | 000,087,552 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    MOD - [2017/04/18 08:37:07 | 000,036,352 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
    MOD - [2017/04/18 08:37:07 | 000,023,552 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
    MOD - [2017/04/18 08:37:07 | 000,016,384 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    MOD - [2017/04/18 08:37:07 | 000,009,216 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    MOD - [2017/04/18 08:37:07 | 000,008,704 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
    MOD - [2017/04/18 08:37:07 | 000,008,704 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
    MOD - [2017/04/18 08:37:07 | 000,008,704 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
    MOD - [2017/04/18 08:37:06 | 000,275,968 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
    MOD - [2017/04/18 08:37:06 | 000,069,120 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
    MOD - [2017/04/18 08:37:06 | 000,026,624 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
    MOD - [2017/04/18 08:37:06 | 000,015,360 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
    MOD - [2017/04/18 08:37:06 | 000,008,192 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
    MOD - [2017/04/18 08:36:50 | 000,118,784 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
    MOD - [2017/04/18 08:36:47 | 000,094,208 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    MOD - [2017/04/18 08:36:44 | 000,095,744 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    MOD - [2017/04/18 08:36:42 | 000,013,312 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    MOD - [2017/04/18 08:36:39 | 000,008,704 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    MOD - [2017/04/18 08:35:46 | 000,014,848 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    MOD - [2017/04/18 08:35:42 | 000,009,728 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    MOD - [2017/04/18 08:35:38 | 000,012,800 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    MOD - [2017/04/18 08:35:35 | 001,176,576 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._core_.pyd
    MOD - [2017/04/18 08:35:35 | 001,067,008 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._controls_.pyd
    MOD - [2017/04/18 08:35:35 | 000,816,128 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._windows_.pyd
    MOD - [2017/04/18 08:35:35 | 000,806,400 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._gdi_.pyd
    MOD - [2017/04/18 08:35:35 | 000,733,184 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._misc_.pyd
    MOD - [2017/04/18 08:35:35 | 000,524,248 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\windows._lib_cacheinvalidation.pyd
    MOD - [2017/04/18 08:35:35 | 000,167,936 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32gui.pyd
    MOD - [2017/04/18 08:35:35 | 000,123,392 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._wizard.pyd
    MOD - [2017/04/18 08:35:35 | 000,119,808 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32file.pyd
    MOD - [2017/04/18 08:35:35 | 000,108,544 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32security.pyd
    MOD - [2017/04/18 08:35:35 | 000,078,848 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._animate.pyd
    MOD - [2017/04/18 08:35:35 | 000,077,312 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\wx._html2.pyd
    MOD - [2017/04/18 08:35:35 | 000,038,912 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32inet.pyd
    MOD - [2017/04/18 08:35:35 | 000,035,840 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32process.pyd
    MOD - [2017/04/18 08:35:35 | 000,025,600 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32pdh.pyd
    MOD - [2017/04/18 08:35:35 | 000,024,064 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32pipe.pyd
    MOD - [2017/04/18 08:35:35 | 000,022,528 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32ts.pyd
    MOD - [2017/04/18 08:35:35 | 000,017,408 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32profile.pyd
    MOD - [2017/04/18 08:35:34 | 000,686,080 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\unicodedata.pyd
    MOD - [2017/04/18 08:35:34 | 000,682,496 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\pysqlite2._sqlite.pyd
    MOD - [2017/04/18 08:35:34 | 000,364,544 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\pythoncom27.dll
    MOD - [2017/04/18 08:35:34 | 000,320,512 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32com.shell.shell.pyd
    MOD - [2017/04/18 08:35:34 | 000,127,488 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\pyexpat.pyd
    MOD - [2017/04/18 08:35:34 | 000,098,816 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32api.pyd
    MOD - [2017/04/18 08:35:34 | 000,088,064 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\usb_ext.pyd
    MOD - [2017/04/18 08:35:34 | 000,018,432 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32event.pyd
    MOD - [2017/04/18 08:35:34 | 000,017,920 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\thumbnails_ext.pyd
    MOD - [2017/04/18 08:35:34 | 000,011,264 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\win32crypt.pyd
    MOD - [2017/04/18 08:35:34 | 000,010,240 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\select.pyd
    MOD - [2017/04/18 08:35:33 | 000,020,480 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_yappi.pyd
    MOD - [2017/04/18 08:35:33 | 000,012,800 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\common.time34.pyd
    MOD - [2017/04/18 08:35:33 | 000,007,168 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\hashobjs_ext.pyd
    MOD - [2017/04/18 08:35:32 | 001,303,552 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_ssl.pyd
    MOD - [2017/04/18 08:35:32 | 000,914,432 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_hashlib.pyd
    MOD - [2017/04/18 08:35:32 | 000,128,512 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_elementtree.pyd
    MOD - [2017/04/18 08:35:32 | 000,110,080 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\PyWinTypes27.dll
    MOD - [2017/04/18 08:35:32 | 000,088,064 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_ctypes.pyd
    MOD - [2017/04/18 08:35:32 | 000,046,080 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_socket.pyd
    MOD - [2017/04/18 08:35:32 | 000,036,864 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_psutil_windows.pyd
    MOD - [2017/04/18 08:35:32 | 000,027,648 | R--- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI28882\_multiprocessing.pyd
    MOD - [2017/04/18 08:35:11 | 000,127,316 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\bin\libffi-6.dll
    MOD - [2017/04/18 08:35:07 | 000,083,968 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\bin\zlib1.dll
    MOD - [2017/04/18 08:35:06 | 000,094,208 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocr5F4E.tmp\src\rgloader\rgloader193.mswin.so
    MOD - [2017/04/18 08:34:21 | 000,026,624 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    MOD - [2017/04/18 08:34:09 | 000,087,552 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    MOD - [2017/04/18 08:34:09 | 000,016,384 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    MOD - [2017/04/18 08:34:05 | 000,126,976 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    MOD - [2017/04/18 08:33:56 | 000,009,216 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    MOD - [2017/04/18 08:33:41 | 000,094,208 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    MOD - [2017/04/18 08:33:40 | 000,095,744 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    MOD - [2017/04/18 08:33:40 | 000,013,312 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    MOD - [2017/04/18 08:33:40 | 000,008,704 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    MOD - [2017/04/18 08:33:34 | 000,014,848 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    MOD - [2017/04/18 08:33:33 | 000,009,728 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    MOD - [2017/04/18 08:33:32 | 000,012,800 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    MOD - [2017/04/18 08:33:27 | 000,127,316 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\bin\libffi-6.dll
    MOD - [2017/04/18 08:33:25 | 000,094,208 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\ocrD3D1.tmp\src\rgloader\rgloader193.mswin.so
    MOD - [2017/04/01 05:04:13 | 000,653,520 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
    MOD - [2017/04/01 05:04:13 | 000,176,480 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    MOD - [2017/04/01 05:04:09 | 000,170,216 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    MOD - [2017/04/01 05:03:39 | 000,293,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    MOD - [2016/12/21 23:00:06 | 012,897,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\370203cff1d5cd21ae9c84936314d93f\System.Windows.Forms.ni.dll
    MOD - [2016/12/21 22:59:56 | 001,641,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\02d11771592547624c99a7db73b4122c\System.Drawing.ni.dll
    MOD - [2016/12/21 22:59:30 | 000,145,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\f28ecc4d351334f6068fde1cf65614a6\System.Configuration.Install.ni.dll
    MOD - [2016/12/21 22:59:28 | 010,094,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\020b06636018aed9f7293fb2a556191f\System.ni.dll
    MOD - [2016/12/21 22:59:21 | 017,216,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\58d035310ea26e5c5adbed3e7e99838c\mscorlib.ni.dll
    MOD - [2016/10/14 14:48:58 | 007,382,232 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    MOD - [2016/10/14 14:47:54 | 020,605,872 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
    MOD - [2016/10/14 14:28:06 | 000,567,088 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    MOD - [2016/10/14 14:27:02 | 000,333,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
    MOD - [2016/10/14 14:25:56 | 000,445,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    MOD - [2016/10/14 14:25:32 | 000,050,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
    MOD - [2016/10/14 14:25:30 | 000,037,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
    MOD - [2016/10/14 14:23:52 | 000,115,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
    MOD - [2016/10/02 00:49:48 | 007,711,966 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
    MOD - [2016/10/02 00:49:48 | 003,115,520 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
    MOD - [2016/10/02 00:49:48 | 000,939,520 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
    MOD - [2016/09/20 23:35:35 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2016/04/16 12:45:34 | 000,248,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
    MOD - [2015/11/16 18:05:22 | 000,126,928 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
    MOD - [2015/06/02 14:51:10 | 000,545,792 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
    MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    ========== Services (SafeList) ==========
    SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
    SRV:64bit: - [2017/04/01 05:04:08 | 000,261,712 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2017/04/01 05:03:45 | 007,398,336 | ---- | M] (AVAST Software s.r.o.) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe -- (aswbIDSAgent)
    SRV:64bit: - [2017/03/04 03:45:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2017/01/20 08:54:02 | 004,355,024 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
    SRV:64bit: - [2016/08/22 12:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
    SRV:64bit: - [2015/08/27 18:20:10 | 000,330,136 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
    SRV:64bit: - [2014/01/31 18:59:52 | 000,226,112 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
    SRV:64bit: - [2014/01/31 18:59:52 | 000,094,528 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2017/04/13 23:17:29 | 000,271,448 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2017/03/30 03:06:34 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2017/03/28 15:34:38 | 001,099,280 | ---- | M] (Garmin Ltd. or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe -- (Garmin Device Interaction Service)
    SRV - [2017/03/01 17:12:26 | 002,401,264 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2017/02/27 12:14:56 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2017/02/02 23:21:46 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2016/12/01 03:18:32 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2016/11/01 22:51:00 | 004,463,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2016/10/14 14:31:42 | 001,244,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2016/04/16 12:56:00 | 009,698,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
    SRV - [2015/08/27 18:20:12 | 000,291,744 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2015/08/11 16:19:08 | 004,884,064 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe -- (mmsminisrv)
    SRV - [2015/06/13 09:55:16 | 000,282,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Jovision\CloudHelperService\CloudHelper.exe -- (CloudHelper)
    SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2014/02/24 21:28:16 | 000,248,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
    SRV - [2014/01/31 18:54:33 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2013/09/25 15:35:06 | 000,282,112 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
    SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
    SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - File not found [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
    DRV:64bit: - [2017/04/18 08:35:08 | 000,111,544 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
    DRV:64bit: - [2017/04/18 08:35:05 | 000,043,968 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
    DRV:64bit: - [2017/04/18 08:34:17 | 000,251,832 | ---- | M] (Malwarebytes) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV:64bit: - [2017/04/16 21:22:14 | 000,186,304 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MBAMChameleon.sys -- (MBAMChameleon)
    DRV:64bit: - [2017/04/01 05:04:29 | 000,556,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2017/04/01 05:04:29 | 000,339,696 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2017/04/01 05:04:29 | 000,164,064 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
    DRV:64bit: - [2017/04/01 05:04:28 | 000,127,112 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2017/04/01 05:04:28 | 000,101,152 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2017/04/01 05:04:28 | 000,075,704 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2017/04/01 05:04:28 | 000,038,296 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
    DRV:64bit: - [2017/04/01 05:03:56 | 001,005,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2017/04/01 05:03:56 | 000,032,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2017/04/01 05:03:38 | 000,334,088 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbloga.sys -- (aswblog)
    DRV:64bit: - [2017/04/01 05:03:38 | 000,307,736 | ---- | M] (AVAST Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys -- (aswbidsdriver)
    DRV:64bit: - [2017/04/01 05:03:38 | 000,189,768 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbidsha.sys -- (aswbidsh)
    DRV:64bit: - [2017/04/01 05:03:38 | 000,048,528 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\aswbuniva.sys -- (aswbuniv)
    DRV:64bit: - [2017/03/22 11:02:44 | 000,077,440 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
    DRV:64bit: - [2017/03/01 17:26:48 | 000,506,016 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2017/03/01 17:26:48 | 000,252,288 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportHades64.sys -- (RapportHades64)
    DRV:64bit: - [2016/11/01 22:51:05 | 000,366,432 | ---- | M] (Acronis International GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\file_tracker.sys -- (file_tracker)
    DRV:64bit: - [2016/11/01 22:50:46 | 000,601,432 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tnd.sys -- (tnd)
    DRV:64bit: - [2016/11/01 22:50:43 | 000,193,376 | ---- | M] (Acronis International GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
    DRV:64bit: - [2016/11/01 22:50:41 | 001,267,552 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
    DRV:64bit: - [2016/11/01 22:50:34 | 000,340,312 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2016/04/18 21:39:57 | 000,279,392 | ---- | M] (Acronis International GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\virtual_file.sys -- (virtual_file)
    DRV:64bit: - [2016/04/18 21:39:24 | 000,163,160 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
    DRV:64bit: - [2016/03/31 09:41:47 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2015/11/10 18:39:00 | 000,144,464 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2015/08/27 18:20:10 | 003,797,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2015/08/21 11:50:48 | 000,463,112 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2015/08/18 14:27:32 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
    DRV:64bit: - [2014/01/31 19:00:02 | 000,016,672 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
    DRV:64bit: - [2014/01/31 19:00:00 | 000,072,992 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
    DRV:64bit: - [2014/01/31 18:59:58 | 000,023,328 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
    DRV:64bit: - [2014/01/31 18:59:58 | 000,018,208 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
    DRV:64bit: - [2014/01/31 18:54:34 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2014/01/31 18:54:34 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2014/01/31 18:54:34 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2014/01/31 18:54:31 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
    DRV:64bit: - [2014/01/10 10:54:39 | 008,061,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2014/01/10 10:54:38 | 000,433,976 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2014/01/10 10:54:38 | 000,070,744 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
    DRV:64bit: - [2013/10/17 09:24:15 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
    DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/12/22 21:37:19 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
    DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/03 05:36:52 | 000,055,776 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2017/03/01 17:26:48 | 000,605,024 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2017/03/01 17:26:48 | 000,582,208 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2017/03/01 17:26:48 | 000,382,432 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys -- (RapportAegle64)
    DRV - [2017/01/31 00:16:14 | 001,264,776 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys -- (RapportCerberus_1804047)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 3D 98 A7 1A F7 CF 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 03 B4 FF 84 5A D2 D1 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IESR02
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    ========== FireFox ==========
    FF - prefs.js..browser.search.countryCode: "US"
    FF - prefs.js..browser.search.region: "US"
    FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:52.0.2
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.121.2: C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2: C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF48 [2017/04/01 05:04:42 | 000,000,000 | ---D | M]
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SAFEPRICE\FF48 [2017/04/01 05:04:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017/04/01 05:04:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017/04/01 05:04:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 52.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 52.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 52.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 45.8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 45.8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    [2014/11/03 00:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions
    [2017/04/03 20:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\extensions
    [2017/04/19 22:08:24 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\features\{79c1b32e-65a3-478e-abb5-5467048ac574}\[email protected]
    [2017/04/19 22:08:24 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\features\{79c1b32e-65a3-478e-abb5-5467048ac574}\[email protected]
    [2017/04/19 22:08:24 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\features\{79c1b32e-65a3-478e-abb5-5467048ac574}\[email protected]
    [2017/04/04 20:30:15 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\features\{bd5ea072-7b9f-4736-9e5b-da4c976cc376}\[email protected]
    [2017/04/04 20:30:15 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232\features\{bd5ea072-7b9f-4736-9e5b-da4c976cc376}\[email protected]
    [2017/03/30 03:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    ========== Chrome ==========
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof\1.14_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof\1.14_0\.bak
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\12.0.199_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\12.0.199_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
    CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\
    O1 HOSTS File: ([2017/04/18 08:37:59 | 000,004,800 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 choice.microsoft.com
    O1 - Hosts: 127.0.0.1 choice.microsoft.com.nstac.net
    O1 - Hosts: 127.0.0.1 df.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 oca.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
    O1 - Hosts: 127.0.0.1 redir.metaservices.microsoft.com
    O1 - Hosts: 127.0.0.1 reports.wes.df.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 services.wes.df.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 settings-sandbox.data.microsoft.com
    O1 - Hosts: 127.0.0.1 settings-win.data.microsoft.com
    O1 - Hosts: 127.0.0.1 sqm.df.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 sqm.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
    O1 - Hosts: 127.0.0.1 telecommand.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
    O1 - Hosts: 127.0.0.1 telemetry.appex.bing.net
    O1 - Hosts: 127.0.0.1 telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 telemetry.urs.microsoft.com
    O1 - Hosts: 127.0.0.1 vortex-sandbox.data.microsoft.com
    O1 - Hosts: 127.0.0.1 vortex-win.data.microsoft.com
    O1 - Hosts: 127.0.0.1 vortex.data.microsoft.com
    O1 - Hosts: 127.0.0.1 watson.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
    O1 - Hosts: 127.0.0.1 watson.ppe.telemetry.microsoft.com
    O1 - Hosts: 127.0.0.1 wes.df.telemetry.microsoft.com
    O1 - Hosts: 85 more lines...
    O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
    O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
    O4:64bit: - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
    O4:64bit: - HKLM..\Run: [GwxControlPanelMonitor] C:\Users\Andy\Downloads\GWX_control_panel.exe (UltimateOutsider)
    O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
    O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis International GmbH)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKCU..\Run: [f.lux] C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
    O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd. or its subsidiaries)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: ssa.gov ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E85811E-2550-47C0-90D8-5F43FB2A6E65}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (bootdelete)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    [CREATERESTOREPOINT]
    System Restore Service not available.
    ========== Files/Folders - Created Within 30 Days ==========
    [2017/04/19 03:59:18 | 000,091,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
    [2017/04/18 10:11:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2017/04/18 10:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2017/04/18 08:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp
    [2017/04/18 08:20:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2017/04/17 22:49:59 | 000,000,000 | ---D | C] -- C:\NPE
    [2017/04/17 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\NPE
    [2017/04/17 22:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2017/04/16 21:22:14 | 000,186,304 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
    [2017/04/16 21:22:06 | 000,111,544 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
    [2017/04/16 21:22:05 | 000,082,720 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
    [2017/04/16 21:22:01 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
    [2017/04/16 21:21:54 | 000,251,832 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2017/04/16 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    [2017/04/16 21:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2017/04/16 21:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
    [2017/04/16 21:06:40 | 060,107,896 | ---- | C] (Malwarebytes ) -- C:\Users\Andy\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
    [2017/04/13 23:20:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
    [2017/04/03 20:18:32 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Old Firefox Data
    [2017/04/02 04:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2017/04/01 05:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    [2017/04/01 05:04:43 | 000,399,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2017/03/30 12:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
    [2017/03/30 12:53:58 | 000,000,000 | ---D | C] -- C:\Temp
    [2017/03/30 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Motorola Mobility
    [2017/03/30 12:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
    [2017/03/30 12:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
    [2017/03/30 12:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
    [2017/03/30 12:49:49 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Motorola
    ========== Files - Modified Within 30 Days ==========
    [2017/04/19 04:59:37 | 000,082,720 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
    [2017/04/19 03:59:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2017/04/18 10:11:49 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2017/04/18 10:11:48 | 000,015,736 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
    [2017/04/18 08:40:12 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2017/04/18 08:40:12 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2017/04/18 08:35:08 | 000,111,544 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
    [2017/04/18 08:35:05 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
    [2017/04/18 08:34:17 | 000,251,832 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2017/04/18 08:33:18 | 000,000,004 | ---- | M] () -- C:\helper.dat
    [2017/04/18 08:32:41 | 4221,579,262 | -HS- | M] () -- C:\hiberfil.sys
    [2017/04/18 08:30:46 | 000,001,318 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2017/04/18 08:30:46 | 000,001,172 | ---- | M] () -- C:\Users\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2017/04/18 08:30:45 | 000,001,294 | ---- | M] () -- C:\Users\Andy\Desktop\Google Chrome.lnk
    [2017/04/18 08:30:44 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2017/04/18 08:30:44 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    [2017/04/18 08:17:49 | 000,033,012 | ---- | M] () -- C:\Users\Andy\Desktop\Removal_steps.odt
    [2017/04/18 07:57:08 | 000,012,558 | ---- | M] () -- C:\Users\Andy\Desktop\NPE_Error.JPG
    [2017/04/17 08:00:21 | 000,091,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHdsKe.sys
    [2017/04/16 21:22:14 | 000,186,304 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
    [2017/04/16 21:21:42 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
    [2017/04/16 21:07:03 | 060,107,896 | ---- | M] (Malwarebytes ) -- C:\Users\Andy\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
    [2017/04/13 23:25:15 | 000,015,898 | ---- | M] () -- C:\Windows\BRRBCOM.INI
    [2017/04/13 23:19:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
    [2017/04/13 23:17:21 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2017/04/13 23:17:21 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2017/04/13 23:13:46 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2017/04/13 23:13:46 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2017/04/13 23:13:46 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2017/04/03 20:16:45 | 002,568,016 | ---- | M] () -- C:\Users\Andy\Desktop\How to remove Launchpage.pdf
    [2017/04/03 19:54:58 | 000,032,569 | ---- | M] () -- C:\Users\Andy\Desktop\scan_results.JPG
    [2017/04/01 05:33:33 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
    [2017/04/01 05:04:29 | 000,556,784 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2017/04/01 05:04:29 | 000,339,696 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2017/04/01 05:04:29 | 000,164,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
    [2017/04/01 05:04:28 | 000,399,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2017/04/01 05:04:28 | 000,127,112 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2017/04/01 05:04:28 | 000,101,152 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2017/04/01 05:04:28 | 000,075,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2017/04/01 05:04:28 | 000,038,296 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
    [2017/04/01 05:03:56 | 001,005,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2017/04/01 05:03:56 | 000,032,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
    [2017/04/01 05:03:38 | 000,334,088 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbloga.sys
    [2017/04/01 05:03:38 | 000,307,736 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsdrivera.sys
    [2017/04/01 05:03:38 | 000,189,768 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbidsha.sys
    [2017/04/01 05:03:38 | 000,048,528 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\SysNative\drivers\aswbuniva.sys
    [2017/03/30 12:55:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01009.Wdf
    [2017/03/26 10:40:18 | 000,220,940 | ---- | M] () -- C:\Users\Andy\Desktop\overview.htm
    [2017/03/25 18:40:49 | 000,022,304 | ---- | M] () -- C:\Users\Andy\Novena for Impossible Requests.odt
    [2017/03/25 18:25:30 | 000,027,145 | ---- | M] () -- C:\Users\Andy\Tessera.odt
    [2017/03/22 11:02:44 | 000,077,440 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
    ========== Files Created - No Company Name ==========
    [2017/04/18 10:11:47 | 000,015,736 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
    [2017/04/18 08:17:38 | 000,033,012 | ---- | C] () -- C:\Users\Andy\Desktop\Removal_steps.odt
    [2017/04/18 07:57:08 | 000,012,558 | ---- | C] () -- C:\Users\Andy\Desktop\NPE_Error.JPG
    [2017/04/16 21:21:42 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
    [2017/04/16 21:21:39 | 000,077,440 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
    [2017/04/13 23:33:12 | 000,484,329 | ---- | C] () -- C:\Users\Andy\Desktop\Apollo Blueprint - Copy.jpg
    [2017/04/13 23:33:12 | 000,125,070 | ---- | C] () -- C:\Users\Andy\Desktop\5386054271_bd86c557a3_z - Copy.jpg
    [2017/04/13 23:33:12 | 000,105,418 | ---- | C] () -- C:\Users\Andy\Desktop\5938111203_02a7a3dc24 - Copy.jpg
    [2017/04/13 23:33:12 | 000,039,977 | ---- | C] () -- C:\Users\Andy\Desktop\Communication Center _ Fidelity Investments - Copy.pdf
    [2017/04/03 20:16:57 | 002,568,016 | ---- | C] () -- C:\Users\Andy\Desktop\How to remove Launchpage.pdf
    [2017/04/03 19:54:57 | 000,032,569 | ---- | C] () -- C:\Users\Andy\Desktop\scan_results.JPG
    [2017/04/01 05:33:32 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
    [2017/03/30 12:55:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01009.Wdf
    [2017/03/26 10:40:17 | 000,220,940 | ---- | C] () -- C:\Users\Andy\Desktop\overview.htm
    [2017/03/25 18:40:48 | 000,022,304 | ---- | C] () -- C:\Users\Andy\Novena for Impossible Requests.odt
    [2017/03/25 18:25:28 | 000,027,145 | ---- | C] () -- C:\Users\Andy\Tessera.odt
    [2017/03/14 10:47:17 | 000,011,373 | ---- | C] () -- C:\Users\Andy\Engineer_Quote.odt
    [2017/03/10 06:32:01 | 000,001,483 | ---- | C] () -- C:\Users\Andy\AppData\Local\recently-used.xbel
    [2016/12/18 17:54:26 | 000,000,015 | ---- | C] () -- C:\Users\Andy\AppData\Local\X-Plane_drm_11.prf
    [2016/12/18 17:54:23 | 000,000,037 | ---- | C] () -- C:\Users\Andy\AppData\Local\X-Plane Installer.prf
    [2016/10/11 09:15:58 | 000,027,803 | ---- | C] () -- C:\Users\Andy\Comey.odt
    [2015/08/27 18:20:08 | 000,194,560 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2015/08/27 18:20:08 | 000,154,096 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
    [2015/06/13 20:44:05 | 000,005,820 | ---- | C] () -- C:\Users\Andy\DiskStation_20150613.dss
    [2014/12/27 22:26:28 | 000,007,626 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
    ========== ZeroAccess Check ==========
    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 14:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 13:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    ========== Custom Scans ==========
    < :Commands >
    < :OTL >
    < SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc) >
    < DRV:64bit: - File not found [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv) >
    < FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found >

    Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found
    < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found >
    < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found >
    < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 >
    < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 >
    < O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found >

    Invalid Switch: 200 File not found
    < O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found >
    Invalid Switch: x-ica - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found >
    Invalid Switch: x-ica; charset=euc-jp - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found >
    Invalid Switch: x-ica; charset=ISO-8859-1 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found >
    Invalid Switch: x-ica; charset=MS936 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found >
    Invalid Switch: x-ica; charset=MS949 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found >
    Invalid Switch: x-ica; charset=MS950 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found >
    Invalid Switch: x-ica; charset=UTF8 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found >
    Invalid Switch: x-ica; charset=UTF-8 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found >
    Invalid Switch: x-ica;charset=euc-jp - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found >
    Invalid Switch: x-ica;charset=ISO-8859-1 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found >
    Invalid Switch: x-ica;charset=MS936 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found >
    Invalid Switch: x-ica;charset=MS949 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found >
    Invalid Switch: x-ica;charset=MS950 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found >
    Invalid Switch: x-ica;charset=UTF8 - No CLSID value found
    < O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found >
    Invalid Switch: x-ica;charset=UTF-8 - No CLSID value found
    < O18:64bit: - Protocol\Filter\ica - No CLSID value found >
    < O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found >
    < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >
    < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >
    < [132 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ] >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ >
    < CHR - Extension: No name found = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\ >
    < :Files >
    < ipconfig /flushdns /c >

    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    < :Commands >
    < [emptytemp] >
    < [purity] >


    < End of report >

    *************************************************************
    *************************************************************

    I would like to give this machine some more time (and a restart) to see if the problem remains clear.

    ******************************************************************************************
    ***********************************************************************************
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,170
    Ah, I can see what has happened with OTL. You were correct in where you added the custom scan, except it wasn't an actual scan I wanted. It was the Fix ;)

    So, I've grabbed a screenshot of which button to press. Its happened before, as many people are used to just pressing the Scan options :)

    upload_2017-4-20_21-37-44.png

    If you can run that scan, and post the log it creates, that would be great. I'll look through the other logs you posted.

    Thanks also for explaining about Thunderbird. Never used it myself, so its certainly strange that it does it. But, if they're not there in WordPad (either as Chinese or weird symbols), then it must be something to do with their software.

    Let me know how the pc is running, but hopefully the above will help as well.

    eddie
     
  5. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    I ran OTL as indicated. Log file is shown below. Upon reboot, popup windows appeared (sequentially)

    (title bar) OCRA
    Failed to create installation directory

    (title bar) OTL - this was an OK click to run OTL

    Notepad opened with the OTL log file.

    (title bar) FATAL ERROR
    Internal Error: Cannot create temporary directory.

    PC came up without further error indications. Ran Firefox to get here.
    ------------------------------------------------------------------------------------------------
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Error: No service named AvastVBoxSvc was found to stop!
    Unable to delete service\driver key AvastVBoxSvc.
    File C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe not found.
    Error: No service named VBoxAswDrv was found to stop!
    Unable to delete service\driver key VBoxAswDrv.
    File C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\Windows\Installer\MSI10BF.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1275.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI143A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1821.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1976.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI19D0.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1A51.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1B59.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1C26.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI1EB4.tmp deleted successfully.
    C:\Windows\Installer\MSI223D.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI2573.tmp deleted successfully.
    C:\Windows\Installer\MSI2867.tmp deleted successfully.
    C:\Windows\Installer\MSI2867.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI2928.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI2BEA.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI2EA5.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI300D.tmp deleted successfully.
    C:\Windows\Installer\MSI3424.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI344A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI35C3.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI3C94.tmp deleted successfully.
    C:\Windows\Installer\MSI3ED8.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI401E.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI4037.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI412.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI4258.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI43E8.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI43F0.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI4EFB.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5140.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5254.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI52B5.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5383.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI55BB.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5647.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI56F7.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI595A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5999.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI59F3.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5A00.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI5C3.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI60E4.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI630E.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6443.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6502.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI65EC.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6712.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI67C1.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6807.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6828.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6A26.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI6C65.tmp deleted successfully.
    C:\Windows\Installer\MSI6EFD.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI7100.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI714B.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI7594.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI7650.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI796C.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI7D5A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI821D.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI850.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI88C2.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI891A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI892B.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI8A2D.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI8AF7.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI8F77.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI8F86.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI9229.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI94ED.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI95ED.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI9773.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI981A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI98F.tmp- folder deleted successfully.
    C:\Windows\Installer\MSI9EE0.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIA576.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIA6C2.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIAF54.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIB6A5.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIB73F.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIB835.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIBA33.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIBBF3.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIBD1E.tmp deleted successfully.
    C:\Windows\Installer\MSIC312.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIC63F.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIC65B.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIC7CA.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIC845.tmp deleted successfully.
    C:\Windows\Installer\MSIC8FC.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIC99C.tmp- folder deleted successfully.
    C:\Windows\Installer\MSICA02.tmp- folder deleted successfully.
    C:\Windows\Installer\MSICA17.tmp deleted successfully.
    C:\Windows\Installer\MSICAA2.tmp- folder deleted successfully.
    C:\Windows\Installer\MSICCD5.tmp- folder deleted successfully.
    C:\Windows\Installer\MSICDF0.tmp- folder deleted successfully.
    C:\Windows\Installer\MSICE3E.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID08A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID3BB.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID443.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID60F.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID649.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID7D4.tmp- folder deleted successfully.
    C:\Windows\Installer\MSID8D7.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIDAFC.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIDB7A.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIDDB8.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIDE1.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIDE70.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE192.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE238.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE40F.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE411.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE434.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE70C.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIE79.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIED37.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIEF48.tmp-\InstallerCustomActions.dll deleted successfully.
    C:\Windows\Installer\MSIEF48.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIEFB6.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF152.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF196.tmp deleted successfully.
    C:\Windows\Installer\MSIF195.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF1D2.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF332.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF37D.tmp-\Microsoft.Deployment.WindowsInstaller.dll deleted successfully.
    C:\Windows\Installer\MSIF37D.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF3FA.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF58D.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF70D.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIF7B9.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIFBEE.tmp- folder deleted successfully.
    C:\Windows\Installer\MSIFFDD.tmp- folder deleted successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\he folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\en_US folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\en folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ms folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\he folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_US folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_HK folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ur folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\te folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ta folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sw folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\si folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ne folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ms folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\mr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\mn folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ml folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\lo folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\kn folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\km folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ka folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\iw folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\is folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hy folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\gu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\gl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fr_CA folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\fa folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\eu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\en_US folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\bn folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\az folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\am folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales\af folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\nb folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es_419 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en_GB folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\en folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\images folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\html folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0 folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_metadata folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\zh_TW folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\zh folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\vi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\uk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\tr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\th folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\te folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ta folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\sw folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\sv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\sr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\sl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\sk folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ru folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ro folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\pt_PT folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\pt_BR folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\pt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\pl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\nl folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\nb folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ms folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\mr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ml folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\lv folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\lt folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ko folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\kn folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ja folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\iw folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\it folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\id folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\hu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\hr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\hi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\gu folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\fr folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\fil folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\fi folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\fa folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\et folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\es folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\en folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\el folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\de folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\da folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\cs folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ca folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\bn folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\bg folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\ar folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales\am folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\_locales folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\cloud_route_details folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\cast_setup folder moved successfully.
    C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0 folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Andy\Desktop\cmd.bat deleted successfully.
    C:\Users\Andy\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: Administrator
    ->Temp folder emptied: 597901794 bytes
    ->Temporary Internet Files folder emptied: 25455177 bytes
    ->Java cache emptied: 50246 bytes
    ->FireFox cache emptied: 96334611 bytes
    ->Google Chrome cache emptied: 7270473 bytes
    ->Flash cache emptied: 1569 bytes
    User: Aida
    ->Temp folder emptied: 42310 bytes
    ->Temporary Internet Files folder emptied: 9202 bytes
    ->FireFox cache emptied: 39545859 bytes
    ->Flash cache emptied: 15805 bytes
    User: All Users
    User: Andy
    ->Temp folder emptied: 3805198402 bytes
    ->Temporary Internet Files folder emptied: 788034901 bytes
    ->Java cache emptied: 113126 bytes
    ->FireFox cache emptied: 369823343 bytes
    ->Google Chrome cache emptied: 357407851 bytes
    ->Flash cache emptied: 118843 bytes
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    User: Public
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 905858188 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
    RecycleBin emptied: 113385174 bytes
    Total Files Cleaned = 6,777.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 04202017_214202

    Files\Folders moved on Reboot...
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\src\rgloader\rgloader193.mswin.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\bin\LIBEAY32.dll moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\bin\libffi-6.dll moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\bin\msvcrt-ruby191.dll moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\bin\rubyw.exe moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\bin\SSLEAY32.dll moved successfully.
    C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\bin\zlib1.dll moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\SafeZone\Cookies moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\SafeZone\History moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default-1491265106232\cookies.sqlite moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default-1491265106232\places.sqlite moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default-1491265106232\search.json.mozlz4 moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default\cookies.sqlite moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default\places.sqlite moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default\search.json.mozlz4 moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\default\webappsstore.sqlite moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\firefox\[email protected]\Icon-48.png moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\chrome\Default\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\chrome\Default\Cookies moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\chrome\Default\History moved successfully.
    C:\Users\Andy\AppData\Local\Temp\BCLTMP\chrome\Default\Web Data moved successfully.
    File move failed. C:\Users\Andy\AppData\Local\Temp\008AF710-FD48-48C0-8318-A76B20CF707A scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\1B217AA9-5F42-41FE-9DD3-B9C0EF077E37 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\1E62C9FF-CFA5-4BC0-B824-31133B7C09B0 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\22E7E4F7-0FF2-4291-94A1-6B6F1E970C70 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\2B5B8253-0447-4D9F-99F2-C1A789B06C09 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\2BD62C28-DD79-4C51-A632-F3BC621328F9 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\2D106756-DF9C-41E3-AC9B-3508CD4F3D37 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\39B7F5BF-0F2C-4EC5-8703-751C4661B1BD scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\3BF929FD-8BD5-4418-91AA-86F0C04D7FA2 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\420F7BDE-F616-45B3-A024-A99D697B04B5 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\48E4B24E-7014-434E-B69A-B2FDCE809900 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\5B3728CA-A2D5-49D9-874B-2BD4D49871DC scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\6953E20F-3115-4A7D-8AEA-25E1412C1954 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\77381FD1-BAC6-4ABB-BC8E-8A4999841862 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\87E55E0C-F717-4978-87D5-ED721B60753E scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\882626B6-8D82-4CD1-9B9B-5174115E8EDD scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\8AAAAAA0-16C2-4547-A86C-AB5D7F09B116 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\9662586C-E4F5-49ED-87EE-D81AF7A9CA71 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\9A5C6B0A-E055-4270-897C-6A2059B50BE7 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\9A88C23B-3AFF-45A2-A2CA-0F3B4B9E8CC0 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\9BB8A548-ED10-4407-A3A7-8F0E9B4B2958 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\A9E2C146-84CB-4ED6-82FB-FF85B9F4D2BA scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\AE0B632A-3013-4C41-8602-B4E2D82BF9DE scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\B02E68B9-9A60-4C00-841E-1F2FF66D99FC scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\B05E6855-7674-49A2-8D4A-CFFDB3BF2A76 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\B6326F99-5B2F-4BDF-B079-97A56583BD04 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\BABAC333-C366-4D9C-B410-0CDF0FD6E31D scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\C194CCCB-20D2-4500-9E52-EF95B0F567CA scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\C1EC8765-90FC-4A53-8C96-4DF1FA5CAC86 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\C8BB5239-F21A-4C79-B775-C6FF3E12EF67 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\D6247C90-6757-4ABC-90F6-7C09931EDF02 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\DEE18D89-4CD9-4AF0-B9CC-3A1E47DBE114 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\E7FEA952-7AAA-41F3-889E-41FCEF98C652 scheduled to be moved on reboot.
    File move failed. C:\Users\Andy\AppData\Local\Temp\ED30B5EE-BF3C-4BEA-A25B-518C20C88114 scheduled to be moved on reboot.
    File\Folder C:\Users\Andy\AppData\Local\Temp\etilqs_fu9i46Q0R01fdri not found!
    File move failed. C:\Users\Andy\AppData\Local\Temp\F5D6E2BD-B571-4F3D-B451-E250349F38BD scheduled to be moved on reboot.
    C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\AvLock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20160322171415.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20160322171416.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\opera_installer_20160322171423.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160322223708.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160322223712.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160417163903.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160417163905.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160417164004.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160505230936.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160505230937.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160505230952.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160930231047.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20160930231048.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001150305.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001150307.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001150328.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001150642.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001150647.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001151456.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20161001151503.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170226181856.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170226181859.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170226181922.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170227182116.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170227182121.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170310182201.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170310182203.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401050730.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401050733.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\SafeZone Installer\safezone_installer_20170401050742.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    *************************************************************
    *************************************************************

    I would like to give this machine some more time (3-4 days) to see if the problem remains clear before this is marked as Solved.

    ******************************************************************************************
    ***********************************************************************************
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,170

    Looking at the first one, the OCRA, this is related to the Ruby program. Now, you had this running from a temp folder, which is strange. Does it state its OCR2792 or just OCRA?

    This is what I saw, and programs running from the Temp folder is never a good idea. If you look in the latest OTL log you posted (above), its this part:

    Code:
    Files\Folders moved on Reboot...
     C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\src\rgloader\rgloader193.mswin.so moved successfully.
     C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so moved successfully.
     C:\Users\Andy\AppData\Local\Temp\ocr2792.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so moved successfully.
    For the OTL and Fatal Error one, lets see if that was just with OTL itself. Like you say, wait a few days, and see how it goes. But curious if the OCRA window appears again.

    Also, and I can look deeper into this at home as work block 90% of stuff, are there any programs you use a lot, that are having issues?
     
  7. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    "OCRA", not "OCR2792".

    7-zip and Private Internet Access (VPN service) are not working.

    7-zip runs but can't open some previously encrypted files. Luckily, these are stored in Google Drive and 7-zip on another PC can access them.

    I downloaded the latest PIA version and tried to install - got the "OCRA - failed to create installation directory" pop-up. I did the same with 7-zip. It announced it was installed. Two instances of 7-zip show up in Programs and Features, one is labeled

    (generic icon) 7-zip 16.04 (x64 edition) (April 2)
    (7-zip icon) 7-zip 16.04 (x64) (April 21)

    An item called (generic icon) "Private Internet Access Support Files" shows up in
    Programs and Features. PIA is still listed in the Start menu. If selected, the same "OCRA - failed to create installation directory" pop-up appears. PIA is configured to start automatically, so that would account for this pop-up appearance after a PC reboot.

    Trusteer Rapport is not running - this is a website verification utility browser plugin. This has acted up in the past - requires a login as Administrator to re-install - I'll look into this later.

    I tried some other programs and they worked. Can't check everything now - late for work.
     
  8. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    OpenOffice Calc is deleting the contents of a spreadsheet when it saves the file.

    OpenOffice Writer is behaving normally.
     
  9. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    Google Drive is not synching files to their server.

    Attempted to run Google Drive:

    (title bar) Fatal Error!
    (message) INTERNAL ERROR: cannot create temporary directory!
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,170
    And just to clarify, for myself to look at fully, this only started happening when you ran the OTL fix, and not the other programs, like Adwcleaner and Hitman?
     
  11. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    100% certain about Private Internet Access startup failure. I had rebooted the machine at least once after running Adwcleaner and Hitman but before the OTL fix. The pop-up messages
    ---------------------------------
    (title bar) OCRA
    (message) Failed to create installation directory

    (title bar) FATAL ERROR
    (message) Internal Error: Cannot create temporary directory
    ------------------------------------------------

    did not appear during the startup following those reboots.

    I'm not at home now. I can't be certain about OpenOffice Calc and 7-zip without checking file timestamps.
     
  12. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    Security tab for Properties on Temp folder:

    Temp_Permissions.JPG

    Do you think this is the reason that programs are unable to open temporary files?

    Also no other group or user names.

    My other PC has me, SYSTEM, and Administrators, with all 3 groups/users having Full Control, Modify, Read & execute, List folder contents, Read, Write.

    C:\Windows\Temp properties:

    Windows_Temp_Permissions.JPG

    Same permissions for Administrators. Users have Special permissions.
     
  13. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    Special Permissions (I am the only user/group listed) for ...\AppData\Local\Temp

    Temp_Special_Permissions.JPG
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,170
    Okay, can you run FRST, as I want to see if it spots anything, and we can hopefully get this back for you. If not, we'll do it aanother way.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
    • Please copy and paste the logs back here.
     
  15. specialdelivery

    specialdelivery Thread Starter

    Joined:
    Jun 27, 2010
    Messages:
    44
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
    Ran by Andy (administrator) on MACMINI (23-04-2017 10:53:48)
    Running from C:\Users\Andy\Desktop
    Loaded Profiles: Andy (Available Profiles: Andy & Aida & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Windows\System32\AppleOSSMgr.exe
    (Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Jovision\CloudHelperService\CloudHelper.exe
    (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
    () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (UltimateOutsider) C:\Users\Andy\Downloads\GWX_control_panel.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Flux Software LLC) C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe
    (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-01-31] (Apple Inc.)
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [567088 2016-10-14] ()
    HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Andy\Downloads\GWX_control_panel.exe [4596296 2016-06-18] (UltimateOutsider)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-01] (AVAST Software)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2014-01-31] (Intel Corporation)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-04-25] (Acronis International GmbH)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-14] ()
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [522552 2015-12-10] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-12-10] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\...\Run: [f.lux] => C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-01] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-01] (AVAST Software)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
    BootExecute: autocheck autochk * bootdelete

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{7E85811E-2550-47C0-90D8-5F43FB2A6E65}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{BD30602C-FB30-494F-862F-62A0EAF8D8D6}: [DhcpNameServer] 209.222.18.222 209.222.18.218

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.foxnews.com/
    HKU\S-1-5-21-3405905980-3442975649-764905720-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    SearchScopes: HKU\S-1-5-21-3405905980-3442975649-764905720-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-01] (AVAST Software)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-01] (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232 [2017-04-23]
    FF Homepage: Mozilla\Firefox\Profiles\v1wx5564.default-1491265106232 -> hxxp://www.foxnews.com/
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-01]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-01]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-13] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-12-10] (Citrix Systems, Inc.)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
    CHR Extension: (Google Slides) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-20]
    CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-20]
    CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-20]
    CHR Extension: (Rapport) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-08-22]
    CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-20]
    CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-04-20]
    CHR Extension: (Adobe Acrobat) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-02]
    CHR Extension: (Avast SafePrice) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-02]
    CHR Extension: (Google Sheets) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-20]
    CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-20]
    CHR Extension: (Avast Online Security) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-02]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-20]
    CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-20]
    CHR Extension: (Chrome Media Router) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-20]
    CHR HKU\S-1-5-21-3405905980-3442975649-764905720-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3405905980-3442975649-764905720-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-14] ()
    R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-11-01] ()
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-01-31] ()
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-01] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-01] (AVAST Software)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 CloudHelper; C:\Program Files (x86)\Jovision\CloudHelperService\CloudHelper.exe [282624 2015-06-13] () [File not signed]
    R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-03-01] (IBM Corp.)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
    R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-04-16] ()
    R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-24] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-01] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-01] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-01] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-01] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-01] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-01] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-01] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-01] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-01] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-01] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-01] (AVAST Software)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
    R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [366432 2016-11-01] (Acronis International GmbH)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-16] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-20] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-20] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-20] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-23] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [382432 2017-03-01] (IBM Corp.)
    R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-01-31] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [582208 2017-03-01] (IBM Corp.)
    R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [252288 2017-03-01] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [506016 2017-03-01] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [605024 2017-03-01] (IBM Corp.)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267552 2016-11-01] (Acronis International GmbH)
    R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [193376 2016-11-01] (Acronis International GmbH)
    S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [601432 2016-11-01] (Acronis International GmbH)
    R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [279392 2016-04-18] (Acronis International GmbH)
    S3 motmodem; system32\DRIVERS\motmodem.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-23 10:53 - 2017-04-23 10:54 - 00022394 _____ C:\Users\Andy\Desktop\FRST.txt
    2017-04-23 10:53 - 2017-04-23 10:53 - 00000000 ____D C:\FRST
    2017-04-23 10:53 - 2017-04-23 10:48 - 02426368 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
    2017-04-23 10:48 - 2017-04-23 10:48 - 02426368 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
    2017-04-22 18:56 - 2017-04-22 18:56 - 00006656 _____ C:\Users\Andy\Desktop\abcdef.xls
    2017-04-22 18:52 - 2017-04-22 18:52 - 00008069 _____ C:\Users\Andy\Desktop\abcdef.ods
    2017-04-21 09:29 - 2017-04-21 09:29 - 00159446 _____ C:\Users\Andy\Desktop\OTL_2x.txt
    2017-04-21 09:28 - 2017-04-21 09:28 - 00000867 _____ C:\Users\Andy\AppData\Local\recently-used.xbel
    2017-04-21 08:53 - 2017-04-21 08:53 - 01381582 _____ (Igor Pavlov) C:\Users\Andy\Downloads\7z1604-x64.exe
    2017-04-21 08:51 - 2017-04-21 08:51 - 01110564 _____ (Igor Pavlov) C:\Users\Andy\Downloads\7z1604.exe
    2017-04-21 08:35 - 2017-04-21 08:35 - 65315426 _____ C:\Users\Andy\Downloads\pia-v69-installer-win.exe
    2017-04-21 08:35 - 2017-04-21 08:35 - 00003142 _____ C:\Windows\System32\Tasks\{106CE779-9F90-41FF-A5A7-80EF01E9CC5D}
    2017-04-20 22:08 - 2017-04-20 22:08 - 00194230 _____ C:\Users\Andy\Desktop\OTL_3.Txt
    2017-04-20 21:42 - 2017-04-20 21:42 - 00000000 ____D C:\_OTL
    2017-04-20 09:28 - 2017-04-20 09:29 - 00000725 _____ C:\Users\Andy\Downloads\My_Transactions(7).csv
    2017-04-20 01:20 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-04-20 01:20 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-04-20 01:20 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-04-20 01:20 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-04-20 01:20 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-04-20 01:20 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-04-20 01:20 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-04-20 01:20 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-04-20 01:20 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-04-20 01:20 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-04-20 01:20 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-04-20 01:20 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-04-20 01:20 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-04-20 01:20 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-04-20 01:20 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-04-20 01:20 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-04-20 01:20 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-04-20 01:20 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-04-20 01:20 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-04-20 01:20 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-04-20 01:20 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-04-20 01:20 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-04-20 01:20 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-04-20 01:20 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-04-20 01:20 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-04-20 01:20 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-04-20 01:20 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-04-20 01:20 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-04-20 01:20 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-04-20 01:20 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-04-20 01:20 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-04-20 01:20 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-04-20 01:20 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-04-20 01:20 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-04-20 01:20 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2017-04-20 01:20 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2017-04-20 01:19 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-04-20 01:19 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-04-20 01:19 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-04-20 01:19 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-04-20 01:19 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-04-20 01:19 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-04-20 01:19 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-04-20 01:19 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-04-20 01:19 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-04-20 01:19 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-04-20 01:19 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-04-20 01:19 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-04-20 01:19 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-04-20 01:19 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-04-20 01:19 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-04-20 01:19 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-04-20 01:19 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-04-20 01:19 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-04-20 01:19 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-04-20 01:19 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-04-20 01:19 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-04-20 01:19 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-04-20 01:19 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-04-20 01:19 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-04-20 01:19 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-04-20 01:19 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-04-20 01:19 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-04-20 01:19 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-04-20 01:19 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-04-20 01:19 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-04-20 01:19 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-04-20 01:19 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-04-20 01:19 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-04-20 01:19 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-04-20 01:19 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-04-20 01:19 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-04-20 01:19 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-04-20 01:19 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-04-20 01:19 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-04-20 01:19 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-04-20 01:19 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-04-20 01:19 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-04-20 01:19 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-04-20 01:19 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-04-20 01:19 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-04-20 01:19 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-04-20 01:19 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-04-20 01:19 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-04-20 01:19 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-04-20 01:19 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-04-20 01:19 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-04-20 01:19 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-04-20 01:19 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-04-20 01:19 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-04-20 01:19 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-04-20 01:19 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-04-20 01:19 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-04-20 01:19 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-04-20 01:19 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-04-20 01:19 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-04-20 01:19 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-04-20 01:19 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-04-20 01:19 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-04-20 01:19 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-04-20 01:19 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-04-20 01:19 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-04-20 01:19 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-04-20 01:19 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-04-20 01:19 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-04-20 01:19 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-04-20 01:19 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-04-20 01:19 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-04-20 01:19 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-04-20 01:19 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-04-20 01:19 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-04-20 01:19 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-04-20 01:19 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-04-20 01:19 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-04-20 01:19 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-04-20 01:19 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-04-20 01:19 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-04-20 01:19 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-04-20 01:19 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-04-20 01:19 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-04-20 01:19 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-04-20 01:19 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-04-20 01:19 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-04-20 01:19 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-04-20 01:19 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-04-20 01:19 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-04-20 01:19 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-04-20 01:19 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-04-20 01:19 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
    2017-04-20 01:19 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-04-20 01:19 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
    2017-04-20 01:19 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-04-20 01:19 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-04-20 01:19 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2017-04-20 01:19 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2017-04-20 01:19 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-04-20 01:19 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-04-20 00:37 - 2017-04-20 00:37 - 00009574 _____ C:\Users\Andy\Desktop\vz.odt
    2017-04-19 23:00 - 2017-04-19 23:00 - 00159446 _____ C:\Users\Andy\Desktop\OTL_2.Txt
    2017-04-18 10:11 - 2017-04-18 10:11 - 00015736 _____ C:\Windows\system32\bootdelete.lst
    2017-04-18 10:11 - 2017-04-18 10:11 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
    2017-04-18 10:02 - 2017-04-18 10:13 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-04-18 10:01 - 2017-04-18 10:01 - 11583584 _____ (SurfRight B.V.) C:\Users\Andy\Downloads\hitmanpro_x64.exe
    2017-04-18 10:00 - 2017-04-18 10:00 - 00001106 _____ C:\Users\Andy\Desktop\MBAM_Scan_Report2.txt
    2017-04-18 08:37 - 2017-04-18 08:37 - 00005798 _____ C:\Users\Andy\Desktop\AdwCleaner_log.txt
    2017-04-18 08:20 - 2017-04-18 08:30 - 00000000 ____D C:\AdwCleaner
    2017-04-18 08:18 - 2017-04-18 08:18 - 04089296 _____ C:\Users\Andy\Downloads\adwcleaner_6.045.exe
    2017-04-18 08:17 - 2017-04-21 09:17 - 00032993 _____ C:\Users\Andy\Desktop\Removal_steps.odt
    2017-04-17 22:49 - 2017-04-17 22:51 - 00000000 ____D C:\NPE
    2017-04-17 22:48 - 2017-04-18 07:57 - 00279678 _____ C:\Windows\ntbtlog.txt
    2017-04-17 22:46 - 2017-04-18 07:57 - 00000000 ____D C:\Users\Andy\AppData\Local\NPE
    2017-04-17 22:46 - 2017-04-17 22:46 - 00000000 ____D C:\ProgramData\Norton
    2017-04-17 22:45 - 2017-04-17 22:45 - 03422432 _____ (Symantec Corporation) C:\Users\Andy\Downloads\NPE.exe
    2017-04-17 22:28 - 2017-04-17 22:28 - 00003439 _____ C:\Users\Andy\Desktop\MBAM_Scan_Report.txt
    2017-04-16 21:22 - 2017-04-23 10:13 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-04-16 21:22 - 2017-04-20 22:03 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-04-16 21:22 - 2017-04-20 22:03 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-04-16 21:22 - 2017-04-16 21:22 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-04-16 21:21 - 2017-04-20 22:03 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-04-16 21:21 - 2017-04-16 21:22 - 60107896 _____ (Malwarebytes ) C:\Users\Andy\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
    2017-04-16 21:21 - 2017-04-16 21:21 - 00001875 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-04-16 21:21 - 2017-04-16 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-04-16 21:21 - 2017-04-16 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-04-16 21:21 - 2017-04-16 21:21 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-04-16 21:21 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-04-16 21:06 - 2017-04-16 21:07 - 60107896 _____ (Malwarebytes ) C:\Users\Andy\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
    2017-04-14 13:22 - 2017-04-14 13:22 - 00087140 _____ C:\Users\Andy\Desktop\Extras.Txt
    2017-04-14 13:20 - 2017-04-19 23:00 - 00159446 _____ C:\Users\Andy\Desktop\OTL.Txt
    2017-04-13 23:33 - 2015-11-28 18:21 - 00039977 _____ C:\Users\Andy\Desktop\Communication Center _ Fidelity Investments - Copy.pdf
    2017-04-13 23:27 - 2017-04-13 23:27 - 00036348 _____ C:\Users\Andy\Downloads\cleanup_1.odt
    2017-04-13 23:20 - 2017-04-13 23:19 - 00602112 _____ (OldTimer Tools) C:\Users\Andy\Desktop\OTL.exe
    2017-04-13 23:19 - 2017-04-13 23:19 - 00602112 _____ (OldTimer Tools) C:\Users\Andy\Downloads\OTL.exe
    2017-04-03 20:18 - 2017-04-03 20:18 - 00000000 ____D C:\Users\Andy\Desktop\Old Firefox Data
    2017-04-03 20:16 - 2017-04-03 20:16 - 02568016 _____ C:\Users\Andy\Desktop\How to remove Launchpage.pdf
    2017-04-02 04:24 - 2017-04-02 04:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2017-04-01 05:33 - 2017-04-01 05:33 - 00001898 _____ C:\Users\Public\Desktop\Garmin Express.lnk
    2017-04-01 05:33 - 2017-04-01 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2017-04-01 05:04 - 2017-04-01 05:04 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-03-30 13:17 - 2017-03-30 13:17 - 09771964 _____ C:\Users\Andy\Downloads\MDM Installer_2.2.9.dmg
    2017-03-30 12:55 - 2017-03-30 12:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_motmodem_01009.Wdf
    2017-03-30 12:55 - 2017-03-30 12:55 - 00000000 ____D C:\ProgramData\Motorola
    2017-03-30 12:53 - 2017-04-01 05:15 - 00000000 ____D C:\Temp
    2017-03-30 12:53 - 2017-03-30 12:53 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Motorola Mobility
    2017-03-30 12:52 - 2017-04-02 04:32 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
    2017-03-30 12:52 - 2017-03-30 12:52 - 00000000 ____D C:\Program Files (x86)\Motorola
    2017-03-30 12:51 - 2017-03-30 12:51 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
    2017-03-30 12:49 - 2017-03-30 12:49 - 34236544 _____ (Motorola Mobility) C:\Users\Andy\Downloads\MotorolaDeviceManager_2.5.4.exe
    2017-03-30 12:49 - 2017-03-30 12:49 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Motorola
    2017-03-29 09:25 - 2017-03-29 09:25 - 01130785 _____ C:\Users\Andy\Downloads\protection_agreement_a6c7f392b19895c65eb687e69727861f4a3413b3.pdf
    2017-03-26 10:40 - 2017-03-26 10:40 - 00220940 _____ C:\Users\Andy\Desktop\overview.htm
    2017-03-25 19:13 - 2017-03-25 19:13 - 00005872 _____ C:\Users\Andy\Downloads\DiskStation_20170325.dss
    2017-03-25 18:40 - 2017-03-25 18:40 - 00022304 _____ C:\Users\Andy\Novena for Impossible Requests.odt
    2017-03-25 18:25 - 2017-03-25 18:25 - 00027145 _____ C:\Users\Andy\Tessera.odt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-23 10:52 - 2016-11-18 21:07 - 00000000 ____D C:\Users\Andy\AppData\LocalLow\Mozilla
    2017-04-22 01:50 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-22 01:50 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-22 01:30 - 2014-11-14 20:24 - 00000000 ____D C:\Users\Andy\AppData\Local\CutePDF Writer
    2017-04-22 01:03 - 2015-05-30 14:31 - 00000000 ____D C:\Users\Andy\Desktop\Travel
    2017-04-22 00:56 - 2014-11-08 15:13 - 00015898 _____ C:\Windows\BRRBCOM.INI
    2017-04-21 10:01 - 2014-11-09 21:34 - 00000000 ____D C:\Users\Andy\Desktop\Unused Items
    2017-04-21 09:52 - 2014-12-27 12:59 - 00000000 ___RD C:\Users\Andy\Google Drive
    2017-04-21 09:28 - 2015-01-11 21:16 - 00000000 ____D C:\Users\Andy\.gimp-2.8
    2017-04-21 08:53 - 2015-12-22 23:52 - 00000000 ____D C:\Program Files\7-Zip
    2017-04-21 08:39 - 2015-07-30 00:23 - 00000000 ____D C:\Windows\system32\appmgmt
    2017-04-20 22:03 - 2014-11-03 06:25 - 00000000 __SHD C:\Users\Andy\IntelGraphicsProfiles
    2017-04-20 22:02 - 2015-05-10 22:01 - 00000004 _____ C:\helper.dat
    2017-04-20 22:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-20 05:43 - 2016-11-17 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-04-20 05:43 - 2014-11-03 00:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-04-20 05:43 - 2009-07-14 00:45 - 00298824 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-20 03:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2017-04-20 01:55 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-20 01:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2017-04-20 01:35 - 2014-11-03 02:07 - 00000000 ____D C:\Windows\system32\MRT
    2017-04-20 01:31 - 2014-11-03 02:07 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-04-20 01:26 - 2014-11-03 03:28 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-04-20 01:07 - 2015-04-17 01:18 - 00000000 ____D C:\Users\Andy\AppData\Local\CrashDumps
    2017-04-18 08:30 - 2016-08-06 13:08 - 00001294 _____ C:\Users\Andy\Desktop\Google Chrome.lnk
    2017-04-18 08:30 - 2016-04-17 16:40 - 00001000 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2017-04-18 08:30 - 2016-03-22 17:14 - 00001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-04-18 08:30 - 2015-07-11 14:22 - 00001294 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
    2017-04-18 08:30 - 2015-07-01 23:21 - 00001306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-04-18 08:30 - 2015-02-17 01:41 - 00000995 _____ C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-04-18 08:30 - 2014-11-22 20:44 - 00000995 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-04-18 08:30 - 2014-11-03 00:21 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-04-18 08:30 - 2014-11-03 00:21 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-04-18 08:30 - 2014-11-02 23:38 - 00000995 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-04-13 23:21 - 2015-02-07 22:30 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-04-13 23:20 - 2015-07-15 00:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-13 23:17 - 2014-12-27 12:45 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-04-13 23:17 - 2014-12-27 12:45 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-04-13 23:17 - 2014-11-22 21:40 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-04-13 23:17 - 2014-11-08 01:20 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-04-13 23:17 - 2014-11-08 01:20 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-13 23:17 - 2014-11-08 01:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-04-13 23:17 - 2014-11-08 01:20 - 00000000 ____D C:\Windows\system32\Macromed
    2017-04-08 18:29 - 2016-05-20 00:14 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Acrylic Wi-Fi Home
    2017-04-03 21:08 - 2015-02-28 03:06 - 00072192 ___SH C:\Users\Andy\Thumbs.db
    2017-04-02 04:32 - 2014-11-02 04:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-04-01 05:46 - 2014-11-02 23:37 - 00000000 ____D C:\ProgramData\Package Cache
    2017-04-01 05:34 - 2014-11-09 00:29 - 00000000 ____D C:\Program Files (x86)\Garmin
    2017-04-01 05:33 - 2014-11-09 00:30 - 00000000 ____D C:\ProgramData\Garmin
    2017-04-01 05:33 - 2014-11-09 00:29 - 00003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
    2017-04-01 05:07 - 2016-03-22 17:14 - 00003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458681263
    2017-04-01 05:05 - 2017-02-26 19:13 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-04-01 05:04 - 2014-11-03 00:46 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-04-01 05:04 - 2014-11-03 00:46 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-04-01 05:04 - 2014-11-03 00:46 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-04-01 05:04 - 2014-11-03 00:46 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-04-01 05:04 - 2014-11-03 00:46 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-04-01 05:04 - 2014-11-03 00:46 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-04-01 05:04 - 2014-11-03 00:46 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-04-01 05:03 - 2017-02-26 19:13 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-04-01 05:03 - 2017-02-26 19:13 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-04-01 05:03 - 2017-02-26 19:13 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-04-01 05:03 - 2017-02-26 19:13 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-04-01 05:03 - 2016-03-22 17:14 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-04-01 05:03 - 2014-11-03 00:46 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-04-01 04:56 - 2014-11-08 01:17 - 00000000 ____D C:\Users\Andy\AppData\Local\Adobe
    2017-03-30 12:53 - 2014-11-02 04:31 - 00000000 ____D C:\Users\Andy\AppData\Local\VirtualStore
    2017-03-27 23:36 - 2014-12-27 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2017-03-26 18:12 - 2017-02-19 10:24 - 00000000 ____D C:\Users\Andy\Desktop\User Manuals
    2017-03-25 18:46 - 2014-11-02 04:25 - 00000000 ____D C:\Users\Andy

    ==================== Files in the root of some directories =======

    2017-04-21 09:28 - 2017-04-21 09:28 - 0000867 _____ () C:\Users\Andy\AppData\Local\recently-used.xbel
    2014-12-27 22:26 - 2016-08-09 01:51 - 0007626 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
    2016-12-18 17:54 - 2017-03-18 21:22 - 0000037 _____ () C:\Users\Andy\AppData\Local\X-Plane Installer.prf
    2016-12-18 17:54 - 2017-03-18 21:27 - 0000015 _____ () C:\Users\Andy\AppData\Local\X-Plane_drm_11.prf
    2016-12-18 17:29 - 2016-12-18 17:29 - 0000035 _____ () C:\Users\Andy\AppData\Local\x-plane_install_11.txt

    Files to move or delete:
    ====================
    C:\Users\Andy\DiskStation_20150613.dss


    Some files in TEMP:
    ====================
    2017-04-21 08:15 - 2017-04-21 08:15 - 0739904 _____ (Oracle Corporation) C:\Users\Andy\AppData\Local\Temp\jre-8u131-windows-au.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-23 01:24

    ==================== End of FRST.txt ============================
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1187897