Jump to content


Photo

Random files created on hard drive


  • Please log in to reply
14 replies to this topic

#1 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 05 April 2019 - 09:34 PM

My computer has been running slower than normal and I noticed random folders on my C: drive with weird names like 'Xlogs176' and 'kfiles41'.   Inside these folder are always about 10 items (usually a couple of word and excel files, some JPEGs and text files).  When the folder is deleted, another folder with a different name and 10 items in it will appear a few minutes later.  So far I do not have any unexpected pop-ups and I never received alerts from my firewall. 

 

Below are the requested log.  Thank you for your help.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/5/19
Scan Time: 10:49 PM
Log File: aab2f955-5816-11e9-854a-00ff156df244.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10022
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ryan-PC\Ryan

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 320765
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 23 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUM.Optional.NoDrives, HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NODRIVES, Replace-on-Reboot, [13263], [293343],1.0.10022

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Ryan (administrator) on RYAN-PC (05-04-2019 23:09:01)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan &  (Available Profiles: Ryan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Cybereason Inc -> Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe
(Antibody Software Limited -> ) C:\Program Files (x86)\WizMouse\WizMouse.exe
(Cybereason Inc -> Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Digital Wave Ltd -> Digital Wave Ltd.) [File not signed] C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Memeo Inc -> Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer Incorporated -> Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Coupons, Inc. -> Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex, Inc -> Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google) C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019224959866\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [18666984 2018-12-14] (Plex, Inc -> Plex, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225033982\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [18666984 2018-12-14] (Plex, Inc -> Plex, Inc.)
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\...\Policies\Explorer: [NoDrives] 2
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\...\Policies\Explorer: [NoDrives] 2
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] (Antibody Software Limited -> )
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\...\Policies\Explorer: [NoDrives] 2
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [18666984 2018-12-14] (Plex, Inc -> Plex, Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [280352 2006-11-10] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [68096 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [264992 2006-11-10] (Logitech Inc -> Logitech Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-25] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitsdnclean64.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{156DF244-FB99-4AE5-AB9A-B6E19668A578}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{16D8E42B-01C3-4412-A8FF-84B27B045902}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{16D8E42B-01C3-4412-A8FF-84B27B045902}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46A5CE89-0702-48ED-9CC0-184E636B2F95}: [DhcpNameServer] 10.151.1.1
Tcpip\..\Interfaces\{504E1340-BE7C-439C-8C67-8AB34C0BE00F}: [DhcpNameServer] 95.211.101.197 95.211.101.198

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS382US383
SearchScopes: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS382US383
SearchScopes: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS382US383
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-01-22] (LastPass (Marvasol Inc) -> LastPass)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Ryan\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2019-03-26] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-01-22] (LastPass (Marvasol Inc) -> LastPass)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-01-22] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Ryan\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2019-03-26] (Dashlane USA, Inc. -> Dashlane, Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-01-22] (LastPass (Marvasol Inc) -> LastPass)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: lzqcgcmx.default-1417830508894
FF DefaultProfile: rbisson81@aol.com
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894 [2019-04-05]
FF Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\coupons@joinpiggy.com.xpi [2017-11-23]
FF Extension: (The Camelizer) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\izer@camelcamelcamel.com.xpi [2018-06-22]
FF Extension: (Dashlane) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\jetpack-extension@dashlane.com.xpi [2019-04-02] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Honey) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2019-02-12]
FF Extension: (Keyword Search (WebExtension)) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\keywordsearch-webext@kaply.com.xpi [2017-11-16]
FF Extension: (Keyword Search) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\keywordsearch@kaply.com.xpi [2016-10-30] [Legacy]
FF Extension: (Route with Google Maps) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\route-with-google-maps-addon@daniel-wiedner.de.xpi [2018-05-30]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\support@lastpass.com.xpi [2019-03-21]
FF Extension: (Gloss. Black) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\{14325899-76e8-499d-8359-2d6c54f3bacb}.xpi [2019-03-24]
FF Extension: (Dark Blue) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\{66210612-4439-45ea-8b8c-a39d97fd729c}.xpi [2019-03-24]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-04]
FF Extension: (Glass - Black) - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\Extensions\{e5aa11fe-6320-4fe9-8a12-f58cb0e3fa55}.xpi [2019-03-21]
FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lzqcgcmx.default-1417830508894\searchplugins\google-im-feeling-lucky.xml [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-01-22] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2019-03-22] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-01-22] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.188 -> C:\Windows\system32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\vlc [2015-06-06]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Ryan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) [File not signed]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: hopster.com/CouponPrinterPlugin -> C:\Users\Ryan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) [File not signed]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: @tools.google.com/Google Update;version=3 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: @tools.google.com/Google Update;version=9 -> C:\Users\Ryan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: hopster.com/CouponPrinterPlugin -> C:\Users\Ryan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) [File not signed]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2017-08-25]
FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-08-20]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://bhtv.brighthouse.com/liveTv"
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2019-04-05]
CHR Extension: (Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Send to Google Maps) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhggankplfegmjjngfmhfajedmiikolo [2018-01-30]
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-04]
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Dashlane - Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2019-03-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-03-29]
CHR Extension: (Dashlane) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpplnklgealmmnncbdpehifojcfomaf [2013-12-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (WebRTC Network Limiter) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2016-06-06]
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-29]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [238080 2013-04-29] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\73.0.3683.67\remoting_host.exe [73200 2019-03-05] (Google LLC -> Google Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons, Inc. -> Coupons.com Inc.)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason Inc -> Cybereason)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-24] (Digital Wave Ltd -> Digital Wave Ltd.) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [121456 2010-06-30] (Portrait Displays, Inc. -> )
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (Adobe Systems Incorporated -> NOS Microsystems Ltd.)
S2 LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [171808 2006-11-15] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-05-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2247144 2018-12-14] (Plex, Inc -> Plex, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo Inc -> Memeo)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11922944 2013-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [359936 2013-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11922944 2013-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1622528 2009-08-24] (Microsoft Windows Hardware Compatibility Publisher -> AVerMedia TECHNOLOGIES, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-03-25] (Malwarebytes Corporation -> Malwarebytes)
S3 LVcKap64; C:\Windows\System32\DRIVERS\LVcKap64.sys [997408 2006-11-15] (Logitech Inc -> Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2345120 2006-11-15] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-25] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-05] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-05] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-04-05] (Malwarebytes Corporation -> Malwarebytes)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-04-24] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [36736 2016-08-14] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-05-27] (AnchorFree Inc -> Anchorfree Inc.)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2017-09-13] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 LVPr2Mon; system32\DRIVERS\LVPr2Mon.sys [X]
U3 MediaMall Server; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-05 23:09 - 2019-04-05 23:12 - 000045033 _____ C:\Users\Ryan\Desktop\FRST.txt
2019-04-05 23:08 - 2019-04-05 23:09 - 000000000 ____D C:\FRST
2019-04-05 23:07 - 2019-04-05 23:08 - 002434048 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2019-04-05 22:52 - 2019-04-05 22:52 - 000899584 _____ C:\Users\Ryan\Desktop\RGSA.exe
2019-04-05 22:45 - 2019-04-05 22:45 - 000529051 _____ C:\Users\SZ0bujn\outside.senate.xlsx
2019-04-05 22:45 - 2019-04-05 22:45 - 000526951 _____ C:\Users\Akk0s\undergo-chapter-loved.xlsx
2019-04-05 22:45 - 2019-04-05 22:45 - 000226766 _____ C:\Users\SZ0bujn\accumulate-poets.mdb
2019-04-05 22:45 - 2019-04-05 22:45 - 000222936 _____ C:\Users\Akk0s\facinglatesellcustom.mdb
2019-04-05 22:45 - 2019-04-05 22:45 - 000068628 _____ C:\Users\Akk0s\elaine_regular_manufacturer_alexander.xls
2019-04-05 22:45 - 2019-04-05 22:45 - 000067441 _____ C:\Users\SZ0bujn\happens_fast.xls
2019-04-05 22:45 - 2019-04-05 22:45 - 000053080 _____ C:\Users\SZ0bujn\t0sZ.pem
2019-04-05 22:45 - 2019-04-05 22:45 - 000052009 _____ C:\Users\Akk0s\horrorcorpsbriefcomplication.pem
2019-04-05 22:45 - 2019-04-05 22:45 - 000025435 _____ C:\Users\Akk0s\CHV.sql
2019-04-05 22:45 - 2019-04-05 22:45 - 000025184 _____ C:\Users\SZ0bujn\additional-wine.sql
2019-04-05 22:45 - 2019-04-05 22:45 - 000022650 _____ C:\Users\Akk0s\GISQP4aau4Vg.txt
2019-04-05 22:45 - 2019-04-05 22:45 - 000011483 _____ C:\Users\SZ0bujn\identified boys nearest.txt
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 __SHD C:\Users\Ryan\Desktop\ This folder protects against ransomware. Modifying it will reduce protection
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 ___HD C:\Users\SZ0bujn
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 ___HD C:\Users\Ryan\Documents\Nhelper163
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 ___HD C:\Users\Ryan\Documents\Gsettingsettings77
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 ___HD C:\Users\Akk0s
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 ____D C:\Xlogs176
2019-04-05 22:45 - 2019-04-05 22:45 - 000000000 ____D C:\ kfiles41
2019-04-05 21:58 - 2019-04-05 21:55 - 000453987 _____ C:\Windows\system32\Drivers\etc\hosts.20190405-215838.backup
2019-04-05 21:57 - 2019-04-05 21:55 - 000453987 ____R C:\Windows\system32\Drivers\etc\hosts.20190405-215735.backup
2019-04-05 21:55 - 2016-07-16 13:55 - 000000025 _____ C:\Windows\system32\Drivers\etc\hosts.20190405-215546.backup
2019-04-05 21:47 - 2019-04-05 22:38 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-04-05 21:47 - 2019-04-05 21:47 - 000001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2019-04-05 21:47 - 2019-04-05 21:47 - 000001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2019-04-05 21:47 - 2019-04-05 21:47 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2019-04-05 21:47 - 2019-04-05 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2019-04-05 21:47 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2019-04-05 21:46 - 2019-04-05 21:49 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-04-05 19:55 - 2019-04-05 19:55 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-04-05 19:55 - 2019-04-05 19:55 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-04-05 19:53 - 2019-04-05 19:53 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-04-05 19:31 - 2019-04-05 19:31 - 000000378 _____ C:\Program Files (x86)\temp995.bat
2019-04-04 19:19 - 2019-04-04 19:19 - 000000000 ____D C:\Users\Ryan\AppData\Local\BitTorrentHelper
2019-04-03 20:13 - 2019-04-01 10:55 - 000334336 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe
2019-03-30 11:10 - 2019-03-30 11:10 - 000002588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk
2019-03-25 02:07 - 2019-03-25 02:07 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-03-25 02:06 - 2019-04-03 20:00 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-21 21:27 - 2019-03-21 21:50 - 000000000 ____D C:\Users\Ryan\AppData\Roaming\ICAClient
2019-03-21 21:26 - 2019-03-30 11:11 - 000000000 ____D C:\ProgramData\Citrix
2019-03-21 21:25 - 2019-03-29 18:09 - 000000000 ____D C:\Users\Ryan\AppData\Local\Citrix
2019-03-21 21:25 - 2019-03-21 21:25 - 000000000 ____D C:\Program Files (x86)\Citrix
2019-03-21 21:25 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2019-03-16 14:22 - 2016-10-17 12:11 - 000363520 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOM13A.DLL
2019-03-12 20:51 - 2019-02-26 18:41 - 000397104 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-03-12 20:51 - 2019-02-26 17:47 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-03-12 20:51 - 2019-02-26 03:45 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-03-12 20:51 - 2019-02-26 03:33 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-03-12 20:51 - 2019-02-26 03:32 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-03-12 20:51 - 2019-02-26 03:31 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-03-12 20:51 - 2019-02-26 03:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-03-12 20:51 - 2019-02-26 03:25 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-03-12 20:51 - 2019-02-26 03:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-03-12 20:51 - 2019-02-26 03:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-03-12 20:51 - 2019-02-26 03:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-03-12 20:51 - 2019-02-26 03:12 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-03-12 20:51 - 2019-02-26 03:07 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-03-12 20:51 - 2019-02-26 03:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-03-12 20:51 - 2019-02-26 03:05 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-03-12 20:51 - 2019-02-26 03:04 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-03-12 20:51 - 2019-02-26 03:03 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-03-12 20:51 - 2019-02-26 03:02 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-03-12 20:51 - 2019-02-26 03:01 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-03-12 20:51 - 2019-02-26 03:00 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-03-12 20:51 - 2019-02-26 02:58 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-03-12 20:51 - 2019-02-26 02:57 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-03-12 20:51 - 2019-02-26 02:57 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-03-12 20:51 - 2019-02-26 02:57 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-03-12 20:51 - 2019-02-26 02:56 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-03-12 20:51 - 2019-02-26 02:54 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-03-12 20:51 - 2019-02-26 02:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-03-12 20:51 - 2019-02-26 02:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-03-12 20:51 - 2019-02-26 02:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-03-12 20:51 - 2019-02-26 02:43 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-03-12 20:51 - 2019-02-26 02:43 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-03-12 20:51 - 2019-02-26 02:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-03-12 20:51 - 2019-02-26 02:41 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-03-12 20:51 - 2019-02-26 02:41 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-03-12 20:51 - 2019-02-26 02:39 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-03-12 20:51 - 2019-02-26 02:38 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-03-12 20:51 - 2019-02-26 02:35 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-03-12 20:51 - 2019-02-26 02:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-03-12 20:51 - 2019-02-26 02:31 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-03-12 20:51 - 2019-02-26 02:31 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-03-12 20:51 - 2019-02-26 02:30 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-03-12 20:51 - 2019-02-26 02:29 - 013681664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-03-12 20:51 - 2019-02-26 02:18 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-03-12 20:51 - 2019-02-26 02:09 - 001332224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-03-12 20:51 - 2019-02-26 02:07 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-03-12 20:51 - 2019-02-26 02:06 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-03-12 20:51 - 2019-02-16 01:32 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-03-12 20:51 - 2019-02-16 01:30 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-03-12 20:51 - 2019-02-10 12:41 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-03-12 20:51 - 2019-02-10 12:41 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-03-12 20:51 - 2019-02-10 12:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-03-12 20:51 - 2019-02-10 12:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-03-12 20:51 - 2019-02-10 12:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-03-12 20:51 - 2019-02-10 12:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-03-12 20:51 - 2019-02-10 12:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-03-12 20:51 - 2019-02-10 12:28 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-03-12 20:51 - 2019-02-10 12:10 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-03-12 20:51 - 2019-02-10 12:09 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-03-12 20:51 - 2019-02-10 12:09 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-03-12 20:51 - 2019-02-10 12:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-03-12 20:51 - 2019-02-10 12:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-03-12 20:51 - 2019-02-10 12:08 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-03-12 20:51 - 2019-02-10 12:08 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-03-12 20:51 - 2019-02-10 12:08 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-03-12 20:51 - 2019-02-10 12:08 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-03-12 20:51


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 06 April 2019 - 06:49 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.188 -> C:\Windows\system32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\vlc [2015-06-06]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Ryan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) [File not signed]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
U3 MediaMall Server; no ImagePath

Task: {07CD943E-31AE-4B52-8606-E0AC65A48033} - \{89A3E508-9659-4CAA-A0FA-78D51DEDE17B} -> No File <==== ATTENTION
Task: {45BC5F26-3FBA-44F3-8EF1-3BBD79F950CC} - \{5510118A-0DF1-4188-9DE0-ACAC8DE1727E} -> No File <==== ATTENTION
Task: {567B66B1-DFC7-4D07-B69B-0AF090531CC9} - \{021A7690-81EA-4D36-ADD1-56BE34C9628E} -> No File <==== ATTENTION
Task: {9873A865-3D1D-47B1-B37F-174EC5BFABFA} - \{7D0D9353-2242-47E9-ABE2-025A8D3A4A7C} -> No File <==== ATTENTION
Task: {9C23CCA3-CE19-42A3-9276-3339DF9E04A4} - \{3CC7A80D-21D2-4255-941A-BF904ABB0695} -> No File <==== ATTENTION
Task: {9F2D27C2-5951-42CF-BC45-A1BA532C212C} - \GoogleUpdateTaskUserS-1-5-21-3466864311-2917521184-1639707584-1001Core -> No File <==== ATTENTION
Task: {DFA852B0-1A8B-4210-9E23-1FD32EEDE3AF} - \{C9F1EF74-7B14-46E7-A254-8EB297F53B3E} -> No File <==== ATTENTION
Task: {F6AEB59C-709C-4B34-9115-B88506F7F876} - \{2475C808-EE83-437F-83D1-92953213D529} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
FirewallRules: [TCP Query User{F406B96E-C6B5-49BC-A3C9-878DC3DC56E0}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe No File
FirewallRules: [UDP Query User{8A655545-447E-4966-ACDE-6EEF87084478}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe No File

2019-04-05 22:45 - 2016-09-24 18:29 - 000000258 __RSH C:\ProgramData\ntuser.pol

cmd: netsh winsock reset catalog

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know of any issues with this computer.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 06 April 2019 - 10:45 AM

Here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Ryan (06-04-2019 12:31:26) Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan &  (Available Profiles: Ryan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found
FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.188 -> C:\Windows\system32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\vlc [2015-06-06]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001: hopster.com/CouponPrinterPlugin -> C:\Users\Ryan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) [File not signed]
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation)
U3 MediaMall Server; no ImagePath

Task: {07CD943E-31AE-4B52-8606-E0AC65A48033} - \{89A3E508-9659-4CAA-A0FA-78D51DEDE17B} -> No File <==== ATTENTION
Task: {45BC5F26-3FBA-44F3-8EF1-3BBD79F950CC} - \{5510118A-0DF1-4188-9DE0-ACAC8DE1727E} -> No File <==== ATTENTION
Task: {567B66B1-DFC7-4D07-B69B-0AF090531CC9} - \{021A7690-81EA-4D36-ADD1-56BE34C9628E} -> No File <==== ATTENTION
Task: {9873A865-3D1D-47B1-B37F-174EC5BFABFA} - \{7D0D9353-2242-47E9-ABE2-025A8D3A4A7C} -> No File <==== ATTENTION
Task: {9C23CCA3-CE19-42A3-9276-3339DF9E04A4} - \{3CC7A80D-21D2-4255-941A-BF904ABB0695} -> No File <==== ATTENTION
Task: {9F2D27C2-5951-42CF-BC45-A1BA532C212C} - \GoogleUpdateTaskUserS-1-5-21-3466864311-2917521184-1639707584-1001Core -> No File <==== ATTENTION
Task: {DFA852B0-1A8B-4210-9E23-1FD32EEDE3AF} - \{C9F1EF74-7B14-46E7-A254-8EB297F53B3E} -> No File <==== ATTENTION
Task: {F6AEB59C-709C-4B34-9115-B88506F7F876} - \{2475C808-EE83-437F-83D1-92953213D529} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
FirewallRules: [TCP Query User{F406B96E-C6B5-49BC-A3C9-878DC3DC56E0}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe No File
FirewallRules: [UDP Query User{8A655545-447E-4966-ACDE-6EEF87084478}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe No File

2019-04-05 22:45 - 2016-09-24 18:29 - 000000258 __RSH C:\ProgramData\ntuser.pol

cmd: netsh winsock reset catalog

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => not found
"HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => removed successfully
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => not found
"HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}" => removed successfully
HKLM\Software\Classes\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => not found
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\PROTOCOLS\Handler\linkscanner => removed successfully
HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}" => removed successfully
"HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\Mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}" => removed successfully
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found => Error: No automatic fix found for this entry.
FF HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Ryan\AppData\Roaming\Dashlane\5.9.3.18184\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} => not found => Error: No automatic fix found for this entry.
HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc,version=1.8.188 => removed successfully
"FF Plugin HKU\.DEFAULT: @hola.org/vlc,version=1.8.188 -> C:\Windows\system32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\vlc [2015-06-06]" => not found
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => removed successfully
C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => moved successfully
HKU\S-1-5-21-3466864311-2917521184-1639707584-1001\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin => removed successfully
C:\Users\Ryan\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll => moved successfully
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225001035: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-3466864311-2917521184-1639707584-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04052019225036096: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ryan\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corp. -> Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\MediaMall Server => removed successfully
MediaMall Server => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07CD943E-31AE-4B52-8606-E0AC65A48033}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07CD943E-31AE-4B52-8606-E0AC65A48033}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{89A3E508-9659-4CAA-A0FA-78D51DEDE17B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45BC5F26-3FBA-44F3-8EF1-3BBD79F950CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45BC5F26-3FBA-44F3-8EF1-3BBD79F950CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5510118A-0DF1-4188-9DE0-ACAC8DE1727E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567B66B1-DFC7-4D07-B69B-0AF090531CC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567B66B1-DFC7-4D07-B69B-0AF090531CC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{021A7690-81EA-4D36-ADD1-56BE34C9628E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9873A865-3D1D-47B1-B37F-174EC5BFABFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9873A865-3D1D-47B1-B37F-174EC5BFABFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D0D9353-2242-47E9-ABE2-025A8D3A4A7C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C23CCA3-CE19-42A3-9276-3339DF9E04A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C23CCA3-CE19-42A3-9276-3339DF9E04A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3CC7A80D-21D2-4255-941A-BF904ABB0695}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F2D27C2-5951-42CF-BC45-A1BA532C212C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F2D27C2-5951-42CF-BC45-A1BA532C212C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3466864311-2917521184-1639707584-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA852B0-1A8B-4210-9E23-1FD32EEDE3AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA852B0-1A8B-4210-9E23-1FD32EEDE3AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9F1EF74-7B14-46E7-A254-8EB297F53B3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6AEB59C-709C-4B34-9115-B88506F7F876}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6AEB59C-709C-4B34-9115-B88506F7F876}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2475C808-EE83-437F-83D1-92953213D529}" => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F406B96E-C6B5-49BC-A3C9-878DC3DC56E0}C:\program files (x86)\windscribe\wsappcontrol.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8A655545-447E-4966-ACDE-6EEF87084478}C:\program files (x86)\windscribe\wsappcontrol.exe" => removed successfully
C:\ProgramData\ntuser.pol => moved successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10542623 B
Java, Flash, Steam htmlcache => 1286 B
Windows/system/drivers => 5336085 B
Edge => 0 B
Chrome => 2836883 B
Firefox => 434603691 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 116629471 B
systemprofile32 => 38716236 B
LocalService => 60814199 B
NetworkService => 4717660 B
Ryan => 281159458 B

RecycleBin => 166278598 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:32:47 ====



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 06 April 2019 - 11:48 AM

Is the problem solved?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 06 April 2019 - 12:10 PM

No, I deleted the files/folders and more appeared 2 minutes later.



#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 07 April 2019 - 05:35 AM

Hi,
Could these temp file be created by the HR Block software that you are using?

Check this out, you have a copy of the \temp995.bat.
https://www.pcreview...h-file.3966576/

This is a cleanup file and the \temp file should be deleted.
If you are still using the program do not delete the file just yet.
===

Send a few files in these folder to Virus Total for inspection.
https://www.virustot...gui/home/upload

Post the exact location (path and all) where these files are located.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 07 April 2019 - 09:38 AM

I don't think these files are associated with the HR Block program.  I previously uninstalled the HR Block program so I can delete that file if needed.

 

Here are the two locations that the two folders with 10 items always appear:

C:\

C:\Users

 

The folders always have some random name, like Xdetails12, but the names of the items in the folders are a mix of words that are made to look like I created the item.  Here are some examples:

behavior.choose.spit.xls

burn-step.docx

work conferences.doc

mary-plenty-crew-shadow.mdb

 

I ran three of these items thru Virus Total and 'No engines detected this file'



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 07 April 2019 - 12:12 PM

Hi,

Submit these files to Virus Total of an inspection.

Follow the instructions on this page.
https://www.virustot...gui/home/upload

behavior.choose.spit.xls

burn-step.docx

work conferences.doc

mary-plenty-crew-shadow.mdb


If found NOT to be corrupted open the .doc and docx file and investigate the content. It may give you a clue as to what they may come from/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 07 April 2019 - 02:34 PM

When I try to open most of the files, I get errors such as "the file format or extension is not not valid", "the file is corrupt" or "Word experienced an error trying to open the file."  The only type of file that I can get to open are text files.  Here is the content on one of the text files:

WHan7PoRkCDk3y7OGgc98UVngvNCSr0u5FhUvpCh5ajIyf3cmqyLmQIVw2MfZpkp9OG6n4KqUw6DGqeSSn8wKFytjS3YAR0r6ez2bH2iXhBhzRmH9bbzEHB6GSKwhYIRJdi1rQMEFTMfwFhY9QVpdkQELub8mx3VXcmUKRDk5x4qaSSil6yarE2v9MNlkiz02RCAv6q9U1PD78uGg4J3TDCspUmBdPdvX904o7LOIfTXuIpd6QKvCbMjS8uVCvPF9QoRq3aMrWTJXEhseuRX0AofcEY7KaTzUZop3rJYSMBopjwTOu8a23GuJP1FDZsecWnzEPYuKcz6FRDxPwyxAocC0NjEgy0n4NdUISBt9MIS0t4NcecNxsiFa1cpII1THME9R8yW4HdyUzLI1qGm8cenxOIRIrwFgM730xtICjczJ5inzykNDEs9Q8rrcTdhdNNZ6rMjXgt7nLjRMdwApqC2G3V1SkGwy2gIR81P8GEDuNhNxVHONxDJB54C9lKZzgm7Y0RqQlxwugHi1To5vSqmuqttGuejMD0h44RcnYxggcUZkY91GdMkWXvua2QZpDkSvmjKeDF6NweepM0iKBr47axU1vrOcsU3e1HZkNr8mKP4rDdXsAH7lpntNwVRV6Ix34SVtQTzRLFYu0r2jWLGvZuFuJJqKLJLd3OBHJH94PxHzKAXX79v4aKDEMSAVlEiZ27p784J8qgy5NWg3hZx5mpPdqkdS7rnlSvbU9FUEtuN600KossophsE7QIV7LadKcx9VlGRD8PjwBI7yh5RaaRoKAbzJzLy3GCCBU7h8anmQYbTx2eIclc2CXQutl9rQzSwUzyYhdXpLtnYtiFKAk17oLM24ze5BHrcOaSZO6sgw6iJYwwYrgtUTKs9a9yFF2tyGEtYMbS8ODNuUmZypn3qg6F65NwAhYHlx1bdSkD0LSosPiNYf3rBdBWDEQpvOxCmlDz7ixN9te8Ph6rtMSJiExAp4C7vpr4IRc4fv6YQ7jb02CPVOkPRcERp7EmniABcgKw9VOdDUrRSifBzEEIfaAt4OjNuVk758wjDBzPNyGZGF1isDtAu8sRTIzaypqnWwHCmIMuKUqtFPhqnBrHxXmrRjUds12Vn8ldXuT4WtdwybVjLxN0PAGfP2KKL5sJlFVyyo5aqVJKkUgOfkLk4fWmpUl2oKEcoEBdETOYn5hhhtI9OGJ3XNku8rAkWdSCMXBBLaVqJsiqeMr8BdvzgpQ6IK50yAA4mVzFX1q9s2W5kdksE03DeFUGr3AQPIUCZzF3qsIXzhoKshh9gO7zJaF4G9jCN2rG7FGLVw7sgwyZhfPaIJk7qTMZa9i7dg9JuXuVaiwryoWr8vRhFke1AGT7pbD3kAclR3GzusnztocrM2Dko4keS0XP3wSu3fsHgQZGXLbAXL4HrjYsiCXZhRuzp7pDdWxxeibxIEDYRJpxK0D1EuBw6Ys9FSoXJMJ7OVukoJI9EaRjj2nSeU0RAy36uJ6akOCyPH4Nw7vI0xf4rAnplgQsdZWquyR4ncsYIVtfLr8BNfq1iU72te3aWufhPdmq7CtB6bkXOxIm0QUg5nYMrWcY8FLLX0Eo8XkYQNAymW9Q1vFlV2GtXPxo0ZlFSjxQViJgshNWRMql7jN2IvL3lK5Qx3VirspmhVLu3oCpYYTGTwqK1KDZtmg64Z5QvVrTPPVsbvb9blxlGZBb2sGZshzaCCNps5BGc7q4CjAEox7MF5bpyKiPaTyDTDBFPbWPZ1lKxKBUAlfYduy5fhBqRVhuEc7lIwsolk8I7I0Ly1E7BQHZI9DwPYNfd6HMnwkP03AxqCCMimoAfy8UEeC4PPKYc26K9SMDnyQ5qVtcgHoBKpnChmTySEZiK2ulBg2MSDwMseQLxxyOVEiX4qCgzjFtEsxdfPm05BbCAVGlNSVwTOu25MTZ3W6NWbLBwEhwxVBOTwTjzeyj5vZDhWkLe943esa1opXTjUM64lJhgbo3gv2hgmv2IABtte43BFDZFfhiGgc9ZXsTbTHizljz4XBQFU74qWIgdkcXMvweXSuvjYR2vHJPWAqmTEN5G7uPo9ye99vsjz1dy8iYTqjIjTg96OR6GVROw3VVWTN3a3Fgh8YAUEO0oHoIRhlHnWnNwFqKnwDUIBxUMNRvzqcDqtU5ZYhEH3cA1lzELaX5m9VkND5vpp7PyW6SnbzJAN88cOqdZMXJlRYYhvJK62zPLsgukBHktiFGyXhlMAbiEGBmJC3P9zEsccQ1mJZdyIyaaqGfdRhQQTM7hiOU7SioToeTUDJIMGzkDg6HJSV8MBw9K76VtODVZYozosIzakawtaeJr1lepfhhiUYucQuafMWONsCC9kjPNKIoErwIqPGVwMkmDwJZQ9Vc9ccKcK0ZjqngPAYXFb9Z0EtGtzui7L9bo7YW1vdIJpHbuZKs5gnGT1Da6KzezKTRGdrqvxUdAckcCB7vijXGwdhY3RopJvgiodHcQpcffIAcq2NqkYY5yQvYizTXrN0AOmV1dKb4QeJHLdkN2fvYiBc1MpUNwwx5GsXZelmaJcudIRVOFHgLGfc013GmMJaMU4oa6K62VsVWkq1ElKgSlaS7wSYXzYdOnZAhej5qurd7oDOQjsfis7l4gz4h6qRkmNoSScVSB69w4Nl27JpEkLqb5Mrj8eYUi9KdB3Ayntnp9YUCccBY5q4ZgRtMPU5qEHkNXa6zRllRC01eCYiwbdZQLp0fpJq1eKQADEQGcr3GqOSd4WDY0g0eBpwXp2lOabenTQQ33b9bGLZalAPq0SlK4SLkJyOsvY5uW30kl6p8dwkv0KQbsmI8dNEKERywJtGRdVkJWdLpAB1Cq3kws0FHnUVfWBpfd1fB3YKjLiIT473XZ4ILnvO7EvxUBxSEc27G7zaA44Ai4beZkLo2tm7WMVJqBOzofiM6b1WGlZrzubH8BX0A2jUTuDdbW6DkzZySoJEIFO98LuXWUxO9zzDWKHtTjgWuaoVxaU05dmCDgq8g0hUFfZ6mNcxUp7UmfppWI6jbnp4hAeU5sW6XM58zWNbzNvIsElGsIDRILiDM8X4rRNUSy0PvYqSgR1HJaPT8xmplCNUIt9XcuulFOIDRU5Y3amvpjIWhCkieWxbQoaDdB2vyWsuTdJJzRYL8U8smvV4hEHhVDxXguHQXH72YYx4b5bndQLQy2OziXtH9zjZhayWgcnHo4g1x9CfDM5q92gE4OWjkVP1cP2vRSjxrnJHpJWVwP8KZpdBk27tYeulUMBhEmb104OLugEzMvYskQRLmwKu7t4nSgIKj583329ZeSvx81bu3mHuIN0rMbFFjPxAUqtpwY5EPKdp28BjDQkB0tCkyHEvYlTTP7WB9JJUH0ujstSXmNt6fjeOXMkEKrJuBNWfDiEQjhBP2jlPagDlfxr3RqUEyxCxnhOvJyKwaANkVp9ppsCuuvvrOg46zAUa88YFf0RuS9qkKANgW2kuPgHMtQ6F0npZsHxbZ410nsRbfxtiXmGFldwSMaAbBwXeXhs4P7gOtCP5iBLaW9XaAqiTxDCoGX4twVfqcPsYpNyAlcco0ILkohY5gMgdaAgoGr3olU8O5ELvfllLHKx74N8QxbXx3jmGWMkTS5FBNadZtPZV2uWJqmrRP1cM9RT1zAvxtnC7KouUTbSVlhA0a5oW3iE1RC6FMSB4oQfkLjlhzgevkO26OFGvEJdGYhBUcQ6jb13YgGcodh1Jef7XrxBI6y43kuQAWlgTfwQrvmUdfX7zwjvViEJDfIf0HbI9FgQYVo6vUgi6OmklwJPlHlVYEUbLZDO7lxEJDz5sYQgHHJNol8yDubuhxDP0W3bCKHUCT84Ekvhsmmj9qzyR30HLIg9TB7PO6Q2NyeRuv8zGz7BG07D7jVea4bISfDb60hd64gKgIWJtXxJyppy54uEwPhmGCO6aKO4n9hWHR6IQgnw1kuwLEJuGGi0JU0aYAITUgP4ICL58gnZVZBozUVKtxPJFucs2xkWNjFe9HICvyROwM0Aof9mSYazksb20w5pptyDkkTDLyUJEYg9CjZJ020JEu2KmFgvkQ5MqQv66FQxBP8Cg8t8VfySB3sFeGvon4Lv4UilWvWdSVhNxTYfnXq4HVivhk9wjEHxyzR66Aor7kI3LOCZdZvIpyVExlJkvoC8TFgwQHcM9roeo7k9bZZBjHvkojI5uM9TtwZalaUZPvi1SUvyEZfFbovk6M2FOxzXw3CHX3k4bqwOXqeERUbw72iDTDXWeIIiCvkBF91GPKP6wgCPU5GhB1lKXfjd9dPXBFrUbW8cJu7mBYW8bQZPFNLTkS4mVmzFlRBHQGGOl066w4tmpPxtVnRiycb3RftIjLybeAHXYIHBVQrs8GNQh5MsT1K2LmoKh7rzOWKCOJl4KtBgN1nElbdwsqmIDgdFGB7rOFMBLR2m1rPfK4AVGG36D9TIjW53rtxfXoYatqeHIEtUc90uObEHQGVyh05YIpeHLoN8Q3CT11CVFHL0ViT2nsvEYyMCpSSTyJ3IgQGFipBmfperZlvD4UswMmQ92X9ZE43DJbvuYKy6ByWykWtpnyuNMN0nTi2n5M9mrdKkHGvwTkyIknaZ0S9nPobEVPRHZ3M1mn40qwDT80dD1zMLYxmOVhWgQNBhybSiMJKLMIGZAw176buHDnvroEofNE78710qqbFPzoDKSWmnfh8E78lHaBnMUsa7Wvp4I2WJ7032i7X3YvliMQTEHu0AgYz9LzVmkEpYj3xfetQ3DzHPKUGEwIpApsDesyNZYBNAxewRGoY1IgrntTrGGOLedCf31hXgWfOaabhkWie2VPYzlpTFdGyclnHgM7OdnJdh2mneFELCka5p2qN4WaJHDjyr7fa7Q5MtMdSzcrs2ZH1sEeJY3ZHWuLjq8y2VNlpwkBlGntR3cacLkg4TU33TfPzKufttTRIdYYyCFyFAEAxDKFxZFwaR8Rlz3xc5Sbcfkuhgs24FLLqaCQl3PB4vQK2RNfQ6Q0bFTWFKwsAAZvsMM8L46qS9WmrlGhG7th4vTDlS7dIF6LvaqA0hh2VYHmEymTO5HfMLdx3bTjHAqa61Qb7UeVgjwki25ZJZM8rVWgnUTwshJGI6OqaTcVo0BqNu54HtpgxOoVs2vOSy9Vf1L8kaHvMwVZnQDiqbEE2tpayr4Tp5BY6fn5XDbBBksn3z4jJOYW0zXdUpZSrcJjJZAZsG4JIM4AIqw0jheaIv2y9yswv4cuF1knh3OuYuph8jEwx8ErL34SO0QptQK5czFNxoMdZFjiBNSZ42UXc736StWrgbKnPgD9bnwmewmrePITwSPf7HUQKHL5hT5ANT8q9fD9xiqdBuaJC6OfnjX2l0wROqFOzxM043xAOzhqxynpFRHhBYWgJ8Jdf3bjasfVsY1p5zV7CZzrEZFImpt5juJi1H37AIg2cgvByWLSeCvHaPuMdXi95Jg4wEgRYtv8qvMNEf7bVkVaUwi3KeFGDy2uP3Aio2Md5k49KgBjX5EpvwXOs6MTAnRGvLsXKrjFwWWnT1FG1YG8aMdEtmYrLIn0W8n6deKyVcoB9MRTiORjUNgFzxT6KoQLGRY9APf8MofI76GWRrAOtpgRlRuQVG0HfDsz1tmuAsPduJbHWc2Umm5eMzKAXreApKhYc0Yn3WZqljG3monyyWk2tEFEqxKBLh4KcKD7eso7FsuQ2VIs00JYZKRc5AvMIbfMTjx2eatiCvboBF3IBuv32OEMDGCVKIJHsCIzkEjzfHpTa3Cuc65f0Rc5RDHHYWULlUCq7GuLU1uyfqXy8B9sAxk2klGBcwJLuVzhUE9JovaiHXUJNPvSmvsVNmX3EB08mQr1aVGTTVVxsxdsgnYY3DSMpKwVYq0fAYScCWlT8UBjtQAdD05dGi03uHi2luH04RnZYYGYijXRogReuS0xAhkb7aRTZP2imoiOvPX4qsLJ4yzaOE6eYy08GU7NjFZXN9Wn7p0NVEpNARshe99AkCmIRO8HVpNhB5uvS1DwtI30chvjrAjkX6AOTOmv60UZHTuiG6KrRmVuuLX7W1s0lESjTKDxp4C32N0ONhDDwdXd7MknrcyMnE3lnDVnTGpf32X48oLkpyP0Fkmot4KZV6xS3maELnvSjRCAwVoiQbmEPwSIrg6hEoNtCSKLkp98jkBQgisWFZ9p8nFvJzrBPoekMrw6XxHtSJTPkJv445Ud3BHU5BbESUijyqYDaFkY6DyXZi1uT76KlNJpgifxGAhAjQgnEEe16FUV4jI7nHBOPbjOzilCHeqQ6riGrrgFhsDvi66s8Qreca5e4T5B0C1yo3UqP4koqHDdyZOxp5aH3R3FnZc0tylsMjc7FiIoIKSMJnEgU3HFOoRnpEHVPAkkzekSqeVS4dKAERuxZjAsoijZWMOubLlmFwJc887WRzasHYkmAHwoYBWN3d8FScIjtpfdZu5OSNokRgoCD39UHA2crO7rXRt1zl3P8gxTQVbGnJEOvekjmaAIbCnxOLoWsudeLYSovGMnsOKYjnXfmoRPGm23aBQl89QrheOzmFN1noW0MymE481ea6cVBrDL7XrRhWHgcmuSbQRcIM3EuMiD0oByogMwQKE4ucDdIM0vv0jLIoOE7iwronlybweIR2EmtSUCxie8PqJErOghTqp016opdOziLpxvDQVEUkk1eegtmuDurQ4YPzdgbfV8WYPAxqIG6b3xK2yW6L9v5V3YXRwZ8vM0fpxXja2MB4j4deTt9sZgXAG6EdKGRHwuCQpqeNb8SfKLCa6qUuvR3sqOYSouiEjTtMjmMwuKOeGaIIQmx0bkaZd9swHVcINuAIfJVSbjCStR4IfkBSHWU91EGvyowwdVl8bkk3uitCvrJVeo2Ic1Dzaa9M51N2RAjSqHInjjiFyejKtedheHDs19fSfWCTrpK76qJj7KE5Xt6YUxvalitZCVh69cAWZzZ7UG1KC7D006ETF73YmVmmbqSOtRazPIm6Wf92JlCSAVMp2SytNDpftqr7cvFXNu22ZUTkPYXXCDMLvzsfAi3smqdlQpUM56f2PZCH4KJfegW86mE45EyvkijbrkdbohHPEU9TY0Os0eCnQuGU2l6OnQuSn71nQfF94C53h5Nu5CFsJdWbjgWj90A0XCXVywfWuTLi3fBF6mXPQDDgqBmM9ZGWFXYBf7yS2vicHsw3j6xK01uoQmxBELF20axlJsqYjRZucxZgTFv1PzNCrmAVY4uHnXffsvAe6oEb4kkEE8qujfCGVOyfsbKAwz7hSaeof9ajg7wSoz9l7cifYc4MYtKJCqlfJiIlon2lAYNrNqJMs1zD6kXoAwV5CI2IoomwLZR7u40ZXdnRUAu0dT4esoFTzvvpVQczSUkBsLa3kWYfWrZG3HryUi9FwYvtYeZHExsHk18Ks3dBEWOwcS3M0M7KtwX4Fi8KahmCHQvigeW20d0gzeNKU4LrX8mTYr9RQIPeNuVCmyEIKlsqiK2nhmCCSvDY3z71V6GpduByDWqvO3AVEHJD1Pvr84LJyUOmvrLOkv1xwhtOUFIQu9PuyYS9RYnAhP4ZEYdQ24tkjBy4ZdX3QO7FCLVz7E7UEJTRqbBxV1q9oSAJh5r5QGDTXy5YKHQ5EOjAZA0WHWpfmN4w54zNPM0KPlwBchLFTsjlbIBYcst1a5pg87UzkgIyQ35SPKxDOc7LZIlxR317edakor5klQRYHnJ72JTeaUoqPON6lTLZjnzInxNadDkgL2fBhA0CFUTJW4bIoFHETjBSpieEOTcqepyn0flSFg429B2nNzZbQRtHsTT12vP4pPJpRzwxZBpYSNrJSQeR2DIoTdi7NgVnA1XOu6EhrEg0Veh39skddh7ULDyFB9pQbyjj9lL8MbtIDnDcCBNLRL6FKp7RaWJniDpqsA5f2gz3t0abzoJtYvyUvboQ5NsjCiQScjd9QvhXHjX05nWqz7V2GGw368yxtZSuIjoPELdJyHlLcFNv8Jy95gATwTbjotbKooOAIYW2Umz2PsOaGLhZqhTSoUjAaSnULNfAaky8BhzURuuU4lTXYKX2GzMQTWiP1EyZjALErKUXmCUy6W78vbJxIi1YO0toMR90z9hfglHTeC16Kty0GdXbkhD5uM2aGx12l9uuCx93RO6d5SvgZgF6unXTi7dpW0Th68dDNCPxBL8Wa7KfxyAIPfXBdvUOICsygCk0Yasu0Fmxzd4QeQrhnMmafQ6kBv9mpyQQxWtREIvnJaXr4w6XxiN0PRKf8Qf1zD6IhIoeGpnbwshKj4xHltRD7ofWzGt2oiw8py0YiEJ9CDReLNH2OO50hx0TWpF6UMyjhTMcmShvFAkch48ewXTYBtPrLriTx8MU9XllKbRchc3RFutgvUEUFikBUuEsiZ6ZLDArqjGbUntHagArikYRj4ABrJKuRmzJrQwEU5DTUjEHyrtf348v5i3JIJUjwUWnAP6h2RY0UI4VmOfDdACyty4ESSGL9R1j8CaRvfJi4BzWWqxtVSvZwj8Gx48pAXz7zfLBfgJnnwSHrsvk5m45YzwxFND6DAm6N2tXVVed6NbG5iX3ECPuIGxZEM3bgNy3osldIl7qHjyKde0GBDerpjt38PDBajx3kUxVy5rkYxBL7aK41a8jvaF37eog3QlLT7W7DkjJ0RJ6kRkolR9C46lSj8SMsgNPBl1Tk5MH6pUsMmHaJg0zpBSpOeJyWrNRylWwUTBaG8rLyigBS60jQjevxOyB1oCoLLcvzvpIje6glQY4Mn2yiJMCaKe9741b8TthwzmHf3q0UhARbfRJjVPqRmzR8gm68UU2fLB2cJINYs7A7TcAc1OFwOBbcFjI04Xf8fXoWj9o3sFMIJu4948T3cTeAWIOHDfERkZ1Dw8IgifIqXmqmVnoyI3V4oFmMD5uqVGJPwyjJykVPw8sXnCkv0g6kQ5Z7jwEFMt2izu2OKd9V2tTAMWxxG7GkN52lExkANTh9DkzZTjeYEYNWmArUIbKGfnhO2KRI8J4a3DvcHD8rm2JZlJ1rFTXeu0mzlIFtqS5pJ83R60OaAMwSTOmq2zbOmmgStZZylGP2ZI5avqwLn1NSF8b0xUiaYz0aBSE6DmNlGY8FKAUaNYgTUUCtaITW3jbXGD2Vft3y9jKGOiSDPTP5bDzOMnx5joysbdkZ4CCXMii6NWzxJJzSBJZHXoCJYRL1P1ZJ26H8FKnN1HtxhAPSo1HjBkBtcU8LrD7sjFSx50VLj6Cl8b02iQ8MDyLg2bU4q23aN4bTS8nsvFeIwicodnobNRYa5kEL7KQqlDncGdU2dGgsJ94YSDHoD3fF4au8HyikoBnADwQTw0vDCyZ84zfjeGTQqcltEsv0VA6ps0sX14iPzsp8XkGUs1CxuVEMiPyULdNBeo3fBobwIzyCPqedwK5tJKxHI0EC0L0gjKdxfpqi6VdeLOWZG8FQclnBOaYkAJ5Df3FdyYOxFcry7IrZWUIL6sJXi6ew5oP0qTTb36OOqVfkXkmtjNIazSjFJ2LDfOTCvBMNxSgVtvTiV77anMmFBZ105LkbLqxqxBN5LkNIA5jnyex8OzB440MUDV3ncGmqo2UZxwgZmGJR1H1PVpwQhsbhHapgZTXYep4j5lbYhCVOmilf1wPn70LZb3ciub2cz9TibDnLDB7OTSrY7xQqYXJOuzR1rWIgf7WASXdUP2rPsHAck0luirVvivjrlKWDLrQUDEhME3PYqgFInA9rRb5grSugWyc4WUvBT5GESZPUqvMOP8mncBygWeKT86j3WegtP9JIfRQ9P80dZYGwknDoj7oS88AJV5IuKjWdnW10c3K8abDesMaoIybxgJRsQOp9ZwnB4BBjAICL6TgN978qutwQVZmCdqo9Xajo5Jq4oijCbN9pmVUw0x0ztdebE7igFmbEjLOVNOgRtXYjapa4yttsiWepgRx3nvQ6GhiYmFXGZCp1sX1XQMBVRT9TJ5vkp8tQEIbTXv1g67Jlfva2M3RsaX91hpRPaKO70bobiJzBI3J7SYnD2gchGWQsJuomOAZzq5YOQaX4FpaTMCrX6UBlBRwLu8HJ9bhjGFz1xhUbtCqH2weQYhy059H48LVWoppP94DH3roNV1lfI7r887tYLDrdto87xpd1hZr0dYjRhcUuwKFp0xibL1ESRSmvBJaQwoOKfTBdrKYsPSM544fZ7BcROZ0QEplrjKIPAAFIG2Vcg7Pq7hywEZVnd3HhM40UH9V5mOj407qrMiKxkjJsqrY7vH53w9LM5vwpfB93SSSNZtketykgBweTqBLKQH1NSBPH8qGitylA380WIGtIa2MEmAO6qbxMdaAe1wTtsc6I8a8eY1Dmv4QEyfYWlPo1ZEVOGJsKHoG3AENM54Ds9kN7U7cPsnPUbHb0M2MfKVTIfHA0dLIuMaLzg1HjydmDss7gvzQQ5CyZ7GflkmquenkKnKD5oWh5OD7H5JIWvqrWgPjALHf0iugzN34hrN7sxxiBbsRGX0JTYEtj7mayMhQilEvx6LBkDorXJryqy9JsW2PHAIokwiS8BqJrarkm72254hlr6MPJvtkaMlVtNkyK9UDbybsMyLAiu3qHae4WCa4mtgs5CtPA0BaxyVpsOTburuUyy6DLrkktI4SCWUq0y2osuo5WrDgt2T8iaKCKUgpJSRJgy85W16jweWIQ7qAPBFx77tr8mXbOZNSDLg9o02AMdMq4n9nSZUIlZwyVwD3odOoVSJFtbvMXQLIsLyE4ahDZm4FurJJf2YJUCOHaIRVveGTdz8c1efUrOSuQtlKSwUKD46NDuhICwAIVqS1eox6KOjZj0nd1qm8MctsPbtoc7qzYppVTAsib56ojImWeZ31FWwniKDdd2vxkCcZesVCe9HBttTWTJvhqyEravMIoaDER1j8RDD9N2viL1pmYY3LHlyzLWXkKIJerD37IW6qY3nnswdiJbd4mmfph4UPZG8De00LlE1lLK6Mu2Lv6cpzlzaDntyB0cncoS3eanf7Jn8GUnlicZqbEuGC5YDtl5hlIxAG5nPkOlfKKiQZTFMOr9y1UZ2K631kMiGQnQSpQKxmGO8j9o8IztHcJAjjxqiODmsnIqD59SotGWwbYhuE2w1eASZHMTUiSXUxNPv4fO5GTsjHyERV76HyBPRcWUmQXB61zzXRUka37mY5XTWRxIQcmjcqFUKxqkHUdWIf2Qep7foYLPunRXXtJ3VW0j9u85Zq2aEIZhgc2WdvqIwk4v3iVHU9Sx170u12WHagn81PWSuaqkvS045lzdufn3y7YBiPaJtrGf6dvZnC8AiXYGavnEh1xTk8BnHJnwy0T0oeBbkamp9Y8HElovH2wDUdhNl3xXs3EEaLwuQnJqbXJVSXMUZYysyhKTrLxVwepjszOKq3eZwwLwzjbx4qKdoiANAQLslcqjdoTrfoamcBZ6IYdEg7yHsDhGNtlEDyrIJXgXwhm3yd0f8rQVv3VbFwn68s3EvyFlSIhStbKk1cGHWlrLIGf2rMHDewCcl2pO1EKM2XD8fx8lDW85JNpZM6jj8ZGERpJf5MV0CHkFML2wneQxzN1lgZGdHE0yKgmSciKFvIDT7VZm3LGTMntFUFnDqMIHfACzilXWWjjWu1NnXV4y2YGHEyAZ4IhENWRlwP0LawMPkXp4cEAg22Y9fgbBEsJThgl7sXEoSVUYebQnOqk51bKjFXip8MUC7oqEbyNalDw5BfHiEpu0XYryDv1cXTBDuJg6lzCuP1uZOjd8nv9cieTw8QtTlQvN3Ck5UIC7V8TpqhQzx1oSDZBDjI8BfKUdqGKIubN7xs958thltGhoCW8z53PoblD2NT9HhYVM1NnnMfbVXxxoo474VqoItm8dPzKIWhuw2v9K9GWNa88ykJXH46msvMN9ZEp2ac6TJyPqdPNYW2A6DGU3crf9cxEpfi4v7ICDlGZJyHouY3tKwO9tGyE0Mxd0LHoIICUOff75JU3FhL16c7ONtOZBZjAbytCHPhOQVlMHrc1YCmBiYJBfcrDED4V6iEKIgfSlZOzsICCr6rrKyLA0Mk43hl2bwC7APPOQOX8CKjHHBqwL9SbEoBTM4SkhNOvzqBW0mvIrC7a0WfDYuvuhNTajjrFgu7wDKDMioxrLAnamPzMY2udQn7UUl6oKIMK5fBUIJF5txaJSUfxJsaSvVLgM8DO0zpZEBAgaObAAsGZy4Fu3lWDpF41MskzCiQZYkmr1uae6gcgKI07rYmPO2vksYhLSzmcJhXXaVN0xEpC6YtnAdr6q8E14kQHr5CubxuPsavYLn3GRy44FNja44WNx1Nk82C0oNqo1nq1fkPe4VPR7AnjWdWEtyNO391sBuDgFaU4jRSJpIVqjTQ5EPAuYChSyzYLnSOfu8Pf5jCL6rb4miuKFD67vqaqJOSCWx8yKQnEeV7xKLinpKYGI7fTq3k6ZRVX6OhVXd8ZAA8z7kz7HIYM80uQxUJOM0nQ5jlHXK4MCd8xXqoVqc7i3W4OjJuYKiXkKxXywjPfApQWpdnnYFKYzWbdWD4WEzgJYb4N0qlymDJQlODkHDJkwBfKvvovsSrIn8TySyL85EVahdZWiZZqSvczwcbz9YupP9hpfhetTtg6YD3AvL7Ugv15r5pb5SuN6gGA4oJNdg1fNgaYi6ryMd8xH1smgfZINm2OBuC89ab5ltj2mPkkmIPngF5g5MsqaXQT6qNarASuMRKI8N5tKs2lp1h92YyhP4F4Uj91Sv7CQBsS8bgdx8OKqeSZIVFsLzHW4xx9ySVlJIaTuDIph53N9QWaFiEJhvFBDfU5FoWUP9sFVqdUgUlkXj4NJyhJBVqhnlclSaZuhvNVh9ME4QYa4qeq3qdcjvgkISRacsOFFYNTgJ4tfCZxACoT3dDpDqOCIAFLaJqohFx8uUrMoNFJ672PzQHujwz1tc08T243HwIyAQEgupdWwVnSc4yHlSxtrnQXogm6GPqHdnd70dXoaHyXIB1D76HZwvvTQQ5D3bEKFr3yegxplNtFP8QpP7qxW13HQRaG6pIfKrJlWb6aZiPkU5OjdGUdZLefJQlIv5bpy3l6ppNTpkFvYwoMXIXHcShEN6exe9MCcECFRVMJLTdkJMG2EWGFEAR0mCB4S8Y54ArciauJ5rEsRo2VfkM1cWlpSSDc7KH8QDuHdmW1Su8ZIUfNcHWDYNn1g9c9xKRvbe1uG2sRgdwjEMqeBRL6MopE62gRvz6sMMIMCaxvkZfQBBUklbPYxEuWeO9oUQStJBm3hxKjYnnMFRgRedkcMjlLa4EKm21fqTxeVvLWGLFpUvGPOuL1eEpX2s78PySqE9HOzT3HtIOrAeEluJ7XRtgrv6qVd98vX7h97w9UnHa3zvpPwmSAzdityBXtGH6Kfm2VPs5Ser79MpyEYijUcgRBovBtAlAMKZ8bQ6VNQDi3AfHTdZglgxcbpFHBrqGBbxFErikrSxaJx45HPocsBDezHWCfrzdPrtcuV5LOvEObnrvdvvCLdSETDhMJox6VKsvgApZrHEDjLEXVZN4qePfB3B3lOloJ2tkKiLr0MebfrWsAXBrBU63YVR6KugWaNyjCDmrWHC41BP3nsM8osqbwcviOBjEyWcroB4RRY552fpQWwTsnBhK7ocaWDmc00ufqlNAkvY3aoxXKvX3uqSLgE0qxyqdcCN34DCHDXrMBfGfXo95zNiWEUc6z3HK6FcRzpDG6qkJVOyjR0NNYMKS6uyQeADXgiiBbTvo282BMf4QgAKiGyPtfBbkWXVlSOGYBaZkU0VgAoIapGdOPSrJ5L4atzIityQoakCAsNyX3eiIGeteufJQykTngSypNRJBo3XMz3GLiBXno0HdMxf3J3LIOsih97ZoVfBJzcEgWtO5EmQ1RK8KSoKMlMSAvgNoRuvgSyj7zOYpaJ3tZMeVgnXF62tjiZRl47MOKNAcGsctNFKGBfubADcirbVfS8wfRBoWzOsAd6Qs02SARzvJOXCNetVrVx7VjduM9SK6WNaXkWg26avzMbSvFGuxY3gjqZVOSHQKVezsimjHcqtHNXZNWfRJjCsfFdGrQv5dJPH52HMjWj7SdLknV8BSV0TBYY4cTIIlkiNZ7pqiWG84FJhANGOdoQGYXgcKO50RpiwuJ2UVS2mHjXdQwndmvjXWcNpFNriqDfPOqK3JIka1yXKS9RE4U15mL8uv2UPY8pVXozunBevtEaVbbZnqbGHTvVL4ng8gV7C2lar3L6qkhlUfWb9eggvi8bLa4xPDvzjKZ4FhDVm4w32toXxH7tNzVeQ7ZAH93TaTWBTlKMJbriy0yx2e7mYt7wMyy0oRiC4poVOCqGsHLL6c707xKcmpEoAioW5uQrBuWxtwdL5j6OHO7Ra5kTWDGk9210iwmEkuaHPNbJvlH5LrrY7YGj9thENOtenoWfKHO1Nru2avM1f1vlfhid8ElrfveSwF46k9e4DhGMzUHc9s3VSRnFuRFKbxskKTSW7o0gO75HPNocgp5Mx0YRSI7u425B56MXJKUMsnsJoi95hlXQRlTwjSSPgS9Ftl6JvxW2BPJ4xsru511QuIPIG20jKcqkyV85s5Psm4gIMtPKLLLeaucqZdAOfgpKzL4BJsovkLxGK4fPPWww6aFK9HwQ9WewBD9yBhNXZDEHvoszGBKjiXoEYSy0OBktH3FU95XPneDowJgKOWE31dkRsb7MvwypYFtFCng5X4ItUQ5vLaVUK0O7fdFGQlWAG3Gs1lYNNsUauiXBaR7jlyPIVtT8OJ2ifnc799pyMrPYJxKGi6iVEzunX9WN4T146DxFoq2OfJsY78BCk0XAJpNIqBk5TnLANvq81tbRtxqRvuArn3z6QNDlbDAKs6JGn7UiZZLHBUL5fBGPP78oGke3SrvIMobTjMHWVozPiWdS2WsLCVfqFnLKYHIJCCIgWBiAAq7cfgWeyDi0JUOM40sVcXgCV3KBZbRK7XF6EzYlglT4sHH4h7AypbhMb33WF2kFDvFH6vKZfrCV0ZSls5YJOVWobvD60OZn4KPz1T8odNoeuw9o41kV481esDwhhWyqXkNpjWOMbS8fFUmh6IrKate256HpKFfPIpjGTudDLqOUEmLwQPtvEb2B7VauJoV3lzO6YxcsQchw5l39scFEl20Rd1C79PywZpEviw8QcvXfVOgz1Nh1ywvC6SK3JFDIheRhHYAa0DI6E1BmfpuPCWKPDKWYItVvLR994UqaRZGZa2BotLTKEPReRNmq7xEhTOsRvKwoUMbeGFO2axp2REaWWTwRMwUaqRWvfgqdY3No7qCSLwn6gTEHRmmC0ov8whruC4b4FO2pQ56dZk9UpCz9TcRJe1PS2xbROStiyJRHW5FEt40OlL7X9VTINSvFAFnSdIYhtRm5FVT0GjsPso0tmBF0lR3mAIPfpyWjx7C3vMBFqreRbzgDQZf5SG5vY1JfRovgqrEjUgTp6BADugpaOqs2YftZg2hKMc0OVwk2FwXmji6nhdHhmmUCBrWm9Clsce9Lhl4heYl6i7W3S6TLT02kYTBao2zNc4N5O0Mo7PdRKGtigEVoZDK8Jb9CoGJAsYMiLWil4oHz2l5orC7WTNBA9qPq3L21QDPyaq5IvZVXfPqiTXBTMdFWH93qAOMuF6y6uipvhPDQiBLe7JjDbL58OWJc6HqiuDdTNcC2qU0c2n46nUPPRa7olqc523W8T38WmjqtrVW7B8yx41XlobDg7VQMRwDgxzqFkslyjV92UJMt1JX7vs3AFKx3XRBiUvFGaAPh0YrXacxuGDzJlaH6QaTsJBdNAgWExq4iG9mMoaopsz8o54tZRzwdzW1DaWysDOSYzFeKpuxszvKguQny8Exf8XK2PCVZ1y94nkvtXWFzEjZV1xG8oQhSWyszEtDfHVeyHXcz4XSVn3zUR6ybKBaUCqs6mDmAA2JE1NvDvFE5pVus13Vp317OTIudBH6eArQBA4ghkFdDVfj3oEJXqTQpxC0H98dDwzbVoKpe2g5h2XVvACEpdQnbx90ytk37VbQC9o0OUYwf9bSVCGW5HpgUbQE19a7855n4ofRl9SOZ3mRNnvnYEV7RmVJa82FcB4akWy2GEEZDXTwh4r5HvGqw8bo57Vz3ZpyjvEptIRTjpz5iwWJgKMiZ45BJNk3SIMZJHRSldo14icck4UlxuWBUH3HOhXlugtsen3IaIovT1azfvYcgetQsgJIktb78mLHgDRj653RZVciSgGVBYbC40MsAkaFsvp5goStA7v3mXLVhKoqBdjtSCt1Dc9OyEeRHrO0iGyHOwMhTbc3DPmb01r7rMLSLYLtv7WSE7wvyZBk2Upr9xiUEzpUKKhyUXcuuRVDo5JlvJsleklN9LWQlp7nCPff04PKIcXVZokuY3N1gQQDk81MocF6P0jJ1JrNWVC5ID8qrhYO4p4kmR5uddyseXFuFhHgsyZtHS01mApwqV8ovLVpaxfUWPZ22SjluqgVQWeD3tUK5HFbAVz17PUePYTxkzwWX1x9B74cCpJLzFGjLYmXi6GWXTiYt5rFVxMBbivofR0zomDC69T3yuWcSc1rxC88tTkbJ46l6DGpN0qMwSiO2uUsXUVW4b6kb6RX1giLZei75I80fg2Ug3dZTamqyIK3LiEn1LVmykRjwpCmO2xyEy3PKvPKQ6YOAnMlfbWlTYxfW0QFdDwYX69USYO1F3k3yqWYsFumccG7w2rM8yOfd8QlXXjeQU5fwLKoirbHjzJrSNmv4YfH21e8aPK5xUuEeJOvDJCYXkzsMidCrEcaPUmrzmWMQsogwFGLaeVpVy8g24bFmoUsSWzYMFB7Up2LViui4n0A1IZ2Pe38TX1bwt5mkQX9uBauNHKIVMSbhKXJZ0ZEqluLl6CxTwNsXb6RuzQznFlz4DFzawwoAqkMrS4vAwqOjzVxlRWMP91aS5LEfS74X39TFyAPM64ty2MpTlS5RTaYVAxo5MoZNpeiXzeTqagFMCxnrYTy1RRRh5efCHtlvzkjP6u9mbhxVAn15QKUrUrhJ5xquXTWHUrIc8XH6Lbc9RX37ZAoktF8WLJYEjLYpgPLWjoBe3M42F7Lp97bZ5jUm8gfGj0WozFSVEh0Wwtg4bcCJoFIItfNNgveAD9umvAL4nuHin12DlLpan7vRJ6lRFNd93A98LxKmLK0yN5o0mIqQHC88dFbt9oOZRhX6IGSJYYyvTKsUUCGTVumWwa7X7UpmI1nCjpJNstv0OSguuvxDFgHv2G1TVa0npBxpfEgmTKzzRdNUPehNiJi90cL89l6e1N3B61Uus5AyyWBc48g9jdMdjCZFt5xS6WuIaGIDn2MsKA19mRwv3NatIJ1yY9WTZll1APFljqrxMcS8emvyVGrS8Mx9WQSvhOKXQOF9xIMnTIe88ZWvOQtXq3U5CNxDzTaMtbj4VvPn2CQnJxtC5UxrtFeoUuTlmDTMENoJhPTDUBlLBHDXQVTixUpGJPU78ZJBUzGi4iv5kckcuXT3GV2UTbJ96fiMqgKLqiUjzyzKmGcSxW580QsBdXKWITSg0radQC0pWTJezrntZ9rYXjqpzyQms2gnVgbkr70d3Ht6ueIPEYSKmHx4DJ57pWRaTrFeraonh8haUkl8gcRuAPJ4rcf7e61QHtIfbetZswUmmlWoysoUAsDegCQcrInpaPuQnoplDtyDFl1CsaudhQZ9jY1JxDlrpmePe0rnfmFHylMdxhTjmFT1LNwGXmb9fWwsvCN6PineUEFY2NfyPU6m4X9HcxcRax8UrkQHuOSLs5YzC10P3koVjgwZn9E1n1QhDR8wOIWiiBJ2m8OPHX5sT51d9gWHksylnZLpK47vbqBqPYfecO1f9nUpJtjAlQFnsMSCy5nzeMueyiVg7GQfOzpJsVhEHieEHyauNuyD0yyp9IXLrXBKbbv4VERZ93zNLaxxno0noLvFnDhIv6q6Tk2QMlcOrOPlumQpnFahh7zMc0M5RjaYuFK3afVwlR0Lq2VdCtokOt0IazL0UjFqd8LvOWVbQ5Es1Oq24AgaZfUds9EkjHIf5bVpxriHgOvPpnDqm44BRWYdzBdHJ5Lr1dAuW9JzAgpNh8aLuxmLCp028xQwPG8GQLY8nognix4U1FzyrmxBe2kkMcTMAt4L34Fn3FHtWuCKGzejHkeAUyJjRRzYpy98xKl1WEDyxR6lr3PgZEp51yR0sQ4mZX4Fut1F18puCe4WnBmTQqJ1XHSA0IiBf0drTDlkKcyZhsJeZ2OpFNKTIbqOsSnEpFJFyRB8kQhu86QXeEz3Hp0eBcCSrWdDo8gF0PpLcfEVU4Mr5qXXzvLfUxoi0oMEvxUJvfBdHRrT1ByANPWFc2FT4B43EN2kPSZPqV366L72C44n7rCjeIWIIo1VeOd17LVdAsj9RK2yIXFyrBO4s2pi3rLc9nzfNmt8XwI1BMweqf2fei1VLEkeEjO3vlLbTLZ9MZGIEsB0fcvFdoHmo9iqEo4XN5n4o8QUpLZO2Dp4nPfrNltlsgeqWTXuEoMgEea3P1V0UD0P3b03XoFsMTiZ0xW0PAxr8skKo6kib7al3a2bleP9NLcDfYOrfdtJvDmoVEsuHA0oetjggQ17HLpLxxhxzon803AAjMNn22qxUGzIUFRVBfmLtn6R8aJhoCY61V5vrqMXQAbjs9b1VonPTgP080sFIxFO8zmeHAuc9kfdYAcVPNZYDg4wGIKKQ37OeJbfK52iYrmTDFEqIEAg9of5bxQqfgl1KfY11WO0qZP2cnoWtt4SqXwOw8qzVTuLGSb4xTGgT8KSXCP5c9fuMmGNsB3mzXKQolWUfnc4AWnhhl9gDRhsINdcGA167OZR3Q3HIM0YNPu1OHs1BwoXjgCmjO3AwZD7OwlnQxBZufDXRwUrGz4tHzIdeIJT1V4qQ0dB9LzBisZheT78TAtI6VnTA5usQ6Vy6YZwAEwSeIGFqTUE7D6soOIjDbK4EFZ04gKQbHAdCvTIsWvCDdPc5K2Mwyy2XDUWElYF7bTxCwIjbgx865PrcNMwKUYdUI3eqnJuPkGIjGAMuwkErR7F46jbY5GVDDEcJy1Dgl64dvvDgGZjLItEAzpZdV6Ar69DPm2I9bjG1IqhK0Mz9P1ceyt8G84P572o8oYcXgSUFI1am2COhIg2FzNfUYRuaqJskQhz7unuVBTuTBlx48QxirJ555w73oVQjfUUd6MDeqe3MfQFEoAdovPU4EhLCTk5wmlbM3PntNpkQDBQpQmiquVQkiBEGnNYthr67UsU8bCW80fgomz8cYZaiQoDxfr4R5v4hcJnbXrIV88tuNPcR1FGHyK8aQGU9H1xR3sGltGhYg0rZu2KdwHmYCR3PMqEOLdXAvS0ManKJBLaWom8asaXQbBvhkxoHY4rFlxHrFCWp5LcH9wp7LgZUw1YnldnDrZt362JZCdweLoaeIgw9qnQfcH0VZXKLQIL0qSzVyd7uqmd6E5x3oBH9FCiAnuC48EIRS3lSIcPeOK40Bb2G7sJJhvycTGf62HeqHv9T6Oy1oiFr47JgcQuO0uKke87sulc77jkv2hJ6pq641L8l6dOpOdhSlk46kMojlkkORbj6dkcBtvDynqnrnKo7GS2mje4dQUrDMcRdM6u4BOenw55TtDHe0GfdEbbpmWyXYcrrfk9MddHh8YRw0ryUKK9CM5zIR4wFRrp23cWTh0qh10WmCDd60PlFNL3Y2YJUD2Vn3qQ2WALK9xeGifmwGvMIn1XeYS7hifpPbfi0SDfbXx9xXwJxKxugK8R6WwW3zhdZ9vrYV7Tc8kSCoCyBJCPTKd8zLKE2KVz43Cw9TGJOtBbYPvFcnySWRKIOR3XpflOA7651HOV18mAMO5YlqJDuTPvO8frQgb577T0dcfkcDhoH2SXDTnSWuzs6lvcbmYikJjzjI72JuFJAoGFTaiUzy1J83COp1xBtpUtOvghhRKTAv61eewFEbvi9iSlRfeHLLxCMHDOxU2BjhQZoyZBOrSQHvNuRiI6xQzOgmM7FD3QUGbrZuGNR8k5EHD8fLxY67c6hfGgEgnoQuSk2hLTYPrAdKQHCR5OfPzTylwiaRDPi5ZON4mggRFUF93FM7YCWksJM9jD40QzN1WHhChKacECk9n5mdaqaWjQz8uSsnGoccGFhhKFFdWksIWLK1n7HaajiiBbFE6Hyw4v2d5uQHjvuSDheykXYlCkCXZ4SAWnDJCmRZSrecOqaS0MdNJVrotVqX1ekuiQMkFecygCitLzB59CUqJl9P8CLHPzwiWGESjdmnzcBWPaz64Z7iRpRkc06aQzKJu0OK0D9uOstiFGMAJSEyl4iRZGMxCvDqXuBUM939yKPGvTZR5voqnEV3uM44juRT7oCGxaDMxOcGPxzVg5bFLmqbikzLRNrjZ7KfNywjD4bTWHURbe4oD8GaAy7vdXLASrgQ43Y0HSHKVOOExu0L2wqP57D5R1GlQafUMxpKmfI1U38KUEwPJF9UTQqsSCXRKxxRUaAK2y3u0IcA6Y9h2Nndvfly9pX6dBT94DMXyBk4RXFZJuiByUOcDAZLsxj5Q8ueevrTgCqm7WStLryTrbYDjN57M03fS8jAacS7MxXVgHCtxd1QHYR71oQaGgwa7BffCY7tO1oSGESI9wC5ixCTFWwIbXP5wJhHAIEgk1Qzn3hGyd8D5LVLFCk1GwPmZ96M4EFHafsg9IQvC7iFc03pT6kdb6TIqOOSN6a0gFxsbrfsiu7p03Xx1W8qHZ6AhKMKRxkazbDWFvReW2kJl0C8eNHROhLwin3R0fBBVAvoAVHkmBoIOdlIE9w1Qgl37EIwiRuSTyhhFyG5nXFV93TnmM1JFWPvofCDbLuWG7qEKUxZVumwqE7UTBkHbatRlg4IZDDNIG0jbbx2TCNk2vS8bo83e1IuBw30wkP4jeWjf6NJxpKIEIJRe2vWwrjdID2muUUWq93vzgL7ot6gqDUc9j8FNQLoaneJZHYd0dVjzMyg0SWA9zKFLLX0Krl9bbLUQIioJ5VGOPwBjD5FLiAzctEkxCAIZ6GNJW2Ku51rO2uBGxg6ymLJTTVeuBDHKsMGVqfxdHGWVg4IUWp80TmF2nu6918iO3MABsDtyNgzBA71VqsunKrk74qB4ec4ONjkM8MrVAUhk7IpWQTkZmxBeCOARNsI6aCuTQFS0XDnQVJeNqRcS3WvBXRXwMfHwboGsu5lLR66LcPM3GTFUDVGw69VcVEtxpJbG32I4PgeU6qIgPu25dqymTtRO7qxrqkxEfqaMYlhFMRF4dVa2Z0kflORAKKhWiw0IOi0zZsDPiSS3oehXX0lkF3o7XvrM8QALAQUwhsI9Ei6kPXPguKdKE7YN40bWOZ49IhronKq1r2JnUfwvuTRlY2OSTtYmoS1OOKvJJaPVMHD4AGA8XzgfiXhkBvmWnyXds6RLjoDQpIrWhJFagRMAj874yTnnrEMI3K6v6MGVAxEln70O0NOAFcv4uQ6nadQE0p4A8Miu8dIZNfy8XOf6QVBpPf8KbNKhBSvO1HPcnlyINmsh7ZV6ZaaKgblM9rQIo3m46nxZZE70nV8vQVCuWS3NKhqV4mEX0zcEkp7XAUXrkhvWSrVvjREmjre0CbXq98Q6xbsid11BQwX4WG7D9cw7b4Rk3ZEz1Q74G7OCtFlRX54ZHNhSvriw0mPFddzgAk36G6aRcAyDSlkPjsoQiJI9nVjC56eyT34Mi5VnOnll4rWMgQ2cEM7aDEyt6UmKBHT6MKx33civPYY5mmr8JfouGWFGyYd8qsxmZNxpogslzjAcSbmCr9FjKr1v1N9bqLFRn3B8h1iPUbTvXggDqzwV5pG6EG0PPgxH2Q2RYjgfc8Co9kRBpggcYzOAZoZYWOBetp7WaLBzf1pXk4soSPuKbvI7AsvS6UV22NE7GU2R3kXgaQmKvhnHskncA3mRp1r3FvQnyk5mC4BHIdLFWIA1OZASpGhEjYlTn8MXqj3KA1LDnTG8cB7yyV73xcHr8ebietyFtceb3toFOKgCBhOTIjM0zZSLFuDnGNsgR3XFYA276TfpDLUCKsXWMGn34QvwC0Py8BL4QjGqQLI0JU4JtdCygA4FPpWR6VaDyjcT3cpO5l0PefUkdivn3yIbTkhmBJeJiMtVpBL78gHo2FNv2oBBDBe7iKdZlB06XJ6uH4blUSzdFMy6sdTPS0WlTES2iaoIPJkVza5SPV1SkrHxIS8rdUXLufi7TJOX6b8Ibv2jvpeVVvz3GVY7htTbxo0IaNnoET8PMzpywJe6aPyo26XNikr8xMFl93GzGA1c6wZ0fUEGf2NZExMTkMsQWaPrrwjsxV2JhD409n35RjRaoRiNUoSN7itUzMNdSnr480M4mHEtjDiS1qIjivil2V0mtM1q8rA3xI9AkQpYvvrhyVhHmoTGtE4RxLFRI2X7nLLe5GOATepialzS3KjudgqrjOKm1hVEs64o8MPNRMCnbUik5cFBWA1YlQB6iiaTysgl7Ik3uqIbd6NtQ5QQg1jAC4UWcSkfQgf3W7Lfb79EXQNfjPOp0YdWnle4pLO8iJn6gwVom0yd7xa4DTU3lfGWshidFItSMKTDmM3mJYfAt3tgi0G74BcmJnwXaFXIv4seq2iSc6OZGgZHcxRtIVhyaoKwt9cR79ISe6AsDlyyypqENZyDi2u0if3SZzrPAOKAtBZi9NQvWwQ33JVENh8KMf0XqjwFRwfc3T2I9bUpM0UQjyt1gPicEHmYkMThJAJbQBc5PHcx8YbeeYBaMdteaKdjdOYfolPleVoBn8RZPZsB4qdkToRKIKbjiOCdScHhC8aJe4pCX8GdrvBltR0FH4s5WsQnxw2JNrqu0lIMiHlgw4WHKWHZbeKDPPeRzBPxnNUQNfctv5HFpuVoJ2pfIv5xXamVqYMpQVIZQ3E5Z6DIcmDIkYgW5zxxSSAaw1aZWVY7rrIYIyq1ynP1HZtlBhwNygbMDNwBiAWYRMhMcmyh9KXhxgr7SikgGMLlD803wpoQaZUSLgqkTYJQbQ02mQIDp76jYXZywncTCmwcfo7mptcBRuC3e0DmT81wPfc8JuWao3V5XqRxiU1qRkkqeMKWsYjA3Kn5UaWjYfNyIRPBgoofy3wiOjdVV6ILM5WHF98aaFQFanYRN4UIAwwhcZPdAvE2EIua6zJvf7iINdMKXjEn1ayMbbWmzI0wg4iE13SgdP3PxBoguYSaMedSlKAcRu4vIHTLCFNRuyRkxenst2FVrnVN0V9oKWGSE4pxB0QsT00sqp9UvxulwkdeMB2KGQSfDqkTuJrruMCDOTCiYqRywC0xz8X3grPKbHoh35rPMFa7DNhOMW4czOXbYP6IrdsrkoqKircc3azJlrN0YYC42ac2oqQhva1IddKRD6iln6OvnCPBOlwAtV7r6XoMIVWqKjUWGrGnzHVTvkr9CG7Y8wKJspqhklxpSKGvv9HiZqEJ3MNLPQGGkCxFcNH6KCtCjvHP12hG4HCmwQxI1sZlT4GgP04m0gKcPJrblZVGeNCWAH4g61UtROtoPvtK0cCntT0ZeKXATgHdeMeqJ1et3zuOqW6KNuw9bGyEWvgboTda7ZbjrJON5hvsXzmf3xsg3hCOZTBLXpgDeJFyaaEM7vRJsoi7FEPcM7pHmZIna6aGdYtGMnvlY3vxo8NsXeikiegTzPixQrdrGFnXBBQqdSIfRTwYHCZ2pbJyK66XgStYds7o3DLpSZwvrbn5ir7X49yeIK3r1Y5k6uXFbgZlNJfOl0WMMcX3KdcoCIbrfXeEtsee2698AfGoRxQ561Mv7GOaCimAw4FEUnXxekJHL3y8k00x8Z8BTveVknX0G4gJoChIHg1SIyzQeSQTUJrTaJT4eGnk5iYT08arMEyoFuwN9P7Z1oy8cO6Z0PQxyV3Y8g6WPTVrjsupogAZP9s4Pr1knxjFZcCq0QAp2mh1bQxmrstdAPuMrEthGCVya4cTnT5PMFJd436oWsJvbDMEsE5SZxSXJ7fz3u72hGpreMGl6J7swhU5YtBO62HX5mQpYOVgJyvIAtrU3ajN9S2NxUyJeGbCuK9nz4wN9JywMFmXpsIiXA6GI4PsJU0PGIpcq52NewZgg0mbz7b2G0M3qxCfz3WeG3bPveQ0Qo0EVpfWDUANJAqdxijdRMA5Z8Ncrvbm38GoxKdFATFB0q46XBb8lINUzQEhAd5KJtWO4etuioHmRiW9bz5Opm2no1RM5VLwSoCS8UWFfSNud5dcF0CasEWazIUJoGk0rQtpIz99WkuAKfG0dN9A0Z7ZUt45FBA5zzuCXsl8H8M2fCGRzzo52GZ4PGa8h1tPMYDhfLMtaw1R6VPCc2JeGId7MW6om5iIat5pK9Mi6FLePsvCRwT1g8wp6ewpweqEK8MSSUCa6LQpBaXRQQHnBn6SQqbnuZwKO4jsqBhZxLg4M0MA7wTzxIiSi4IEJe6q6KxF7ydvW69nCSVBejSQ3fHLw5wYaGwCLkadEen0sDZMIG0ziINLpRHLetc1TGUvBUpVuWMKYbuW4Nte8uWQRi9HvFeLW1ghcvcfowy4DtrMG7cyk4xCwYm60C44hwysrl6MLhmzc2HQRvZJ07PbA2USe15BCwIs6N6EGfoZ3gjdUi8DQ6nvlpacgpcW6SupAW8m8jbrQIzHBPdM5KmOkUGw5PJLJwAyTbTuPH65hb2WYTI4DRBaxinUqszGXJICRtYuJglbPYYyzNtIWkYXWdGw2bBpK3yXdLVztNRPhwv5CaZ8rO9ZSwJ6KEbR3iOeBkhAZHx9HElkk7TK7mP0XITSy6ktRDdLG8fTZNbcPDpfSUAEK3VUQvkbIvhPXfm4gkBFwbbCTw7V4CCO08m45ZdFf7q4e2nvHgCi4QByOFpp6p3SLiIgovVJbrhq1OhcUGsW8qvBCfsVPvgEXkJgEmlo88379KrYL1aDEPybT2rN94SeOypkJsBOPep7NuBDuONhCapGO049sKGIoLS4nV5N8siWOFUkMR3mDy1GCu2PtqqPh7c5JUBhaaXMgw2xx2ZgJaVPFPyANDWJfKMio7dSfoOa58aJVs5yM1h4vtmFLcS4GjzF2D5rHn1UGynovLWeVrvmE14ybfoGDtyr598IzevHD7Jkh8R3Ig1lhjhUl3EDH8z8tGJkN8F6EkjQMg80X9EKVkApNxGqoVxUCxbN7sNPyZaLagabtOJRr0ivD4ugEMuJZcyyUCu6PHsf390QLWPi2kGcvdezYKCpv8mTKCbSKaY9aoGNFkePSzw8RMR6MHpAURQR1JS8NGUh3AzoDj6uXS6aZV8ToqwqqUB4adACU2bPNVSSFAokJinyTL4GeQzIqjKDbbb5yDeR8MhNdnlZQXkfX81jfDYIk7XOBsudv3PfsVPbVJtiXyty5BjIm7y4YfWEatoamMbXKaUWLzb8PLv3hJPzTtEeBqtTctN2LTOhkM5OtYiPPIfUIpg0IR44JDAZeKG1AittSUztpI3nR6fDfafirYt8Umv2evQvCQh2NIEZ3XK8VyiaORs1NhKeX68c9CR2BTJeXwXuq3lyChFqtGradfDFBEh5nQ72DljxyJKEnA1SAWwbtSYAVx2wvlWTk9WWCgNFr5kmMDDr9JgMUtL7vuaBaHwNn8pQrc9UwBceHZufSkVZa381RXnnNuE3IUyblWNmyIVO96aPToiVtnj1aDFyHm9PBW5KKprPPtbMsBGpBhmsy8sQcWKobVtxRLVBk1KifhsuCCoH8OtECVpEjn3JWmbtfpikbX1FphTABb9lQ8uYpPF0IhCLWHL34ZXOiP39TAlGEKaPIxRiNKlUg5ihP9jrq0Lxqb2GK8ld4lP2WbnRCGS4v8kVp9lxJFoc1B31CMFdlRp0vfvtVJskZlfqDSs4tllT5d4XNugVBo4uVP47qQTCmBzfuL0YYjHzEY5Uq8jP2rFTkw6V3jEEknWGW1zSM65YzU2Hb3iMLbTVj37PnI2GHMEtzJATRbduC1GQk6FnV4mWAOTT5DEPHMle7wKMzj5DXn53wLb0iKf6HL6rJZaLg21ZzmfYKkoWVrHVvAjgytb3tWmW5UuyYPX1ZYshI9NjvubeXkpR9LyFwJOqQ7smTGeobA5yrjZBz1icfTGFPHfGsP54e8ePA8nagwvEXXIa9vG5J2dVFpTHmkAOvgq9MLAwDjrXRuIZFGqvWsDvWYeco1dLDS1wxyAKUQvUEPv4PEz9wiUhO8QF9Akrp9EpLLr53P4Pgtj15YhqH1ArrjUmdTwmO0uVX56UJbBi7yYh7SuKKWfriSxxcNqpsizM76o7WO7xy1qD7930xG1Ud2OA3hn6bYMLlTlXEHANjgnh3Qxw7Va04fpxUvK69oMcD9IcpAaoStJ2B2xKsGryKXmV1rhDzDFvkn3DWYcjJnT6emI0mr3QZP9ap4KkPaHgnqrSMQPoVr67LyAw2s3jCVrBhsOLTE9Ro0hzjI3IrHfB6tHnw8VB5aiNUMkc8U0PNknkL9fbFVOKTtknIkhQGR2uZtQx9BQs6na7C1En9KhwtLcLVagYEL4eVaDG8CUrAeBofzkZbiBJcbST7kB0j71cLK3ETsfxu6OXy7eECw9dkWCQgf76t43xEGd1vcSOA8mJZSnI927z8XoSL1a57XkzPpIc4qj6ObY2pdXsFqqJ6YCZqhycAuhdiD8xoxMb6WeYPFACJsDw8U8MUQnd9WPx1pQpruAZNkC3LvvgoUtBflyYB9HcSlrhIwdQGcwpvN59vIzMjHedPsR3r7OJJ3SDazSIw6NpUGoqo33Q9c4nvnku5HmQKH4zWFFybofetWeU0MAgFcs75VWlzwlWNuXBoh8GHFvYXY1rJsualhVuZ1NQkcv4BMeZEesvqPkQw17eNqHG106pSKNpA4VQobc4e7UbTreGAoINdxGRuyz0a1X6ZMULecAEzxANDd9ErA4zQykzwGlu9coRQqVTtvOGnCn5xmA9D0FLr8bRdN8tegdEDZQo4zQX8h07oN6vY3H7LiAU815jyJNT4QJo5NoVhZZdLXn9mJKzj0gs9BFYm6qr6zTFaa0Ih91lNL43JVIQ6nP7U50RXBoc7ArLcjWh28Zy3xeWDAFJNNWkUIvmcf2kP6eD2pD5YNd8uylW6ZvSp88Uc6kuAjBFtDCnWVyWH3KUkYaDdHM2YLpFO0yYAVtPXgdyYrchF8SGDtCNb6D7yRgWQNGIRfl2Owj1V0NQ6HaxIefws5t9KF9vOHyddQKe8iSa1ZWhaTP1J42Tq6xUhChI3XjyEUasxz2jaDfaxRNmOoGg2GjsWgD1FnI406TU8yrN1bzN9gbTyfHP2Rhvzc3gsud44xut5iVp0u1w4RRgtpS70m4CARWVRYTavqkBhTmLTLppGHSQja7UggFZT7MpWcf1L2oX4mDUFbshLyL6xk5lLIoLa8KeEnLDQoLoGvVISR6q0Zbyq4Zrwb8jbRX5rUHucxXSy23d45Qj0OKjUMlovnAnq58RfSUiAK66yszHqo9Tg4uwLUoJMpA3YYfa38B9EFdWac7uvNbmyvPY9GoirwXnisgcTHlbA3D6jayal512Oa3OWXKyddOrk89hyPpMldsPvulFcj6lTwKiphrhTA5KmMUhAlh85KbbEVRmae0bv9PfrdLfjb7mN953FOPy3ZJWn3cLaBMrwc9DAlDENiF6L6Hv05AKPlO6Mx8buADTrX7nAyKyvXtesoN1HRt4hpDViQX5cUZ14rbj4jUXwxB7Rw6G0FiwKj1QntX972uDWIZASx0F82ybQ6eCgeUa1O6k1d69BhfPnpEjC93ZldpaPx9UvUiUKpdXxbOhpOBbzDvqVmJb8sTzvBkzrscc8VHSD4DR12pxpRHsRrx3BBqWmTy7FFhFcR8H04fovcMj5oZbLsVprgdObXqVuE24Leky6sxAc3Wr6MHARsYRHHB8saIrGGVhffAdr26FUMTQMO7ZFu33ah2grrGclWe5F3pUCQjDE1O4pyUl61SxyNTtD78kTzEc9NAuf3C4u3Mh8yT3ioebF2SUOdARWsCYhjXtqqZkMxPFxTuebKz3JAA49BCzcgDY4CG6Mrf3nI4sWMI7YEm47WyccYwqZ9bcGP9pX0PhFdmKBlpUn7myAbwaDZYbjIVD7zPX7QWG2VvXJ4ycm8fJ7gqjDZAT4Q69n5iEZ3KlrXNWPUmlqR8f8qBjistK44w9lqCgL2y0DLTTZu7a9BmO0t8e8OGBM38nMTTkUMhIS0TEt4UdA5fM5s6SCxGg7SabiearAC1IkB3FcPANhoqflfAV2zLb78tvJa1j53bX3VveYfW7ObE05rcV0NOsAho5wVCbYeNwD9iB3qiZiCnj7qScr3l5BWLhjf5tP0vLNoyi4CaqRouK1Ftq9ymwCFAr8HTfdPYzUBGJfGBSgjtP3zobHZBHFng0SgD7kOmwOxXcQokoRk3mUjqExJB7UqVyH645qDHhDumy2RDAQd5JFuHrjDSYeqNT5Ni3c1VgtjJHmRFBIDj4KG9cUkaOWTM95oLdq6XAjCYh1PByRpclFCARuxCVWEdUvlabqaEnL7lucEbSfmoDe0EkWrHV6LauV30MXo4AfFAocTky1xQMEAVkiWJ2mJsBa37QRQnhTPVPc55mREPrIvmaezjShvmVFeQ16prjNvwNDfIzfUjxCM6qLqtG2BLxuFMvhhr0o83zCAEdm7pWOjCP9BgVaRFzHFn8SRdfVMQhrGRcAZ2cO607kdL1ACSxR5akAFDgZWYZ6uGh4FgQHKeAbJAflr65oD0Vl7sVuUwpNI89182hlzVA4NITqyx3a4Jo9F1OGdTLFwjTygpTYwa5nSu9UP7ppcifPdo3guX5paSAZrDJ1nAplk6zOpINsPqjf2b3cESjpCtaNCKRaUgemQRyIauyVOJMa0xLkY1XX7pzFhllgcmFziug0NdKgcBx0IcJdKTvJql2vr3lQAocsJTMPbIWnbz9jS2gf3UU4CujPGhdTmNFDUZv1xS24Pe8iLt63hDsslcW2U6fVuCwdz2LMusFy7dnx12bLHjSHsXBWYCJKJlxaXDJ5gyPsJkeaM2bNr6FyeTyrbn8MRFMMSNeuGwBxaNpiwfuMQpqCwuvODkMYZ1hY3EHbO7ZhWIf9gQjq5LyntaaH0GrtgdrbczH3b62SpB2BES8ds47fuOo293725NbH0FOBB8Or5G4Dzf8wONGoeTLSIoofpG9A2cTXBfswyBRj8calF3dGZ8NCacg3ES2i5c2DuPYTBUXIb5kQYM1BMtQmiXhYpLkdWmFPykw7NlpYe7Iax2QnyUwSP8Oa0VbWGVMqgCuMK0whjrkkbGxsesHQMKUeMlrmgiJuA7kxh7CYYDYG9drKtA74IZpqH59dkGCxJSbak2UTAIXimGU5Sh6E0DuosizBrRhWlu2BFcMtKsu8hAvCsVC2i9roaVmG0VgfRs11xgWs6WnI8JIkQrMvD6Q9Y7K7cBeXUQrEfwK0FNfKIdyTCgIAorXiloqnichsNtIkBBEyNtwivZL5T8EMmZkzNcOAHw8SJGSoo0tYofMjmQWxN4CR0uk2NnywMksCFFLZO5X4eWdyfUmVGWgBlwrTThudTVR2wELPJxZvlynQL2RFFm0fyk2VjUU69j31uqG6Me1fImIpdl3EDJQoypwPqTrYyL3nsunE0B8K7pVmNplAoHXNf7H5PDX02Es0vwyh4xA5Rl6FsLrDT0NNw3zRAPSlOigxK9IEVM7edvGSULmkM8MnjUY1DVRWD6i0AS6uFF6KRpy06sc9wOmoUECOreCI5cs5GV8dCPo3JG8n6P4LRHJz8aCmEeLOezCfj7Wbr4BFT74ZNqWSoyXjejYt9cKx5oMOvpIOCxExPYRuM4w2oLwEWLnakFYV4jgsTrOLCCdpsSohyQVqSUsYFajlRVnKGHculA5BMQAWPqBfAex8Xi53p1DPrXh4tyJFztbyDAJsoStsuWjF50kunBFbxDrghnRNWsU2Iy8B6IAi9iPBP2Lhj510t69Tr7PCbgF5fHNQ7zgrPMguZFqE88oo7RT5CrGKAXGctVubxwxsi4sXRi1i9E4psCVSwlerRPHV2XjIUgtc3OVE4Fc8JjMx8aPMrBNzPSwuDgXAG0onVI9lPNhMlwQdew7OIIN4q3mKYj4zEsuv5G8w1nG276dORKb2XJGvFkl6AumZ0SnquCJANvCf0vxrmZ6WvLFVPnfOitjJXfwG2wGwbsFZba4EEcKRnygpNhFgsqfDS4h85oeK7ybu3gkka9JC0l51U75IHJuojRsLAbpyeGGAYHvJR4XbxhcknPBM9sUGan5Xv0kZARicKuendyKg2C3mfgtKhWWHznOCVC1xOTFRZWdFHASq8goRhDX4fCG8grD9ZnOypT7ZVZEDk7XLBWzeJUG8kJfjA6OYItG5jHQoPPutfX5jczGP6Cb2FhlzEneNPV9qcwemXtpzTq3uvM1m0i22thHyQS5Pc8kpJhiQeIkqJ8BZXpEPheOFV1YGVHBocipFKVOW2r4p8Dglx4Y16otatR2YZDMVg8tr2UqgZHLwAbfOgDDRShfNqbM6ULMo3j020Wep0gGjK2a8FIfXj0iAC8IGKWNL1nue5AkiEA9KsuJ1gtSH8eQuKaEvRjT1ObxjuBUx5oVQqLbQWwGDBE7LaVF70C4ewqhNMW8wvbQoRh51KrwQgaS3rMTOtrYoVAHC6LHwBzdMkwpohaxA6CVR26GvHN8QQCyT1Xx1Ft501MEAEOvfopjH2b4QZXum2Tk0rf4Z0gHIMs8EWc7lpM15mE1iTtvQlXAfVzuKResH4dD2CTPwWx3GEEqhzianuLSShVfLT6ihlSbsPfrhxv14pNunnPgcRnSORuv1biGkmtmwKqd50Jv0YNH5tcszkJgcw3AYGjaHjCcg77ZnoLB0Or6hYEGGnhGKFZE0zCSE4Kuux1b3ly6isSBInGpjTkVKcgtjoli2OwmIZbMDWosDzDUCQUssmAnS5wmQivuoAMJmAm48WkbLmd5FSMhbB9D9TXPcGhgh2hwgzy6KQJFIoCCMF3veCMUxsqkC1zqPUAz6H3VpjFg5AokZNua1KsuQbzZH4kqEDHCUpMvmdVAZuMhSBWacaFVFHG6QUlE4FffeOegPdmLRd9CCoeG5VyrCFBPyusHsHjQBIdgyTslfUy3X8GmzAWmYgTWYwoJBMXq0K1ZqgPM5Y3jJm2Ff8l9mTYIhhnqalsDuqR2UYdSNW4ktAN9nU6VLH0zDrU0JXhizgzxQ81GVXBMn0qNNMn4HYBHG7U7bziPdBfJkjDsImwuYhDfkLBdkT6Co7N3qiJH7GzIAQdIOxvNK01f4ZPgU1UgAagQQY5A1nuftaKuHF7PJMvRrihplPHZzjpvM6JmjBJMnpayFPTnK2pvPveoze8ZDoJOklWIUM2SIUQBtesRD2qwrtL16VKKeWxpk8MCLFw9rGzYilCPR6lBioo17VTIufdq4eovEqiI42D5VzFtYpamGO3Q9vGQwWaj3yPGJ4ct4z9ZpdmjcTVkdM05uq9Q1Nbs6Z1tgwn57YeGfUWPqdzRnUYxe6p2FXKpB77vByr6zwfGGN83Ueb91V16iEbmaLwIKZvp19Pu5ewbjejPu5C2QCDm29XeG808DBOSDVQ1LtL9T8tOzrHgUqtr6wQwtlcFzzbZfdufoB1Emie2HaY2xmFrzWhwq6FITgOK13IeeHlVClTXI9TuvJyvt1Wju2L2XNJkIMxSzkcYeAJhjif3pmdMUMlrf0LL7H5lMfjEerGKOq2WIjTcRXo6dD1EzN6ljXdBN3OCTBfCwkVYoNP3pxWEiZacbbwTSvcEKBjGOZRsjIz5f9EKOOESA6Mj5AbGW3N03AtSO6O2zRk0piNhuorebJ59p0q8dJQzCB3ybA4hjfyJp70Mu4HI5xeqWbLe8GX3GuI89MFEr0KfnawNK9o2L1bgEygYxrf03WgOn4nVZtvQufGkMxHAfoluJdzEZDxSCEDqqWuBOtIV0diI5Sr7OM78S5HC4Hm0BlsliZtqi2UUtYlnN9nP0SrRCOZcYjA4mq4TNyLUCsve0jXrP2BHTguEtcFIm1PU8E9XP7zTOy3nNHxWH674uPLJjKFe2MzUhCS8QmH36wjy61YipOhEVDUuE9PnDGWgE2kX6QrOXpIpKa6FEvrRUTM6h9YPHwQZNXFBnJ8WBo0fJsaJ2I5Qhq8MqSOuERkYWzegqydrOycON0g1b2I61iG67D9kj2nvyGalg98moyncRulJYkpVxErZr6UbwG2LpBdlqy6vOzB1xmQaS4Vq5MEPkG2FcSfOT7qEQhERVgNz01RdeZ4RXHPCDOLcffY2fSBn7utpHlOzEOpYjuHk1T8qcBPlxHo7VYdEhy7vARkepKlvkEmtqfKDXslN1rirNMZTS0G3UuuIac7BWiicNMczzAnqRonu2mLcLNlsMRFovk2deX8JanNIkqNdrFimWlmqqjLQjmdGjSnV9s6UV15fPerO37PuiF61XzN8PDMqaLOQpyZsEK2wyN0Lo3w4MEYc4KxOU0DOYB4MoYzDwlAQ9o5w1WgyUfHHefutQUtOq3hhYqHURf7obkkjgE6AzbQJaFAlSx5SEmwjo7kKX7F8k2BtLcwg3WV4IW20EGNN2T48GAgtfT8sKVykcubKiSaACDpWcEr1fVdSoks7KN0rw2AlifiuJyeGsMjcPj5v90M9FgVVcBpoWzFbQb7X3e6fPiVSeB0KYN93enjgBZntmFBScmokS1LP1Jh7Jw4UVGfvTwfUkQEbJCvmkyYzqEhbyyW3YwdPG7DLSxMKdUGqXnmXoGn5vqTx7EtdV6ZgcdsNChqmEecudyaTPS7if2sPNxw52r9YzHKrb5Za18JVjAbrFAQUNw8VIiWZLCfPJE39PUUaXyzDdMaA2GDPGBNtuNe60ZFIdZCthLwmtLZUc2gU9LkMmxEtQ523PzbLbU6Br3mopKcCCf24UJ05jxiz4EfIkRoOsVKU77Gy79w6klDI0KclGtsHAxeUXwRNmx8eWwfBbMWKUPlApKRwNy8zcDLjf3VO7sxvy38ziIYPubeq3y1Zoxw2tBIVJKSfsZUwfQL501xINQr9viAyE3eO2KGeVoi4X9ZF84LM3MKl5RFVFnotZ54HDrgy5bAbixGmG0ikWwx2YGBzsh7v7nUR8HFZiJ7R26snjHxPf6NE5xRpK9T5T08MZqIXQ1rMnyMXZy1aJ1HmshJOZCxla1A7N3tG1u7InEO4c6Igr456vazgGbMkjfEvXDIbAZapRGrt3o8lqwvx1JbrZP9ixJvAXr0ENDsfDmqsQCO0m3cVLVJfHRUFjmmL1qAGQU6eAh8GVLJFJcBmtNfYkmoGmzI69hAEy6noyGhkVQ6wfaNEv8fbsmfAfnNjBn5zVGRGnuHKOYSDeC5B7TJ0CWOAp9TAwGimIC1mSwEUTwTIexTLP90bGtStURPxrxXp1dQHpoA1vDF556rM6t9rmY3Ni80qQXFf4qUprIt9j8JcWgojJzZSwsc0Nf1ADPDDm617aTuT9Me32y3I0g2d5YjdCV9PrG3LjgKVa7wVLBDDL3WsRIIp6XjOEfYCcV3mtO4y4JscHGqYDFuADfY2TVbPLcMKGNE8V3S6oOKckvvAxdWgmZvzkRZ8ltehCpHvAz4gcx8dpwGHX4wQuMY03



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 08 April 2019 - 05:54 AM


Hi,

These file are corrupted.
I do not see any commands coming from them.

Do you have a TEMP and TMP folders were temporary files are normally stored by the system?

Some program need space to create temporary files that are saved in these folder and normally they would be deleted when the program is closed.

Navigate to this page and if these temporary folders do not exist create them.
https://www.askvg.co...older-location/

If at any time you need help please ask.

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 08 April 2019 - 05:54 AM


Hi,

These file are corrupted.
I do not see any commands coming from them.

Do you have a TEMP and TMP folders were temporary files are normally stored by the system?

Some program need space to create temporary files that are saved in these folder and normally they would be deleted when the program is closed.

Navigate to this page and if these temporary folders do not exist create them.
https://www.askvg.co...older-location/

If at any time you need help please ask.

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 08 April 2019 - 06:27 PM

Thanks for the suggestion but that does not seem to be the cause of these files.  I checked and I have 2 TEMP folders (in the location described in the article that you sent).  These files are not in either of these locations.  I am the only one that uses this computer and would know if I created Word, Excel or JPEG files with names like 'improvedhungrytrends.docx' or 'onset lung map.jpg'.  If you dont think these files are harmful to my computer, I am fine leaving them alone, I just find it weird that I cannot find the program creating these files and new files/folder will appear with other random names if I deleted the current ones.



#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 09 April 2019 - 05:28 AM



Hi,

I have been informed by an other helper that those files are caused by RansomFree by Cybereason

You will find additional information on this topic.
https://www.bleeping...e/#entry4196906

If you decide to remove RansomFree by Cybereason I suggest your use this program.

Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer's Desktop.
  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.
Stay safe.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 rpb81

rpb81

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 09 April 2019 - 07:25 PM

Wow, I can't believe that program was creating those files, but it makes sense based on the that link you sent.  I uninstalled the program and all of the files vanished.  Thanks as always for your help.



#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,258 posts

Posted 10 April 2019 - 05:24 AM

Glad we could help.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button