Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possible malware


  • Please log in to reply

#1
GloryToPrussia

GloryToPrussia

    New Member

  • Member
  • Pip
  • 6 posts

I downloaded something infested with malware and ran malwarebytes which fixed most of the problem but I'd like to confirm that it's gone. I ran a frst scan and here is what came up:

frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.10.2018
Ran by Evan (administrator) on LAPTOP-9VM6RJT (04-10-2018 17:01:58)
Running from C:\Users\Evan\Downloads
Loaded Profiles: Evan &  (Available Profiles: Evan)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHeciSvc.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\OobeHook.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10827.20110.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Overwolf Ltd.) C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
(Blitz Esports) C:\Program Files\Blitz\Blitz.exe
(Twitch Interactive, Inc.) C:\Users\Evan\AppData\Roaming\Twitch\Bin\Twitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Overwolf Ltd.) C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Farbar) C:\Users\Evan\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [406016 2018-01-31] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165644416\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165644963\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [MurGee.com Auto Keyboard] => C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Steam] => C:\Program Files (x86)\RealRealSteam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [665216 2018-03-01] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1504584 2018-09-18] (Overwolf Ltd.)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [com.blitz.app] => C:\Program Files\Blitz\Blitz.exe [67603384 2018-07-03] (Blitz Esports)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CrrDkwem] => C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe [146160 2018-10-04] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2417936 2018-01-31] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [MurGee.com Auto Keyboard] => C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [Steam] => C:\Program Files (x86)\RealRealSteam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [665216 2018-03-01] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1504584 2018-09-18] (Overwolf Ltd.)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [com.blitz.app] => C:\Program Files\Blitz\Blitz.exe [67603384 2018-07-03] (Blitz Esports)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [CrrDkwem] => :\Users\Evan\AppData\Local\toaqatuv\crrdkwem.ex
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2417936 2018-01-31] ()
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-03-23]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico ()
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crrdkwem.exe [2018-10-04] ()
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2018-09-12]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-09-01]
ShortcutTarget: Twitch.lnk -> C:\Users\Evan\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb67c16-5ee4-42e1-937c-1c5246fc58f6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{42efc9c9-0843-433b-95da-54a36e0e3bde}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{645a08f7-d26d-11e7-b9df-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9d106ced-10c2-4ac3-a956-faab85e48f62}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a59731b4-a3e0-412d-be16-275f506bbeac}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ab90e9d2-f3f7-4690-970c-1dc6b67546a3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da96d4e7-83a6-4cbc-8dd8-f721e0a20217}: [DhcpNameServer] 172.18.13.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = 
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = 
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-27] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-01-25] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: o33qc0vs.default
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\o33qc0vs.default [2018-09-27]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-01] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
 
Chrome: 
=======
CHR HomePage: Default -> homepage.ssoextension.com
CHR DefaultSearchURL: Default -> hxxp://search.ssoextension.com/s?q={searchTerms}
CHR DefaultSearchKeyword: Default -> ssoextension.com
CHR DefaultSuggestURL: Default -> hxxp://suggest.ssoextension.com/suggest?q={searchTerms}
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default [2018-10-04]
CHR Extension: (Slides) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Video Downloader professional) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-12]
CHR Extension: (Google Play Music) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-27]
CHR Extension: (Sheets) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (AdBlock) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-20]
CHR Extension: (Drumpfinator) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2017-09-25]
CHR Extension: (Violentmonkey) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2018-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2018-05-02] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-04] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
S2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [136352 2018-04-09] (eVenture Limited)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2308424 2018-09-18] (Overwolf LTD)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [900840 2017-08-14] ()
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2018-09-12] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2018-09-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-02] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-04] (Intel Corporation)
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-04] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-10-04] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-02] ()
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [46040 2017-08-24] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-25] (Zemana Ltd.)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-04 16:59 - 2018-10-04 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-10-04 16:55 - 2018-10-04 16:55 - 000000000 ___HD C:\ProgramData\temp
2018-10-04 16:24 - 2018-10-04 16:24 - 002414080 _____ (Farbar) C:\Users\Evan\Downloads\FRST64 (2).exe
2018-10-04 16:03 - 2018-10-04 16:58 - 000000000 ____D C:\Users\Evan\AppData\Local\toaqatuv
2018-10-04 16:03 - 2018-10-04 16:03 - 000000095 _____ C:\WINDOWS\wininit.ini
2018-10-04 15:59 - 2018-10-04 17:01 - 000000000 ____D C:\Users\Evan\Downloads\VST Plugins Pack Ultimate Collection
2018-10-04 15:23 - 2018-10-04 15:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-04 01:19 - 2018-10-04 02:06 - 000000000 ____D C:\Users\Evan\Downloads\Nexus Content
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\Program Files (x86)\Uninstall Nexus
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\Program Files (x86)\Manual
2018-10-04 01:15 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\WINDOWS\SysWOW64\SYNSOEMU.DLL
2018-10-04 00:50 - 2018-10-04 01:05 - 000000000 ____D C:\Users\Evan\Downloads\ReFX Nexus v2.2 VSTi RTAS DVDR - AiRISO [deepstatus]
2018-10-03 09:26 - 2018-10-03 09:26 - 000098234 _____ C:\WINDOWS\uninstaller.dat
2018-10-01 16:06 - 2018-10-01 16:06 - 000000000 ____D C:\Users\Evan\Downloads\Farming.Simulator.17.v1.2.0.0
2018-10-01 15:43 - 2018-10-01 15:59 - 159114917 _____ C:\Users\Evan\Downloads\Farming.Simulator.17.v1.2.0.0.zip
2018-09-30 16:40 - 2018-10-03 07:19 - 000000000 ____D C:\Users\Evan\Documents\Euro Truck Simulator 2
2018-09-30 16:34 - 2018-09-30 16:34 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 - Krone Trailer Pack
2018-09-30 16:14 - 2018-09-18 10:07 - 000000000 ____D C:\Users\Evan\Downloads\Euro.Truck.Simulator.2.Krone.Trailer.Pack
2018-09-30 15:46 - 2018-09-30 16:13 - 907066883 _____ C:\Users\Evan\Downloads\Euro.Truck.Simulator.2.Krone.Trailer.Pack.rar
2018-09-30 13:48 - 2018-09-30 13:48 - 000000982 _____ C:\Users\Public\Desktop\League of Legends.lnk
2018-09-29 23:02 - 2018-09-29 23:02 - 000002045 _____ C:\Users\Evan\Downloads\animelist_1538276537_-_7406724.xml.gz
2018-09-29 22:59 - 2018-09-29 22:59 - 000004729 _____ C:\Users\Evan\Downloads\animelist_1538276397_-_6752577.xml.gz
2018-09-29 00:59 - 2018-09-29 00:59 - 000789048 _____ (Roblox Corporation) C:\Users\Evan\Downloads\RobloxPlayerLauncher (3).exe
2018-09-28 21:03 - 2018-09-06 17:12 - 000000000 ____D C:\Users\Evan\Downloads\Europa.Universalis.IV.Dharma
2018-09-28 20:37 - 2018-09-28 20:48 - 2706411504 _____ C:\Users\Evan\Downloads\Europa.Universalis.IV.Dharma.rar
2018-09-27 19:17 - 2018-09-27 19:19 - 000000000 ____D C:\Users\Evan\AppData\Roaming\.technic
2018-09-27 19:17 - 2018-09-27 19:17 - 004734928 _____ () C:\Users\Evan\Downloads\TechnicLauncher.exe
2018-09-27 17:22 - 2018-10-04 16:55 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-09-27 17:22 - 2018-09-27 17:22 - 000000000 _____ C:\Users\Evan\AppData\Roaming\FC29FA0894FE.ini
2018-09-27 15:33 - 2018-09-27 15:33 - 000576894 _____ C:\Users\Evan\Downloads\download.html
2018-09-26 19:24 - 2018-09-26 19:24 - 000000000 ____D C:\Users\Evan\AppData\Roaming\SEMC
2018-09-26 19:21 - 2018-09-26 19:21 - 000001311 _____ C:\Users\Public\Desktop\Vainglory.lnk
2018-09-26 19:21 - 2018-09-26 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vainglory
2018-09-26 19:02 - 2018-09-26 19:02 - 000000000 ____D C:\Program Files (x86)\Super Evil Megacorp
2018-09-26 18:57 - 2018-09-26 19:00 - 1287846320 _____ (Super Evil Megacorp) C:\Users\Evan\Downloads\VainglorySetup.83651.exe
2018-09-26 18:31 - 2018-09-26 18:31 - 001507328 _____ (Adobe Systems Incorporated) C:\Users\Evan\Downloads\flash_player.exe
2018-09-26 18:18 - 2018-09-26 18:21 - 943293743 _____ (Super Evil Megacorp) C:\Users\Evan\Downloads\Unconfirmed 781250.crdownload
2018-09-26 17:26 - 2018-09-26 17:47 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Tropico 5
2018-09-26 17:26 - 2018-09-26 17:26 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Kalypso Media
2018-09-26 17:25 - 2018-09-26 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5
2018-09-26 17:21 - 2018-09-27 17:22 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack
2018-09-26 17:21 - 2018-09-26 17:22 - 000000000 ____D C:\Program Files (x86)\Tropico 5
2018-09-26 17:19 - 2018-09-26 17:19 - 000000860 _____ C:\Users\Evan\Desktop\Cities Skylines Parklife.lnk
2018-09-26 17:19 - 2018-09-26 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines Parklife
2018-09-25 00:34 - 2018-09-25 00:34 - 000000000 ____D C:\Users\Evan\AppData\Local\TekkenGame
2018-09-25 00:32 - 2018-09-25 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-09-25 00:28 - 2018-09-25 00:28 - 000002187 _____ C:\Users\Evan\Desktop\TEKKEN 7.lnk
2018-09-25 00:28 - 2018-09-25 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2018-09-24 23:09 - 2018-09-24 23:09 - 000000000 ____D C:\Program Files (x86)\GMT-MAX.ORG
2018-09-24 15:46 - 2018-09-24 15:46 - 000000000 ____D C:\Users\Evan\AppData\Local\mbam
2018-09-23 16:38 - 2018-09-24 23:08 - 000000000 ____D C:\Users\Evan\Downloads\TEKKEN_7_DDE_RePack_MAXAGENT
2018-09-23 12:14 - 2018-09-23 12:28 - 000000000 ____D C:\Users\Evan\Downloads\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack
2018-09-17 22:07 - 2018-05-24 13:52 - 000000000 ____D C:\Users\Evan\Downloads\Cities.Skylines.Parklife
2018-09-17 21:50 - 2018-09-17 22:05 - 1063004405 _____ C:\Users\Evan\Downloads\Cities.Skylines.Parklife.part1.rar
2018-09-17 21:50 - 2018-09-17 21:51 - 183525939 _____ C:\Users\Evan\Downloads\Cities.Skylines.Parklife.part2.rar
2018-09-17 16:05 - 2018-09-17 16:05 - 000000023 _____ C:\WINDOWS\BlendSettings.ini
2018-09-17 16:01 - 2018-09-17 16:01 - 000005842 _____ C:\Users\Evan\Downloads\DCF_plugin-36125-1-3.zip
2018-09-17 16:01 - 2018-09-17 16:01 - 000000000 ____D C:\Users\Evan\Downloads\DCF_plugin-36125-1-3
2018-09-17 15:53 - 2018-09-17 15:53 - 000001710 _____ C:\Users\Public\Desktop\The Elder Scrolls IV - Oblivion.lnk
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Oblivion
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls IV - Oblivion [GOG.com]
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\ProgramData\GOG.com
2018-09-17 15:43 - 2018-09-17 15:43 - 000000000 ____D C:\GOG Games
2018-09-16 23:25 - 2018-09-16 23:25 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Squeaky Wheel
2018-09-16 23:23 - 2018-08-30 08:59 - 000000000 ____D C:\Users\Evan\Downloads\Academia.School.Simulator.v0.2.49
2018-09-16 22:58 - 2018-09-16 22:58 - 169310482 _____ C:\Users\Evan\Downloads\Academia.School.Simulator.v0.2.49.rar
2018-09-16 21:10 - 2018-09-16 21:10 - 000000000 ____D C:\ProgramData\Undefined game
2018-09-15 19:19 - 2018-09-15 19:42 - 000000000 ____D C:\Users\Evan\Downloads\The Elder Scrolls IV- Oblivion GOTY - GOG
2018-09-15 14:45 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-14 16:11 - 2018-08-30 23:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-14 16:11 - 2018-08-30 23:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-14 16:11 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-14 16:10 - 2018-08-30 23:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-14 16:10 - 2018-08-30 23:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-14 16:10 - 2018-08-30 23:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-14 16:10 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-14 16:10 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-14 16:10 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-14 16:10 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-14 16:10 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-14 16:10 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-14 16:10 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-14 16:10 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-14 16:10 - 2018-08-30 23:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-14 16:10 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-14 16:10 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-14 16:10 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-14 16:10 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-14 16:10 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-14 16:10 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-14 16:10 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-14 16:10 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-14 16:10 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-14 16:10 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-14 16:10 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-14 16:10 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-14 16:10 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-14 16:10 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-14 16:10 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-14 16:10 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-14 16:09 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-14 16:09 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-14 16:09 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-14 16:09 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-14 16:09 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-14 16:09 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-14 16:09 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-14 16:09 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-14 16:09 - 2018-08-31 03:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-14 16:09 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-14 16:09 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-14 16:09 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-14 16:09 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-14 16:09 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-14 16:09 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-14 16:09 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-14 16:09 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-14 16:09 - 2018-08-30 23:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-14 16:09 - 2018-08-30 23:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-14 16:09 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-14 16:09 - 2018-08-30 23:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-14 16:09 - 2018-08-30 23:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-14 16:09 - 2018-08-30 23:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-14 16:09 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-14 16:09 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-14 16:09 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-14 16:09 - 2018-08-30 23:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-14 16:09 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-14 16:09 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-14 16:09 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-14 16:09 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-14 16:09 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-14 16:09 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-14 16:09 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-14 16:09 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-14 16:09 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-14 16:09 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-14 16:09 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-14 16:09 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-14 16:09 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-14 16:09 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-14 16:09 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-14 16:09 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-14 16:09 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-14 16:09 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-14 16:09 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-14 16:09 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-14 16:09 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-14 16:09 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-14 16:09 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-14 16:09 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-14 16:09 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-14 16:09 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-14 16:09 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-14 16:09 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-14 16:09 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-14 16:09 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-14 16:09 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-14 16:09 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-14 16:09 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-14 16:09 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-14 16:09 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-14 16:09 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-14 16:09 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-14 16:09 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-14 16:09 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-14 16:09 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-14 16:09 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-14 16:09 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-14 16:09 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-14 16:09 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-14 16:09 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-14 16:09 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-14 16:09 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-14 16:09 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-14 16:09 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-14 16:09 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-14 16:09 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-14 16:09 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-14 16:09 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-14 16:09 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-14 16:09 - 2018-08-09 00:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-14 16:09 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-14 16:09 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-14 16:09 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-14 16:09 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-14 16:09 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-14 16:09 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-14 16:09 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-14 16:09 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-14 16:09 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-14 16:09 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-14 16:09 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-14 16:09 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-14 16:09 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-14 16:09 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-14 16:09 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-14 16:09 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-14 16:09 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-14 16:09 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-14 16:09 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-14 16:09 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-14 16:09 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-14 16:08 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-14 16:08 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-14 16:08 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-14 16:08 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-14 16:08 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-14 16:08 - 2018-08-30 23:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-14 16:08 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-14 16:08 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-14 16:08 - 2018-08-30 21:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-14 16:08 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-14 16:08 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-14 16:08 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-14 16:08 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-14 16:08 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-14 16:08 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-14 16:08 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-14 16:08 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-14 16:08 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-14 16:08 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-14 16:08 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-14 16:08 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-14 16:08 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-14 16:08 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-14 16:08 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-14 16:08 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-14 16:08 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-14 16:08 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-14 16:08 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-13 00:28 - 2018-09-13 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Vegas 2
2018-09-12 20:28 - 2018-09-12 21:08 - 000000000 ____D C:\Users\Evan\Downloads\Rainbow Six Vegas 2
2018-09-12 20:14 - 2018-09-12 20:14 - 000000000 ____D C:\ProgramData\Ubisoft
2018-09-12 20:13 - 2018-09-12 20:14 - 000107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 002337865 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 000066872 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-12 19:53 - 2018-09-13 00:16 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-09-12 19:23 - 2018-09-12 19:45 - 000000000 ____D C:\Users\Evan\Downloads\www.alt.bitworld.to...Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED
2018-09-11 23:37 - 2018-09-11 23:37 - 000000000 ____D C:\Users\Evan\Downloads\Native Instruments FM8 v1.4.0 Update-R2R [deepstatus]
2018-09-10 17:59 - 2018-09-10 17:59 - 000379481 _____ C:\Users\Evan\Downloads\watch (1).html
2018-09-10 16:02 - 2018-09-10 16:02 - 000004585 _____ C:\Users\Evan\Downloads\FLRegKey.reg
2018-09-10 16:00 - 2018-10-04 01:29 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-09-10 16:00 - 2018-09-10 16:00 - 000002128 _____ C:\Users\Evan\Desktop\FL Studio 12 (64bit).lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000002112 _____ C:\Users\Evan\Desktop\FL Studio 12.lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000001218 _____ C:\Users\Evan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files\Common Files\VST2
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\Documents\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Program Files\Image-Line
2018-09-10 15:46 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files (x86)\Image-Line
2018-09-10 15:39 - 2018-09-10 15:43 - 000000000 ____D C:\Users\Evan\Downloads\FL STUDIO 12 Producer Edition v12.2 [build3]  32Bit & 64Bit + Crack
2018-09-08 01:20 - 2018-09-20 02:19 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Taiga
2018-09-08 01:20 - 2018-09-08 01:20 - 001203581 _____ (erengy) C:\Users\Evan\Downloads\TaigaSetup.exe
2018-09-08 01:20 - 2018-09-08 01:20 - 000001011 _____ C:\Users\Evan\Desktop\Taiga.lnk
2018-09-08 01:20 - 2018-09-08 01:20 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taiga
2018-09-08 00:01 - 2018-09-27 19:05 - 000000393 _____ C:\Users\Evan\Documents\Multihack4.ini
2018-09-08 00:01 - 2018-09-08 00:01 - 000001129 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multihack.lnk
2018-09-08 00:01 - 2018-09-08 00:01 - 000000000 ____D C:\Users\Evan\Downloads\Multihack v4.0_mpgh.net
2018-09-08 00:00 - 2018-09-08 00:00 - 001322651 _____ C:\Users\Evan\Downloads\Multihack v4.0_mpgh.net.zip
2018-09-06 00:39 - 2018-09-06 00:39 - 000003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-04 17:12 - 2018-01-05 13:30 - 000088933 _____ C:\WINDOWS\ZAM.krnl.trace
2018-10-04 17:12 - 2017-12-27 13:31 - 000034811 _____ C:\Users\Evan\Downloads\FRST.txt
2018-10-04 17:12 - 2017-12-25 17:21 - 000052676 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-10-04 17:07 - 2018-09-01 17:04 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Twitch
2018-10-04 17:04 - 2018-06-19 04:14 - 000000000 ____D C:\Users\Evan\AppData\Local\Overwolf
2018-10-04 17:01 - 2018-07-03 13:17 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Blitz
2018-10-04 17:01 - 2018-06-19 04:15 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-10-04 16:57 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-04 16:57 - 2017-07-13 19:51 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
2018-10-04 16:55 - 2018-05-17 02:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-04 16:54 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-04 16:24 - 2017-12-27 13:31 - 000000000 ____D C:\FRST
2018-10-04 16:24 - 2017-12-26 19:42 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-04 16:07 - 2018-05-17 16:55 - 000000000 ____D C:\Users\Evan\AppData\Local\D3DSCache
2018-10-04 16:06 - 2018-09-01 20:24 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-04 16:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-04 16:04 - 2018-03-30 10:30 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job
2018-10-04 16:00 - 2017-12-24 18:02 - 000000000 ____D C:\Users\Evan\AppData\Local\transmission
2018-10-04 15:54 - 2018-05-17 02:53 - 000003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEvan
2018-10-04 15:24 - 2018-05-17 02:53 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01B21D24-031A-4188-BA33-533CE41FA0CB}
2018-10-04 15:21 - 2018-05-17 02:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-04 07:44 - 2016-10-21 11:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-03 15:43 - 2017-10-08 16:19 - 000000000 ____D C:\Program Files (x86)\RealRealSteam
2018-10-02 07:46 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-01 18:01 - 2017-07-17 19:22 - 000000000 ____D C:\Users\Evan\Documents\My Games
2018-10-01 00:24 - 2017-07-28 15:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Battle.net
2018-09-30 23:24 - 2017-07-28 15:54 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-09-30 16:40 - 2018-06-28 15:05 - 000000000 ____D C:\Users\Evan\Documents\SkidRow
2018-09-30 16:31 - 2018-05-02 17:40 - 000000000 ____D C:\Games
2018-09-30 13:48 - 2018-01-09 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-09-29 23:03 - 2018-08-14 01:59 - 000000000 ____D C:\Users\Evan\Downloads\memes
2018-09-29 02:04 - 2017-09-03 16:04 - 000000000 ____D C:\Program Files (x86)\Arena
2018-09-27 22:50 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-09-27 20:11 - 2017-11-26 01:56 - 000000000 ____D C:\Users\Evan\AppData\Local\Packages
2018-09-27 17:35 - 2018-05-17 02:25 - 000000000 ____D C:\Users\Evan
2018-09-27 17:32 - 2017-10-08 11:13 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-09-27 17:31 - 2016-10-21 11:51 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-27 17:31 - 2016-10-21 11:51 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-27 17:29 - 2018-04-11 17:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-09-26 21:55 - 2018-02-26 23:25 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-09-26 17:08 - 2018-07-04 04:36 - 000000000 ____D C:\ProgramData\Packages
2018-09-25 00:43 - 2017-12-25 17:33 - 000000000 ____D C:\Program Files\Unlocker
2018-09-25 00:34 - 2018-02-02 18:53 - 000000000 ____D C:\Users\Evan\AppData\Local\UnrealEngine
2018-09-25 00:32 - 2018-04-04 17:52 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-09-22 01:59 - 2018-05-17 02:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-22 01:59 - 2018-05-17 02:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-21 15:45 - 2018-05-17 02:53 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2198813628-2402096551-3996786398-1001
2018-09-21 15:45 - 2018-05-17 02:25 - 000002416 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-21 15:45 - 2017-07-13 19:55 - 000000000 ___RD C:\Users\Evan\OneDrive
2018-09-19 21:38 - 2018-04-14 00:46 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2018-09-19 21:38 - 2018-04-14 00:45 - 000000000 ____D C:\Users\Evan\AppData\Local\HearthstoneDeckTracker
2018-09-19 21:38 - 2017-07-15 11:31 - 000000000 ____D C:\Users\Evan\AppData\Local\SquirrelTemp
2018-09-19 21:32 - 2017-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-09-17 16:43 - 2018-05-17 02:53 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-09-17 16:07 - 2018-02-11 23:51 - 000000000 ____D C:\Users\Evan\.grasp_settings
2018-09-17 15:43 - 2017-03-23 00:31 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-09-16 21:23 - 2018-06-12 20:04 - 000000000 ____D C:\Users\Evan\AppData\Roaming\StardewValley
2018-09-15 21:47 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-15 21:45 - 2018-05-17 02:17 - 000290976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-15 21:41 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-15 21:28 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-15 13:52 - 2018-05-17 02:53 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-12 19:53 - 2016-10-21 11:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-09-12 02:16 - 2018-05-17 02:24 - 000931512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-11 22:28 - 2017-12-26 19:42 - 000000000 ____D C:\Program Files\CCleaner
2018-09-11 16:07 - 2017-07-13 19:52 - 000000000 ____D C:\Users\Evan\AppData\Local\Publishers
2018-09-10 08:15 - 2017-12-22 12:29 - 000000000 ____D C:\Users\Evan\AppData\Local\ElevatedDiagnostics
2018-09-09 17:54 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-04 19:04 - 2018-04-11 19:41 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-04 19:04 - 2018-04-11 19:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2018-02-10 13:47 - 2018-02-09 13:46 - 000038678 _____ () C:\Users\Evan\AppData\Roaming\dhgfhgferr.png
2018-09-27 17:22 - 2018-09-27 17:22 - 000000000 _____ () C:\Users\Evan\AppData\Roaming\FC29FA0894FE.ini
2018-06-21 17:52 - 2018-06-21 18:03 - 000000084 _____ () C:\Users\Evan\AppData\Local\Autosofted License.txt
2018-10-04 16:06 - 2018-10-04 16:06 - 000000066 _____ () C:\Users\Evan\AppData\Local\dxmtbtov.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000076587 _____ () C:\Users\Evan\AppData\Local\fqgqnssy.log
2018-10-04 16:06 - 2018-10-04 16:53 - 000000004 _____ () C:\Users\Evan\AppData\Local\gtlhvkjj.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000000000 _____ () C:\Users\Evan\AppData\Local\rraftxqi.log
2018-10-04 16:05 - 2018-10-04 17:17 - 000000028 _____ () C:\Users\Evan\AppData\Local\vrwgfbko.log
2018-10-04 16:05 - 2018-10-04 16:06 - 000393442 _____ () C:\Users\Evan\AppData\Local\wibtbxol.log
2018-10-04 16:06 - 2018-10-04 17:09 - 001357073 _____ () C:\Users\Evan\AppData\Local\xfqjyfrc.log
 
Some files in TEMP:
====================
2018-09-27 19:24 - 2018-09-27 19:24 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-32-5951740665947102899.dll
2018-09-27 18:55 - 2018-09-27 18:55 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-1380607797332911364.dll
2018-09-27 16:00 - 2018-09-27 16:00 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-3152145344091471539.dll
2018-09-27 19:06 - 2018-09-27 19:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-4146885892808842387.dll
2018-09-27 16:14 - 2018-09-27 16:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-5643878827776892051.dll
2018-10-04 16:05 - 2018-10-04 20:20 - 000146160 ____S (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\lngirfyq.exe
2018-10-04 06:21 - 2018-10-04 06:21 - 007069348 _____ () C:\Users\Evan\AppData\Local\Temp\setup.dll
2018-10-04 16:05 - 2018-10-04 20:20 - 000146160 ____S (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\swnwecbe.exe
2018-10-04 16:11 - 2018-10-04 17:03 - 000146160 _____ (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\taqvmqha.exe
2018-10-04 16:16 - 2018-10-04 16:03 - 000099887 _____ () C:\Users\Evan\AppData\Local\Temp\Uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-17 02:17
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.10.2018
Ran by Evan (administrator) on LAPTOP-9VM6RJT (04-10-2018 17:01:58)
Running from C:\Users\Evan\Downloads
Loaded Profiles: Evan &  (Available Profiles: Evan)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHeciSvc.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\OobeHook.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10827.20110.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Overwolf Ltd.) C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
(Blitz Esports) C:\Program Files\Blitz\Blitz.exe
(Twitch Interactive, Inc.) C:\Users\Evan\AppData\Roaming\Twitch\Bin\Twitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Overwolf Ltd.) C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Farbar) C:\Users\Evan\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [406016 2018-01-31] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165644416\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165644963\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [MurGee.com Auto Keyboard] => C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Steam] => C:\Program Files (x86)\RealRealSteam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [665216 2018-03-01] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1504584 2018-09-18] (Overwolf Ltd.)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [com.blitz.app] => C:\Program Files\Blitz\Blitz.exe [67603384 2018-07-03] (Blitz Esports)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CrrDkwem] => C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe [146160 2018-10-04] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2417936 2018-01-31] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [MurGee.com Auto Keyboard] => C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [Steam] => C:\Program Files (x86)\RealRealSteam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [665216 2018-03-01] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1504584 2018-09-18] (Overwolf Ltd.)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [com.blitz.app] => C:\Program Files\Blitz\Blitz.exe [67603384 2018-07-03] (Blitz Esports)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [CrrDkwem] => :\Users\Evan\AppData\Local\toaqatuv\crrdkwem.ex
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2417936 2018-01-31] ()
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-03-23]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico ()
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crrdkwem.exe [2018-10-04] ()
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2018-09-12]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-09-01]
ShortcutTarget: Twitch.lnk -> C:\Users\Evan\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb67c16-5ee4-42e1-937c-1c5246fc58f6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{42efc9c9-0843-433b-95da-54a36e0e3bde}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{645a08f7-d26d-11e7-b9df-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9d106ced-10c2-4ac3-a956-faab85e48f62}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a59731b4-a3e0-412d-be16-275f506bbeac}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ab90e9d2-f3f7-4690-970c-1dc6b67546a3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da96d4e7-83a6-4cbc-8dd8-f721e0a20217}: [DhcpNameServer] 172.18.13.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = 
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = 
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-27] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-01-25] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: o33qc0vs.default
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\o33qc0vs.default [2018-09-27]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-01] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
 
Chrome: 
=======
CHR HomePage: Default -> homepage.ssoextension.com
CHR DefaultSearchURL: Default -> hxxp://search.ssoextension.com/s?q={searchTerms}
CHR DefaultSearchKeyword: Default -> ssoextension.com
CHR DefaultSuggestURL: Default -> hxxp://suggest.ssoextension.com/suggest?q={searchTerms}
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default [2018-10-04]
CHR Extension: (Slides) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Video Downloader professional) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-12]
CHR Extension: (Google Play Music) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-27]
CHR Extension: (Sheets) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (AdBlock) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-20]
CHR Extension: (Drumpfinator) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2017-09-25]
CHR Extension: (Violentmonkey) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2018-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2018-05-02] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-04] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
S2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [136352 2018-04-09] (eVenture Limited)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2308424 2018-09-18] (Overwolf LTD)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [900840 2017-08-14] ()
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2018-09-12] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2018-09-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-02] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-04] (Intel Corporation)
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-04] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-10-04] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-02] ()
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [46040 2017-08-24] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-25] (Zemana Ltd.)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-04 16:59 - 2018-10-04 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-10-04 16:55 - 2018-10-04 16:55 - 000000000 ___HD C:\ProgramData\temp
2018-10-04 16:24 - 2018-10-04 16:24 - 002414080 _____ (Farbar) C:\Users\Evan\Downloads\FRST64 (2).exe
2018-10-04 16:03 - 2018-10-04 16:58 - 000000000 ____D C:\Users\Evan\AppData\Local\toaqatuv
2018-10-04 16:03 - 2018-10-04 16:03 - 000000095 _____ C:\WINDOWS\wininit.ini
2018-10-04 15:59 - 2018-10-04 17:01 - 000000000 ____D C:\Users\Evan\Downloads\VST Plugins Pack Ultimate Collection
2018-10-04 15:23 - 2018-10-04 15:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-04 01:19 - 2018-10-04 02:06 - 000000000 ____D C:\Users\Evan\Downloads\Nexus Content
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\Program Files (x86)\Uninstall Nexus
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\Program Files (x86)\Manual
2018-10-04 01:15 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\WINDOWS\SysWOW64\SYNSOEMU.DLL
2018-10-04 00:50 - 2018-10-04 01:05 - 000000000 ____D C:\Users\Evan\Downloads\ReFX Nexus v2.2 VSTi RTAS DVDR - AiRISO [deepstatus]
2018-10-03 09:26 - 2018-10-03 09:26 - 000098234 _____ C:\WINDOWS\uninstaller.dat
2018-10-01 16:06 - 2018-10-01 16:06 - 000000000 ____D C:\Users\Evan\Downloads\Farming.Simulator.17.v1.2.0.0
2018-10-01 15:43 - 2018-10-01 15:59 - 159114917 _____ C:\Users\Evan\Downloads\Farming.Simulator.17.v1.2.0.0.zip
2018-09-30 16:40 - 2018-10-03 07:19 - 000000000 ____D C:\Users\Evan\Documents\Euro Truck Simulator 2
2018-09-30 16:34 - 2018-09-30 16:34 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 - Krone Trailer Pack
2018-09-30 16:14 - 2018-09-18 10:07 - 000000000 ____D C:\Users\Evan\Downloads\Euro.Truck.Simulator.2.Krone.Trailer.Pack
2018-09-30 15:46 - 2018-09-30 16:13 - 907066883 _____ C:\Users\Evan\Downloads\Euro.Truck.Simulator.2.Krone.Trailer.Pack.rar
2018-09-30 13:48 - 2018-09-30 13:48 - 000000982 _____ C:\Users\Public\Desktop\League of Legends.lnk
2018-09-29 23:02 - 2018-09-29 23:02 - 000002045 _____ C:\Users\Evan\Downloads\animelist_1538276537_-_7406724.xml.gz
2018-09-29 22:59 - 2018-09-29 22:59 - 000004729 _____ C:\Users\Evan\Downloads\animelist_1538276397_-_6752577.xml.gz
2018-09-29 00:59 - 2018-09-29 00:59 - 000789048 _____ (Roblox Corporation) C:\Users\Evan\Downloads\RobloxPlayerLauncher (3).exe
2018-09-28 21:03 - 2018-09-06 17:12 - 000000000 ____D C:\Users\Evan\Downloads\Europa.Universalis.IV.Dharma
2018-09-28 20:37 - 2018-09-28 20:48 - 2706411504 _____ C:\Users\Evan\Downloads\Europa.Universalis.IV.Dharma.rar
2018-09-27 19:17 - 2018-09-27 19:19 - 000000000 ____D C:\Users\Evan\AppData\Roaming\.technic
2018-09-27 19:17 - 2018-09-27 19:17 - 004734928 _____ () C:\Users\Evan\Downloads\TechnicLauncher.exe
2018-09-27 17:22 - 2018-10-04 16:55 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-09-27 17:22 - 2018-09-27 17:22 - 000000000 _____ C:\Users\Evan\AppData\Roaming\FC29FA0894FE.ini
2018-09-27 15:33 - 2018-09-27 15:33 - 000576894 _____ C:\Users\Evan\Downloads\download.html
2018-09-26 19:24 - 2018-09-26 19:24 - 000000000 ____D C:\Users\Evan\AppData\Roaming\SEMC
2018-09-26 19:21 - 2018-09-26 19:21 - 000001311 _____ C:\Users\Public\Desktop\Vainglory.lnk
2018-09-26 19:21 - 2018-09-26 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vainglory
2018-09-26 19:02 - 2018-09-26 19:02 - 000000000 ____D C:\Program Files (x86)\Super Evil Megacorp
2018-09-26 18:57 - 2018-09-26 19:00 - 1287846320 _____ (Super Evil Megacorp) C:\Users\Evan\Downloads\VainglorySetup.83651.exe
2018-09-26 18:31 - 2018-09-26 18:31 - 001507328 _____ (Adobe Systems Incorporated) C:\Users\Evan\Downloads\flash_player.exe
2018-09-26 18:18 - 2018-09-26 18:21 - 943293743 _____ (Super Evil Megacorp) C:\Users\Evan\Downloads\Unconfirmed 781250.crdownload
2018-09-26 17:26 - 2018-09-26 17:47 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Tropico 5
2018-09-26 17:26 - 2018-09-26 17:26 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Kalypso Media
2018-09-26 17:25 - 2018-09-26 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5
2018-09-26 17:21 - 2018-09-27 17:22 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack
2018-09-26 17:21 - 2018-09-26 17:22 - 000000000 ____D C:\Program Files (x86)\Tropico 5
2018-09-26 17:19 - 2018-09-26 17:19 - 000000860 _____ C:\Users\Evan\Desktop\Cities Skylines Parklife.lnk
2018-09-26 17:19 - 2018-09-26 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines Parklife
2018-09-25 00:34 - 2018-09-25 00:34 - 000000000 ____D C:\Users\Evan\AppData\Local\TekkenGame
2018-09-25 00:32 - 2018-09-25 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-09-25 00:28 - 2018-09-25 00:28 - 000002187 _____ C:\Users\Evan\Desktop\TEKKEN 7.lnk
2018-09-25 00:28 - 2018-09-25 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2018-09-24 23:09 - 2018-09-24 23:09 - 000000000 ____D C:\Program Files (x86)\GMT-MAX.ORG
2018-09-24 15:46 - 2018-09-24 15:46 - 000000000 ____D C:\Users\Evan\AppData\Local\mbam
2018-09-23 16:38 - 2018-09-24 23:08 - 000000000 ____D C:\Users\Evan\Downloads\TEKKEN_7_DDE_RePack_MAXAGENT
2018-09-23 12:14 - 2018-09-23 12:28 - 000000000 ____D C:\Users\Evan\Downloads\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack
2018-09-17 22:07 - 2018-05-24 13:52 - 000000000 ____D C:\Users\Evan\Downloads\Cities.Skylines.Parklife
2018-09-17 21:50 - 2018-09-17 22:05 - 1063004405 _____ C:\Users\Evan\Downloads\Cities.Skylines.Parklife.part1.rar
2018-09-17 21:50 - 2018-09-17 21:51 - 183525939 _____ C:\Users\Evan\Downloads\Cities.Skylines.Parklife.part2.rar
2018-09-17 16:05 - 2018-09-17 16:05 - 000000023 _____ C:\WINDOWS\BlendSettings.ini
2018-09-17 16:01 - 2018-09-17 16:01 - 000005842 _____ C:\Users\Evan\Downloads\DCF_plugin-36125-1-3.zip
2018-09-17 16:01 - 2018-09-17 16:01 - 000000000 ____D C:\Users\Evan\Downloads\DCF_plugin-36125-1-3
2018-09-17 15:53 - 2018-09-17 15:53 - 000001710 _____ C:\Users\Public\Desktop\The Elder Scrolls IV - Oblivion.lnk
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Oblivion
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls IV - Oblivion [GOG.com]
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\ProgramData\GOG.com
2018-09-17 15:43 - 2018-09-17 15:43 - 000000000 ____D C:\GOG Games
2018-09-16 23:25 - 2018-09-16 23:25 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Squeaky Wheel
2018-09-16 23:23 - 2018-08-30 08:59 - 000000000 ____D C:\Users\Evan\Downloads\Academia.School.Simulator.v0.2.49
2018-09-16 22:58 - 2018-09-16 22:58 - 169310482 _____ C:\Users\Evan\Downloads\Academia.School.Simulator.v0.2.49.rar
2018-09-16 21:10 - 2018-09-16 21:10 - 000000000 ____D C:\ProgramData\Undefined game
2018-09-15 19:19 - 2018-09-15 19:42 - 000000000 ____D C:\Users\Evan\Downloads\The Elder Scrolls IV- Oblivion GOTY - GOG
2018-09-15 14:45 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-14 16:11 - 2018-08-30 23:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-14 16:11 - 2018-08-30 23:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-14 16:11 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-14 16:10 - 2018-08-30 23:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-14 16:10 - 2018-08-30 23:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-14 16:10 - 2018-08-30 23:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-14 16:10 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-14 16:10 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-14 16:10 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-14 16:10 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-14 16:10 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-14 16:10 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-14 16:10 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-14 16:10 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-14 16:10 - 2018-08-30 23:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-14 16:10 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-14 16:10 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-14 16:10 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-14 16:10 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-14 16:10 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-14 16:10 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-14 16:10 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-14 16:10 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-14 16:10 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-14 16:10 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-14 16:10 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-14 16:10 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-14 16:10 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-14 16:10 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-14 16:10 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-14 16:10 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-14 16:09 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-14 16:09 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-14 16:09 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-14 16:09 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-14 16:09 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-14 16:09 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-14 16:09 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-14 16:09 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-14 16:09 - 2018-08-31 03:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-14 16:09 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-14 16:09 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-14 16:09 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-14 16:09 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-14 16:09 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-14 16:09 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-14 16:09 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-14 16:09 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-14 16:09 - 2018-08-30 23:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-14 16:09 - 2018-08-30 23:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-14 16:09 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-14 16:09 - 2018-08-30 23:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-14 16:09 - 2018-08-30 23:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-14 16:09 - 2018-08-30 23:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-14 16:09 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-14 16:09 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-14 16:09 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-14 16:09 - 2018-08-30 23:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-14 16:09 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-14 16:09 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-14 16:09 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-14 16:09 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-14 16:09 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-14 16:09 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-14 16:09 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-14 16:09 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-14 16:09 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-14 16:09 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-14 16:09 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-14 16:09 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-14 16:09 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-14 16:09 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-14 16:09 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-14 16:09 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-14 16:09 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-14 16:09 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-14 16:09 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-14 16:09 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-14 16:09 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-14 16:09 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-14 16:09 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-14 16:09 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-14 16:09 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-14 16:09 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-14 16:09 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-14 16:09 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-14 16:09 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-14 16:09 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-14 16:09 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-14 16:09 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-14 16:09 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-14 16:09 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-14 16:09 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-14 16:09 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-14 16:09 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-14 16:09 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-14 16:09 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-14 16:09 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-14 16:09 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-14 16:09 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-14 16:09 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-14 16:09 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-14 16:09 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-14 16:09 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-14 16:09 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-14 16:09 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-14 16:09 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-14 16:09 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-14 16:09 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-14 16:09 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-14 16:09 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-14 16:09 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-14 16:09 - 2018-08-09 00:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-14 16:09 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-14 16:09 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-14 16:09 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-14 16:09 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-14 16:09 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-14 16:09 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-14 16:09 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-14 16:09 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-14 16:09 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-14 16:09 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-14 16:09 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-14 16:09 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-14 16:09 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-14 16:09 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-14 16:09 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-14 16:09 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-14 16:09 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-14 16:09 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-14 16:09 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-14 16:09 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-14 16:09 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-14 16:08 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-14 16:08 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-14 16:08 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-14 16:08 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-14 16:08 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-14 16:08 - 2018-08-30 23:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-14 16:08 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-14 16:08 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-14 16:08 - 2018-08-30 21:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-14 16:08 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-14 16:08 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-14 16:08 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-14 16:08 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-14 16:08 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-14 16:08 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-14 16:08 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-14 16:08 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-14 16:08 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-14 16:08 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-14 16:08 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-14 16:08 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-14 16:08 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-14 16:08 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-14 16:08 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-14 16:08 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-14 16:08 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-14 16:08 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-14 16:08 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-13 00:28 - 2018-09-13 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Vegas 2
2018-09-12 20:28 - 2018-09-12 21:08 - 000000000 ____D C:\Users\Evan\Downloads\Rainbow Six Vegas 2
2018-09-12 20:14 - 2018-09-12 20:14 - 000000000 ____D C:\ProgramData\Ubisoft
2018-09-12 20:13 - 2018-09-12 20:14 - 000107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 002337865 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 000066872 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-12 19:53 - 2018-09-13 00:16 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-09-12 19:23 - 2018-09-12 19:45 - 000000000 ____D C:\Users\Evan\Downloads\www.alt.bitworld.to...Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED
2018-09-11 23:37 - 2018-09-11 23:37 - 000000000 ____D C:\Users\Evan\Downloads\Native Instruments FM8 v1.4.0 Update-R2R [deepstatus]
2018-09-10 17:59 - 2018-09-10 17:59 - 000379481 _____ C:\Users\Evan\Downloads\watch (1).html
2018-09-10 16:02 - 2018-09-10 16:02 - 000004585 _____ C:\Users\Evan\Downloads\FLRegKey.reg
2018-09-10 16:00 - 2018-10-04 01:29 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-09-10 16:00 - 2018-09-10 16:00 - 000002128 _____ C:\Users\Evan\Desktop\FL Studio 12 (64bit).lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000002112 _____ C:\Users\Evan\Desktop\FL Studio 12.lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000001218 _____ C:\Users\Evan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files\Common Files\VST2
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\Documents\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Program Files\Image-Line
2018-09-10 15:46 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files (x86)\Image-Line
2018-09-10 15:39 - 2018-09-10 15:43 - 000000000 ____D C:\Users\Evan\Downloads\FL STUDIO 12 Producer Edition v12.2 [build3]  32Bit & 64Bit + Crack
2018-09-08 01:20 - 2018-09-20 02:19 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Taiga
2018-09-08 01:20 - 2018-09-08 01:20 - 001203581 _____ (erengy) C:\Users\Evan\Downloads\TaigaSetup.exe
2018-09-08 01:20 - 2018-09-08 01:20 - 000001011 _____ C:\Users\Evan\Desktop\Taiga.lnk
2018-09-08 01:20 - 2018-09-08 01:20 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taiga
2018-09-08 00:01 - 2018-09-27 19:05 - 000000393 _____ C:\Users\Evan\Documents\Multihack4.ini
2018-09-08 00:01 - 2018-09-08 00:01 - 000001129 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multihack.lnk
2018-09-08 00:01 - 2018-09-08 00:01 - 000000000 ____D C:\Users\Evan\Downloads\Multihack v4.0_mpgh.net
2018-09-08 00:00 - 2018-09-08 00:00 - 001322651 _____ C:\Users\Evan\Downloads\Multihack v4.0_mpgh.net.zip
2018-09-06 00:39 - 2018-09-06 00:39 - 000003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-04 17:12 - 2018-01-05 13:30 - 000088933 _____ C:\WINDOWS\ZAM.krnl.trace
2018-10-04 17:12 - 2017-12-27 13:31 - 000034811 _____ C:\Users\Evan\Downloads\FRST.txt
2018-10-04 17:12 - 2017-12-25 17:21 - 000052676 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-10-04 17:07 - 2018-09-01 17:04 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Twitch
2018-10-04 17:04 - 2018-06-19 04:14 - 000000000 ____D C:\Users\Evan\AppData\Local\Overwolf
2018-10-04 17:01 - 2018-07-03 13:17 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Blitz
2018-10-04 17:01 - 2018-06-19 04:15 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-10-04 16:57 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-04 16:57 - 2017-07-13 19:51 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
2018-10-04 16:55 - 2018-05-17 02:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-04 16:54 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-04 16:24 - 2017-12-27 13:31 - 000000000 ____D C:\FRST
2018-10-04 16:24 - 2017-12-26 19:42 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-04 16:07 - 2018-05-17 16:55 - 000000000 ____D C:\Users\Evan\AppData\Local\D3DSCache
2018-10-04 16:06 - 2018-09-01 20:24 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-04 16:06 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-04 16:04 - 2018-03-30 10:30 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job
2018-10-04 16:00 - 2017-12-24 18:02 - 000000000 ____D C:\Users\Evan\AppData\Local\transmission
2018-10-04 15:54 - 2018-05-17 02:53 - 000003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEvan
2018-10-04 15:24 - 2018-05-17 02:53 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01B21D24-031A-4188-BA33-533CE41FA0CB}
2018-10-04 15:21 - 2018-05-17 02:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-04 07:44 - 2016-10-21 11:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-03 15:43 - 2017-10-08 16:19 - 000000000 ____D C:\Program Files (x86)\RealRealSteam
2018-10-02 07:46 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-01 18:01 - 2017-07-17 19:22 - 000000000 ____D C:\Users\Evan\Documents\My Games
2018-10-01 00:24 - 2017-07-28 15:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Battle.net
2018-09-30 23:24 - 2017-07-28 15:54 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-09-30 16:40 - 2018-06-28 15:05 - 000000000 ____D C:\Users\Evan\Documents\SkidRow
2018-09-30 16:31 - 2018-05-02 17:40 - 000000000 ____D C:\Games
2018-09-30 13:48 - 2018-01-09 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-09-29 23:03 - 2018-08-14 01:59 - 000000000 ____D C:\Users\Evan\Downloads\memes
2018-09-29 02:04 - 2017-09-03 16:04 - 000000000 ____D C:\Program Files (x86)\Arena
2018-09-27 22:50 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-09-27 20:11 - 2017-11-26 01:56 - 000000000 ____D C:\Users\Evan\AppData\Local\Packages
2018-09-27 17:35 - 2018-05-17 02:25 - 000000000 ____D C:\Users\Evan
2018-09-27 17:32 - 2017-10-08 11:13 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-09-27 17:31 - 2016-10-21 11:51 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-27 17:31 - 2016-10-21 11:51 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-27 17:29 - 2018-04-11 17:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-09-26 21:55 - 2018-02-26 23:25 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-09-26 17:08 - 2018-07-04 04:36 - 000000000 ____D C:\ProgramData\Packages
2018-09-25 00:43 - 2017-12-25 17:33 - 000000000 ____D C:\Program Files\Unlocker
2018-09-25 00:34 - 2018-02-02 18:53 - 000000000 ____D C:\Users\Evan\AppData\Local\UnrealEngine
2018-09-25 00:32 - 2018-04-04 17:52 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-09-22 01:59 - 2018-05-17 02:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-22 01:59 - 2018-05-17 02:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-21 15:45 - 2018-05-17 02:53 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2198813628-2402096551-3996786398-1001
2018-09-21 15:45 - 2018-05-17 02:25 - 000002416 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-21 15:45 - 2017-07-13 19:55 - 000000000 ___RD C:\Users\Evan\OneDrive
2018-09-19 21:38 - 2018-04-14 00:46 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2018-09-19 21:38 - 2018-04-14 00:45 - 000000000 ____D C:\Users\Evan\AppData\Local\HearthstoneDeckTracker
2018-09-19 21:38 - 2017-07-15 11:31 - 000000000 ____D C:\Users\Evan\AppData\Local\SquirrelTemp
2018-09-19 21:32 - 2017-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-09-17 16:43 - 2018-05-17 02:53 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-09-17 16:07 - 2018-02-11 23:51 - 000000000 ____D C:\Users\Evan\.grasp_settings
2018-09-17 15:43 - 2017-03-23 00:31 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-09-16 21:23 - 2018-06-12 20:04 - 000000000 ____D C:\Users\Evan\AppData\Roaming\StardewValley
2018-09-15 21:47 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-15 21:45 - 2018-05-17 02:17 - 000290976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-15 21:41 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-15 21:28 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-15 13:52 - 2018-05-17 02:53 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-09-12 19:53 - 2016-10-21 11:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-09-12 02:16 - 2018-05-17 02:24 - 000931512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-11 22:28 - 2017-12-26 19:42 - 000000000 ____D C:\Program Files\CCleaner
2018-09-11 16:07 - 2017-07-13 19:52 - 000000000 ____D C:\Users\Evan\AppData\Local\Publishers
2018-09-10 08:15 - 2017-12-22 12:29 - 000000000 ____D C:\Users\Evan\AppData\Local\ElevatedDiagnostics
2018-09-09 17:54 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-04 19:04 - 2018-04-11 19:41 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-04 19:04 - 2018-04-11 19:41 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2018-02-10 13:47 - 2018-02-09 13:46 - 000038678 _____ () C:\Users\Evan\AppData\Roaming\dhgfhgferr.png
2018-09-27 17:22 - 2018-09-27 17:22 - 000000000 _____ () C:\Users\Evan\AppData\Roaming\FC29FA0894FE.ini
2018-06-21 17:52 - 2018-06-21 18:03 - 000000084 _____ () C:\Users\Evan\AppData\Local\Autosofted License.txt
2018-10-04 16:06 - 2018-10-04 16:06 - 000000066 _____ () C:\Users\Evan\AppData\Local\dxmtbtov.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000076587 _____ () C:\Users\Evan\AppData\Local\fqgqnssy.log
2018-10-04 16:06 - 2018-10-04 16:53 - 000000004 _____ () C:\Users\Evan\AppData\Local\gtlhvkjj.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000000000 _____ () C:\Users\Evan\AppData\Local\rraftxqi.log
2018-10-04 16:05 - 2018-10-04 17:17 - 000000028 _____ () C:\Users\Evan\AppData\Local\vrwgfbko.log
2018-10-04 16:05 - 2018-10-04 16:06 - 000393442 _____ () C:\Users\Evan\AppData\Local\wibtbxol.log
2018-10-04 16:06 - 2018-10-04 17:09 - 001357073 _____ () C:\Users\Evan\AppData\Local\xfqjyfrc.log
 
Some files in TEMP:
====================
2018-09-27 19:24 - 2018-09-27 19:24 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-32-5951740665947102899.dll
2018-09-27 18:55 - 2018-09-27 18:55 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-1380607797332911364.dll
2018-09-27 16:00 - 2018-09-27 16:00 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-3152145344091471539.dll
2018-09-27 19:06 - 2018-09-27 19:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-4146885892808842387.dll
2018-09-27 16:14 - 2018-09-27 16:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-5643878827776892051.dll
2018-10-04 16:05 - 2018-10-04 20:20 - 000146160 ____S (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\lngirfyq.exe
2018-10-04 06:21 - 2018-10-04 06:21 - 007069348 _____ () C:\Users\Evan\AppData\Local\Temp\setup.dll
2018-10-04 16:05 - 2018-10-04 20:20 - 000146160 ____S (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\swnwecbe.exe
2018-10-04 16:11 - 2018-10-04 17:03 - 000146160 _____ (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\taqvmqha.exe
2018-10-04 16:16 - 2018-10-04 16:03 - 000099887 _____ () C:\Users\Evan\AppData\Local\Temp\Uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-17 02:17
 
==================== End of FRST.txt ============================
 
 
 
 
 
addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.10.2018
Ran by Evan (04-10-2018 17:18:35)
Running from C:\Users\Evan\Downloads
Windows 10 Home Version 1803 17134.285 (X64) (2018-05-17 06:55:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2198813628-2402096551-3996786398-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2198813628-2402096551-3996786398-503 - Limited - Disabled)
Evan (S-1-5-21-2198813628-2402096551-3996786398-1001 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-2198813628-2402096551-3996786398-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2198813628-2402096551-3996786398-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-018150a6-0d9b-4ea1-8a0e-7f26ca8bd492) (Version: 3.0.2.48 - WildTangent) Hidden
Betternet (HKLM-x32\...\Betternet) (Version:  - )
Betternet for Windows 3.11.1 (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF7C205999}) (Version: 3.11.1 - Betternet Technologies Inc.)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.10 - Kakao Games Europe B.V.)
Blitz 0.7.10 (HKLM\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 0.7.10 - Blitz Esports)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cities Skylines Parklife (HKLM-x32\...\Cities Skylines Parklife_is1) (Version:  - )
Darkest Dungeon The Color of Madness (HKLM-x32\...\Darkest Dungeon The Color of Madness_is1) (Version:  - )
Divinity Original Sin 2 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version:  - )
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dont Starve Together A New Reign (HKLM-x32\...\Dont Starve Together A New Reign_is1) (Version:  - )
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Euro Truck Simulator 2 - Krone Trailer Pack (HKLM\...\SKIDROW - Euro Truck Simulator 2 - Krone Trailer Pack) (Version:  - SKIDROW)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Floris Mod Pack 2.54 (HKLM-x32\...\Floris Mod Pack_is1) (Version:  - )
Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - )
Football, Tactics & Glory (HKLM\...\SKIDROW - Football, Tactics & Glory) (Version:  - SKIDROW)
FreeMouseAutoClicker 3.8.3 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Game Summary (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 118.1.4 - Overwolf app)
Game Summary (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 118.1.4 - Overwolf app)
Game Summary (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 118.1.4 - Overwolf app)
Game Summary (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 118.1.4 - Overwolf app)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HearthArena Companion (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.1 - Overwolf app)
HearthArena Companion (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.1 - Overwolf app)
HearthArena Companion (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.1 - Overwolf app)
HearthArena Companion (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.1 - Overwolf app)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\HearthstoneDeckTracker) (Version: 1.7.5 - HearthSim)
Hearthstone Deck Tracker (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\HearthstoneDeckTracker) (Version: 1.7.5 - HearthSim)
Hearthstone Deck Tracker (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\HearthstoneDeckTracker) (Version: 1.7.5 - HearthSim)
Hearthstone Deck Tracker (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\HearthstoneDeckTracker) (Version: 1.7.5 - HearthSim)
hide.me VPN 1.3.4 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.3.4 - eVenture Limited)
Hotspot Shield 7.4.6 (HKLM-x32\...\{65ed84d7-2bc2-4663-9b41-4681aa85be92}) (Version: 7.4.6.10822 - AnchorFree Inc.)
Hotspot Shield 7.4.6 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C1670D69}) (Version: 7.4.6.10822 - AnchorFree Inc.) Hidden
Hotspot Shield 7.4.6 (HKLM-x32\...\HotspotShield) (Version: 7.4.6 - AnchorFree Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.9.24.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
ibVPN All-In-One (HKLM-x32\...\ibVPN All-In-One) (Version: 2.3.4.1534 - AmplusNet SRL)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JCleaner 1.8.4 (HKLM-x32\...\JCleaner 1.8.4) (Version: 1.8.4 - VITSoft)
jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.4_03 - Auburn University)
KCleaner 3.6.0 (HKLM-x32\...\KCleaner 3.6.0) (Version: 3.6.0 - KC-SOFTWARES)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.992-beta - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
League Of Memories (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\leagueofmemories) (Version: 0.6.2 - LeagueOfMemories)
League Of Memories (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\leagueofmemories) (Version: 0.6.2 - LeagueOfMemories)
League Of Memories (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\leagueofmemories) (Version: 0.6.2 - LeagueOfMemories)
League Of Memories (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\leagueofmemories) (Version: 0.6.2 - LeagueOfMemories)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-8e53addf-f209-4ed7-94b6-52317cac87d9) (Version: 3.0.2.118 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.1.250.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mystika 2 (HKLM-x32\...\WTA-012ad41f-4cb0-410d-93fe-cce0c10c4ca7) (Version: 1.1.2.4 - WildTangent) Hidden
NextUp-ScanSoft Daniel British Voice (HKLM-x32\...\{BE916006-E144-44CF-B467-F733D0F86200}) (Version: 4.0.0 - NextUp.com)
Niche - a genetics survival game (HKLM\...\bmljaGVhZ2VuZXRpY3NzdXJ2aXZhbGdhbWU_is1) (Version: 1 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
OP.GG (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Overwolf_bhefjlijbpddfjbpokonlhdneiljfghigipgaijd) (Version: 1.5.0 - Overwolf app)
OP.GG (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Overwolf_bhefjlijbpddfjbpokonlhdneiljfghigipgaijd) (Version: 1.5.0 - Overwolf app)
OP.GG (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\Overwolf_bhefjlijbpddfjbpokonlhdneiljfghigipgaijd) (Version: 1.5.0 - Overwolf app)
OP.GG (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\Overwolf_bhefjlijbpddfjbpokonlhdneiljfghigipgaijd) (Version: 1.5.0 - Overwolf app)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenGL Extensions Viewer 5.1 (HKLM-x32\...\GLVIEW3) (Version: 513 - )
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
OpenVPN 2.4.5-I601  (HKLM\...\OpenVPN) (Version: 2.4.5-I601 - OpenVPN Technologies, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.118.2.33 - Overwolf Ltd.)
Path of Exile (HKLM-x32\...\{189c8173-084a-44d5-908d-c3881009d5aa}) (Version: 3.3.0.34126 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.3.0.34126 - Grinding Gear Games) Hidden
PlayVIG (HKLM-x32\...\{6C7CAF7C-51B1-40C0-BD84-9B7445BFE015}) (Version: 103.03.08.09 - PlayVIG)
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.8.4.0 - OpenVPN Technologies)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Roblox Player for Evan (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Player for Evan (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Player for Evan (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Player for Evan (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Runefall (HKLM-x32\...\WTA-1e75b8cf-14bf-48bc-abc5-1158fa9fd873) (Version: 3.0.2.126 - WildTangent) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Sparkle 2 (HKLM-x32\...\WTA-2d2ef3dd-0b0d-41bf-bbac-6382ff10fe81) (Version: 3.0.2.51 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Taiga (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Taiga) (Version: 1.3.1 - erengy)
Taiga (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Taiga) (Version: 1.3.1 - erengy)
Taiga (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\Taiga) (Version: 1.3.1 - erengy)
Taiga (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\Taiga) (Version: 1.3.1 - erengy)
TEKKEN 7 version 1.0 (HKLM-x32\...\TEKKEN 7_is1) (Version: 1.0 - GMT-MAX.ORG)
The Elder Scrolls IV: Oblivion (HKLM-x32\...\1458058109_is1) (Version: 1.2.0416 - GOG.com)
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{7AA77536-7DC2-4831-A0CF-B46C49C2D4DF}_is1) (Version: 1.03 - Ubisoft)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Transmission 2.92 (14714) (x64) (HKLM\...\{E2B281FA-6236-4F0D-B710-ECDB6B60EB5E}) (Version: 2.92.0 - Transmission Project)
Tropico.5.v1.10.Inc.All.DLC.Eng.Repack version 1.10 (HKLM-x32\...\{1FF6E821-EEEC-4CED-BFF3-9DF85FFE7BEB}}_is1) (Version: 1.10 - Ali213.net)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Twitch (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170715942\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018170749362\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vainglory 3.7 (HKLM-x32\...\Vainglory) (Version: 3.7 - Super Evil Megacorp)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-05] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1-x32: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => C:\Program Files (x86)\UnZipper\UnZipper.dll [2015-11-04] (Tightrope Interactive)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4-x32: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => C:\Program Files (x86)\UnZipper\UnZipper.dll [2015-11-04] (Tightrope Interactive)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxDTCM.dll [2016-12-06] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-05] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074E5D21-8C6B-41CD-B1AB-E78E0EAD989E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-04] (Microsoft Corporation)
Task: {0AA62996-B05B-43A2-86DB-AD9A3E13137D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-09-15] (Microsoft Corporation)
Task: {0F606C80-D9C9-433F-8CB8-171223121E9A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {1410DDF2-9122-42F9-9DDB-DB21589670A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-04] (Microsoft Corporation)
Task: {299CD121-4EB8-4955-A531-CB799E364335} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {2F0999DD-65C2-43E8-ADA0-678ED4B1CA5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {35D8B312-D4EC-4537-A73D-06B846316DC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-09-15] (Microsoft)
Task: {39EFAE66-7434-40BA-8804-85CF470553D0} - System32\Tasks\HPCeeScheduleForEvan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {44399526-5706-48FE-8E44-522FF3B76027} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-04] (Microsoft Corporation)
Task: {49229FE4-3797-498A-9EA0-7C590D0E1783} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {4EE09D7F-3B5A-4D5F-8E5A-72956D2F2F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
Task: {4FFFB024-1484-4C78-84ED-779162CC0D8A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-09-15] (Microsoft Corporation)
Task: {54FD613E-45C7-4C5A-8110-BF733BC61A84} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {5643D652-D2CD-4C65-8D76-BF05DBAB8C34} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-09-18] (Overwolf LTD)
Task: {5796304F-C61A-4285-8DC9-4722DC4C89D5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {661008FB-5C24-45C8-88F5-A76DDFE3E276} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38E1W1BK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {67D67830-8272-4419-8804-E32B3B96AA61} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-09-15] (Microsoft)
Task: {6C7A5DB7-DD8B-485E-A01A-AD17DA20E28D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {7E78CD9E-FBF1-4FFA-A8F4-7C30BC89AD76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {82B51764-1F96-4E1C-8CE1-AE1E52F6F7D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8B9FB1E1-D099-4E35-8C4F-0660251DF4F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
Task: {8F7F0B37-DAA4-412E-9B02-C54492F78C3B} - System32\Tasks\ibVPN-NewService => C:\Program Files (x86)\ibVPN_2.x\ibVPN.exe [2018-03-21] ()
Task: {9D3298BC-607E-4E5D-9FAA-E56F9C097B87} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-13] (Dropbox, Inc.)
Task: {A16EC950-3D91-4AB2-B206-90A6DE4A43D2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-09-15] (Microsoft Corporation)
Task: {A18229D4-977F-4DF5-9BF8-DDA031842F1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {A646456C-5064-48E6-ADDC-9F0401321172} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN6A83Q5Q9 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {ACD8237C-2838-4D53-9180-738DA7D6324D} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {B1A83A08-D736-4815-AC20-44B6FE79B762} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-04] (Microsoft Corporation)
Task: {B45CB9D2-9F46-48DE-86DF-FABCDA39DBBB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {B85B22DC-C87F-4AD2-BC01-AF2864F4B2C8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BD0DD682-4AE9-47CE-BE90-E66E70405D61} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-06-11] (McAfee, Inc.)
Task: {BE889667-6269-4869-A634-A75547BA3B94} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {C5BE5C07-4157-41FD-9D5C-901F90C6D19E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {C67205F1-1158-49D0-8BBC-8FEEA8B10803} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-04] (Microsoft Corporation)
Task: {CC6A7E62-F548-4330-8797-C88187583F43} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-24] ()
Task: {D2A5B1D7-BDDB-4B34-8BF9-0A975EEE349C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D4BD32CA-7DA8-43EA-ABF0-BD32389B6A3C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {D528E985-0960-4137-8794-97A2F873D815} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-08] (McAfee, Inc.)
Task: {DABC5DFB-0B49-4609-8176-F8B1584D1D06} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
Task: {DF17BCD0-79CE-48A7-8064-21E479A33566} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {DFE134DE-2BA7-44DA-B819-6A2AAC7468F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-04] (Microsoft Corporation)
Task: {E66D4C7C-D6CE-4A5A-8FF3-5E2DF8DCB1E9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-09-15] (Microsoft Corporation)
Task: {E873358B-6B36-4477-98AE-E21A6BAF0E7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {E97B3EAD-25EE-4CC9-B9B1-FDD0E261235C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {EFA4C9E8-B8CB-4674-9027-76CB418DAEE8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-13] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR\OpenGL Extensions Viewer 5.1\OpenGL Extensions Viewer 5.1 Home Page.lnk -> hxxp://www.realtech-vr.com/glview
Shortcut: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR\OpenGL Extensions Viewer 5.1\realtech VR Home Page.lnk -> hxxp://www.realtech-vr.com
 
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi --disable-quic
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-08-14 17:43 - 2017-08-14 17:43 - 000900840 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 000066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-12 20:13 - 2018-09-12 20:14 - 000107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2018-06-09 16:27 - 2018-09-01 20:23 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-17 13:58 - 2018-01-05 18:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-07-17 13:58 - 2018-01-05 18:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-09-21 13:14 - 2016-09-21 13:14 - 000584488 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2018-09-14 16:10 - 2018-08-30 23:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-09-30 10:59 - 2018-09-30 11:00 - 000066048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-09-26 17:07 - 2018-09-26 17:07 - 000875520 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1808.2461.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2018-06-28 18:26 - 2018-06-28 18:26 - 008725504 _____ () C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t\WindowsShoppingApp.dll
2018-07-26 18:16 - 2018-07-26 18:16 - 004383232 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1807.1991.0_x64__8wekyb3d8bbwe\OneConnect.dll
2018-03-01 04:51 - 2018-03-01 04:51 - 000665216 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2018-07-03 13:16 - 2018-07-03 13:16 - 001955328 ____N () C:\Program Files\Blitz\ffmpeg.dll
2018-09-19 22:46 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-19 22:46 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2016-09-21 13:14 - 2016-09-21 13:14 - 000211240 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2016-09-21 13:15 - 2016-09-21 13:15 - 000121128 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2018-09-01 17:04 - 2018-09-01 17:04 - 000393608 _____ () C:\Users\Evan\AppData\Roaming\Twitch\Bin\opus.dll
2018-09-01 17:04 - 2018-09-27 15:28 - 000535872 _____ () C:\Users\Evan\AppData\Roaming\Twitch\Bin\Curse.Presto.Interface.dll
2018-09-16 23:22 - 2018-09-16 23:22 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\f77a8da0f42a5cf2d452575166262fff\BRIDGECommon.ni.dll
2018-09-27 20:06 - 2018-09-27 20:06 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\7fc2a0b2f826155ac6f65d731b550c13\CleanStartController.ni.dll
2018-09-27 20:06 - 2018-09-27 20:06 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\aa6365bd76179a7e51d4b449eeae9393\BridgeExtension.ni.dll
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 004883480 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\blitz_helper.exe
2018-07-03 13:16 - 2018-07-03 13:16 - 000103424 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32api.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000111616 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pywintypes36.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000405504 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pythoncom36.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000011264 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\markupsafe._speedups.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000023040 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\greenlet.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 039731712 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\cv2.cv2.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 001240064 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.core.multiarray.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 027268791 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\libopenblas.UWVN3XTD2LSS7SFIFK6TIQ5GONFDBJKU.gfortran-win32.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000648192 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.core.umath.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000015872 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.linalg.lapack_lite.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000087040 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.linalg._umath_linalg.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000044544 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.fft.fftpack_lite.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000673280 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.random.mtrand.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 001247232 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\PIL._imaging.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000309248 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\tesserocr._tesserocr.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 002480640 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.google.tesseract.libtesseract-3.5.1.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 001948672 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.danbloomberg.leptonica-1.74.4.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000159232 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.png-1.6.30.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000387584 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.tiff-4.0.8.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000253440 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.jpeg-9.2.0.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000429568 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.webp-0.6.0.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000074752 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.madler.zlib-1.2.11.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000160768 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.openjpeg.openjp2-2.1.2.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000130560 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.xz_utils.lzma-5.2.3.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000173568 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32gui.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 001149952 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32ui.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000041984 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32process.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000114176 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32security.pyd
2018-09-01 17:04 - 2018-09-27 15:28 - 001705792 _____ () C:\Users\Evan\AppData\Roaming\Twitch\Bin\Electron\ffmpeg.dll
2018-09-01 17:04 - 2018-09-27 15:28 - 002551104 _____ () C:\Users\Evan\AppData\Roaming\Twitch\Bin\Electron\libglesv2.dll
2018-09-01 17:04 - 2018-09-27 15:28 - 000023360 _____ () C:\Users\Evan\AppData\Roaming\Twitch\Bin\Electron\libegl.dll
2018-09-01 17:04 - 2018-09-27 15:28 - 000400384 _____ () \\?\C:\Users\Evan\AppData\Roaming\Twitch\Bin\Electron\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-09-01 17:04 - 2018-09-27 15:28 - 000129536 _____ () \\?\C:\Users\Evan\AppData\Roaming\Twitch\Bin\Electron\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [462]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\sharepoint.com -> hxxps://fcps-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\sharepoint.com -> hxxps://fcps-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2018-09-15 21:38 - 000001055 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   www.mefeedia.com
127.0.0.2                   mefeedia.com
127.0.0.1                   delivery.anchorfree.us/land.php
127.0.0.2                   mefeedia.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165644416\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165644963\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\Control Panel\Desktop\\Wallpaper -> C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "LeagueDisplays"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "MurGee.com Auto Keyboard"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "VPN Unlimited"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\Run: => "MurGee.com Auto Keyboard"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\Run: => "VPN Unlimited"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{C3D67EE2-B5DB-4AA8-9F47-CAC4CA945DF3}C:\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\divinity original sin 2\bin\eocapp.exe
FirewallRules: [TCP Query User{F62AF028-31B6-48CC-BF70-1CBD600B97DC}C:\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{F82D524B-9ED8-4BE7-B049-7D5EF2693483}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{987DA36D-DF8B-4D61-B74D-98E34A8C05EC}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{43DC4A02-2AC4-48E1-BF43-C3266ADB4468}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Conflict of Nations\Conflict of Nations.exe
FirewallRules: [{48CAE3C5-7A01-4C3C-A6A1-24EE8EAC0A5A}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Conflict of Nations\Conflict of Nations.exe
FirewallRules: [{2B326389-5C31-4210-B586-AF380E97CE8A}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{726DAE7E-26C6-4240-8F37-FAED556CE042}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{7F88CBB1-875A-43DF-8420-46DB96D25007}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{094EE9D0-A3F7-4CA9-9AC5-1F9938926123}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{6FEF23E8-1F8A-4DA8-962E-2B447833ADE1}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Victory and Glory Napoleon\autorun.exe
FirewallRules: [{A46B2873-CEEC-4F22-A9A7-8886901F04C4}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Victory and Glory Napoleon\autorun.exe
FirewallRules: [UDP Query User{B08F4BE0-937E-444D-824E-F4EA1DD2C41F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5F6F06AD-1275-46FE-9CF9-BC352B3FC4CB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0488B2C4-9012-499B-B029-0AD3CFB75095}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{B574450A-20F3-4BFE-89B2-18CFD4073B78}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{4DED5F90-7C51-4345-8BAF-3F666B20EF66}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{08030685-FB25-4E8D-8324-F39B0CB08EB9}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Duelyst\Duelyst.exe
FirewallRules: [{6B6C99C2-27C8-4DED-AA5A-9E5326929722}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Duelyst\Duelyst.exe
FirewallRules: [{5D284A61-BC75-44AC-AF85-47EF87DFEE10}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{79AE8039-989D-41D8-97F0-E600E806EAD5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{8D073D1B-C5F0-44D4-B6E8-32DDFB46F66A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{AF0F02E3-1520-4DB8-8048-46391D1D5246}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{472D0456-796A-4218-B40C-808EFF184361}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{D0CE3830-CC41-45B5-8D36-FB6964B1EE76}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4A51C092-B767-431C-AFE5-C7A8E9063DBE}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{96EB9ADA-BB2E-4DCB-A654-D43EEA1E201D}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{2024F237-6695-4275-AF37-C3E912068F1E}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{50BEE865-C87A-4DAE-BBBA-A9A24C63E126}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{EA714BCC-C2D1-4869-8A91-546BA154A276}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{281BA4EF-34BC-44FB-A820-6CA3CCAE8A06}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{39C46536-0CF1-4865-9671-B92F88512213}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [UDP Query User{91090AD0-8030-4E72-9E90-AC2FD553F6CA}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{B7324503-A7AB-46A7-AC92-1B294064F0C2}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{52BA4B14-081F-46ED-9E48-A365D7017A35}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{FA996130-17A0-4F1F-9C55-7BD60825A7F3}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [UDP Query User{DA6F5706-FB8E-4BCA-90F9-38289C50CF14}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{BAF63F8C-E6C1-4020-8111-B44BCF6583B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F8D6A6A9-8EFD-45C5-8812-B249F10E084E}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{E6378CFB-1205-4ABB-B029-C7AFCB09BE38}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{1243EEB5-8AEA-4CA2-9C8A-AB10A23200E4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{C20BCE66-C32F-4EE7-8238-E1E945B01328}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{CBBB4416-47CE-434C-9777-4A2EB1867A93}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\The Great War\MHTGW.exe
FirewallRules: [{D2F94D59-4ED0-4188-A8C3-A258CBD42AE5}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\The Great War\MHTGW.exe
FirewallRules: [{1E6B5AC3-7FBE-4780-8C6E-5F955ED05F0D}] => (Allow) LPort=13148
FirewallRules: [{47B4E1F8-B243-4911-8D06-BA995B66358D}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{EB9A15AF-434F-4AF7-90EF-431E7AA18CC0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AD88F79B-262B-4CD4-8FAD-DC43615EE0D1}] => (Allow) C:\Program Files (x86)\RealRealSteam\Steam.exe
FirewallRules: [{46799E6F-2054-4A03-8C49-1B2AC6936F1C}] => (Allow) C:\Program Files (x86)\RealRealSteam\Steam.exe
FirewallRules: [{36CEAA1C-3BC8-4F6F-8EA3-02548308ACB4}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B0FEC6AD-A296-48FC-AE18-947B589A425E}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{52BC5E9B-4315-43DB-9343-AAF6817A16F7}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{7D2C2E68-73BE-48BF-9266-754B69D2071F}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9713DD79-AC54-4B5E-97BA-F0A1A34FE6BC}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{F97EB3BE-A6DD-4159-B2FD-93CFEB4B0C44}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{B45C717E-9A46-41ED-8359-F7BDA416A5CD}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D0D66E8A-BA84-4EB0-B0A3-64041A0C164B}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D88F1A4C-FADD-4FC9-8828-2C847BB729C8}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [{43C37F40-FC44-4C67-8D63-BEB71852B043}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [TCP Query User{94A4AD52-EEF7-43F9-AB33-317E5BF9BECC}C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe] => (Allow) C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe
FirewallRules: [UDP Query User{12DF0914-01DD-4ADD-9B53-ABD81E7812F1}C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe] => (Allow) C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe
FirewallRules: [TCP Query User{A140B056-2855-4A87-88C5-2D8030EE8701}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [UDP Query User{49A737BA-9AF0-44F7-9B18-505B6000CCBB}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [{9319D054-1598-477A-BFF1-CF9F927F8EDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DF5D22EF-0E7E-47F6-B2CD-11911C78A21B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{4FA55EB1-C527-4914-99E9-D034284FEADF}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [UDP Query User{760FC215-D804-4177-A572-E270B596411A}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [{582A5252-A262-4AE5-A2AE-CC3CF511F71F}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
FirewallRules: [{2BA570B1-FB64-4EE5-A275-EDA933C7C6E8}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
FirewallRules: [{493EAF1E-A218-4312-99C4-DD324D0FE892}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Total Tank Simulator Demo\TotalTankSim.exe
FirewallRules: [{66338E94-769D-4817-BA49-365216C684E0}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Total Tank Simulator Demo\TotalTankSim.exe
FirewallRules: [TCP Query User{19E52F01-3054-4BE4-9AE3-94B27CECD56B}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [UDP Query User{862BB8AD-8E60-4BE6-9A5B-3B6377E0F56E}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [{102A5D9F-E0D6-4699-AD83-12258079A3FD}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5895D2EA-2F3B-4BE2-AC48-60E5932F4069}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A84CEFE-F2EA-44E3-AD82-9A7FE753ECC4}] => (Allow) C:\Users\Evan\Downloads\bin\BlackDesert32.exe
FirewallRules: [{6EF8CC4E-6453-41BE-B54E-B05D10949668}] => (Allow) C:\Users\Evan\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{B7B2B0DE-143B-420D-A2A4-29A70A756790}] => (Allow) C:\Users\Evan\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{4E52EE20-1D9B-4C34-8341-1CF71A24C67B}] => (Allow) C:\Users\Evan\Downloads\BlackDesert_Downloader.exe
FirewallRules: [TCP Query User{AEA2E3F8-A3CD-4015-8A25-EBC8D520442B}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [UDP Query User{97097924-A266-4F4D-8F4A-682AA8289A5F}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B9691E1E-915E-4F9F-A23B-427BECE1CBAC}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3B6F41FF-BF48-4711-8011-DD096E7F2177}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [{9BDD265B-C8AC-4E87-99F2-9AE7BA1BCC35}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\BrainOut\bin\javaw.exe
FirewallRules: [{24CA6FE8-6841-4CF3-A07A-663CAE6271C2}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\BrainOut\bin\javaw.exe
FirewallRules: [TCP Query User{24ED8502-D53F-4E3D-9EC9-6E8063CAC85B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{843BF2F6-4DE3-48EA-8F43-43B289DFBA78}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C8777703-9D29-4960-941D-044E2C498110}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2251D4E3-DF41-4702-BE6F-CE1FE4C44CF9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B1C11A9E-3011-49DC-BC50-BA3148D7D398}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{63DC5E3A-8D9F-4CC8-B32A-6589E680E182}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [TCP Query User{DDE6811C-F154-42D2-8AB3-B12ECD202EDC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B3D30B5C-E608-4062-A5D8-3BA19D71D15F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E6CB8968-60FD-4BC5-BAA2-177011A8E0F8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E5530401-90D9-42BE-ABD7-4AD15BDDA2B6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [TCP Query User{A47CE09A-96B0-41B2-9988-918E66C58E3A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{24A3CCC9-DB98-4D1D-87CD-5EB2155ABE08}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CD298629-DE8F-45CC-8192-97A639504D4C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [UDP Query User{336AC67B-DEE1-464A-A5A4-DC6A2DB34007}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [{C3042CBC-944B-4DDE-926D-7339A347D68D}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{D2D39677-5B31-4939-8F78-B5E42C0618ED}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{E7E2365F-33D9-40BA-9EC3-21ACB6F15DF1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2DB367CF-C06D-4155-85F7-6E193C699665}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [TCP Query User{351B9873-EDE5-4767-BBDD-3A41927CED34}C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{2C1F1655-D473-43AD-A3FB-05F9E978E930}C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [{A846A506-C18E-409A-8778-AD006374D038}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E834BAB8-D4D2-4C4B-8954-E7EA0905CF20}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{6629FDF5-7F46-433E-A7A5-CF12681C414F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D0825621-4B68-49FD-87AE-C8206F195388}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{87283A47-B2EC-4C0F-A264-429130FEF96B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F324E812-62A5-4399-937C-6B0308E7D8E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0FF531EF-E5FA-45A6-8847-D16D89C67A05}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D56B4A66-A651-40C6-B704-394121C412F4}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{D3B6DE63-601C-49AA-8524-0DBDEB0FF638}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{8C8EB074-CC7E-43B6-B597-E68110643CE0}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [{199E2909-36FA-4638-92A4-8510B303B5DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [TCP Query User{10AA3358-AC3C-4888-AE52-CBBCB91DCB81}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{87507681-CC6A-46BE-BE73-735531405CA6}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [TCP Query User{C5C5771D-9481-4F9B-9C0A-8BCD00B20E1F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{476A2196-F82F-446F-822D-1FC2343C1585}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{E2ADC2E0-66B8-4050-B16D-1447974B69FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FC1657DC-7CBC-4D12-95B8-A2C10C5458D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B05DA637-FBAF-447C-BAE4-EBABF9AE2CBB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3F9402C2-2105-44D6-9B0D-E5E3EADC4C9F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{C3713F0B-A4FA-4347-BA5B-DDC75B8D40D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DC3A0031-9B97-4B8D-8EC8-75ED1998B40E}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{59415173-CB91-4A18-9822-BB6E7542B751}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{47E1C834-558D-46CA-B418-C1AD0B6E9085}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [UDP Query User{888D2DEC-8741-4752-8B9C-E8D19A535A5D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [TCP Query User{79D518DE-AFFF-478F-990F-BD61E02117D3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [UDP Query User{0D5712F1-84F5-475F-B96A-6F9E33B58875}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D9D1EAC9-CB0D-45BC-9CB2-47FA87FBCE5D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
FirewallRules: [UDP Query User{46E592ED-ACAB-4B45-9C6D-3A6F4D26ED7A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2018 04:38:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64 (2).exe version 4.10.2018.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2c7c
 
Start Time: 01d45c2042c3718b
 
Termination Time: 4294967295
 
Application Path: C:\Users\Evan\Downloads\FRST64 (2).exe
 
Report Id: d73e6d58-75bc-418f-921a-289ed099e31b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/04/2018 03:24:30 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/03/2018 03:27:49 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/02/2018 08:47:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program eurotrucks2.exe version 1.32.2.49 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 97c
 
Start Time: 01d45ab2051190b5
 
Termination Time: 4294967295
 
Application Path: C:\Games\Euro Truck Simulator 2 - Krone Trailer Pack\bin\win_x86\eurotrucks2.exe
 
Report Id: cb66a77b-822c-4fa2-97fe-bc8a49ce69e3
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/02/2018 07:46:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/01/2018 07:57:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program eurotrucks2.exe version 1.32.2.49 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 486c
 
Start Time: 01d459e1eb2f10c5
 
Termination Time: 4294967295
 
Application Path: C:\Games\Euro Truck Simulator 2 - Krone Trailer Pack\bin\win_x86\eurotrucks2.exe
 
Report Id: e807cf9d-4222-4097-b3f0-8853c5022bd6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/01/2018 03:34:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/01/2018 07:26:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18081.14710.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 369c
 
Start Time: 01d456be79b6478b
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: b1c874b2-2908-45ec-b657-2287c70240fe
 
Faulting package full name: Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (10/04/2018 05:26:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:24:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:22:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:20:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:18:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:16:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:14:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
 
Error: (10/04/2018 05:12:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2018-10-04 16:54:07.642
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:08:40.641
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:08:39.876
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:08:38.387
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:02:52.572
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:02:51.720
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:02:48.072
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs that did not meet the Microsoft signing level requirements.
 
Date: 2018-10-04 16:02:32.868
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NmM2NGE0MzF because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8107.91 MB
Available physical RAM: 4027.21 MB
Total Virtual: 11563.91 MB
Available Virtual: 6928.91 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:197.42 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{5398533d-34e3-4e60-a945-be5c265f5bcd}\ () (Fixed) (Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{fb5f6249-4564-4dac-a2e5-d6ccf6075441}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DEFADD61)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   10.67KB   11 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#3
GloryToPrussia

GloryToPrussia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by Evan (06-10-2018 20:28:47) Run:1
Running from C:\Users\Evan\Downloads
Loaded Profiles: Evan (Available Profiles: Evan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,,C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CrrDkwem] => C:\Users\Evan\AppData\Local\toaqatuv\crrdkwem.exe [146160 2018-10-04] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [CrrDkwem] => :\Users\Evan\AppData\Local\toaqatuv\crrdkwem.ex
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" 
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crrdkwem.exe [2018-10-04] ()
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2018-09-12]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)
VirusTotal: C:\Program Files (x86)\RealRealSteam\steam.exe  
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
2018-10-04 16:24 - 2018-10-04 16:24 - 002414080 _____ (Farbar) C:\Users\Evan\Downloads\FRST64 (2).exe
2018-10-04 16:03 - 2018-10-04 16:58 - 000000000 ____D C:\Users\Evan\AppData\Local\toaqatuv
CMD: type C:\WINDOWS\wininit.ini
CMD: type C:\Users\Evan\AppData\Local\fqgqnssy.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000000066 _____ () C:\Users\Evan\AppData\Local\dxmtbtov.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000076587 _____ () C:\Users\Evan\AppData\Local\fqgqnssy.log
2018-10-04 16:06 - 2018-10-04 16:53 - 000000004 _____ () C:\Users\Evan\AppData\Local\gtlhvkjj.log
2018-10-04 16:06 - 2018-10-04 16:06 - 000000000 _____ () C:\Users\Evan\AppData\Local\rraftxqi.log
2018-10-04 16:05 - 2018-10-04 17:17 - 000000028 _____ () C:\Users\Evan\AppData\Local\vrwgfbko.log
2018-10-04 16:05 - 2018-10-04 16:06 - 000393442 _____ () C:\Users\Evan\AppData\Local\wibtbxol.log
2018-10-04 16:06 - 2018-10-04 17:09 - 001357073 _____ () C:\Users\Evan\AppData\Local\xfqjyfrc.log
2018-09-27 19:24 - 2018-09-27 19:24 - 000017408 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-32-5951740665947102899.dll
2018-09-27 18:55 - 2018-09-27 18:55 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-1380607797332911364.dll
2018-09-27 16:00 - 2018-09-27 16:00 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-3152145344091471539.dll
2018-09-27 19:06 - 2018-09-27 19:06 - 000019968 ____N (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-4146885892808842387.dll
2018-09-27 16:14 - 2018-09-27 16:14 - 000019968 _____ (Red Hat®, Inc.) C:\Users\Evan\AppData\Local\Temp\jansi-64-5643878827776892051.dll
2018-10-04 16:05 - 2018-10-04 20:20 - 000146160 ____S (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\lngirfyq.exe
2018-10-04 06:21 - 2018-10-04 06:21 - 007069348 _____ () C:\Users\Evan\AppData\Local\Temp\setup.dll
2018-10-04 16:05 - 2018-10-04 20:20 - 000146160 ____S (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\swnwecbe.exe
2018-10-04 16:11 - 2018-10-04 17:03 - 000146160 _____ (Microsoft Corporation) C:\Users\Evan\AppData\Local\Temp\taqvmqha.exe
2018-10-04 16:16 - 2018-10-04 16:03 - 000099887 _____ () C:\Users\Evan\AppData\Local\Temp\Uninstall.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {B85B22DC-C87F-4AD2-BC01-AF2864F4B2C8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
AlternateDataStreams: C:\Users\Public\AppData:CSM [462]
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit" => removed successfully
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165643807\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Evan\AppData\Roaming\Microsoft\Protect\c65561-c81ad1-fed19360-eba3e0-8bb0.rs" <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CrrDkwem" => not found
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50332a61-4e60-11e8-94aa-10f00552b9de} => removed successfully
HKLM\Software\Classes\CLSID\{50332a61-4e60-11e8-94aa-10f00552b9de} => not found
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\Run: [CrrDkwem] => :\Users\Evan\AppData\Local\toaqatuv\crrdkwem.ex => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\MountPoints2: {50332a61-4e60-11e8-94aa-10f00552b9de} - "F:\Autorun.exe" => Error: No automatic fix found for this entry.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync" => not found
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync" => not found
C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crrdkwem.exe => moved successfully
C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk => moved successfully
C:\Program Files (x86)\hide.me VPN\Hide.me.exe => moved successfully
VirusTotal: C:\Program Files (x86)\RealRealSteam\steam.exe => https://www.virustot...sis/1538574235/
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
C:\Users\Evan\Downloads\FRST64 (2).exe => moved successfully
C:\Users\Evan\AppData\Local\toaqatuv => moved successfully
 
========= type C:\WINDOWS\wininit.ini =========
 
[Rename]
NUL=C:\WINDOWS\TEMP\nsx7B3C.tmp\
NUL=C:\Users\Evan\AppData\Local\Temp\nsq77C1.tmp\
 
========= End of CMD: =========
 
 
========= type C:\Users\Evan\AppData\Local\fqgqnssy.log =========
 
Ч“UuúíæÒpÕDz
rþ|/H¾P¹ågLwHn›60Š¿_Ø¥‘å´vxnWêãë‘Y­òÔ ­îÊ탮LjÄØ}è<iŠù¾Às§å/¤¯ÔHvÀôìHˆï|áÂî:MŽ¢@ŠÉ+‰[örÖš¾R7+žú–ò3W /=‘k?‡¨„VÌmÊ›É k kžtÒëV
¨gs¾ézÃƨŽTAÙÙû<D™-nÚûìÚÿ‰%0U4ùðóuzøþȸwH:¨
©±”8І¯)¢3ÒÖŸß[email protected]ëâE7¨|ɺž»TO‚³÷W†ñܱ†ñýú\Sû¦{URѧ™ÚH‡âzÕ’BX8߇R4b,§¾\$š—@Y*O­…¿¼û~
¸Ï ûu:ƒƒ Õ^Þ^¼qz•V3Î9ùók7¾Þé /R4ÑË´ûÅOdQ¯<ˆv/=S3—€wü£'F–ý&= Q;L
±´UŒñLÌòp½ïRLî6^º¦c˜kŸ‰ `¥'¾EósëJÏ¢êÆ_ϼ{dó3ë\uËn×,Ä\c¨­ß-:“_èÈ4¹%˜|†ß›H˜þjÙÖ-]?ÀKIÚõb'°•‹]&¦ƒ\ñ?¾§Ì[qø}ãÓ¾©¤  ‹•MÚ›#†ò/P†:ÏjÒBßz„bï$ÑzÀÁÁ*‰±è$!yGT$€vi0¬ÈãçDýð£KL®y«,¾,…¿ÉÓY[͌߸íì_<·*J®?Žš1Ì“’Û ¶ÜÁ>ýNœÌl®¹pbeŠÝ[email protected]ö…‘QPÕ±-Û·%#ú©$êTÆÆJ$àb+,ÑÝ;ªöIW9S<Ÿ…E¸6Ì.¬J(Ôö‚…÷ýxèĹբÎÊ-¦…èÇ
SïýÙ¤r´©…†Â£œTÒ©œP,ÊÓÓàˆÜ§Ö
˜«{ÊÆk1jƧš)+Â'†›LÕn7pâGw¢ŒØTßZpS°Šs¦£ô9êö*{Ó‡¾›`},'•ÊzR|Z‹ Û{ô}] KăŸü—OOû)å_MXVìàYƒ)–“1Œ2P
\IÅý0ÊO>áªGÿãR´1‹§E“?vZ°z~®V³†ƒ,âäÏ#Rñb¸†®‹&§!±Š¬ù\£î2]h¯‹vk58 m×$ÜD°*™ÒÒXL¢[G­™Àj îÚý`â|!YrS¸Ë5¾Ÿp¯†éÿV墪¢ÙT‰7¿²tE„‡OC×:"ƽô† w1+uÛVãÙùT5ã3­Ã#Ñ¿u97XóFLòƒhŒw³¥Òv±… áb<<ÈpB™B"tÃÉùÆA|¦Ûd¡Ë3Ö¦® °þç.wbï}è<ÖôÃ!;yÿºªŸù
Ç÷~W¥‘õ4ñ¿«VÒNb1_ç
o;ÖÅÓÆC}mß^óË9(óÀíqÒ‹‡ÖíH½òzÁÅ-SÍ| î²Æ?=s¤›F°CßY'˜«“ùÉ’¸êô$Ü«­íBÖ¾¦\%[Ô¯Sð=ŠáRìn¼šÁakkæõµÈó8F:"ââjæÍ…õG‡4pî Èœèìë&ÊYÕ^XÏJ?"¢þgÅ%ççXž}ö£–>™ÎìètçþAùlyz¥õ¬Nää\¡¿ÛÓ§o»™¦Ð*àðNÑ°JòDM-EwÞ}Uúa?¾»4°¼RZ6øÅ ü-z#ƒ˜„Ç1ÂÄT [email protected]‰’íEk“*ß=F„ÚÐÉ\ÿEo©PEù½ª?,ʶΘÀÁ®e¼n‹ÞBm{ã±béÇ›—׫º<Ø
x£ÇäeWÈF±t·ƒÏ7—ÔeªGÌ€_7™²4Of,ÒÙq"ÐG?ÑÌCͧjfT¾Ëø˜˜=%’(0<¶œnúañÏK±™É™î¥o^6²KQgýZO˜ešHÓ‰š½ª´¢Ù·W¥ÊÌìÏìøf%é´ýPˆÈh°$ŸK
G¾ö{‚úNׇoRt–¹2ù8ÜÕœ‹'LqÆ™á@ðhv®‡ï¼ì}g#ꎡÿ^POfá«[[—NßÉ!&âÁ ù¸t 
:ü壄¥ Îp9÷rwèȬѤ={¡ZòBDˆ¬tL{L9‡î܈X¨¨Ís}æQåòÆn}¤‹ü_gœÆ£
q”©R,ý†øœ½eßñ&¯ö¦’nA ‡zËhEG½¾ÌæÀÆßpVËݴ϶Ù2PeoÆ&™ª¬å ­'åì(¡®ù…vˆŒbýæ¡Ð?£±Í,!ïú¥É
¸¯c†{âÂcÀ›¹ßæ¸Þ?„•-¨$‰lSŸoo”ð&5Ã[ûÙÇ´†‰GH±hÃýrÑB*Ä£ísÏË%”¹Â~ŠcNîO£løen½P2¯;±ä­„ê²B˜û²ºå$´DvZøŸ]¦rŇ³yMü~á0ŽâlSˆa¢†Ý<áÁ‰påŸ(Íx<ìtu§¨5nÐwSõ ˲ìH‡¯¹K¾6ó¸l—Tß\kXĤÎÎsÓ¨5Š,L‰*]a©¬hmõ÷Ò}FüN~öÔŒöCúDóìuXc¹–ñ¶n»à÷„è~—lãûVƒS"tËåµìÝ%tP“K‘Ñ¥sqkMûŠ¬­—@ïO ”Ô’bQ ѧŸ1V»º1üNÅ2®+Ϊ" nAÇÎÛÚ( wJšŠ+ž*h{éVÄÝ“òr+d„D?L5q#Ÿ*AIó—Ô445û^ì"c¸hì“‘ïßá /'¡6f#ˆˆßã÷-³ä为mç}EÌè,ù²‚KŽH–C{§žpr>ÄD_뙲ෲ·ðCã£äE¾DÖaôÇéØ[k6ð?×ÇÎ_cs’¦Ñêã-¡³U¶~Û_tµÓ@€BwÝ_Ç‚mM=(²SafïŒäMì›ÈîxeCbʼnŽ¨ôiŒNuz9gÀVìÚ.‹%ÀŽ®išŸ*à`ÃÙã…ꆡF.‘ŸYÎè½'Èb!úGüpÙ¬uX›Þ /'‚§Šü˜äRN
jÒ—¡^(ÄZÁ7¿W[(ïQÌp­ä•i2 Є~¶ˆ«ñÓœÜÍß°¨üí‰w©Žáf{»ÄŒÁaåaÄêi`'˜Ûßt'LÆ2oQ,iNL‘Ж®ûÏévæMºÃš4l#J``â6ž«¾‘ü™Í¾ƒÃŸª‡þ+5QCMàZ“ÚKVÌåwÒþü>‚¦>«‘åús¡˜$ì5P5¶2çغÙAÝ«}f¦kâÚ˜PŒÐ[2ü ×n
}9ð‡BZHYg‚ç¼&OVãTóù’a±{V
"%Dr¼Ñߧ”H-š•Ú #`Øz–u*tùÆmçåK‘ ØÝŠºÂƒJÈöæD)$ÏPß¹5
±;ÆÙ'ðš
ÃÀx|*ó~(
'A³¤ ‘³@„i°7|/Ëúâћݬ«BN2bCå—imkV‡˜âc)~–5$/zVê§ò‹Fd8´šÅÃcLþ"€º¢U”Ë}«·9…BS¢Äª>~Dn¡?®çõlD Ä [ WN©ŒÅYSš8Ö/Þ/^a1EœøÔɶŒ«œ[email protected]º¥úÜ&Ô…†-–^{”´f%ÓOÔªÿÓt69aÊ?.tÍjímºª‘­á”%Ÿ½O!¦ìB’NÔNbTпAîÍ0É ÏQ.^íÞM£®†À£g'r¶(ÿ\䑃¾èm»0uóíšb|¶ænãîRˆ¸NôŸ‘<o…P%¶9Å¿nNRðlõ6ÐBMæKÝ”`jÖ\/rÇÝÌ{¸|á­Î  8Ÿæ]V5e$r§Û‰ÖÈ'Dº§áðÇCæ4¾¦‡ÝŒYgÁ¾2MðLõÈ€Âm²ðR^‘YvXÖÉw»š¾Œb—¿W|º¶V„6–¹çXZQ®B+ð¥mûØÑ"/yË—©T¡<©IDŸ 9–}·yÆÝÎ8F/&–V•9×&niì¿}ç‰õ'¤Bà0#v~Œ¦ÅØ£y%™¡è“zØ\ ·ßíRx‹ÛFåhfŽ‰^×mR$f0±ŸÊ$žšf ~ÔHÃïùOâSOêú‚Ä4ÆK¿eÒ®Ú?\(â©Ñ³¡òƒ
‡/¬Ú.·Ú¥_X툼t?æû¨ƒéR(ŽÂx‹€ô'¿˜ÿ=î4d ©>äóÞB":‰ðž=¼X4°y¯qΓ¢¼I^H)ñnjØø6*|/ÿ·(·…‘o„Å8š|ôÛ– i¤x|Ëx ©YyÛO…§{MèH…F*ßÄ× ÆDƒÓqìÊê°‡hg”H½p‹€mnŒÊ,”,ìü:{_—$À¡¾€ïÍ°ÍF;±+QÉûÚ§XŸñ$s¦J{^eúæS+“¿~±'ТÀàª×›$ Dµ•eaÕ¿Å2Mÿu—®m
8¼PRà~¢ó­=›}åÞ‰9QŽr•¦T˜@\wñºôŸãü?ºDíÁ Ë£‘7·&7°èû®£*X¡±ÅÍ¡•µ•[email protected]ë¨À›„ó¹½+Gº6Š¢¶ÄbÛuk¡½E4®ß,[¯åO0òšÿZ¡hˆ té"ZÖ<¡§?•‘•¦¿i±ìG­l­ëF˹ú}— 4'm’“ºÁ¾N€ÑRôAwø±‚¨ŠWª0‹Á&²x3ÅýÜ<ÖaÏ:¹k˺؟´Òh*
:K º±Vº‘ÁÐcfžW›ëk¸ -
j¬pw(ä>Ã`Ÿ4‡áº´œõmr鎷ì<Í|³þ°g®;^Æñ#»!"óÑj“ÈàUòúOá¸ÇÏÔBȃhMážîÐ1=o“—µI_7#¾:¢M¸Ù’dÔü^Wâûí"-\¶§ñ5©ÈÊU©&~¿ª_2©-©>TfºéÉ - Ämrmø㔦|é³"س4;y\*¼ ÁÍm…tw=ª8ä>„ø^ÍæUpÎÉÀÒ}ó´4V–kƒJ3žAt… ͈þP÷½àêŒÎ£¥rÚJßÖ¶[email protected]‡*24b¯½†ÞÜšA]Z*3kïk}Ë„[EYÔ~/ÂÛŒ 3‹ä
 N{MÊA=áRNR¾³öÃD­Ϋ9˜pbïÍ¿´ïç
ϧwÒþ_¯ÄáùŽ=åz¸9v)É­@ 7›[email protected]÷°¬>UCä|ïI«<™w£>5ÆS}=#¨ ,žÍ>9ìxl¥~)§žtUöüƒþ£v;‰=qÿˆÐÖ}"Þ Kâ!KÞs,ò“ùÿ¯)PÇØÜ~½;/T\¯aq–C43ø;µ{•=yúáž>Ïh°=ÚŠ‚nÇÖ™xÀcÖÓB€møê>îÖBVA—™«clç8s‡[email protected]†9×¥`{hÿ¡ªTϺ˜zêÖ»Çp6Ðx9ð`¹$kÓÞÀ’ˆ¹iøñ#R†GÉ^›¨õY (ŸÏÞ`$q8N˜ÿ1>G!>Íflö4þÈïÉ©k¢lÅú”:;øcµì3W;çËb5B|1NuùVS•ŸæüÚbfš„w-jIÿƒ[)´FHªÛ—W [email protected]>2§ˆ ›‰«RÚvFQG›ï­Vsº‹ú<ôîöªýŽWÓSÑÄ:8;ã|•.ù¶‚„ôæÌ92…²Tý]¬€1W¯(vþ¾'Îo~]Ï—XÃ9µ’lÁSqƒ‰Ô…Æ 9Õà^|gµ3;^¨ÜÇ?Õÿ¶` DØr…=\[email protected]~äÏ>ïR¸Øl°›u³Üª3Ø+SÉÞ¦<Ò|ßÐæçB®v'YT-Lm 
€¢:®‡Òÿ4ÐÙØÂÙšh÷Û'El´^OŽïœ«*Ç Z¥H85EcSG&Ë[â% e™–ž#˜B>|ï
)ªu4XåX5ÈÈxeû¶®¾!ÒÊ5a,ãÓü*ìݳÊÍ!ü¢©ˆ¹{Î(2±ylkIZ„#Œ-;Íž 3DZ„¢@zÙµ—{.hȨ.ÏÈRD7²qñ5ß2»eÔ?/
IÏGÔ›Š!S\ä6—’°Y• ªë1°©U~ãµ»>+6^%ÐnnoãNª·à˜²O
„×xšÙôdjeQ”DnxÑ”äèP¶E§£FÌiíâ養 íÇþ)ëÉyY|چᾯíYJn%ïJR»ì±Žu[Wt^Å<ou~)ŽÚG)Ô©ÝÂÞÛ¯âéý:oü¡R>‚E›-kµÇçÂ?çî{(w©’ów›ý74úKQ¿ò®ÞDqŽr•©su©c(
ÎaŠÓ¬'k|‰ý£ÊP æÀÙJy Œ@È`ÖºÏW?xMÜë ·ðâÞ„A»“1/'V‘ÝróP%G|ü¨5Êب@ÀV/6WÆÓäWU'Ú¯Ö/µ]}šÜrI„ºÓêÒÄyŸtŠÑÝMs\ãŽ8˯9{®ªÜΚËf0`NÙL¤ÕJOÔ[email protected]…Êq{>e¾2VÅþýŽ˜å¿Ýƒ>¬F(2ú"¸hA½»œºdmÎÁ >Ü¡rõÓ¾4‡$òó¼_‘7ë£G¦‡C)aá&“gÎa!ñPÚÖÁç )D¸òßgÆ`{HE[‘Û›fˆD7JãªS[©s)VYG6JÆ8׎ޓ,Ñ+÷”£Û-°)|7g¯Èc¶æ/¤Y%d†¤$Ñ;8Ë(Ì!©*iH/\MÃ{R‘î>4jzw ,]AÓOhÇspèE¾ NhVjO$êû¥jÔ@0~·{4V÷þƒËlFê†>ûœ_ËÚ¦•ÙA¦OñgüÇ[³¼Ôžæ6Úz†¥ ²˜HÃ,CÅzðÖQš÷ψí Iÿv¬Ç
|P7ZCQUîÙþ¯tŸ£r÷º”Zöd™I´ÿJFãÞtÂöMM–
m{¬³Xeci;’×…xI¾è[email protected]{®)M•9!æódžož0½}ÏòAéS. ÝzD,âWÂÕF[{îü¾°ö@tæ×#zW(òì7çß7ÿ <€ñm-¨s7ØÕu‹6Ôp¬ds1šZ8ˆbb¬•Ö$°¥JfJ—îÕZx„‡þ;+AÂkî>4©qb*íspUæm«xFÈRXت1Ú!>.#‘Úy¤†giWíZò~I¦Î`žòþ¶Ÿ8I²úÓâ#y‚žÆ­ÛŽ^“J6¬žÔüv—YÞãFLãEßì9Óh¼ ÊÓ ø€‘-Ê+oPh¾B»aÃOô*~Ë¡žÛ.jwIòü˜ã³JŠ‘*qÞ×5ô†svddïkDÊ5<ˆ
"b'œ‰!d®]¥&1l˜çÐ’îÒƒ¡ƒDf•ô¥Rx'OtÌ®ã3F¡oEû¡¬V1'Ú/¾&ãÏöÂÆxÈ”¯éP¢ïu¸2Ö
»8!“ÜÚ¡øS%ÈcúIÜ
»Ñz2µTCm/´%æýÑPÛc´>¡Ûë÷EVE†‰ßØfW+GeÒ÷b¹êÖ‘t:zµ=è#«.ç;:È[äÄŠ{XÛï‹GÌÆÌ/(LBç¢K©rŠ¸–i›@Ꚋ̧0Ñàß4®´o®Ø4Gâ´ƒh-ÔØtk=#ˆ%Àõp_IòáW(ꌜÁCãßgc’†YÁÏ}N”®‹4w› éË€ŒÈ3jÝÕÑ»ŸEƒbòKðÀ’ûâZ¢±N}?a’›H^›úŽiê#6'ÍÓC…  F®¾Ší®y9•tÁoÿTáåCµ*é2t €…‡E_€0ÊHôT‹ÞTocøUÃÏd2…'ÏŠxHU¼í}ó]‚±¥²å¬qwzR“\K
@·€ÇIØ>­±;Ï•,o¨*vƒÞ[email protected]§Í½þ”÷ëLoPªâÌ_OαŠÝËg#Øélõ‚.nl<Ý";#†o‹çJ¾¤0´ß7Ù‹ö†Z°Ø]Î4o?-ÐÚOFäTû°g*>lê^Ä:¶ÍQ/è)] Û{åµ`Í?;ú¥Ndt+Ùœ—'íÓ ¢ ®üÆ­]5BD~¤âŽ
ÈŒ\;¿Ã¿–ïN%^ÇÇYÉ›z;ÜšÓJI‚¢Ç´Ë£,þ÷¤©Y–ߪ¢:`ùïú†SÃù“r˜-µÊc}èj„ÓwçR*XÔæ¸n€,o}¡I>
Üã>$+9.çßT¹ÚÉîú¿m6bƒeÑ_[[&mýòþÇDZ>CC¿ ±B4+
 
>ÏC‡Iî'~-bÔÐaf„>æŸqø«ª^O%Øø™ÿ}NÇØÑ{ÛdTi“´Œx¿{æÊvr¥iëü±ÜX ,!nðÊç5hâRjsj«%®Sýbm¸“'4ý´CÒuÏ7L°eqý#£0T^YÇ?ˆ†œP`S[²¾©Ù§MxПíj$5!T¬±™×F³U“Îì%ÐphÝÀ¬Rp3¼K…—<Ôu˜0]"¾´Ì[ÚÕ»#œ¡ïÎx¼ƒGm:š!à^­fG¸XÁXÓnÒâ×,nîó7É¡ŽF/›Œ/DÚ ;3÷±
O~Œ¹[?s]ãQpEçÚ†eDÚ/.W¢
‚³rb2=p9½ãEð\4×XraÝ¡§Íôœ&4™=?Ú´ïL5†K ÊÄS-èð†î;­„‹rA8À…ËÎ3H…,¦Ù·
øþ€±$ÒcŒ¹O î†Rø%áD^ÚUßXÑ0ŠTȤêo‡ÕçYÔånF5‘mš •êõ^¡’t¸
è$º(Þà[fƉ@DSßÞ/‹ÒûD•*ZKUpã~Þï??ïPsÌî,· b§Å.O(†ì¡Ã÷V2Æâ¸:½n¤%å‘ðõœlSÅÐIH*_ÐY¢­Â¼6ϊ易Òu~_TjèÈbR6 "÷XPTê4ËV¤Å’ÔO®%¬l—¶Æ¡ÕÈ·0l#ôø8¹€gx^¯PgUN\ú]òõ.{¾¤øªõ>Šó™ðš€¨Kö>Z6I·C9¦ÈhòhI
6Ù"[ñ' R“ËYí Ëp‹R>w‚êÍÀ[²ÏMãÍåøJL…Sq”_„¢IlûAžç°®4ªÛo:¾‰|¨üôg,¾Í&Ÿ8$q©u§“~õ·ÕqšTt£P
²-ü\ÝC &5+ÂXc}äÚÐu¬…ë ó|è,ò+ÿ@IöŒ¼º‡)¶šþÿñm4»xs´.×5‚VµóíLfQÉiØ—wL_½ºÍÉedÍ|msJWO»˜XëU¡t%1IÍÖÔQHE-ºÔ!Ž•™JªN"d=D³¿RŽX,cf(ׂ^\Ø»óDÚ~Ö û>˜¤­Ïf¿Ä87Ï6áÖ;À[p£èÀÉe"A~³sw'³˜(/ö¥ÛmŸËû€Õ¥'ð }Eg¾R¡Ã‰cî×Á$¾|ŸÌuÖÒÄsôdˆ?VÁ}U¿’3=VwÙÌð¶‹wR7\š*†‚}äI½^•b²Ú>xh™mqª,Úq8D³
í_=}/µEý‹]ååè{C•JõúÅÛ[”äîsÓt¦&0‡“t$J7ßÄ»¦É‰Fá½ÆÔ ¦KÊ´•y‘¶#_mظŒ…I(äøÚæ¬ïÌBe±¥ZY­ó»~–xÀ`LcËøE±m9ô WÔÔ?øÍ—äÊ=‘}ˆr1{ØÓ.¢¸á›ƒ ’lude¡ãÐæ€Ôe‚V)æ´¹l`i¸÷Ž^n’«àc7P0ã,ÎÇl'l‹<ÉÔB¶\öx00X¥o;ƒlÏATr®#Òë0kG{(ìô7P±}Üc6ÖÏn½ªÔÚ,”UŒG²…GîI‘%5¼$F“—‡Îp½©Úð ›ókö@ÔƒøØ>¿\Å}'¥–[email protected]‡Æ…N¼é;ËêIAû.φêX=…iúdÁÃ&9úžs4ýÙzR-¿>Ôb À´÷¢ã[O%ÕWûÈž)Èafáb1/¥þÆõžwɶOê„&x]9ÕŽ‚8!eVµç˜sQcëVç8™~LŠˆ¸FÔ=èR„5„®” O¼‚n6.«å¡áÊó^)½¾aóØ”dxnö·Ï3 cõ|¹xmi‚}‡·ŠKk…¥HR./ge2×\ Âú{Ι[ñè–±øéxÙÖ·•¡›aÇÄeÂá˜Ù_80S
µÍ¡UðChdcTõxH+žãÈïU©Ô‡™6éŒÃ)¸¬c=Ê}BëØðÙääšÂ„_Oo_$çÿœã Dï9ýÊùúÏ4ŠãºC}®óÛc….UâŠeɼáòÚ䣰–º»"ä_ºä(cvEÝâ¨QÂ䢋—“#¥ÉÔ@z†%&α¤ eß4Bi¤ÇyEô3jzH1” ¨¸äõªW“»m‘Œç)È`úÑ+›•ÚbgBÉ¢’HûûÌóOA9K£emâ){¯c3´å–ÑSÂl 1,@
 
#ÏëøµØ–wÑqP‚œš¢õ¨Uha{÷Ãå:–åvB;ë
ÖcMOš`ù©Ìï¨ÃÙºÛ8þ@ˆÿíy×Û©±GÍOâŒUȪV‘ZxkÁ+³7þÀ]Žd›¸îº·•_-šÎ¿aø߬•£ù#_]‰˜6è–î ùØ!CrxšÂ·ûk.Ò˜¥'
g4A–ƒ`ÙO2¿©
pR7¨À¾ïµé·Gíø…
¤Àu;,ÞŒ¤«Ù‹ÙD¼žº®Él¿õX ¹¿ì‰ÉÇRf«£a¤ª¾±&\
>„¼(±ÃÉ,àõVXkè½ÜE8lZßô
‰Í$÷ª°ëðO_·à~¹ì" ¥ÉþnÝFmÏÚ¿$7÷uV‰èѸQÒÆ?ý~9PyÈÒöë©éx´Ö$b¬:C¢Å`ïwùjå"6Ø^t_µDñú™‰b+x¥(8#­KKîüÁ3)üñXôÌÖ‡!Chý9r“}Éi©ì©jâ I—PÙ™]¯|œ¤üH6i‰ÉÒÆ„;}ˆ]’sûûÍÑÏrd÷*3hÇnS¨h4LÎÑwõ“GœÈN¼h¾_l$ÿ>dÿÓµ´™eÖõó¶kle$¶ W1 :<Rñ†L-±ì[>?äšç_Э™nMð|E|ÚÚ©ƒÖ_Јµ¦8pu…žõ-«``©/Õžúk²sd–­;KÐm|®;x4„ŠÏHaÿJ8Y»xtàçຟ.®mî3m÷Çäz)Ða#2ëÄ`ÐâK$¤m‹Ž†]7<别+J­B"_ŸcÆ_i³äzù}©¢Ûþ(ÂYÍhÑ«Sù€ÙäzQz㾬߯g‹±°`W±—šújà mÐö.ÍÈ×yÝ[®ìk¯öw’:×K+vú¦ø*©ÎN¸†ÇGΩüÏ4æ±¼ç«ãD)ž 9Mß\™¯ár=Yê«~ö&ÍY½¦¬f•óe›B^Å—%ô!ÅIÀþÜòG‹¿È”¿ÊÛ¸q³- ˆj”x!lñ…ÎêH¡õ²7^gÉg¤
a}¨ ¶nwìk¶üƒ†;d"éºeÆ-ñ‰"½ÂgUÂØL(CáE‚¼ë#j\¥a~ý2eq,,ÖZj\d5Ô;U|T¹Ó ã^Tœ—;éhO'ÞÌå³ÎJ%ø;š^àڟdž¶êä>ß5ò’ßâ…šïı¯õ¦iâïê\,XTÕåÄÒëGð89zÕd©a»Á”lˆæÊëŸ;ŸÞ&qñ™á•Jy³cA¶@ýä„uªL6%PÁ@°æûÂndê[·†€éè?kŸÂQê¢Éäªã2¾›¶ŠX“ë:qÃçLåðM3ª5›5‡¡­>&œ»K4}֋»kR×+E†_âIÉ>BÏt+“¿Í¦ýeikk ±ÝöìIçõ¦Ç£ƒþ€‹ÏÙ«²*AgÓ®Ä×&µsfŸ÷¤êägQ;-óT&YæÎ ‘kÓ=ïýƒb
h±‚¶LüÝqe:¥rdþéí`©.¯O½  Œ °¡YÁhWòïוiPð_"SpÿþÈ|±ú\;_ʘâ)&Éõ$c§B€tžw-é¡ù¾ª8DÉW׬5Ü Þ|_˜ëY1÷tq¤$(ci;>ÁŽ2]›½øcz2!Á¿pqsÿ›ŸAÜ,Õ›côHëmˆm6pÖðih¦ëµß‰M¡7ñS˜çA“Ý0Ò—'ö(¦#è$YJBù÷›ÿ+Ã;¬Í)ð*틧/‰ˆŠNÂ[”Òða‹ŠšxƒZÅt³¦Çs‹x“J¾S•“–壳îøì3"ÖŠpaË×ÅÖßÒ,Þ×[aTŽ¶Õ7ín‡úCdA™ª¬.½¾"«TS¹º¦ôVwb›-í?"O.‰k)Dµ¤»_馑¦ÄQyPìW^߸JÙ{UØÑòp]‘«jÀ†jÚ¦^&›ÓˆÀ?¤Ÿ$X÷½D”ý‹•ÆûOÇ”È4à¤`œöª÷‹¶"jüϧĺÅO>œêN576MX³½å®'Øî™3¯¨HÌÎ xVCƒ jžLö«[Ÿ’¿¥æÊI+¼„^ZkãôÒãJû3 ^À”é
2ÿ¯c´Ò¬D ’4”\Úz‡()_ùjÐtHgÿTDR®·…˜mô–Ãö2yt”‰ö‹?"›¶ÊñÕŠÌŽ ¡æî<C’ÿ£PöæÎþ•Ìb©£û€ŽÚO"MÍîPO—s‹$[6¼-–òŽÁaqýè™8þ
å`˜CÓ!q¨(ж_nÃnáóqÐllä¹ZH§b¦ŠÇÃÜž+ª/›ò`?_4í•YIßßóÌðÊñðC=uñO
[email protected] 6‘«_³ÂŒòUsnèn3ؽµ_E®5ÿéÃÍ{“€ê_¸`šÚÀYC’çJFeÜ*¯j˜¤\ƒ7¥î6¡¥hh£.lWÆ[{ʇ²TR6
‹í=¯…ˆ]Ìé©ÆÑÌËdüôBÆ7éAñuë!ÿvgþ–¾Ç§æÌRîF¦Šu,ƒU'Û›CíÄÕKcÉ ›DP¤rNÎnwÉÞ:‡ "Ós{Î0{´þ °¨vÔ¾FN“_oJÊ”‹ÃÆînšBqöœ)véžÇ³¢?0›JÎËÓP•sBÆ?ƒtÚ¨Iˆà{ X’*çøi¤´U"z&Çü©n–ãu¡5wø¬
Ôh®p·Ý¦ðGÁs3Š[Øe“pi^XÞ‰@y\–‡»Ö/Ÿ”)G…ƒ±
—*2¨ÁŽ^¤+ËT»>Ø)ÌðĆ㠣†¬¤ÅŠ——/Ôƒ…{î›ûëÈ\èÑÕß•wý/ÛØh¢<–?µÆ,×åõ2ˆDr  ”qH^t‹d«|4GðUö½¿Üê¾ØžW0{4¡UÍ’å•óëí]-Žâ_üºÜ»ö
n—·“8¼9€DÚµ@«®ÆN $ÜÔg=‰ö¶¥}DtŒ/¤•ìôW”À[email protected]—ÖùÏþ{ãGå…Ýy,B¦>ÐÐÄE{sœÏ*ÊþÎ[„×S²á %dz–¦æ$³ÍŒ°ƒsmŠÖJû¢…ûEO›/ƒƒ<ÁÏö5ÖÒâžs‘qb­«ÑÝXt(JGÞL˜­äyq;-G¶ï@óqÏh•÷¦å~?+x×ËD­qc­«õ>NN->i§ÈÇm_æIû¹mÆ +f&Ê=C÷{ÎÇÃÍCh$ýDþi>×#†»¡´¨ÎîOZÓŸ¼âÆÅãäbZxšrîGµ.…†`ûY¦ŸúK»%5x¯Z©N¼äl…;ã€Ql×&b¬ÌwŸÏÆ¢½sîIúŒ\²‡¥¾;!È!¥—óØ –Z¶ñŽ!Y^Z0]D„*pHšñ:P?Úè<t ÔpE3È¡u"0¥T²Äïg¦±ÄE/¬šslB|ö|…bG .â, ÷1
;Šsr˽+CMÌ
8Íq©¯ÔE¿… *eñǾŠ–œ~³z'h¨a>)-³iJÁ‡HÓË!¬$…Ð5}ÁŒR%JÈPû\rn±×åDƒŒT]‘Gã«v´7·•8]î‡Îƒ®¢dõÝ¿™½® †hgʤ_–Ü_‡O÷Ä ËQv÷RgÊ—_[+;¸sMÄ®½>Ì8Ø_‰~Ðà­F¢ çsÑ?5SuAGÍcEø¤ìBý`¹ÓŸ–‡\ì–vÿŒF¿M*“ ZŠ>E|”k-&e>!øn>s‘@¾/GVÇ‘»[ePÈ•‘V[AÕ—¶ÕUâWBV”X‚t­CáæìŠÖº¸Ž I=¿á0ldrDyz­†f+{\mÊH͉΄*Ð67_òÛÿ²WË
5
cÇקœàÀ•®‚ܽBªìΧ§!#¡Þ¡(h¶¦•>.|Ið&âW«¡ú{ÕÛå¹*j\ÅœäB²±´5#Ð2¼¼,M<4Xà”(¦‡v±èÄ˦wU´~œó{c„¦M–¥»ƒ
2!ÆôÁ³¼!¬_\bxjqéÝŠi˦4´?§?P3ƒäå®Ô’(,œÇa\ ¹[email protected]ֵńé ÄnÍm¬ƒ—r«£™Ã· q¿'àâã1Yü»p}#Sá*ÌÔçµí…tÉŽ¡3ÛF1W¥ÄZ ¥ÍUN'\Ã#ÛÄõ¨Ó28*oêÓšwmTzß@ê-ûH_¯fEšóeÜc*k¶|ÇšŠZøa
ÿâ}’"­Räoü;iÒ4>iä
-6 x¹øB³Ò9ƒ@Ì":ðgÂVìÚ>DÂ’…¿* >¨¼q­J[÷ãÁ0¹ßÌ"£\»F·_¨4»f6T(¥l΀ú Æ€ð@¦í­"ëoäöGy‹X†‡r·1 Æ-,Nï¨s÷>Yjˬ ¿zDžû0⡹¹Ðd
sòNqñyš¾YÃ|Ý b3N.j¥°²d­CŸz¢±d{F¨X†ÿ ”ó‰cn=çLW©&~ØäadÆdï󗯣 p‹ÖØöLˆçrÓ’ö*½¿õ±?‡›1Á#sü“X™wósÍ{ÎÚ#µÆûº¬›i£i;QcØ42¼Ÿ{wß–ÛWÐL_z2ËîßÀro ¥?9Y–«Ž¦L»pŽe–¢<pV¨Là£BÙ<ŽÐþ§_&éAjÑ甇©èâ33bÌaâÓvˆ´U¹³vpS³ÓQû=½Í&Ò䆣IÐÑßxó?4üÖ7WþyWÆ’6ZOíH%ˆ"äªÙ©ä/Xm¤`îz½‚Y›ä2÷IÛ;ú8IA=;«o ë9…™×<;Ûr?OPQig°Ù¥'8Ô£•÷Ûù1ÀÛ-yàáa+ÿæ÷Úæ¹dW7Nhçy:wŒ âÍö½¢ßìÊÒ·n+{¦°U­ JQ¹J6e…ÿýp“þ_RtxUµŽ5xUõAXrÔŠ.š0¦œ¼ÕiDtTí7¹‚Xñ“7El.ÿ„†ÜÀþ\uzÎ(@·ÇÑ ^9‚
wfòmo°Û;ÍÁ«äÝë¼£…>ÖÑê5ŸÃÏ4ð¶iHõ¹u˜p#(ú, \¸ð'kµbwÞH>ËÌQqÍÚè)O ƒ¾¯üÚ髯‹Wl,[email protected]&ÏBð°Çugì|*¶ž¼ý_¨*¡1Ø)¬é.ª=oš:ׇzÕsÕÉ
ßn5*øo¼sö¯±;7&Žw}†m!dàª
<ä9E_†åHN° ¸¨8ÝÆ(Öe¶j.ôOíòsVð0Åü­b0vü]?¾ªoÛ¥šgÓ~_|O™¸„F i¾°c¨ä_ü¹rv‹¨‚z³‡àBž4ÀÛi©e(ä‡Ð+ø\˯²§g+ØKY6á]*¤jîF›¾ÿÑÌâÝ20§¨ŽØ…·2qŠœ÷‹DÊo6†bO.ä#Ùæ6ùó×Iç¥PÙÄš%Fñ/Õ/"ÁÁ⊩n˜j­·Ú|[ÓÈ.†;Ë¢áîA‡¢P»F´ã2)JME†»ÂZFéJÃÒ½öçìØA}$¬ãr
 
ÕÄhÆfu¥4‡T’âºE“KÒ')“å™9 9‘("b¿‚?ùØ¥U+JªN>§CmdYÄ
Þ—Ái®ÚrIvhãæX‘®q àßrKøóª7yêùÈêÝŒŠ—ù"Æd¢§²¦ýzÖ§ø@kjR†CxH-¯tKÈà7jÂF+5Ræ´¨V©þ°n“R—£yl2ɤê5ÓzÕ‹ÓÓÌöÈÁ7Zñ×t…qÏ,‰ÎW=²¹ËÒå¯;‘íà¶P(†§}ÖÊž)…s†ø‡éó4~½¯RdæŸÄè¸éÞË lgÓ2
ìô qOa‘<E`ÀCû75VI§J¤€~+]˜ ¸SlÕš¸V.F G°Cÿ„ú„²þ×ÜCãç…ô6G( µÃ´®¯šQrzEæm6û˜t…ŒmÚ¦7´ÚŒ˜âw\¯Q¥ø$xú†À·G~œ 6¥l¾Á¤uœ‡Ç×-•&')±IµüL}ðP´ žq”Ñ7ÁÌ
‘>ÖÂ6ÿÐ…Üñ媳ØãÏ
5ºRŠæ×ï’â êBù<9™òëÎ}x®7YYÆçyüö™[RJW#ž–_:,öN…@8› {þ½¦¡Œ°ï;dO¤Ëœü¦2ÍÚ>Kˆ/&ZCi|¡“¾ô©‰ÿhª"Ûj9é>23z%“‹>›÷)]ä%éCòGÙãsÅ*ÒAyUþÕ'ÛHÂùiTΖˆµõ21׃DÊC+±ŸÊàÐyéÉÄwºÏ \Uà´9Y(ñ»É·í÷#[email protected]}ÀÀø bpG3×÷Aîúè©vKŽ¨ø­#Lš`‰HÎÓzØÍ’¨ÂPü Éù-Ü6 ù“¢DÙ1&0ë»u‰)»È×@oìsgœ_›UËâØùT¾IeA;ªòa_àÃâÀ`´,YUѲ F¶<¨G}$4)“oï%¯^"«¼›úm*cÿÖ÷­pži‚gÕ¹¾Ïo¤ne×c¼ñkå)zßg£•Ã ø—W|T]žf?É·zn9XI>?JQ<Zã["ÄåŒmγày”Œã§»ÏÝä9ÙfŸèšßŒ½‰ÐÜ€À£·ˆ8¦nqÇøù½Ou2ZtwŽKgÜø—fXwy/Xûøó«ý!3j§É®ZƒƒØfGþ
P{€ªWN5æ‡ÌÊàWÎõÊsœ¿çëRŒ…G1OŒÕ.¬È‘ –ß­1ÆWÍ©v~Br娠
ˆ_R”ÒÑ¿:§5¡ån®Z²‹©8^#ëúëÖr±O{»»ý‹ Æœºéš>èÀ—ûXb‚t¢c…¸óùÍéŸdg­Éÿ\Š=ÔSÕª‡Qâ[email protected]˜2ñüQõ 0eéQ
jûNF¢Ë¸ªPßy«”ü˜‡ gç t{Fæ¤PÐœî@w¯2“¥t>“ýmƒ8`‡ýïë¤è3h˜–¹v
'îGŽ=rƒÝŒM´øZ¬J*Þs¿o™VÈñ>Î*‡¾L/’“ßKNT'þ‹ŽÝÔ6£>4±ÓÕhD`v.ÌËt~b8!ÑIi]1—`‚ÂÇûM¨£}&º/’ßÜZõ´í¶¬peØ–šŸ,ŠSâ|I_Â-
†_‚ù½¹pê–±ÉÀ[email protected]îñ«­'JäOÐÑÏ4Æ8¯Cj§€õüê‰ÙSQ¾¼gYª<[/(­<:6lhkUdFm뿹ՠ 4DÁí:>NUŽêsãFènï¶ÂS¥†Ä•2Ò„F-Qƒ]º˜ãm›}gE:Œ,QñdõŸdXgS I´?Žq»PÍuYËã^¬Ñ
¿ì1SijØy9…ô‘'fSÊên8ÙsÂ
¶˜Ä)Ž‘ôL… é¥ñe€‚în[
Ы)[ñÖX3kU\ªÎcyI”åIZ¯@ôÏÖT“Ë3õò IÑù£ŸÅôž‘BiÃËyâ̲ÙÙCXgVã?j:íá>/¥ÞÏMëW'˜BýÄËD=ë=¾ÄÙ°#}Ë—¿ÁÚ‚ÙÅ-(J:~„I2Ž›¨‹Îye;O=2ª¦áË!ûÉÛ=í¸Dv˜½¸R}âÔWÊ0÷{Z2½q5Ùña‘VŽÉ‰nºvYâ¸SŸ9Q} ãÒ‰Án$P|áòpacÔ×ÌÒ×7Ôu$Ü£oû$Û¤æßÏŸ_j;+½c´õ'K‚=m#/w¾ã=Ð(K øì=Ιk9¶¸ž–§­Èñ06yÃÐA{‡c¨]óp¾ÑãL‡®<6”Š-÷ÄÚ×pó´Ûô‘aQX×èeŒhäGEˆàê¹V ⯎±îd¨¸¿Wô#TµË0y÷Nkçoxp6 PÛƒçö~
`a,ìÐ)¤T+W·’°îƒT–x8¢¸VOöê åÑ|h rÐò°ìª‰ø1Fh^$,#›_ï//úîþ\†úè»îˆ…!Y¤?²Yý±ò{f‰>§e…*Œ~%/«¼,¤Úv½Ø¹ßý Zu` ¼Õàã¦ý,¯düÂeS®ü´h¶¿Ÿó“¡^xžOŸöÕaÅ=J>º2×c‹{#c%ÿ{ë;®>Šz ApÊ¡­ñ$b9r¶ÓScUSHù@Ÿõ‹¯óR“Qâå¶ÅÞxŸýŸ…WìõÞ)•)ògØãìª
qÈ·³½yaöš¾/v©_ãthX$?àï±Ôœ ÷õü3¥LU'ÔRÓbŽ[—®!ø7]†¢bÒ-«cÏ÷*[Ã5¨1|I!Ñ‚À0ã¡$;d1_D¨lw]‡R>lV+«ý¸Ö'¶W]ê~5hAdÅzúHÓõöŸ§Üƒ>zòs¹wZt¦¶ºpîEZþ@‰I6““ü,§wF[àÎHa>ãÕ¶RÕê9œg'0Ãxµò5sFv‹MõWŒ9tÓ@»”ÀÖkÓã–œ0ãIZzµÜ¢õsýs0_¤¨§ÝÓ|µç–6U|…DÊåBv1ýñ‘áÿÍÍ.Jq|ßV.ݾ‰Üi[°“âwåÅ1B½¶~[œ£§BC/°e.‡•"\†ª’oĽqÝ…JG~7
ª—ÿÛÄÑ¢‘€Ì—Q3éd©)^2Ì¡<8ŽŠÌ—ÄT¼ ×MX8¨pÂv5D9›7šŸå‰[email protected]ç€`€~õ=(½|Ä#úå"$×£÷1ò°â÷"=·+G”§Q ßö\µ8*‡Åò‹¯†¤kŠS\i\€žÀÉG1cZk‘ÏÆpHà.ä ˆ¡2áQla¦Dƒ’ßb ½£V\/䤯>ÝÕ
$SŠ-~±`v•-æX
³Nœªzdg¾ìöÚÔÕ–»¸Ân®](¨0v~\Ã;Ò±ºS‰ªËáõ)Ç7÷¥Mæ_N,$TýB oYCØ=àECŒæoJu™\‰VžcÏ€¶J‹ÖÙ;£¶8¿åßÀ+nBßG£#¸Ý‰@­˜|Ž¶Ì·’$
¬º8ÏfþàÉ‘ë(ío‚jkÊ°U*)%i¤ÍøI¬ Jµõ¡ß°@ŠÞV±èæ–:ìýß
 »µÁ™=RZÎÌ.+LM´tdlÏ¿:÷ËÄäG(FC…6Ú*t…xºQý¨‹ ¥hpR›ço×=Ê‘Kþh”Zpß‚nM´OzŒhA?Šƒº„æd5v›½ÒïWÿñÛªo4xNкÑG½†—qèãÒw]ÕOè ÌÂîf'eõõŸ¶èÉ °f„"Z9„˜s`ï—¹ŸÃÉ“†ÀdÆîŠ9Øû5?Ñ8Ú-q`ªÛÁ
MiÀ MÙIt¾üÌ*R{"^Å$¬ |´ÍáÙPúG_j0R`ô<j¼PCéÃa³±¼)7~®¡x
¤4g¶h‘ îÅ·ÁŠvâDkVššå°ç§tán%Øô·MC/#&$Û°¤”¬rpÛºÉqÇ ZÇôŽY\SC["ˆžž™ÇÎɺs ¹—‡G—[[ŽT”øÐüT»‚>©øÇŸ¥= ¦ò†¾ÓÒèé©©ÓɶË÷±¸µ©¸Ô'CΑfÂaO’jŽ—Þk›sÖ¸‚YË!à+o"ÜJq>Ös*¬êâ²¥}oÌaÙÅ>yR½/%ymKEÖ{çÇœSx7ŽÀC(º{¾[±´{¾«%§ îL–4¯„¿RoEóDW{ÏɾžóÊ*¤"™ê̪þ12øÚÔbø¼ ˜ÉÝŒ„οÏFF¼gAT7WÊ1„Q“"H|r½¶ã8’þ‰IµáKF*­ÿL&Äü¿2Kî .¼Rk¼C«ƒe ‡»xé)ôª‚×iÜq›[email protected]ü%hþžKSô¦|W+m§c
9OŠ¢¯ÅöŸ¶|žóª34И,Ð hž9>?¢¨âž4úóУþ,%#ÄÞå<t€o”Bùìy•µujÉÏ—S¢Ëwdž²¯{Ç
 
:l€é3ú‹P;H pD®
WþÕkiff5{ÏL:ˆËY_ÑÀ„—)…
ý*Ži±Œ"ènœïÑHå¼h{2ÿñ~Nàùì
7W¦¸ô­iüõt7¶QïŀЌïbƒß'¦3z}kʾWCL±&)R=orÉË°D›¦|¿ë7
0†z¼_Š»n.¦ÌF×<Ü=âpR÷€¬W3„<xÝ'vïv¿&âýjŸÿ„ì3³V!ìGn(èÐÿ".ïà$ôI$yÕÑõ-^i¸^°@‹ ÷‹§ò‰²¯Øx¤Já0«ˆ ›á Š4<´ö(êÉ짛rýíÀ·üQûÀ!ŒáÐî"»NNêHº ô±l£¼â(Ø2:Q{H'¸*¸Ånù ±üÏ\škù#Ʋ¡#÷Hpæ=Ísá•@
E¼z4u ŽÝeO”\תõ§ÿA»†JÒ¥5î„>gYSšH™ö-{$ƒÈ7źŸ¥É­Á±Íï÷=•[email protected]'‹³8#Ùö˼©’€:·Ã¾5é¢Ìu< üǦ‘žT®ê#ÊâÑa¥[²1–ð)¨—n¼ñú4ÏbSý±/,´­ã›‚•å8¥¿’ˆ»Õ~‚âHÄqâ²ìÆ8Í¡A²}†Œp·aÑâ'cŒ„€¤ù•aØqô·;òG³Év®ÔÁñ@O÷‹é®Þ–ÒTzèà%¿NÅèS—¤ªžŒð³pÃA±Ï¿ÊÑc«ê
ßNü ฟ2t±Àmcê8ïEÑj"Ò«‰%%‡G/‹Êû_ïüÔ›™?÷ò½".Šd;j¡qä/D%’*¨P ³Fj
Æ’yCÃ%·ºF~AfÆØç¾Cmk4àô2y‹Š´™a˜üI3Àºbšc…'ÿ+^$æ »@y !ãñ95rLAÍ–Zå˜8Œ·Þ}È
1!ÑËCGE1r«ÊWH·¿Ã,º‹¨52-(µY¿vÚÔV5%Å˲NäàÅ„%Ïæ†Wû92›¥£(åò?þÁx‘¿õb=÷|áo¬häÐÇBµCˆõk‹[email protected]¶WQJ¨0ŒXQŽÐ¯rèé¡è¬XDÁ?z€keò†‡\Ö¸eÛTÂÅßãˆå ,
ˆ}M;&n¦—8N&ªƒ[email protected]·µž¾«øcÆ™bLê€r
ðrMñd-ÄaN 2CDü÷GRp!Òú
b§Ïo÷"ÎPÅ%¸dàÇCH’%׋9NÔsÂÈ'¾ª¥céo§Å
:Ÿd
ûû5J[ÿ»Lût–Χÿù°‚Š‰ÑxŸ“»²êî¾Ñ¶E_ªÝÕ–rÿÓÂ.T‚ï–¤ˆ%7ã²ö'Ü«Hi»[±BÏ®?dè˵K,|LnV¿Em§r‘Fµ¨La”#?µ_r/Ejà÷!ñ^*Rò?c¹¾Z7Íc›þ¯TQ>’ÊÀ dô—ìõ [^DGÆdŽ‰ `Œ+Ö-ƒ®ýÕÁ8w-€ôk`׺øüæêý˜
³tJ_âTâû­‰ kqÿÈ©áhÐDYn¥W2ÏIéŒ Ô„G¬\ˆô†à†7QоÊuK8‹2ó~ßzÈCÚm²¬ÝýÈ(úЭj˜Ü–}¸^!7é«Ì‚Ø>~ÖŸ²Qå@‡<¿%’zöÝ2?€}Äêþa—o¨ñ§–Ôµ€ó¤³‘PõfÊn&;‘*ác|HGQi›‘H³Cæ$
½Ç¯DuÇ@ŸX–ö;z©,e³[±©Àk]í!W¤×b*ÒIU%lpãÁ%„§qåYËßÜw[Œí.²»;O°W¡ï5}»Š‹„¦Ã§Tér¾ø¸t+†L)…¿M•’­H‡øÍð
¨c¨nX­û‚¹ý~øùßzd,Vé®=±²._gøάiø¹Ö&Y霬Þy¥B‘RË7!‡ QV_üVIÄ9ƒ”-Ú‰¸ôºôWa—(øuÜ­çB—P4 ̾èÿ§ÄD¶™lÃi'ÂS?!Y7¬ŽõÜåkkACŠ›†áXs\pØ(•e™„AнSw’š-ÆS“¨…¢Ò>¹Ê‘ûÅAÆóÌHßçç¸ì0OÞé÷ùˆ[”?½Hø€§‘†ˆm
*5¢42ÅŒÝõ›B¦P¦øÎ l"ôÊ|O°¸ÓûÝÛx©¹cådÝ„Š™ E–EbÈ›®.’k›<³ó¾•ê„ô€a©ÂØ,™äžûq¾ÁþlháÆäŠæŸÿåjÜîñ‚?ݘâ_.þ"p(rT ÙGÑø<}Qµ+
ç\Ï,q1îM™pêo4Fÿcâ-ôBæ—š]k–då|QL1©ª*V¬ÝÄ{¿¡›Ÿ›ZNÎìkámIǸŸïV,./*ý–ª– Ó”d#‡€Xɽ·ðŸHLµ¸(lFÌØcvym·à
=t촌x
‰ÚŽól§Æ•VÓ¬ÐöýhÌ/ja…—äŽb Œe_ÍC:5b:!xš›ë€ ®Ù$öñûÌK±ª‚}¿ã@ªS…¿ŠkDØÀ6À[¼fƒ· ºînl\z™ð‘VBk–ÝÊFþ3ç'£ †¬€t…FÜ™0}¹UG,}.çZÙà­PÚëç&›B$â
$õx™I{©üGÖ»/ Òæà>±a¤Í^ïNÔÆÜ
y)sÈg5]ZJ¡†Î?8zki¹bx
µjRƒ”ü&×´cªì]ØÙZ›|–ƒÒœÏšI/S¯¶?¡b­ÙŒrA,0 (ôd‹,GõýáœN\ýAÏx¶)ȸ„¼ >3³¾Yb“Ó|¿Ò(kªá`Üï™*ðDbÔڃ#°›hi®ÊVeE8šÈ1)æë›/}ÞÂ)ïR®Œ;–p׳7—cXd~K czN‚i߉ƒ„Ä鯆^î{—<PUçÿâ­dîĈT§Ý{"ÕÓòwÆ£b‘‚yn‘‡­¢ÒG!
e⌛ŽÿÞiVTŸ§bVáíe’H=s‹ÑýC²çpïÖE}¨Pø1]äwÚ†CÈÛ îÐd¹­šÚäéä'QïPáP©³ñ€ò¹aƒáBM\±0ˆ\
dsŒkˆ¯»IîþΘ'®fÄ==Ö-:ÚW•ç¿³sòQlÔ¥Š¤á«–UûÆÅ:#¢€Aö¡ÿì½=)mˆ~e'eto,1·>^ÓÙ»ÍMÉV
”sÛ)*ÞœBð¤ÕLNàÛ<O€˜à¡g¦ cïu°-tL½¹Kä)B¨S Û_§RÕ*ׄ(No:‚Õó^Pï}ÊQè»
7³%ZfóÕLpmðáÂå.R6Æ94:~õǪ¸RJ·ù—…0aYuñú†{YSVZñœ]>íÖ[-ÛëN),Õ…Md?1ð
ã¤üŸ36{´>«€Î2ýÃË›Û6"‡Å7¥ÌïÏŒ)Røšöú™D{PwR1ëÝ
x{D¡}ÿ_o€ÃëS9ŸcÒà Æð‘÷(èŸp¹ñ
M®«béµ¢¦Örš[uàwªÂÔHìjQ¿S†ž/5}&÷°8爖ȦG?Œ›ƒbîhT±Š×)ªß’kÆ:Éa[4sîø³N5dÛ5†M¬ ­Ýrx陹—u
Ž/>|u†<@iô¾/¾MÑ{^•Y¨¨ê•=ày€­}úŸ_ÕáN*>ñ»ÓÁ#×qv.à.2ÎfÙœ{x©Pñ\Që¦.,1Dý’§ª?Zu›xÊÎO¨Ó] dO „XôF£¤)WZë[email protected]Óþîú@ïæ!=L0¹ÅãÏ÷7ùªs1€êÆêO…Á\ˆÅ÷œ©ÑžJÆ{`hM>èI^(îÅkË””wå—4îºâ^?nàvÝP qÎsbŽc7²º“«=,kBáEz„kõ‚ P{õ ùbéð~à•–c6|–ôýeºµ‘0jðYˆíÒ¨ë’æs¼ó,×e(ð·‹eS†%ÞQÀi¦¨ÀÔ:Cfã®|dé!˜Ïlº)½×0$Ð6»ÆüX(é_š‹J–V,ÒÛ@Ïÿ<4G«§dª>§l²WUÂàMãP/ãxI¼Ì\
1(_ w¤^–¼¯¼4GcNò>ñ“¸8&(ŒÑÓéig=P«¤é~Y‹ ñdÿüBG¡ç'-úÆ»ÈÛꟻ/úÊO×5^\w\Õ¼ömµãþöÍ
c_‚ƒCE
ø¾e)¹—#E1ïEyƺ4÷É,Z)¿I ¿ýŠÿÓí`.¦t€wÆÓ?æ)Í_6hÀéepì­Ïôdoé[êM=Âü‘(ÈŒC›Å.5}?ÓŠÝK.ˆ{fÉ ^²és‡ä° uŽŠ¬L0ø­ž·•Vä†ß™gyA‘Û4_ìîWN9ÚÀÇ‹"õ|Ô`ÞÚ?ðìèœçM³»ÍdÉŽrEÈÀê* âç¡¡ðˆ¯kLÁeRB\oÒî³ÈÞÿ8*l ÷àg”^&5U¼x\”²Vj
ĨÝåYÄþäp{}ªUÐRN9ÃX?ÆÁP6EYùq¤rÁß‘HuPLQãQbò1?4!Ù!ò;Þ»•¤GA.Poê|Žœø‚ =:&%wÙ»2X¾GÿWi&\sÉTæOçz0“<ãÍè#¿ç¸ç«Vbu˜ì 5›Oð1»2€H¥•ˆNÓ«Vÿà[email protected]œ5˜ûöÔ,BÉB¬ûÑšä¶#O1ârÙK=ùF¾ «¦ŽÍ¤—Îfà8Ë%å=¼?&WƒÁ ™å"MŽ›©/¶\¾fãù}¨ü&¬§´îŒº1„™PÜW[ã2&®Øq}€ùéW²vl æ=6þÑaX ž³Y¿ ˜
–ÉPÒ7½±D?‰1ä‘öû£
ë"U–*Õ®›1âÜ]Ý÷õ›$fÒ|œ I׿ÝON¾ˆZ9~«¬‘] Ǿ¶÷­x÷Zc«£ðM'Å5ížµ0[£zÚ,Z¤<n±Ñ5¤>P>l„¢é<?PÔÇÁ`#íÀ”‚Üy‹´LbŸ4ï{e¥ì9Õ
B4’ÕÀ„ºc­íö˜ò^ÅÎ`Ce{¤¦®Óyý¶ü®Æµ,3°_Ñf5³Ûí/¨Gj_R4Xx'úô¬IH<ˆjø®N‡&1 eßµqˆ½ð['®ÝA3™j¥ØB+_WšþE .{:ìªd/ñMÿnYäuÓà¬ûèÍ/®Š>IjqDéžDuÛÿ›Ñ!Yx¨|_׆†0¢!‰Ï?€ÇT¡…ÆsÍ6lŽŠ—ÕŽÞ"·5õ)jQ¾d¹5$ÃT›kbAŠø³*H¢0÷`g¤ÐÚÖžë¯â×;Vè³8ó>è30)á'¥{ÎÉý¬Yå\O«+7ÛmLÄõÔëÑ~4³›ibñÉZðé
˜¾ö²)s*y…ôšïSI˜ô¯wÊ×júgNDe74Îñ^ÊóXNÎÍz2µ¹àE~)ªóöCŸb¼Úå="^3äàÙx5øPµ¡‰…Ò@
Èb«ÁÙGŒ§IÝiƒJ‚Pë2¦Æ] È?Þæ¾"0$}CñÊ—¥©C†]RI~:R¶Dv¿ýqÿüã’m§€œT¯-Ñ°óÉd·´´f÷£.Ü8„TN$[çtK³ÅI[½”°å&Ÿ×Š$ÝQ¨¯%u,‹Œ@Õ˜\•§Û,Ž¸ÝT›8‰È¸]X Q¶š¶
'/ü˜õÔ­Ùe“µyܺÛçž´µœ„ AþéV¤K®3ôï0‰Ô¾Á"Ëz6&0ê6?æ#=ûUÀ´†7–mW#><Ë
ië’`[c§c º^
WTÎXRO8º‚ë|ÈÆr6ÕdÂ-)ðå‡EÚATÚx´8n7n61/jS.3ƒ£O«µMf)®XC.¨¼WÒ¯-v¡Þ’îå4°òÒë@ÛB~Ø7
øì‡l¡ü§V\žTA¼ÑV§ in ’V²CxUÔ´ÓÖìæ“"®yf~çüÌ?çÓ^?ˆ·'Æ mX•#jºôˆ¦‘sû¥w~c¸óýe\£ÜVÂGŸü|ü[Ìà¹C6oclÏð b,Y²nüégÛNðBuh÷q9âIÈ(')…üÔŠ¦™™ .¥S׆-ì3RP?5f·]ˆº
øC}ÐÈ1–…õ¯2
ƒ8ÉÞÛÉ(,2 Þ
ÒÈʼp«EZÁ˜#zoAÝÑé]%§î¶Ívîã­‡ö.„t÷!di{É~f·øÞÖ„¨c=t“<hÃ¥Ÿ~ET¸<ÆavÞ²­ûû˜Iua©är®û‡Žy×>à?”c:D)‚Uò[-§”Zyu{¿ò»sÈy…´:À•‘ÀHÜ]lZ"²æ@AœtƒìíÄ0ƒ”˜…˜P#¨5½ÒLú4V·­YøŒn(Ÿ®SË#ë+½h ^?7!ƒ½ï=¥ElÙ6#]Ù;XŒyŒÝø.£#gÛs­eÆÞ÷_Þ}.]¬n]k{6¯J‚:%º_±zP¯<b'-ñV‰!êÍe"O?ÔSkþH^M!NÑ×·•9Ôi
yb‹ÞíÈ{tJ:¨£õÆÅzl2ÍäÝhY€×!‚Sm h–dWâÒç*MæÌ)蟗ÄC‰ß’>lXÕ“Om“i+ÆзъۢhãànL5®¼¡0yCRQË
ï<§¸íopÜËvˆi7Þ×ÔÉTwx<fy›qÔðì‰i+™žˆeÇ„¡±¼81#¸oÁð—³sU&suuqûoÌÜÈÉQ>[email protected]Ž›^ŸùzI²ôûJUȘ
j–€|NËfÌÖcHš0n?±¬M¼ÿŸ«–Z†»Ö”ì·(vl²sÅ|Ç•Ÿ÷ã­‡úH½á3B.žWä´%² JPstÝgœõ`ƒ_ k$»:b•Nõág
²òE2Õq`2ë*ð¥ªÆÕÀälv×Ç>ÚªÜ,§åÚd€…¼%¡9t¼ë(yaCç&@g>–Xa*Ò3ý¶F~´o·*1+¹ÒX bMÒ‹'p­Ÿh"¿Ùï8®F-Ö`Š¾ˆßo›äu©Z­q7g*ŽŸ‚àÛ·#>n0߀f›õí<„xrAŒ§«œÙ“Tqq&•Âz„öÇ+»HŒy²o”4–-$fâJÌJƒO£"j§É(«Ä‚º’Q‚Ói¶øµ=àøÀ©ZÀ!#—¯t®¶ñ'V›O:%Œ&[AßZ˜¥žÊ=ºX¥«].ÊFÀ`>t&‘óú¯ì5 ˆÖbd_†ç!¢ˆºç¤ÿ·ƒ{¬a§—ˆ‚C5~wÒ‡—â¢;¸NŸ¤ƒéCñϳXúŽ¿¯–4ôÚÀ+O.°”
BèB.s
f(@€Ÿ–m2‰6ùäBsQ$ñ°uYóE²6–ÏN0¡þEœ¾Ù0ƒL.©ª"'(ðÅÿ¨>ŸRZ¾ñ T>»ƒŠeÙž§1xS•–
´ãV©gÀ•±VŸßThÚ('Æ)¹a ‘¡õ+Ħ¼[email protected]}öEj AšujÎú5Ÿ²é­â‡e{¸¯fq¤@ýy·½Ð<sz¯}« CÇVÁv±Wò˸‡KÀ¬‹¼ˆsٸ˸²r‘3|ÌÚØÍbdww”GüâUäó“êîZЛC`𤜒ÊÄ2‚“9†6Þƒ6ÆŸ?ýµ¹GŒQ'5{ J>\ì |K2òº»(=ßE s*Aƒ½×/ˆÊUè«Læ^{–À­®ü¯·z“Û¿1XÒJ‚3¸þð«ªNï[N^ݵÊöúº1]'Œø
+êÅ(ó¿ëó®j[DD,#Ôë3¤à'ä‚`ËnüsˉS±ûz¶¡î3Iå7sŒsX‰Ž`Ž‡ÅzïGKŽ[dàìÑÀ»U8ÁO<üßoÃû³Q²…M©jƒŒÀð7åXb¬ÅÚ&Õ—íÅö¼e¦ÂÇöùë£)ŽA澨œ@)Êw°)Ô
œæ º UD^8«ãݬ¾TŽ»/&’Hƒ-–ÚàP!ÜècÐþ<ñ·“ õ›C­‘±OÙe£"ˆiÎ7K/ƶ¿øÒÌ’Nñz¬ÅѾÖ&NûÔ¦WîOp´éø^#º€ßÃ…çN׌ÞúV ¡›™áÉ~&8’E8ƒ°©#è6‰F8¯
‹ºõ¶>Kj³…(+ {{(¢›f­Âª=
+xkÑŸ¡:U«4À·Ó$Ã
,Ô²PH)ë
‹úRV\Þáº9Cé0óáVcWàí\j¡ 2¤Œ¼UÞ±B;øXa}›ŒrɵhzèB­Rf$‚: GSµ$É·k¾Z;4.¿5ÖЗMÕÞÁÛ¥p_7kGWæ©Ù$þc>±|Z±åù…°7NlPMn‚˜—·šh¢
µW±/îù§¥øÊ,™c|`²^>W¿;aïÙpöØO¿þêÁ’ÎFOÄÓOqt£
ño#…ÎœÞ"oT”©`¿Û‰i]8ø_*sø,”QAå'&Ña%VÂ
¿­/`YU:«¯>ñ‡æg.\CŒ'íéÛZ:á3õæVêOqÇ3s«Áœ‘˜­¸xV‹2¾øLºœ4Vûî$¶€Ñ
<€íLÄqrœBݽ-‘^F~Ñ«5tÑÌznÿ@¨`8î}
' b¡§$Ü°:š€¿âQ”]VÕ/ “WÍR$„’
ÍYØ\}\ÇiI4µÑ{ªñ¿„ìÑ86W68ýíÎ6eoˆ<¡ÙÂ9S7?›‚[šnJÀEa_YìœÓMDýd>é/¦ßÎæسwVÛqõÓú5_ Ã
eÎ`3ÆÔËKã[email protected]ÑR­cÖŽ-4Ø>ÁfHÙ}¡Öç¹Ìfs<.“’®M+¹˜¼šØ•³)Ú»Ú"g€öjô‰Ûr?³ãã2ÁØoefËÑi茵Ûg±Ó•]Z™-9Ò÷É;ǡج†´Lßxå3¬pÅ!c$ÁG–ÊܬØBÝÉ|Þø3úóóúÄ*?, SÓ«i§³k(;ô«—X¾^¤Ã{N³ÞÃÚÌ¥‰YìM )ŸæÅq¹ýC°X¸³’þjÙ5£¹9åûE3µg±ü…´nÝ;¬ýs [Ýñ¶²8ú’ǜˀ´]9…ÖžÑh’Òë÷N—q+ E,gàåõfpó¸[èrÁÍ?Xãâ*gQç\(B{T˜ß¾pÛrs¥YÚï÷
‹½0 '$h„ Õš°@gžÛ¾Pžlóª—ǨÕØÜG™?dJ fÇ—dO`jQ»Èœÿ5\×P¸Iék>I-Pó˜ã?¤­Uꢃ¶…z9½ÁÞ”©ÝizµšTº\@/‹$þ*ˆÖÜ™º×ð.Œæù@´
Ñv3mÙ˜©ÔÍ¿%&aNu8ü${§²h)ï6¦Ìœ®™ÙúÀN«ªgäÀ 0笈ÐòK)]GÄ3Σ:ÛaØ/Ïò¡/^Pˆ=æ4f“ûx¹¹@wá
Α~ÞmÃJS€é‰}¦ñædÚ˜ªÖ´D™èj¸L
˜÷ÛŒ==>Ò1:‡­>>°Ë^·? R™¬«P‰»oê,
{½eœ3âíþéZßoJoOò…5OqT?îTwÇ×:]GK™Èì/Ø…dß +Ýi´Š›R\‰"™Ëö?l€ŒèŒó•Æ­ÀÒð¥ité+Ï‚‹†­þÖšJ™¡þìùr˜ÊˆóÑâ?<xsÕ“Ø>92Î+âéÌs` ‡»/Ò#دV’Â!qUZå
æ‡bÉS¬Ÿ×˜RM‰ÔºÍô\‡e±"¡þ(È~tc#–8ŸMã—#tž³±\yëzpCÅ%Ú
O„ÿp{wÇ~¥Q7Óø£¯–^È/ð-çV«°ïN£îôS´<bÏeYIÉ5ĦžÇ)Žã«E™Ãq…D½ƒý~3öïŽmÊ—Ôùh‡dë(¦vô_ªÁ-æE+ÝE8¤Ù¡tv„Q1G 1Æ@“õ„+&øÿµÛ²½˜æÉ(»ß-®ep÷VöV€øùš°öˆ¾44U^&—JÉAZ_}œj¨)Ž`œ™òµ¨Ë(µ^J€çOÊ}u,oD¨Ã0Œ´ûmDñ~ ©b‡Ò~À®-òõl)á||Êt•¦@‹-àBñt2c­¥¬ðó·m̺ !ŠIWÞ(ÉUQ ºb˜+Ô™“¨:+lù¤q†¼gJõí2)ç#
+g'véκÑGºPà!Y9w"Û†£ÍÇæþžÉÂ`^ù,ÜÒÀid; º`qµÎ"®Ð™¶Qw3%s.èÑ÷&Og»/Lü59€h•I¨Í¯¡çå€Èc3Î7dT·#aÔ6«Š&¤<̬îÂúv$û”TAÇ*È{7øŒ]œÆMsZ$1È纼´âR4»FþøTNE „upáM}·ÝKp:°r«1š_:‚¿@ú‡Rt.™/ƒJ”Ô«›[Ù“àû ™§’¶~Ì!ç
Àò§Ì8ÿr+fJ½…˜
Ñ°Z}Ìž%—¾" ²ÔX…v_Df‹.¼ig UÔÒ›uzDìùa²ƒC˜ˆ6Cc±1Y»Çû3uÈn›ÿ_^”5cUm6ŸÈÀ$ê”,Œa«Ì!*©ÎQûM“_¥`‚¬ íýÕ)œ®¦bª{Þ—?î×ÊWÑ `7D-àðAöm´À©;›Ü\EÁ¥ñ€¥'ê^Ç¢*à,¿èlÄõ,å÷õЃ
cÛ9ùQŽ²@.ã ‹G¸0+à¿æ(ø:ñ\x-ì¼
×ý¦’M„Uþ^eÛ£«]`'=kWÈzŠ?íœx¿E-óÆSQfzã/Ñ 21«›Ge%"ªŒe¼y÷¼- ºó£V–¶^ˆ¾ÂÄ´aX–çGLâ%:]¶OðØ®BkAÒ êÏÄä
ƒ¯Mr²…R.N­Gbøiñͼ‹FÏF-1±ãŒ1ÿ'ýí„Ð{RSiÎ×Ó(p‚_r¼øÞèÄ–]VdƒaªžìÁma6JMõ¶ä->¡TÞ»”t•òìêoª$n¾\8¦U*…wha7.¨­w€ lê…±êêÈDe[ì ŠKöüòÓ
ƒ §'¨fãe8ne/Mê
.ΛIfGìÐdê“VnDÜñeÝeW]¿ï³+ol7NGÍþb|’Üzï§ ƒ9Œþ,oÏ9226J‚W˜‘Ò³ç]ŠÍñì –Ÿay[u¹4·úöºá–!Òé[l2¬‡¯t“m¤¼¹H|Þ¾´_‰¸Í°QeÀ ve;Ô¥ÃývoU[}o#¶JŒ-âi=y7ØžU†¨4‹ÚQ ¾g´þ•)öõПό y‚lãé…-%• ©W>¼3„”2ËÏÚ•vJüŠnYÕÎíV‡\¯å%P9š¶ÞfØéØ`5¶‰ÅV÷…báwÃÐÚ@Ù°4Â…Þ7¢o^ÅH/ÊÞƒÀõ‚ð8Ô¬„!cŠ§Wæy*µÜ)¾x‡É¬™ÃßòLŒñb˜¾.¢S8–aQàÕÁÑvT<ÝF½œÆã!r´€¢ìŸã‹MÎNF掸ðÕšaùQz‚vûëCêž•—Iæá.€»ý»|Ž‹ïÉÎêY&4’"€Í¢EÁIr» MNª–ÀXZã&B\Ïj2Á1Ž–)î‘ÞánŸ¢!.„ìy[¡Z-Uk× TÖÄ’`Šæíü=ÎJ¬ý.W­ì²]½Ii])`a 昆FƒEzMŠÙlç
tçëè@Ò¼—Áý è½Î›òmã'
çÈã˾ $±é[YüòÿE±‚)LÈjß3d™_Ô¹
¹ÐÓëMa9S!iÊrz›Ñä'Kq"ÚŒ,'ãë­
LÖ–[C…H^«Y´.Ê1×h¾M-•~Ô(V
K¥•e‚Çc±¢[HñÒö>0>’œIx:Fíc3p Š`²þ9±ÜÓ%%¯ïQ2Šä1qXA‘þªLž…gÝvL›bˆ­Êø[H)H¬£IÐE”Æn“4`§®[2ù2wæº(¯ÖNg»÷SËÇØÑô~~r/Du®}v”J‘ÓííêøF§w¯=zj&…Ô*ËY\¹êÖ>ÓzÖº1oÐCMËõY¸lÛw™
 ò§°§Ø†óJ4ËÏT>ɯÑf‹1ÐŒ&Y{÷cwi½‘âé†ì¢& z˜oTð]ÏBíU7Èo2ˆ§¥K 5vyzyF ¢4;+J4¨ãîµ4åmHà€mQÍ·pH
=,^„¬‰àÚ–{¡7›ì½l)hÞöRDÉ1\†dæÀ/Txz«"qlKìéT„|O®·GØy"¬Ó÷ÔÞê—>ÞÞôo`nÀ>Vtÿ¦õ“ߎ¦0`¯½}þœ©n2å,•ÒÙjÜ++¨óáŸÀOC7¸lOúÚSO!w;¶1a•­¢{η[êŒ:©lan÷¼¥”Ý~hà@¡y…'?ëZC;C¢D÷<ð‡ÎØ?x¤hŒ5v¦ŸS½Ÿb^퉆¿Mxh à±^û¸¡™e
gl12êÂRC´N|‚{z£8Öª·]‹µœ4„<øÕ-Y˜¸vá78Ž'
ph’‚tê!îrä*üÈç*‹_úÅ#mê­Å©’
hdN+"îÔÝ¢,{‚Ÿ#tÏ„ ¸—#5€¡²{ç°IwŒ´Q'ã!Û3äÒ§¨^±“­¤š(ió9 •bEQŸWˆSíCDaÝ|%Ükõ_¬G$¯Þvª6½>ìü}yƒ§¿ð×Øøn;(ÒH–yÇbç§?…ŸS6c¨8C?ƒ›€GÏ[/–Í4c7§NAňÃD¢!ô7ÀŸˆJ*aò/_sØO£„'ï/6fM£ ”âü/[¸Ÿ“èM2ßK
0Žöìýß7~Ÿ>_'¯Ÿ¸ÉâÈ!®z«è›eëÈ$‚!
bþQ¢¢Ó(–Tlé·e»èÙ(ÛQÚ“GL{¹K¼a#×< uýƒ7kºÍç“^á؆ °B/{}ˆF„rÀÇV{u¸0÷ØO¼Wiå­ÁíuSàÞo¥Wß¹]ý7s5‰UaCõF/{°ÌìÛƒçÀê ’LuÎD´×ÕeÈ•Öx®Íy`•ékÒs7$ÚFq{w¦/µX?«kZˆG´;‘žç+ͺ³ÁŒ¦«ÈM’’2+=o™š˜¸
jcã ö\HKvi­¾²Lhï/vÁÍ…u™¤ôÑû'(û¢ ÑÆ\@ãˆwcW’tÙÕðQ²Ú×â5ï€÷Šô2²×N²¦
ïÔ¤…?LWe‰Íx+ÁY÷Âãb»¨dM«¤bUž‹Ï¡¯t‘Ë
Á†âõ6ƒù«’Ÿ™¦å2òa%ð¤É‚f›6
³\£~ê9¯ÓönoÇz ª*ž'{)>Ïë~ÞìÄÑ¢aXsÝ<”âwBŠÛ"6Œ,h:âƒ9ŨÓD‚Æ@ÊDÐ@öò‡åÎÀæRK<*‰+ TlI;)áüáÀPËôõ*ÆF²2oŒÀè® ÄÌ8 ÖöÄ«ö_Œ!¶\ä
Rúø<[|ÀÀúødWò_Ú7øB ¶[†÷O{ˆ#‹Rä©~qÆT„Ÿj°ÚÄcÑ;9„cdb1Ü­¹v©™´Î¢‰‰
A3d—àò¼ÎRƒ(#€%ý½ã-‡UÂlHÃÝtµ21¯N[Þb 4ºÙèe[~†Z ·q?Cz{A¬ÆÞž9ÊR…ÿùº¬²wªþþKñXa”Õ÷
>k#û`›ò>Ü^)B$Û¬3íœÛ*®¤Ð.”'”eÀÓœ#¸î
µ`GÄ-ëz?ëG”ÆtÙ8WOÿe=pñÒ]ª/f*­>±’ª¢
Ëç¡! _È]'<¯3¡í`þÏÃa€É‹½„û(‚åA÷WÚXÏõs°ä>‰ÁñsŸû9=‰8Å=öÃ*“P“Òñ˜¶æ=^¬SîñÌÃÝL%V”ã­:çµÅ©åënDäPÏtZÿÈ_rWKtºªwÓæÚmÎy ݨc1üÕˆJ22Ù\5ÁælrõjhØ}5—ñȹ‚ÙÄ»ÚÛ3R\Åâ™øRØs¶‚<Ûlë¯ÞV( Tæ2IN^lž$…¼îÔ”`~¥9CkÉ!Ý
l®1FÜ•[Ÿ
‡“~q5WçŽÞ†‡¬[email protected]Ïpê†JÍ™ø€ÿø`ˆ<øfr–5ÎïeWž8êñHHˆz‡S¾9WY™+bŸ‡¦”3^ŽÈ ðq#¿¯õÄþpïÜ-_ôu
ý…©3ÓíQZÃ+Bº‰¦L‚TÜâ^Ûü´,˜ª€–î÷ÌJ[X"O/tT9£Åcçöôh›SÁ÷Þ0‚TŸå¡O‚t[ßmðKÉ~ãu÷ŒÛ¡BXmE0ñ ‰–ÂCÿüøÍ뤘x *¬(tJVû«ŠŠe»–uZttã9¶pÃtFó÷q‡–T†AÛ2˜/=GÈ
bu#Á{‡hÚ±63Y°eb½²müõs^~ƒÅª4›âÉcÎ `ÿbùhFöP,’+æç¦F ˜™Ž±aÏ|Ûˆ6u¦þ=¢$ß¡‡ÑéÅ÷䞊ÌíPööqdrCtßèØô”±~yIL¶³’j¸ë¡ÆŸpB3¬™Þ‡ã$í“3T°1«!(oCC
óf¤âQ¾”-U›>#rzcÑg’èòN:ÀqsÂD –Ú·>Í`”¨EÛ£§Êfî¢
0>+”EÑ&mõÐ[ïÅ‘üÀ}>½±ÙrŠŽ•ä>ækQ¹nKõ³D¨‚jç°*Å;Tÿ/Rx^`“'Ø: 6%Ÿ½3‘3NïSªÄóxUêÂÔ{41
éHÜ;C73Õù6ŠÇ´ŽÿßÏ*¶o·æ±\ÐçR(SÅàÆe#2l,ü¢¯3¤ð_å%'ù}k¼¯4í»‚·[‹GBºÚØ"¦.ÉÚ4±ë!ù!^Û­™¥ÓkÿZTî-t§×”½’°kÍVnè‹œPèüHÌÄõñC&iŽ=ƒç3ðD% Ë"µ‰>ßaôF_žìØê·«8‡'êÈ»
èÙ¸šO$«ÐÃfP#5}Þ|ûÛ–Õr€›d¾“Ýb}:£e(µ[Õ_XÞR¢Û”Y&m¨SjË=%0„uçFåËbÝ¿~OüeEøv="£Øf´Î# %iK“O¿Îh®ÛucTJï?Oš1ù­¥ðIk•*cÀ±XSà²È ÒÀ‹vh´Õ'ºýÆRs"MÒy¯ö³kõÏ6ŒŸR`ý2}8¢ËÏ&E2‘±¯(»o´F=j>8¯Ó*d½íûx_H&}ôz§(Ïx¸—|Eoõ}<ÖÓ5™iR…Øsi¾JgAòæ'ÿ
£?ʃ9°L$+«*)žÒA®ÕÜaÆØeöF>+ä?€Šè±_4ÇŒðìø‚õ–È·Õ©Ò‘5|³D)â:2"tµŒñPßóÄÃ&S}øú@ˆû=)Ø4[öÐÏ©˜>PeŠë—â¾FñópÕ6tä!Íyµm èg £/Q¶êw(Ja-¸»qQ†ÖÈïC?–}¢±|d?²°SŽn¹c®L³÷¦˜WwH²ä‡Ç)uçšDa6=?RQÒ2´™úT˜<úú®X’Ê~UV”µƒû€ÝEÄ™§’€û…à¹''eÙ'[>ªÊõ“ûÒõ/‘|½c›T¬Âª>¦¶ŸãJüUIã6òç Œ0RH/#Öã]¬£Â`D­Æ¾¶Ê—ôeÓF:Ѓ?½qÃãb{ûL.ÔR"b€ˆøuîî"Hå'=›¦:‚ÚÆ ü¿pZa!˜\Áko.]¼)Él>Wä`wÙyYÛ±ZT‘—ew髱ì¦?-Z èÚ×ý.(ø¯Õé+–­´Ê Zus}½‚K´Uk¨˜y&°ï"âüòŠHt·ÞÎ?›Aà2µã¥N7’ˇlI½LóòkÆÿ_Çö¥Ú²´ãpÆH£ó¿ºE¼fMH¾ÅÖ!È€Û‘CÞj\HH;ïëS5ƒ:ú.úûÉÀMbÈå!]Çç¦ؓÄ*e:óaX9¿CU§¨»ôèÓâó-¿³¬¼º(¥ÓÒ
$±Ü“å[email protected]¿ ‘Ѫ·¿öPvšïŠžðWsRnL‘=ÎèFaCK{» ÌwœrÎ1ÌmWæ-ÊT]¢6ÇdÓ³TGd“~ŒØÅU(âË1tm·ƒ6p,…t}­¢¼ ‘–,?½(_·Yµ¬ùrñÁ˜ûÞ©“ñðæ´Þ¶:½$ÌÜ|Š" dV:"×ÆÛý:2Ó"‘® 86yç Š G$‚äõ¶D¹"eiòþ
ƶš—ifS˜óœ‡–j¶jÏï÷ Wüý¥-ªNÃJÓþVÄ>’Â#ûnErk‘¬êh»žînôJíýEäir´öS
 
¾dÅËé +æ¶@QŽI*à qn'£Ð°“[#Z#(‘DÈ=è‚} ƦêÞoqæu|‰c¿uÓš"ŠLæáEáªÒ×q*»‘YtmòåM`ÌøBáò÷¶‰¿0BÅ&”Ÿm @¸ÊPßN$V;€qDY•ÞÿŸ?ËÐó=$ ÿjͳ±„,D"-†¸äs£=|nì2}„ 
]VýŠ®Ö3b{
e,E ã é@¢|ôZX:zn``Åï—5Eu†þd^BJd]Ç=ªöÌpPÈ7H+jõ[\ù>®Ëæºþ“ÐS¼†¢“S™vêÞÚ^ý’]~˜KáŒ?F¦¾ÿXåBújNFŠ`‰Òc¸œÃ
†s^÷‡$˜r>Um£Qð¦XÁû_ÕêXضw[r¿>j3KdÖ“&
 óHX÷*Ì«7ÔÜvÖ†:v¡–ÔŽ÷gÃÝ‹šEÔŒ³eªIÂ^gV.ºßñG½ºßööâÁX¹—ÙBÄ`r`ï¯YU–»×GdQG­§qæeÌÊtB~Õi¾:ôPó>sGL9ûòÊ9ò=ÞøM<÷ÊîoàãÄÔ’e.éœLؽÐ?ôÚ8>ÞãHJë°»šz#A\‹à[´-îr$¦Díàç6CdS‹.ŽD§m=ö<Bщu(¤äÜ‹7òÉpgoàžæ2ζº¹:ó±U=Ë&Žð¯ØÂ<`‹ºl&®ÎÓÅÑÊ_×}ÜA"Ä¡×g+Ï6'zg“ââØðÀ·ø¬™µI#ÿö”:Ù–$XÇ\ÞN$Š—t„‹-)ú¹¥ŠÀ1…;úŽ)h—Uh)±úpÙŠ»‡˜J³¡&wÞî‘É8z˜bÏtL
‰ç¢#Ø9>žª‰™d1ÃÛ¯Sžƒ¢æØ8[ÊŒ7í…*™´a2©ZÉ5Ž~ລJVŠ[ù¤8#)÷“faÁ«%yJ'=&aÊ+Ù§[email protected]åNëåÛY#§ÍÔ²aƒ^4¼¬¦®üJ®ˆñ
^o¤Z§>yŒz©Îjü‹ BcÙ¬+s%3ßÄåaÖºnËIci}ôӵ啒¦7o E¢s¦l$ÚY
ÜeŽ>þ-™UûûlÀ½<y¬-Å[email protected]×4œô¢(Š©MCùØj'ŸÆóˆ|þS£4ýX׋Š®Æ7ÅBÚ$”ÓÚ§74ÕiNPnm3=6q•ƒ=
lŽÁÏ»r®´é&vBKhÚB'ù¯ Z«e²Ý?>]Þ¯C‡FyúÄ]õÙ¦°_÷[ܪʲ' Àü¸¨ÿ€tÐä`¿'‚‡QÞ­=)A×6F»(¡›Ðá®EêžÆu[øro\»<‹ÕÑ
Õøþô·l¹áöÍÕFÇ6T—?é’WÄ_ƒ!+&±Ï²+³‹ Ñ #ûq›Ò©,ICÂÚvï[email protected]ôåY *ĵ̟³zûP¸ÆaŸ­¸é("C#ç<›(¢Gkd-0K%ïŸ.ï‹=óB¿å=o¥·w‰ Ò|mFʨ²HIæà,?G7\T¢ÿûáï­³-dæâá¤'«7Pûd-ç
@1ûa:Å’þXåZ‹øYVèDác E Ý óOEª%×vóÄ¥Cã3ö»ƒ‹ˆ1¥bBdcèÐ)œíszÝ0é¹ëä(ýÁ‹ÿ7Eð\~ü<ÄIÇ•JÙ•Úç…9mZ¨+%?’:ÄnxÀ›9u€{€c–"qû“Ÿâ î>¦Ó”½m˜Æ?jšuë¡!µ“ëW³½
&~UZ^÷S¢D€ErÔ3Ê›o^úÕÀX1Qq§4Z¡ "ÇÉ9"ÅÞ5Í tﶅÎ(?‡à¤ SýœÛšEl}HÓÅ.ŒüŽ–’éw½”­ÏŸ;!½ý9é$ºÇ{½ä Ü©f‡syò½ÆÁ¤5³FyH OÎÈ­_tŠ!O[nÂU|}E—ï|A¬þAT€}!ïŸmlé΄K¯ÄÈkÏC¢äÕ%<–¾Tø¥[email protected]ïl8ºÄ&ÚFóK¿ÄcÇäÃú b½ÍmÉ­­&õ¸,¤àIµ`Rˆê­d[³ø²©U˜§®.œ ¹¸t/wëµM´¹~1pV-ž÷“jñ²çó#@‡ÌQãDÙžÔñ6"K€>!gCê+1‹ÁÂlRþšvï߈nnI ½Z Rîá+‰ÒëƒZ¬!èÂäT>e>b* #ДŒ2†IýsH¿ü4‚Æ+Ô³w°c2ü@7ÉYé;»ÞµÜ¢ô„?»1npœü$HÖ•ñ›1C ):û‰C’²0
óÈðýhãqË’:jØ-n-’OMûfê&x »÷ÏÃ1Ì8N÷ÑÚ üG$pä²"ôÜ%uþ„TJïØ¥£ßk±o<Íém` >Õ)Þ«HoÐL êWá9Nߥ-¶çÔnR]‘L5ßÒm­XJ¹`£¿ßFü2Tæ
ü°6°ö
DÜ#læÆñw¡åÜÅ@‹j9ÜT4¢ŽbZ‘Q„wV—ÑVî75ºõSË}¨Jµ4×)5{ óÍ“–?NÓᲚkþÜsv¬zS’öÕQÀ
–o¨ñæ?î¹óœÎ¨aÞm8’tŠÖ[email protected]¿2§÷ªei…ߨ8%Ý5Ô‰j‰I¾$^É®´ÃZ§Ø¿1‰E* ŸùMÚfÉʼÞêQàfsg¶…¡¥†êîò½—ñ$÷,@çƲ·ï‚¨ì·’êÞ¯T(ÃÏZܬ•›öEM•>ωs8Ø£Óâþ· 4zÐÌÊÜhYZzÞoö"dÿh/ñ›$t̬ÜÞè^w†ç9! Ÿê‰y¦%†›{…î@¢{)â®jbåOòn÷Žþ]ÓñôßÁŸ@µ•‘4¢Pˆ¦ZùãþÌ.¿K§fy–ÄXGÝrÙ’Dv+Ôã'f‡‡9¨UÔ?~S‘‡Ü$«øp‹å˜9"4.¶aM¿y{Ðe‰`$%\Ÿ•xžøj]·h¨=ŠV©Ÿ\¹•'Pð;M™°Í%¨‹íÞ<jj«7åvÏÞ]xpy.P_ñ®l1%øžá&5Vó÷!”ŒÅÈÍc8Ý~Âá
ü×9xêSÍÄ™=Û}v¼Â‹=û‹”®
:|‘¶qõžú*öôlù=¯5ªµe‹ Ã,J¿¿Õõ,2¼b€ßΟ©Vbˆôù¢Œ{L(‘kǯ•Åy+›Qܧ ÇBÜCîY9R¸’×^¾“óôœL˜^æOˆ‰v–ÜØe–6„6ˆx2éQ+gB×WtK™èY j•¾_íFUt;¨×ü™-?RÍ–Ìø¼ÖGê¸<g“&V^9Æh[ìÄ^SǾVU' üö+â-­ë
ƒ˜…¢ƒ€²P±¤æÚ$Z݆yEmT]¿¾–Ï¿¦×aæ¢ÉîO+šqÑ󔚚«‰¥aÀ.¢¦WJœ†wYF GÔ@ÅÅÉú–Ad€Wœ»Ë¶âf»”
ÓÍ3üÉn.¬;Ô„gäñDñ(ûË%\Ÿª‘4Š¾A¼€¸ív1U ,N|~øÛÚ¯¸WpW Aœ GvÑ©‡j±8Ñͦš¢0ýФ֥´F1â}kf.èÉÇÞbŸ¾œÛ!ÿË
“‹tà9é?þ~¸¾‡£K°$¶a”€çî÷¡/ðí/•ZƨÊJq£Wg÷ªêgA¡Â_“݇àUÏvuýgX2DÀ" ¹-êåÇ[®ÊˆG+Ù?Ðve’ÜÉFiVܽR¢ÑP¡« ØÊi‘¼ 7¸65ókJïwÔ|ÜÏ…H³Vhb'6ì&¸Ò%h2"Æ`Â\-…%g"0 Ýá]?Ü-I·í{ú÷µ:n=ÖŸn(†c9AºB(@‘Óàtœ ªÈÚÔ4àŸïT-ëUá,­C(åŒ
0Uʮߦ‡ÀÅ©–ÿ]LµÜ[f9Í5Ž[email protected]û8†~Áß°µ…]D>Ÿ‹ÐÂZÊQÁH0!wiµExŠôƤÎÓcç’Ô¼¢uÄo4Ãk4µrKò|×%nF‹ÀWÑ>ѪPaшk°UZo(üOç8T3ÁäR†ßÞÅf…%Š´Š:·±ßê‘÷Õ€x(nKvæ^c¸Ky]^3{ÀûÑü¹yø¡DgKñ@XKÆ/b€žÄ€§»Q’¿å‰q’öR·<µzä
hS­îˆWÁPjÖghD3ÀB”Ëll1[Ú<3÷¿ö\BJ(Ò¹­ç!“dKÈ?¬3Ÿ
fùØΗNt<m
%ÀÁÇqt˜œKÞàv™ÁS\FÐ4!óÊ1Ž…%7ÊRdËòC/—¨BÐ(j_Î4^v6¤Ž¤"i-Ê }G´6É„W0Þý\ûãHTž‡E8šfËJ߈æ¥+Ÿê¤‘QG븊éŽÞ…[email protected]_UMg7ñÎí„9ŸKm¡?ªˆ.A¹W„1¡D2tq¤g[…›nˆ^N”=Ͳ×åz—ÈšÃE\I>J>Z)EŽÂÎujh6Wh¯£|‰Ñèc"}“.•¢å’uµ\à/+nrŠþ‹Ð¸dyä1ÏÓæ(n7d—ÌS.
)&,‹ÈÊý$
/?Ë&‚ÌU¸ »@!
 u¤HÔ/I™îT[ËššeZK:áPÕÝ¢­’Ÿ¡QûƒJ úmÀe:s€Äs‹ä‘#‰`«h†DMTâW«d®OK;R
Ï”¸±D¼§¬“p„rK1\I‘&kc‹Ñî­]#BüÆâRŸ‚ì‰×•KçèÀŠ ýÒàPëuÝŽi+ír¸¸Æõ“g²éÊ¡ m¯uè9”µÏ°í
ô¸çÊÁ@:QíÊæÚ]Wíν—¼®ýòË„k¡ÖJ“ž§ÑûÓaN7Ò™ æÀQ¡¥Œ¬DÖÚ\,ÎlùàÐ¥º•jíÕ±€ôzÀú=ç%P™/.U§¿-\KwF5/@íìåAÆÆÂm±ã$ž¬-gÉ:»½»ÀD¶Ð§5‡p
hÎnеDtÌ"ö/ฮ?F„,¹$¿ ‹Ýj°_Æ;B0Àoñ”ÛCÅZ×}øJç²S ȹÔGõ=8[þ
\˜é©Õ…’ÙjÓºœ-(©÷Ñœ‰Ïî/PÑsh§µHQÿšµ`©3ñV¥CÀRK|mHX9m9ñ<Í\`ø“]$N¢î½ª£Øá-À=8,Æ*À¶#À>,¤HJ˜|Òö©¿z|vpé„»Ê~R>±Êw{É&á
V,Óf…ñߤ7zµŠ`Üp"\%&¢«Àÿ umœýªPCÊàâåEdúÌkiÿ:•#ï¹Cîé_ý!H•Mó{õ©ží’ä"ß1$dÐhH žÀ† y‹KÐmÌPÊî´0tÿð²û°¥c+gMý¤\Ô𰩯žÔ¼:Û‡pèA•D
†ˆ¬¶‡:Dš‹×¹s›”ˆ0/¹}§]¸$üo¤£Ü(AÜE‚ˆ!œÝú²iá”,.?­;×Ð €}­ãE°É@tyΤ]­ùlÆŒõ”Uup½ýBù'cÈÒ
fÌdÖä¶5`ÀÉ#þr¶`j^I-³àmz3ã1z»*
iˆ#oõ: †“S€¿<’ä³ß㎒&s2HO•$1ªßlDÝrUò Îû•ŸµŽ[email protected]/xç@eÁ¤$uÕäñѤ®)¸†¹cÃÐÏŽD‡ÖOtÝUï׳0VÞ° NãØ5üoÍ[email protected]`êÜéBãZÞN,Ðbä»ÍÍΊ¯ÝÍ>¾x¢—[U¬+õDM»{4E
+ÁÍk‹çîìN=]<emÄæ‡OÖÖªð“Q;ωñ7k»IÛ‚Mt„™Ó°^URZðnöAGUÙzô>~v2O¨\7`Ãǧú
KŠáî—ÙçÀ³„“¹ö»CÇôQrßŶæâÖÃPòk­T:×KuƸ¤x„µý,)Šq—ÿ‘ÁyA‹î(²%W“èÚmþ·t¬ Íab†/ZF¯@&·Sm?š`=Vr—›ðn„ßIU‚ÿ­çÈBîÃ¥}š.òżs›uB·÷­÷ÌŸ,­í3À¥QèZ”¶ÊÙ²äõ“É¡¾Ú†UdqŒßAˆÓDýÌp_·Ìðý
c#êHWù¶ nùþE!­% '|¶"ßUœZ‹ìoÍd‡Âú<Ⱥþ’XÛÐÈRu¡•<Áî¿1ßä®q!T›'ú»}-½`;¯Ò0`Æxº3N­C£èá]\6LNbÍΛ&E¼üÁæmñ—pQoÇA§C“*îÆLmçÀÎÈ9Cn6gz[‚&'°If2>ϸఠcÝ«Ò‰jÈ
Ñ›â
w)õûáÙ \à‰úá=¦àJö9‹W/ŹÁ.'Cà¥Wç*[email protected]³Ä{{'rvíXhØ¿Z|MbZz‚Ý*ü*›ÐÎaøônD©ï+(¥PYZj¡.»§Óד“ÍŽ’úx•ßÌ
§=Ÿag ”6¥äß yËÉUфשlØ…íÙÎaô­°Eê¡]ÐѼ$eù}’wÝ[email protected]²n¸&d§vájü;þÒÂ4Oî°„ª‰÷óJ÷æ‘ÏíÜÔX’É&îŽ4muK`š¦AØœe!²ò='=Áo\™¢ºH×l/†{¤~V‡ýN¸³½:ñŒ­Ðd°Ò&Heï€5ôÀêiñ7
{¿g›À-{^¥²¾Ôî=v Ãé3 ï¥ [u°&˨‡ô,wo¥EÐU#ë1ïÖmü½ÚĹ:Yçµ`ÌSWÕ}uÈe>-„*Rí™=©ÄD¼F˜†óðÝ6Ž'³ QE쌧xe®“hí|\ýɸ{|àù@-Ü>vyÝcr=u\@½xIÝü²Þ鉴N~ÔdR½¹H*T%OOùÌ«}ZÈ·[email protected]¬µîCáÒN°GdX†@E¶Í ´ƒýÅìà£h»âùj^­ù-¢žÑš‘Œ=¦i`À/Èœ ¼¶Å®óZ
[ƒ¹/2pÿyÅ­¢ÞC•<Ü15úØÏ1
zŬÕÀ¨Eq]ÆS8³ßZ¶f—ê>?ìU<{$‚ü«©DÇþÚ
$A“¼üc‘;,:Ã>ò»…Ë7ðÜzÔ±øÁœV¡äk<ßceÉÔjþ¾ÈJàŒ #›’Üæ´ +—ly¹déȺm`ÀïÏ•ÇÛˆEzÆ~Qýþ²s45±› 釰QIŒñM„€’ûåÈ©ÿ&Õ°+ЬÁQIÂþᆟ©35ÕEM¯su[\@½‘¸»U™bßÅ1w‚ý§VðKl'"ƒ0¼.ó)E)
 ³cé#ál†c’ÆCòìGNÂHìy»MxEà¡ú›ÙvpÙŒ{¯ÿœÉSd†EðfÍir©‹rU"äÝÁ~Ïnöë<YÕ8˺'‰,Ïví÷09ïDÉEê¢!Юº@&¨¼MÄÈ«N$à¬ËŠ„0০É]ã;É­ŽŸ6
[[¿±Ó
ijsɹôÃf†v1pµ( {^-¿aܦP+U›–èîo8‰ýX#(R*ÙæÛ’­ ÿNüQ[Œ4‰ÊÈ8ÈÂ6"ˆä‹Î2¬Ÿâû$š!Kô–RgEP„Ã?dZG,­k_}°vI¶æÏO\½*¢oØF:vFa¾†×ª[email protected]ÛRéŸ&Ç|ý¥ñ~'-2˜XÍßþj[
{ä ÿ„3¤ {ó<ÀߥjSÁŒùÄ{wJ“¥MkHöQB"§ “Úê~:RF$ë<,<É?þiT=?(•[Ë%g÷kê]dã2#Rq͸ü}|-²_›°—HAC
kþñ@ìio~˜x”4Xîét¶[+þY­èˆNš³3FUE:Ô¨S‰¸Ÿ[Â*Ë»,H§ô\’P$6RÉkJIŸ<ð’VI£ª:Sj©ò~ñ<?Ñå£<µ'¯s!®g"±‹—iÞ“× ƒ¶È
â碄]ÓÙìtxíV´|^:Ë^kš»’96Ê/’ÈÊQ›g#È‹ži:Cø‰[Ðyó\³„ò¶øÄÜŽäÈUKç“V´ˆpoªTY†Óð·ÝŠ|8]¥JÛ$xè•MŠhR×\æÞ„¦÷ØoK>4„œÀ.'®îü]†öÓŒ¡‰]7K´ïø@X‹œßuoôï)‚¶š}ìkÉ‹\I=çäÊ$$Ð= àþ¥Aßþ™ž@vÄyµ9L2ÝŒ¤­¦Ö_M«P•éSòØ4âÏŽ~®ÙÜ#¬š1òÏ[”Ù[email protected]·^úÑKûz ¬ö@ÚÂL[hԎסÚg1xÛçWÃr+Z—§f-L†‰ã×y~h¿Çë.x8Êû!ž£N h"«Mˆ%UÒÆ“ÙSôb»Q“:öuØŠt""Ÿ‘Ø¬ó¼Š ¢Vl)©À£ç¸©)Ü]H0ØÓ7+fsG.Â}©ªWÌi®Ð£ÂÁ²ë¾¯Ip _+ô©ÆrÈã³Oašb%g‰LóÐèV·€8£éTÛÇóÒE#eŸ‘Íu†ð."µ‘„Þ9»JŸÖ*ûH¹ýÅ9Ê]+½ÁNÈuG»ÎêF¡¶ó0`-ñƒø<‹Ü¹P
ÝE…gškï™…ªùGhÚ8ŒN`
õäfön®£*Åžhoây ÁÖ‚»ãx¸âVˆÚ>á§C7WN¥”®5S–È`‹¾ {&q$!\\¬a:ÚlS{ÂåÅRG„mS½ NPàb,•
zÕT¿—dQÊxúê¤d÷…q6Ù`%,aœ«NÊRöp#wÄrbE Mï„ÛÎÑdæV“<?,âÀi¬
y“9ªJNS>êÑÏF."¼*zŠæ‘…FŸôÓÕRvãO.?jLT [4¯pXïrW°²ýå¢Å´Š„?·Öóúd´=Pe9
,…nV{
Et(aZúui?hõBݵµ ë]£B;€
P_2¥À¨:½nªÂ™S¬tºnˆøñ·k–¡îŒ¶2‡žÏ'>0ÖëP]ZP\#ñ¾I:ißÒ©Q,Ñýö¬Hº0ýþV|«FÊ5(åR¡+8QzD7ݪĂR®f¡ã2¯Q ÷4 w¿m|–wz&8Ÿ¿²ƒËn­éã»÷ù‘˜w¹– 9O3Ŭd¾A–©Ž™Ú©w'Vgä"×^q>ðxmäç˜nuaš ÿ)îþ‚SOå{œàbÓ¬~·`º¶Ã…G­-Ô#û"P^Ѥ„ æº1Ae…š‹<¨¼¹=á·x!U*hwÈhpëÀÆÑb°–žßÑÝz‘°@g„X©Á‹ŽgÚîÒc ù×)Ÿ¸¼ a9Þ•)¨"zœOâˆë½Qì?8…ÖyîÓÍ\”×igC‘ùÞÒz /7û¢Õ‰ècÅ»ŸE{ˆ å+fçj¹Éê…Ö`Z¬0H¯*K(ú3ÄÜy_7òjNøùÒÃì(ë~W7³+qbk7Ð±à•­æÃ/)âÞE(ö¤FEBøw¤Æʊ̺œÅ‡NàgxéûýH²I[ W/¼,CEC}ŤÝêÀ{S¢oc*ñÄ&RØÄö¡Ç²!Âü(úXj¾"äKùÚe–´“7ø'’.EÚ°
¾¸œXää‰;T‘±7
ïê…šzC;UWl‚SÒ|Ú¢â3j2`霌3ëLký‚h«µ‡¨ÍçÙ2RÿáÙ9¦J.ºwkÇ#ïIÒÆL ¶F£*ü+¸ýüeÚZ÷¢Ì固 (M|—éßUàù4®Ëålþmyiò‡voÛ
b»~ûn¥–xöhÛ«Qçu\æ …JÙÒŠ¢`•êTaÏFqü¬‚|HžbåòD%{ãpb†G‘éw¯ ›Á%SØŸÜFLýßÁs–q´sÅÍp™ ÿ’gÑ6›Ü1у¡DWJL3P%T.ÖÏÆ~ì p _?e\áw>ÆfÅóîãž3VG+³#Ý-ò OJnõAñ‘{è!÷—æÉF‡F:(M ¥ÄU¾ïµG²ü“hµ°¾h׃åí~q½ Šáì=“4kñ‚¥§0: s,
ðä%ªS\§PkD¡É¥ïÔu
4Ä^Û)¥tË H`‘.ÝF뫶(–¢}å[email protected]žBÇÓm«ÀgþÅKÍÄZc Ü4éTí¢Ø@ü²-á5!•¿ ÐFÔX÷ûĤЕÙoHfþn‚u7ãé}c¿«:æ& ¹+2¯-gvª@‹iüÈx*j{1‹<üE¼lQxµW£4³!Ë`grdö“ îJ¨7€ˆ€o…~%fàMú‡7ß[ö5¬,”/º22EIa¹ÜäÎ
¿`ÒJ»¦Ã/Í,ÇÁzVÀ¶ôå4ó¾È쥡•Ê„fâÔÒ ž>Y„ë•)UúöÈæ“n›dÏí`òK›àìE·¼Y‹¡ùÄ@7óüß‹û­ÉcÀDKbúp,}\ ØDACª»|›çþŽx j²sx‚BDûa“HøðØn$;1â@hFDÇ¿µ¿[ŽTÏGãhÚMzzcO¦ƒ lí•ûY9ü>â«Ú=×>k-„¦GFìõ!xà̽;¼¬[email protected]¡ÎÓö ‹hÂ&ˆëÂu]¸Ò7”æt34Š™/Qïÿ€|=Šâfžåùc¡Ë);þ
1RU3Aé=dz¦9àÔùŸn8zÎéQ
ˆ =ë¨$P¹4ƒYO™xõ™Á6R·ÇdŸÙ»Âó«+#аL„[`€iäê1}Tâ½ÒÔÔŠ…O("—Z…äç£;†˜„G˜Aü]ÓCàσ®ÃÙS½%»ˆýä÷j$¹@y¶«±‰…Z;.á3ùùê9¯9èQÆfÌ,Û]ì£'½1lüWpqLܸ­ž¿Ørea¼Õr½ºÚÇà½ç:wªx¦’Aµk5Ó¥"µ+X°úo5»Ð9ÛÁï&¨WÑVG¾òé  k9öçz!Ú°*ål­ÚSÈîC^B•ÍüÂæYÞÚ7À­d]çVdÐt¡þWÆWwñ ÷æW_ÄÞTòÙeµKž7ÃMMó´dé'þ"‘¥õøvµt»-QùbhÎ$jºã D»lñP„t¥Õ½"b¨zÉ5qdnÎK[}ÕãjØÐ[@•ú$kX’p(Û¦Œ‘äÔy6ÖÀæ®;ö…7mC•^#¾D–¤2—%g8„C–À nø£æOvSšU{™ø¦²æÆÙ±$šþl] œÁ ·nV~™d~³™MV´R¼u^ß7Ž|Jâ,+åó(*@«Ûùe¸£æñE•„Gå©r4ç+Î? éh±þ”³÷‡SUƒ?òB<xuÈxóì¸S;á‰Wú%xÎÔN*áûOåùÎËDTbHi„˜lÂdD¬YëZ¤C4(AW
5-â#nyÎDÁ(ç  ‘‡?ðivÖØ©æ[²*å^SñùÑK(Yøƒ]!u^ˆöÌ‹¬êJïÔ(rš"Ñkð ½[email protected]‘Ã1]@`"XàD†SíràåG(³ú2[6±ªVJ<¼ÏV¥_|Ûz0E'³gÞÒm'Â<’4ŽLa…“lß6-¤ƒËî•¥1ªm&·F6L(LôM9¾ýRuÐbo'Bàx°*ÔÿÃþT
Ä&¾VT¯A|žŒ´Pl“ÒׂÊn•åÅIÓåt{ ò<¢æFоÍÖÿ{À‚±¦$,Á4˜’R&ü•èôN넺_¤×©ÔÃïœÕü¢êñgevF±Xqæ‰^5ç¿CðU¥á-MñŸXëçùÅð–CÙÕ
‰Vÿ¬´|Œ'ØÌ!12ûҪ᫵ÃF=í½"RV•öê®J‹8Ì$XmšÁO¿Á½ ,„y=Ab|ýü:mÓ}v阵H}$NSøC¼x(<ÛÊ/>4ÛßšÌj"¼›‘Éè`Ó¾«‚ÿuàŒ«Èœð=/çâgò‡ã ¥PÛrZ¸ô9¥†•·(­¸†
´„ä±gG›`‡”"\:ßw5¹.¦þD?غt±ßFm€<¦þ?t)wê¿\zkgÉóÍÑ,{_§ÀÌì¯0üßù<…jÅ¢œŽ 8´¬|Òrú*/׋òž(¹Ìðò]4ÅI¥‹ï($Ì—;‘\ÿÐäÉ-+ÌÌ-Ù­Ø"ck„
´å9\>ÌMÈ#Z[9†˜[®{Èô´Ø)ñó ­d Ròºè UV†Üzöz“œìû—üÿCþ/= Þ]øž
/ȃó6æ$l;¨ìUú‘ªè~/†ÙVAJʽø†IIÃÙ*÷=1ß®ºQ²êDJßèëÒœ¯ B…Ù'Á/Èu OóXÊL¾5`䩈ު!Ã[Ód²]úòÎz­B
×…hY†š¤é%­
“Qa=‘„©[«Œþ‡j&¤ùöK\È“Ó©‚°v{Š§q¯vWòú^­8$K1"cÂö­´G‡DZf.ÜA3À) ¯ÅíÛËKºMÓÂùÃm×q»*Ý8#½¸L³åò¼Az
碋L›G$†![À(ý8æoÂß
ÞFŒ$ëƒê¾½+äB“ütÍXà_Tî+;8Sc䧣Îøüؾpç¬]&º{žL î:vÛÛÎbµb"f–”¾çt+_tÂæ26EqÁ oEïMÚ7dO!±X(V[Šûy`#žË±íB MÙÙ{ßiºÆÝ1¥bÝÅ+SóÌA÷,ßQ-þÕs²'žáûœqþ6gO©x:{K:s{°U[^‹ƒ´€U·TÄWnåRƒÖ¿k[i™Î'Ùô´ÎBZ™+zÿ¸Ëx}‡,§6t.µzÇû1ª!zeg÷;<2¡>›!qÒUö­"íèþ1®ý}Ãg´ÂO,¥y¾d÷ÆrÒíôH¹‘»£×¼þ8ô/«aj?£¶ÇŽAwÁ~ob
«˜êû»,›¼=â©d™%} ÇÇsßí¯†#—ÜA%èskÍ­·|sêeƒík0xlŠhïLŽ#Ì ØS‚H}[email protected] ÉÛ/’Å’ó¥¿6'ßvBÔýºÍ/ü8%¬¨•7ö>ɱÙê¸7Š±´Zäž±'c(.åØì$O•ê…?üåûE€[email protected]î5}A”íÝ£0'Š´ª¤ìÇ3_ê…%¬Å}TTÆ|ŘMèMžRš˜Gx4¿e*'Íf¥%¤±ø}ðŸAÏqUiˆzcð§Ëµoì—L;oþ)ô5±ƒÊÜDèîŸ5ýa‚ ¦iÝ®Ï`{ ê†ÄBF°£E['ì­øý=ƒ®=R¾‚i3ßø¶¯ôÊEºŸ˜,è“ ô'›ÊEè*Õ"Ök“çÛ?ÆQ7D0¿[*5vz86Qo»€»+ÿpð„ž–)¬ s•d¡(>Jw%‹ƒ<íYôø8Ô~Tf±“A|L²
é!ã_Š9e±ælø¶B™Œ¢èº°ŠÍV¢ø!l&½ ,ÿ?ßÆ!™…âvÈ ÛÍ4HŸ+õ%¨ßÒ›[Ìh5ÕÍ4ë?´:Ðxy
EÌçRÉÛ¨Ç/yµï˜ÓEŒÙZ’)õSŒhl1:E̾HŽèÂrŸÝg?óƒ|ÜŽ€l¶ãöt”Ašã¥Ì#6Ü£&ñŸC)Û/ÒÇé+M×$„À¿èxy!Ñ1´UT²ÉQ}f‡˜PÔŸf&ÕÇî5‰HÉ÷éj7²ÑÖÛð=„sñY¢ËY7pKƒ³jR-qL¥5ÕT¦_”VT-QÒðbê7Å[email protected]Îl’ž’Z¡s>ì«^rn!胕‹$j®?±ß2îO:š¬Ðeúp†µc]k¥Î”J “Å´¿q{+zêgÑ»mÕ·yîP_ÒX…¬¯5`b’-}ýÞܵí
¡RÚ9fŒyhp—ZYÇ»þ
t5©ø*e2ÔÃjh‰S&«pñ[email protected]¼§§~¤oY—S˾ûG3hœºUŸ>È64Žjº‘]á=Á´jjÀáÅ ý¬xsúJÊ–a;Znd†û'{áëY>ó4’aÜçrã†V†X’\i]Úþøâ˜aÁ¯{Õ†AH6ú*EMœvÁ>üv)üxQùA-ç¶À”+v7‹Ê[»7”çËëàÚ$|ÄíPã»÷<ÄÞ*ñÏQ†@ÂpÜžr³¼+òï3Å&Òyñm©nô·’½bQÈ[¨ˆíYv„­pú•O½²žßcZE|¹·°ò›rˆƒN¢eÞ™oF&ñK´¢Î㸵вîÁÇ`øR{‰I»v„§¤Ôû«ì¬¶À~E‘ŒÖŃæD°/Ø#ªââ,]-ïkB.Ôñ
’ŒÕR¿Öób»ƒ$gµðÛ8=™ˆFáJÜnŽo1‰âqå$`Ëûnà6b!QóïËIvJQqÁx:†{WðxÚ„Ð/£ýç卵2TŠ¼#% ¾ÈÖƒÅ1ö$ÂÒg„K8÷~tdc_'šl‘$²è×~ö)‹!¢¿c Z‚ò{*½Å“ÊèõÛ4gû„¦R!ªÑZRÖÏá¿‘d]«å=¶Ÿ@Â*}Å¢Â)r6ÿÏ
“{½ívh>ÿŸ-á›Ù«H™mÕ¢Wã¡L‘Þ¦cIÐB6»"M Ê
ç!lf/y}ás·µXÿ ¨¡Êz|g9Tp¼×ž:îß(£”]"Õ¿1­æü±iö·$´@Z+×[ÃÍ "Ü?âlâµ"£“;âÞ„2ÌøØÈ÷„½þå‘bÿë΢˜íÿÄäOÎ:YÔ›¯VÒý´ç°ùÙ¼§€T*o—+öhŒ&¥0>‹¤½k§­}Ýþèn™%ß·çÕè6Ö[email protected]?,mðo“±ú¹¬gÂÒc)qg{"¯]™iÙǾ©Z¥ªÎ”Ãd(Kw\¿Ò¾uã’i°Ëmõ.÷Ÿs"[ãj*3Î9½C\Ï,íe;Â›x H1¹¹K™<!óeJ¯\Å»de•Î?Sm*!'¼*Ý ŒA|ü™&²Ü´*$45 -W窰^«Â†ÄoózŽ§:‰^aeœËìo:·tÛT_Zº¶”Èb—Ìp+7þU"¦pi¬ºc`–ö§[email protected]þ_mÂ͸*ã¢8$j5q^c”ì‹’äð{ðÝSÛÝÐ
:³£wI‚ÐÍŠÞ€ÈÑo;⯯2½ðèÔ2Ð%•«STˆí0—Nÿ!MµË@Á`u7*½ Äjåá,Íeá¬(§}Q Ê CBt8(“¨ý%2f•WrÌZnyÿ¿NÍÛmÛÏ®öoÑ´È%À’Þ:¢a#÷3Ypë\¿¬®d¤¬*õW8/£ 0…8ŠœÝì“,a’ƒl»éwõ½®ÛEãÛ¢ =W7£ü×Ó*#H⪤F9Þ­ô&!gŠjƧ³»~xoL´S}G³ó0‡a=\IcVU·c|ìúI[ʆ'óá°ßl²Ó@#VQ“Ä6(qæŽI9/HŽ©O˜Ì1æh)RŸ”ÛpzâؤóS‡Ôž¶šÕí.!mèÊê^Iç ‚YI¡¤×sú+Ã-•þÆœRÙÓ-ãä¥ú.¿ˆeÝà›¹T31ãª;_%ÿ’tHj%SFPl³rR{GÆR/cǸBÍB7GÉZPãüÏ€‡ˆw±1vó€}LIPþUý3qƒ†™ÉZ©š|„YzP¬Vlw50Ät˜öÉ¥d±Ax¼Ä¥öÞÖ¯a¸ä±z_»`Ð$óæºáâ3L×€üBIxåtÄY´Ç± dïÑŠÙ »êò(hv!®¬ËÀÄ?0¾Í¥>>ÇwµÈU×Ekziq ÁÞ“hÙ,ÙIpLLœ»Ü–†ÕûgMŠC©l2—Á&Y;Ÿ ºôéø€â’Àk`À-òÅ*tTa™MÉùQÐ[,–ÜHÒ‡îߤXZ¨ûñÃ0=Φðˆ½ðuÏ ämNì'ðh¡ƒ“í~©žàU»Î³2Íäö}àø2Áç@aŒ‡“ZÈ'Ë8õU˜× =FÖ^»â¡è[email protected]‚„ÞúÜÎŽ4ä† Ù$­jISzÙwP£•GÔÌN,çêÉ *°ln{ïéí-ˆ@†êtÖ
„‘?4h€yEB8;ð/q/Q
 
-¹ =
X‰KÒ²hÔˆäpÝùj~-“#èÜ”¹)ÉIÞgµÈ»xåfYzêÎ<˜S ‡€Ùqznö’ˆM*-
wõ˜W?ä;Áߢcqý7 ·[ZÚ«-Ç~ü¬Bájú¾îrhH¯ã?ÃòõV0É5‡u… `â€#5Ù²lQ“ŽÊ)ØyÇFT1PÀ”‰þŒÆÑ¢¦Ê±¡úçíäy¡ë$à
†šÏàò¥uÕr5‚ÕDíanÊ3¢©¥ìM3+³î#„ûÝ—3jÊåÚqv8”W¨˜7X9%}â¬j#£f+#îÖl¡x,´Ï»ª,´ág;'4]v
ïGg›¬>Lî~è{^¾2GÈC•$âa®1RäÆOH*n±;¡É âëÐô‘¯AF¾ê¢ß¨Àh_!0ÂþT˜¥WŸoó÷RPk‚uën`õ?Qܹ®XƒYbÁ°EµÿZQSò±µA—}
©U×Ù`,ÎW½™T½èŠC„k° #åvîsâÒÞ´Æï`¬Ž´yæ+½‰¡Q"O؛ʸ
sN¾qîÝ+ô|+kwîå3ÜŽj7î‹XB.|(Gî›ÄçºmÒ©ú§(nf8)¡n–Ž±@¿dK¾…åÎà³™{‘SYRÛÄ ª.ø<<–\«¬p ¿ÏTÒ(ÕIPbÆ_«à—ÿF˜‹²ì‘ks HËz3I6a—]vKúw¾Î'ÿ ~øÙÇx|3l™c<M¢.iO‹Âi؆…ýK ìj›FB”óÓ/ŽñiJ.¸„pD.'Q¹›y9çÜ/æ$»£Ñã”GØØþ²l›z'4êÆËŽ9_{]læ¾Èmµ<:tåJÌ™^G…C
<Ó½“<äà}7¦CÅ{±&ø$%DcÐÿÃÄÕ±˜RÀ"ÓžéíZò`Õ•…4~(d¢•œ™¸õýFæ£r`?ž§ì"nÖE[,˯gö6uÐø'å„ =Ý?뎋ž#j
7)˜/ºÏ³£àzÕû0ë°sú©vìW_íõÈÜ BÆû†ƒ^©™À‡ûÔ¥þ²ð>‡ÇIž”=Úgx‚`{÷ƒ1WP=úÍ…}ð³Ï0ŸàbJîKÙ¸„§ût£‡8þXt´¸Æšjµ»¹ÔÛ[email protected]¥ÖŽB
vüEÛâqEö¤.®g5“î±êÓÕ¨YàÕ¸¶¤L˜&„£ÞX›Ð°0BßxÐ$ƒÄïQŸ–D4DÈÇÛVÈð$iRý9d±ýpç$ÿAÌ0< o4'û+¬‚5b`ð¸{ø•[¾zÁ'µ‰ó(FÖŽ›r•u…ÌÔƒ0Öû°Yì"–Vyy¸úõ·…±Ÿ³…,٫˘ædè˘·Ts¬K¨K^ª% I|GÒóLs9‹?èÕ!¢Ã•¼ &UF}Ôðüe°ûf„!âîB>ìiêÈ_ÑØèwÉ8ó$/ÍK ÷kigdVmö
t„iTšC?QI»]ÖïÙ×”ú¢
¶”WuWWÖº·ªaÁ~m=›çU%-<mxgòÒ½x…r¸Äš4~¡åò–éÿºéx$ð«Tºm80±ê]oʾxn‘[‹Ñ“Gƒ ¬‡õB+µÛ¿q»&
€‚aaÇçØ5öõL]œV^߀ƅ۴¡a˜x2ñ§ÞÇúɺ’åÚ¹z2s†iaëc‹F¢º\7‡4\ÀÏÛ[email protected]å%Göª)Ï8qÀz¼
ᣰ4šÛPøê¬`~­“"´Í]V…WåCÀù‚פ((åò «ts…G!iÏ
äßÕr÷ÐŽ™[email protected]Šd0Çð
 [email protected]ã7° $´/íïWñQ‰þ²!˜ÛÚYl%ù;ÿjqò:ŸwˆF½y…Ìä}(Ã4’X¿«™m„vƒO3÷dþxÊÎêýM™{uÅÁ|­ŠÚ[»<Ñù²¥ÍÞöù¼éÃF—Å ÷Ç:s)ÔŠ}ßÒOñ]˜Œvýœê¾uiâiú9P)Nf„ñ^É $%Pj+‰ŽBú‚ÀO!££ÊT_Ê;³ë ~~±[email protected]…ô2éš­º-´æ×i0¯ëP Êd7þƒî^»í>Ð<qQ“¬iÁ~„ÑÇ/µ#3ãUꆂD#°¬àÃ/‚kfçŽ-û¥!Ž¢[¹ü“vaÕA&²—ƇP
ó„Œ:ISŽÍ)òÉU.vè\HÌˉq<.:zh¬^ã¥ÑûüƒÕ)IM°2ó«0ÂËx(>ñÝDÔ§ÄÊí½
ë™Ñ½A‚@$Y¾+[¬EH?áÈ[email protected]Á÷|@õHÀ,-î*;¡AÀ¡8—åÁd[ÙÕçYدœÁ˜*ZÚ÷F›74oü@.ú»rãƒýfvÉ+Q–‡½ÀÄbÅ…’OOç¡™ø¬¼d=iH
M’W©vì[€êD#“"…%¬)‘qY¥7V·AÅw- ËúO¨¤Œ…0õNôáÀÄÌùœ üÑ0Y¼Oëë:ƒ—v±1§g$~ÜÁ~÷‰6é6¬Fºolá&£FŒ_¢33ÜÛß×¹«è–eKUA¥‘YhbŒÑ°ö°$ÈŠvJW}œNYßò{ò²šuáŽÒIø¥ìDÞ‡€Tü´Û·Ä_à=KZ·"°…º;ªéêL’~Èò°C#‡íÉ«9Uš¡BÙm´÷óNa<«j½3gVÇ]ûR–•³Ø-Y‘—ý§ ŽÖ;¶£,܆âµb;5Ž#®+n5Ñ«I#mù¢VÝ}€ÇÕ/¦üE1="¦
¼tÐp‹>&‚ÿ ðöÈÚ¾Ýû9ß >uÜèû”ˆÄÚ‡‚äSV•ôk<˜œ”õí*¶=sºz÷4<ÀìÊû™¨2°Á¤ÁP|ÀEåy’ª­]3Åä=eÄø
:$”l!Š¢8–y æ¯ÇG¬]“§·8#Šxá5±F¨‡¨áÝ*¤vh§n+}&<Jõ6Çñ†îÞ’£¢Ÿz`òTÌ<•$©zy-,Ä’â—`~öùÓiØ!§Üð~ã)¬RSð*™­â+[Å ¥¾g±ÔU}ùy£Xb]þ7!,ˆ*+¹Ùt×€¼”áU˜X`Xe¼{B¬&å˜àåŽÅßåhþ*êÜeZ4†YA•8£ƒ1WÔ‡—ÚÐ’d%®ÅJ?ìã––ªÓéò±ÓNÑIHŽœ¨8;UpMÍ:L}Êî«ý<T=Ô.ós#eñmy’Êz[÷œÙžß§Å¢±$á:œ&WÍÛî•ÙÍ•¥Ã1›íÊšÎN"è3Ùa[.!vÕ‚q¾(üÂËÊCËØ
Šõ6YôP¯“µÆ5ÀªŽÒF[%'kš‡#R©ÌÂZ9ižÖ|7|ò °Õ|DöKæXC-ÙçëQ31Ð7LvçáÕÉ6RE;Õ¯6Ù}ê±VÑÌtÓ@®ñª¢ntû‹œõª×ïø>‰é'NB9ÉV θõÎÇŽS€`)Wê*°°0ŒÌ1YãÈ¡OÚš§Ô-¹\bö>$æ¯Åë:°oP†D£s–I8žýI,%~xêrvZχ¿mv6›|jF$9¤Üãêàg*‰É‡³
|ö},gq$i±ÈœpPãC“©¬L7jª5¾>,ò²d%PØ™fåh°µw•¨+ý& ‘
lèbpïªs²rÿàP/åZ¿-©æâ÷N5d„YØO…Ûàc\ÓUGèg¥5ùMl7
Ý Hª—ÀØèµÿ]~…÷j’¿öŸŠÌ~‘Ý¥Ñú↼ —õ¯Må¼)ll¿7
×T7]×z—ph…g±ê 2~Ô…ðxú¯{…k ?m»hyБå!¤=½›iœZBTxÐëiU{Ë·¥,¢¤
ø2O§6cl»0hÇâù„»Ùúd^õµ4¥è¥&¦œDì¬Y~=ÄÍõlÒM/_SAÑùÊ—ÝÞÿ¾M‘¤]±š|ÒõfUUcØ!½¨Ó­É¨ÅœùT ‘šdN6¢ 1>gˣϾ°]IØkg'j,<4ñtÏ„§ßÅ«‡ê·Ää[ðlPô©©‹#žñ$Q­9Xz!7Øï6HɌْ~d¡Ú«»Õ¤’ëµæÉœv­¥øfÑ8“H8¹%$XöÀÇ(äñÙ¥#˜…jx ´$ð‚žÎ>z­ð•dOš°ISðÃŒ…¡àþ½Þ¾_xÍÝÙåöb.ÒJŠ²cXâ!_é{·y¨dþÆìõ%$U*71ž&ÿ1GJäip"£)²nµ¬:çÌ`öD¾ÊÐYÛ˜°‰¨u8®tÉ–êtøªÌlÔƒ^ý?yëë‹v»ÐGlB:‡þþË,éuÔ[Gìy±ñ#ÞŽƒzšD1OAä©Üˆ“hGºí¶—¢ƒŸOˆ«®Hƒò™¡ hcjÛ ïøRü¦t´W£ì°ËºQú;Þpð¶*ÆXí˜ÊgGoV_D©EÒ¡bmˆi$ØèçíPe˜AVÊ9Gг}z…,‘ZTÓ»«˜®qÑ®lmcŸÅuÝÓ;Aã°h—¨²„ éÎôññR–ùÉ42õ»á-ZÂùQ{„Ò†««dxc
€·d¹Z´Õõ3»0lE
Ü¡¬m¼¨ ÒT"¨—þÆq’¯yBåI1 ‡À浇÷‚·ÁúØC‰„ì üVž,Èy؈]¾}¹âëJþíæÌ®Ê6Cp\a²Û¹V˜ö®le¹Í5½ÏPÈâ2¸Y
Œ=óp0I› —½ÔB gÔå,Z
k35¬Þêˆ~…T+-":€ØþdŠ5wøÿˆNU«6<ÊùÛwn~^^¨Ê½ÅôM]nuWä:…bÁôñ«Î‚å"2ÄèúТ•2æ$·©ÂhÇ)„ÆBt(²™È™3õ»9…½)+Z²´?æ&:¼.·fñŠ†Ïÿ÷åý¬Fl¬2)#§à3&õ¬
ÿ¸?žlZH2RïïtÀlb-½%‰ˆüæþ‘±G:í±ß›,úSħ½SÝ—Ö) Âÿ줣·,a¼¼Øà³]ÇàKÊ}¯¿’äýOG/UjÙ&eŒrEv‘ólë:SR¬ LEÝÉû9`݆i‘©óí€">äC ~[MOMt%b/¡ü¼n¦àÒcN0ýÌ‹7 Ç!‰º§‚jiøS7",
Í`#˜aØ45¶d+¶²ù][email protected]ÉaDWEa,–Ë­<ã-Kt`tl7$؆Š6I9I=?ÞÒE_¹aÏÅ¢ö)ïyD±ewe`¾®…‚hÀÏëѦCô /Väa~Â>=ÇDÞtã–ô Òo~ÑeÈ4µÓ¦÷ <]’½sk„¥P±¡…Ë¥·Ÿ5žïØÙ!S¡6l5W²?&)Óëû…øª“Jøg9‘µÙ‡ÇuM04ægLððfrzÏQc4u7O]$ÖËÙîvz\ŸlIê[email protected]®¨Ùv¸à©8Žm9í sƒWü)pi!ºh›»V¶*¿ð™iŽuõ¹o’F_NÕØ$×ös/¶Ð°—½ÝˆƒŒÚ×OÄÝQ:a+ð-fG¶X!uGá‡7ÙÅ”M<
­ñÆ ï ïçäË÷¯69¥ÐæT" â(¤ÆÞ24óá*ã`^P¿'9Go(³½Õ™²/œK4›.
w‘—Ä­½¸ê¡ù ÊâÆGß*<BWå»gs§4¤ÒÀ„¤ÙÈHJ”?à(Ñ¿Yu¶‚¦ZsÝu_·&5=Í’–ú;VËŸnýÌ„ÀÅùÌ^¦Z©wªðqw4o)¿-ó~­3TsÀ(¶“ ¾¯å©¸É*ÇѬåìôÙäªûkâŠìïÁñÕúå,JÄóÙ;S…Z†Äð¢B]^ÉÕ`Ïø
—Ìß6Ä@61TÞ³#û!—*R»B.¾Õ [uL6[]TRNv ÌÔå@&LîÑ×^ë̵ôbÁåŠh6«¶§£%ÛÿêÃgèµV_ú =‹‰¾…ª59£Ü„Y•KìMÃ5BU€_qò¶Q¢ÿËyŠà¢ŸsAö66 vùuÔk9¶¯©à‡vIµ©ÐÊU«Õrìu:Þ
£Y§‘•º‰ˆQä˃¼ÿ/I>ÓûHsÂ>0šî¹Ö"ÈB»üÒ8Éx;(Ç^ö“èøϱ•srýóìÿ *l#ÜÙgµ¥½Bž¥±Ê¾w¿ÒhýÑ›=jã õñtEÌÂÈSÕ_Ì´¡ºÉùÚDz
o5ªz-3ÑÚË 6:KÇ¢Þîm-z•Ìj¹‹ýL÷!VlH|i\ ÜÙ0À4÷$IBT«ê¦K&áÜpx|ú@Õ
µ‚PqRÓ@UN5Õ<>rUºGEQF×Øõñ)­pªL’îUYÂ8-êeí+×J <lê‚{¡”NÛúùÚ²§p{Ãým™øв(§3ø‰í[email protected]³A»5ãá»ê꬇¯Ös²JÈZ¬u|!{r²ù<…Gx¦õ›cÏ–!~ö–>‘iã£H“·µˆ½¢ÖSHÈkÕŒh …§†E·È¨`¾eNWPÛÔ¯L.qdfGTrÿHW.XgDÛ²}"àg#ŒQɱ†.lZ©e.xhÿIÇ¥ås"ðeÕBÑ-
üêʘÁf:‚4h$hÜØi ör7ý oΘýÈyýcðJ(›jq}0šäNZßû½òÓÈ¥ËZ/s™•Õq„9î
o;IÁÁKw`[email protected]þZª¸”iý6…GGûóïGqÅî8|{¢Š?»ÿ¯SeÞJ_Ùª¡ÂX2þÕÕ¹!Lú‡ð ‘ë_fLÚJÇBk¸}ÏK]Y7á˜Sô`Cö¿Ž€©â¹VW/bÛ¼*|<zðkJÿ Á)X*Bn« ÐèD#êtËzB í°zB.Ã%-Ʋ³QLvá1÷ •)›ºå4áú%æ3MnqeìMÇZ†à¿ÍÛ`í£D_ï=Qëét'£'0p†yG óŽÙÖÝùŠrß6bïªÌž;Þ0Íiþ"3ßn›#·.è Ï$•Šd_
t“z¤D (Ž¨[.Ó=ë-Ä-ÎG<=ðêø™]ꫤ.zç{ß-ký¶"Ui—ü祅¥M.0 ´¾~¶,Ï®Ô-ú.ÄÜãŽu9F˜œYâõ0î¦þ›)þy4=ž’À‡Ç®
Ä2„ áªÜ…Ô÷½ÿíšÕDñpº[·ýþ¼Ö<ÛøÓ.SœPàÞ_ˆä"¶7ßcÚÚ¾Š·lJý)xµê]•dúïèCäâVí:oþ!éO¬}‹É!ZK”’ø€ëÊêG›6cG…x1H üÁi¬5rð½r=ñ–3Lôåxõ¤¹jl—2Œqõ™S;³1½á)q^W´š-ž`7ÿ¹ûÁÇHså|Â÷™TÕ¦
‚€¦PÀ®n^‡›¾¥B΃žÛB|Âçù›Î°ôrGËãÝôGèÐP,tRtrj‡÷—l¢w9ž´-•Ùrm"Zé“šÿ¬x>ó×Þq“¢;¶‘;èÈФzú¨ÊšÓOœ ®Ø4 +l‰h°Ù·Ò²ž
,sÀ*+ˆ1 Ý´@³}ö…ãIþêßaÔüâ¾]Šš‡8$r†ú²â…[Í[email protected]†¼ŠÁì·¾óÈáùûÉĎ¬[Á£ç‰hJšvÐÔdÅ`Mî•æ¾¢P.–¨EqÓÄËï
TD=ÑÍ#-»1.ýYB…‘<ß©Á±@‘Œ@q7¹Ï9³îÍ£W±‘.çe.«7
ÎëÖ«\2Ê‘æ4嘦ԧ،c¬eÑ€«¢ïÛ†
ZÝ^\Ã(!Ý·X®AÓrhnsŠY|ŠePe#ˆÛð8ÇÒA5¦1öz'þÇÌNÊnvížÝµu%`}­4Q,ãvσµ[M–9ýçë@¾_9"[©Ê(î|“¹•ß¶pš¹DOéY
@ˆÍšñ*£üÆ)~÷q¬Z[Ê^VÉŠÁ”©èåU€SüYÃézW4u}¤a6P0Æ€xð¼Ô¸®Àù¹à¸ðJŠÐ¯ÖQÇ|Nö<î¶yà;Š4£b¬nQ±²ìsçÉŒ“Ð7ÉEò€¢& Ú÷\P<_s½nö¨Éô[=¾—è£Yñ‚¸ßC[[email protected]Ñ GV½Ux€ru/hÐÅDËÙ"dò & R³=Þˆ¥5l¢¯>”©¢b0[÷[Ç£mÚ…,úšq_F—ùz`¦êè½…-\i¡ÄÓ#nV¾neŠ¥d +Ðù*W·ÐNðL'ât$&ú‘7j‘^ÌK{°®¸¿#¥˜$å.|÷ÀæÇ{(¢Hòz|”ÝK|“5ëTûó€4[>+|«´™+WîdÓ¯¨« Û`¥ZäÀÈs_óUwëR3êoLJú¸C€fÍmYèCX£ÎfþFÈMo˜=O+U”ž-¹ÉpÂ//=Pù¶vlàÄâó‚
ÐËÿTáæwqé?¨•“/ÎZ’Ì—0§!ÈÙÙî]ä‘{Žs¯·hNgñ×5H:‡wnžvóg®fýÕ˜1¾€ôзU?ÏGzbÒ3áœcÒZ7Ù0Žàæ¶YµJ½&eõš{1£Ñ´:¨n€fÃqCîTÜNüǯïŽÈï¿»þàäìR¬%IXçëøε¥—ú1Ö‹ôˆGMAZ'?¾F(lƒ/JwݪèËääü`ÝœrKíɵ²
mÉÿÃxJ:P'!Ôï•G'3ŸîA¯zÓM)@Ëݳäô¥o›óýªß‘nð;&Ñ[email protected]_W8œ²ÜãÏ¡zÃÅðCAù9›þâ>¾6GŽnZ8[¢üÏ?;èk ï}q±ê3ƒQa¥zÌüŒ|O‰÷ûJd°Àkb˜é¾a¨—{)„NÐà 6“Àóóxëž,†Ú<—® Ð?sµrcí=JH˜C
Õ‹°íñ˶4ÖJfí·<£oœU2IÒ[ÜP´<Wt--¥b²À¹™•)[ÑP»¡¬za¾á·`.ÿ¯Nщ7º%s ez?M{€~ ¿bkøΈü#]Õ1A^oaƒ,­—°±áƒ:ugañ­&
HWƒu§vÖ¾-Š+
‹?«$4{áa @[email protected]_¤ó“üUråÖ<í+¤OMž’’•µmä±Ým/¨€Údá$kïhûª”$x¼[email protected]ô=€´Õó‘Юók'ôóFéºDL¶^D Dolæ†VDI/½Š ´ü¬sÖ"h›.Ž²*;_%P»ÉM"¬ÅšÉiVt â‚×Ø–›Gzº)NT¶j ÅʤÜG¨lCÈ>ByrôŠ¸ž«_´"æâÈh¬‹ï  ‹àß××\nÑùIÏÜW9mž›ÜøÎÐàŽ¸Å)c¼X\ÎǶ!’} ÔöÆ[email protected]ñ¨"+K8Ñ/+‹eùøkæhK„L€/D\ u3OémÞؼÒ,­
á5 '"[í𯮂8I ¿¬Â‘ùE~’dÄ Ê£=ƒöENuPÔ!=¸×«©ŽÔ†i=9©þÛ…•o»;±òôúMZ,d/†Œ1(O¯48Ž@õæ {Á"ó\­àÞ&œäïdß¾W<ò[²'R'm‹ó;ó±œ\­‹†úf „ÃØy¸xVÅ#è,£€50;Ú°V>ÜÌ4ÜÓ<b”ßaPúóˆö@]k7ˆÜ²mщ
>ÁwÍ
Ê Ÿ
wü÷©(Y½O9øÁÕ¨+¥\(þfü5ÎðÌ¿óÉ4MsÁ£úÅ ¤Q•<Cˆßмù8ïQ‘­ˆ:;jèÓa„.õgª¿¥BêS™ÎL…ÔW‚Ý4ûÕ’yŽÍ@"¡–1‰V3D%¾Oñ#cî]NÅü3Ó™Á|â?b*õü+n7øVV¬ª]ò©ÞÚj%àø[Mü€¡˜ÓY—dÈUSÿ¶uxÝê^Às©0›gýkêRCÎ"Æ{hvµåÏÐË Ëztw‰ÖáE
ºÞßaXê7fÐ{q°6¢–]Ï>èHós±E‰Û#_& »ª›ÙœÊÊìê]¸“‚-îm¨ÝbÎCµ¾'OSä"¸{…í­,Ižé®c
¶ZžÇêRÛ…OÄ(§ +ù›ÆËi.Y;¯åAãÃÛy¦»ÃÕêÈ)]‰¨§Ài^1˜Pg{º¢Âí+ÿYnÆyõRöq>ö½dáUÀÚýÛr
®iD¯”­1Ç-[†ÅˆŸmi|ñ€7q"‰$‚C"¥Òpðá¨û]˜X8$Ù©5=ÀÖ¹î¼V5Ô“GѬŠŸSü(ð[email protected]Ó‚C‚—ÛN–;!#½ ¦¥Öñu“äªÛú/{ô}\žÖ¾{*3àf]›~„ÆŸ+Ü€Nhµ¥ü˜š“ §öøñ
>Jh¹é£µ*œuü|~¦2ñFfmóËé©CfõÍ´k»løáøq¯ÐÆK.Ûì”éà\“bÚòi˜=!¢‚ ÂCOŒŒR]8U™–<®±8»_Q\OPVß:ûœCœŠ&C©æʈ£es-¾å]RÃnB¼Y‘œþŒÕ¿×GÏð(žÐ¶ƒˆi®†¿[5ǧ­×cv¤ð"jë2;^˜F
7ªz*ÎÇTBÍ4û<øßZCßg7¨@PŒs
oø*g>
¾s2æ%‹§j5¶öVŒv1U† 1ˆ1iÑgØ‘v¦²Ókg/¹@yð¦úŸ«Sìsâ(á0W›µöP5VtãU×Ë[email protected]
æ©Wfü(59±Â+T¬ßúçÿŸv<©È#ƬȬR…m&bÝbêÃ7ÁÞjÐO4\Õö­½Ú#n–ªQ™\¯Ç¿0®Ëéµ—‹Ô7ñá’f–eð
küãÿÖš¨"ÿHIQßP*+ØË'Í´âM"AOÉ$a®£Ô[­ë›µµ ÇNP $õ¤ÇâˆK²Îª³eG÷«Jj‹‚誤«JX)#¿¼>A›ÿ)ø”KN)ÊI‘LÏxöíÜâ1•QoµìUñvN—¡Iª©&ºÊóV¤1ÖµÊ)iÝWJÎbÈ““c´KMxdj^ø—…ìi!„›»» u‡'i3Ö%¨hÐÈ{\*üÅê
1‹0j̓‰qŒHî!¼ey5÷Àç?\™ëFïÓ^©g]
ð÷ó™û{ùÁØÃË%?¼ëz±íy¯sqk²tŽr–¶šjòÓpdô ƒ(kC°€å»ÒÜâÒ¨ˆûΪ†Z“ÛDï÷SŸ·Êâùöod9“§éÿf¨‚)õ>‰ýi¦ˆ™Á¾;Š«W±Vöì>tÎV¦,å³Þÿ3s²Lè\V <—XßYš¦œ€½båâõ²š¤ÀNØØ™-GeÕÓ™-U|*Ç®±ú4•¤ëx±… vyOà'<ìu­é׫55/Sx÷zÞ&S‹§:ý5ÖKÕ0æbd™[SÜZV¯Æàºf$ VL!“¿“‰¼$$Œ«O¾áÀÊh‹Öp(Ì$vn¼4BÂþ^¿BÍ?­•àšÑGÅâÈ€G‚çA¶r¢±v¹û܇XCÂß
.Q,šË#äö³–ÚÓǯÕß3N¹bÐÙOÄB }Œ³¨(“€÷Í#ðR”^sÖq8þϤ—Ö‘ SˈÈê3•ÃëtŠ¶y—9cšÉO‰ 7·xi#˜Ã’Ïý¹çBKöýÂHê ·^cœGþdËÉ„.v¼ƒNg{‰ÇÇl¨Ae¾Ã<.G.-ÚR`Òµ´ÒÎÛÍ›Íwñm&d“úL‰ÀL'½ÎkÅχþ?<0ABÇœm™w1?=…9§éTdols$I1y¿?ÁÛ´<²^ð«ž1¶QŒ# ”"®ñ̳U!'z¯:„ÓŒ~«æ˜e`Ù÷Ë]N MC¢@_6Z¼ìæ7’нͱ+šŒÙǾäôÑú¤‹‹'«®¯Ã‡mÜÁ„ß@.6çg¸/øªTã•h5tÒÓ5ÝS¦&>«àåwBñ¥-ÖÌ® Ñ­OðáÊÜ_ü€™…)Ì
ÎäÄ!#ß2ªÈÎF_Ú±»3¢ï÷j#A \o8kz¨ÕÄrzãí5àU`Á¬/
ø34T(d3ÂÜÅÁÅÝñipêX5ƒÌ$\¿TŸ–$¼~¨3VQŠn¬ûª%Ö²)Œ:‚+ÔS·eâ˜ýß {U‡€
žµ:ç>A±ûþÙÁè"šær
åÚ²t×ÙíÑ©„«¢˜š¶ñãr
dã£Ié³EÑjöÀ"‰ò™«œñ }³³Wl°}ì°–4Š¯%ád‘8±™r¹Ñ®Á. Ÿ¡ªˆûTŸ'ã/{š³(¤»î34­q®gh2¼y2ë-öø\È|ƶC›ðÅÅ']ƒbÉ-4É)ˆcèœ["b•_'ÂÇßÔ€9W´æ{üôÄ”òÃñêÇll«D†à–ÿý×-šâ%z¨™“ÆÓH¾©E`IèŒù¯Q°ïU.Cá ?50ïMø)Cà¼û’!Edlï#˜B€áŠGxúõ²ððOE>õ#CR]ö’ïh^ÎðžêN:yþW,MPTgkM A¾~E‘ï–Æ 6qô‹¼ÙÑ5VÚ±Ò4‰‰röRu}ÊJ£ê†éP‹^;mªytK«a.’Ë P`¹b[dÃ%*ތ߻é5µð
ÌÖ;M5‘¥w'­5ep¸õÒ®ÌoQ´rs„™–9bðÚœæ“ —ÕÌýZ(F‘C¡oƒÀhø+X[Zf½8Ù£÷äcØšHa#“•Å_8KqÇ6䪦Å-f`#Ÿþ@)ø&¹ØSf:š·¤"[email protected]¼†ÀˆcþTúÆ…è߸ë1—~®'Ê9¢¡þ2½ÓlΡa
¦ú0³Óê‚#«y¯§ÛXð²öúœ(RFYâÐáìÔ"Пð3LLÇr•!YŒ'û4Ù¸á*tó¡œR_r¼ö­hRÛì
’ˆöÜ2€À¾64…tsøÜ?Ƈ"Ÿ<G_ËðÌÈVç½Æ㽎ãÎÀdü¸)³°ã’¬ííº¬qÈ+Jv‘(|ÐTŽö:ßGã§F2~þ&è
ò_Ä\~á.{á蔜99””u9Ø„«Ï¬g¶p¹ÞÌØh"q÷IúÍÎãnêδs²ˆvªÌ£~
û-áé)uît­ëJ23ÍP$Øá_‡b’éu‡5Ü}·ˆ8é¤}B"aZ=Jä÷yż¹Paœ«Ã‡ZúÙ
îðm—ÞaJÁz°ì?
Ü”!Nz_ 4‹=Šà®ž0?x\Ú{áµZ7¯ƒ $¸s;ûsÙ~ôHèf/à‚z°ÌÙ±œLšà’+öÓ¹X Åì0n¸³ë¿¦ °—úàM‘¢êÔÿ…ð®™ Mðw„Ó¥‰­5UKAæ˜Ü‘•ÜrØí®2™'Ž‡:.æ/Ì$§NÈ;Wvõ’ý´ÃBkV«ØJG›ò]p¶`‰M•½ƒðq‘+h‚`Ù’AËŸñ:/ÿ>EŽ¬ú‘ί?%<ê<»ãeiT”Ȥ<ð«nl2³Æ¯€tC!UÖÈ#Úª~¦YQ Ÿh]àÛ+b-<ž=%è–í¯ðq‘ÐÔ~|›À^EÖá·vg0›¯ˆy¤7žbóq‹U´°Ûók3âw”…±ìéôõá½!í‰rü‡o”+°Wè6øE!£ÜIáÔ=Ô¤âÀIѼ€0#&Œm¾£´Tüñ6Š¥ã$úmø˜6°Ý»ºf‡‹ý¢’Jl²Í8’È—C..<¾óÜ㥠+è;ßjéàÎÄ%<Ie?”¾'ÔÜUÆ%¢ÚR÷s°³¿OM{ÄðÂIôÄAB^‚°éHÚóû­m?}my„FïÐÙ¢6ž2R¼é»}4d-¿„#Ó+y½&«”}R,£g?=§ÅXHÿÜ&÷gaŠ8ñ ¡ ›OÆÄ7
—®oÜ/Nì j¶OyU;°{¨¤d‘"[§vzÈnï³~¾é\ñSÊ0u˜v˜~¬<-E»Ò‘ZØ‚ +,rÇxn` }áö·Vâ,ôïtÛ#\Fä˜ ‚ĈÊ\÷žLÁÌJƒ¨ÿùØÈ
ª¼Ô–†çRl6Ó¦¤Æ¿ç[email protected]#µ?÷3×€^`sêã@\Âý‘i4
,=_¢~Þ×?µÑkáãÐú ‡…6iHVqR³/œ9W
ôW‡öÿüQ#Ù ø}Ñ}DÍ€báù£žÌV)Æx›É/s+Š¬pdÈsIWÛ[DW­,´ãwb2‹ÀY’~ yóÏÑ0Ê«Òåù…/ë*‡¦¾Ú»¾‘Ðm³¹‰\°Jƒùáí‘Wxh¡(ÅA}¨[email protected]”éŽ{b(™
q¼¥n!è.©&´–a e_-ÃüÚhîmZã²Uo‚fïÑêPJœ“*ÅÈ\`·ÎÙñ ãÅ0¯í‰4…Ç‘$å<%nœü<llõT"Df§"Ö€ƒa=ˆSž>tÜ[ÐÖáè陽=ð•–È…Þ6æ£bp‹,»Ûïtg&ßPWì…>øð»÷Ì„„B«_8qJÍ@™O`¬¡6–~3t' |s\ÍE0—}³8µõ´Ã¾Ù7oÏ{§})+u`‰ú¼Fñsˆð×.L?*[]('qòÕøB_Éì-»
¥»©ûŸ~ÌŒ.7)Å%¹ú‰–Å&$);òMñ亣W²ôí0>¤1öúò´ôfØhr_:‡<븒¢·¯\$#mûÏÇyÔ/ø°…¤àkô¯]±6Òp„ (îÆÕ|C"u™’ixàùÐicÊoÛ·?T JÇI6ÿ(‡„ˆˆ‚ƒúwz÷å
¤oÿºŠ;rfÝ´9Ù¢€Ç2÷Åìs’нarÚ¿œßö4šŽ ]HljÀù…±RmOpï{#í§úÎE1)Ñ„eª}Ì ýø(ìÝONð1º‹!ªÿéÁb~¶êùïø
¶»êde8›Ú#†h*§QE\Ôàl°‹P–ú‹ò]_¥¡Îùû±c¦õëÄzäv©Â›œa_¼KíU•12bƒpvˆé»2´¨n,Ñk©£œ9t?й—¥}¨ƒÕCBël‡L/f¥f¶`N`ÍCüNËÙë¼7\8[b½h‘+0<PütÖ?ÔtK¹¾ÊôfâÈþ‚"¹l(6¬£CéçwÖŠÖí
–ˆèÍvÛÊN˜1´“ï˜"RäÍ&5rC«é{U¹<ÊŽÒU¢­ù?…Dž^΋W+8Ø6h½µ60 ×™¾Í'£C¼z’g,àͯŽìÞðD0FYökÏ:"jF½)œ¾/$¦Ç¶£—äžœ*X $³5ÂV^¡ºÂ®ü
s,Oj.Ç['Pí’´yÔz)=íTè [Ö5¥<‰HîøWG£cÏàXu¼…{¤ŽaÚg…Ñõ;È ¸€"_ÞáŠ*üŽ9
™„UeíîÏeVg;èBå‘8U¥ŠÚïRèJ=zÛGtœa;˜i¥‹Ž<¦íW¯T¹lƒWþ{äîKzšM[aúž½‰¡S÷úáÿwÌ,£/ù£òÌ¥“í£&‘–LbàÝŒEÞb°ñqót4Œ=ÕÏ…ÀB¡ÁµÂ¥R— >k®x°ø˜þÚ™iß?d±Æ×À¿EuÆ0̬ïm§º.ôe/B¯±5±xS
dóeméÒŒø;Y/µsH™rΓ-ÇÁA¦ìÿj{­„Ãî]ciÞ­‘&]žp#^Á£C»zy*ý-mˆ‰ØXYaBùórï”9Tr~’Ü Hm¾<¨I&óúÄü3Çsá᪠êè‘©™È±Sf ìêŸ9o7¤h›(^"ÙcU
–âõ˜aÚb¦w·v‰"=¢+ËŽ8)={sQ«‚h!hþÜ,!u®ÛîJ…¨ºž‡gFÖj¸¡êŒ¿¢ÍvùÜu+ÂlDHWÅvŒæ‘˜Ð¹oAyßvLÊ
Ú|¯º–vn™¤áçÈ)£ w‚aÃÍLÓþyÜb|ìæÁ,õçÒ´8pÆémkuÚªíhð<t*Ê 2ÏW'L¼d…Ð|-7´ÃÝÓ­O¥<()…*͘ˆ¤³9É ³3¬ñÁ®k²ÉÔrz}Ñ2Pzívÿàãâ2ÿÆtÙPØn¿Ü2:×IŠÓZóå;¯!“
¨ä hxﵩì|®ÐÉ“`G»;B".©I¶¥¦¦¥8&8[zómi€ÚPÓ?$rqÇ=5ýdC
)G,O„9Ô¤}9m¸“$ë™È绯Ur+ÃΓûx’¬zFUvžùï¨f¢)¹¤Ý…m¹Ž7tåS83Å»äÉú´íkP&q`PÛVRl}„Äkzi:² ãQiN‡rþÚ]ÒF¤6DÖÁj:å9ªÀ•EîäfIóTËL2%_OX¡0ûYU™WŽ5lºL¢–‹x…¼È;/]JgÓÍ ò–µ‹“«&¥'óx彬›¶ 9²á‡aVceë+býrÑzzHŒ"€’Dw5:ˆoJWË7»®'WKZÓ'adáËkø®ìñÖÈxUT£Á~ «ýŠ¨Cõ #o·@s×c6¢…ÀÄ0Å'ÏöÀlá–ÂÓQ*`1ƒ‡W6â±¹J[™ÏÐÁ-v:Y°ÒžWß?ãkâDh°…¥øu¢ƒ8K–›3ïœÚ<þñrJÈ,¦xÝ|
àa,"S~ÙÕ<ëBD=Dá°ºíC"Gøc´ý"ÍÔ”àáfGk’*mHðþ*DÏî1”½eN‚>, Ú*ˆo) `›VQ%IßD_y[G]rB¡²\>‹CuÎ
cðŸÑXœ½€j߆] ùªt( /ž#øVÄÆaΚ‚Eå
/¸™²b•ÞÝ~Ù'!NRÂõW˜¨D^ûNO—ïk|»=íã`8ˬèK¯öà¤Úžö® t,4!6$êÝ®É@ÞÆß$÷XýãòÓþ‡g«™ÇºwIez#
Ô€è¾}¥g õ¢²N`ÎC ”?!™1^œ~¨^­ õXìâ‡ç¾íìfÜ•:ã°3Ñ—×
¦ø¸Åž¾<3ÕFùÐ’l;ÒJ×µê›V¸K•‹b4¬'kYèÁe73ªàPœŒ}Òë^#‹Í¼R¢ÅO§°ÛI‡*×<ƪª„â@~+ó ÿb48š3û&øð] ™„)GÙ”¾Ó7ôè]Ûƒ²æ=ïtˆÐØæ<©‚?®¿$þØpO‡bÍûX¯PqéÌI6°Jr€[U;̉Ñ{Kž8‡x_Jšy… ‰,§må,{?ƒhBkO6
òŒº…ÅUàLmuƒQçQ§Ž¿e18§Â6Ó#€‚ÕÞL˜zN¥8Õî‰-äHÊŸi™‡ÃÅ%ʃs(žØže³kòpV›ÿ…ïà²çFxâIí–»^;x(B:<$؈¸FHëcÜÍ´_G!ךŊ³ÈÈ®ÆQhOŸÿ¬ãaŠí›S¦æ¦=Eõ¤» ‘”ah `(u¤m#HŽS¡5Ýa—·0±Êäßy‡ašÎeH$÷ؾ‘ý†‰rr5ÃؘW¨©˜¨V1†»i©ÄUêÀyìáæ\*ˆ´ÿÞÖ_¦ç|©Ê  x–À}ÿò9k-yˆÜò[email protected]‰4kþ˜Ç(ª¥éö"6=‡àk^ÈÝìmX Â(AÖôÕKåá]ÇÞ9©T “g‚ñ6HqMójå{³c‚»°>úr‚tâÃgúÇΆîðÛ,ÈŸ5a­L<Ðû¥ÆC
‹†W*ÊÊ®ó´0¶Ð+èÒ ˆ¤nÙËo{–ÂiýØ÷Äç—`?“èÏ¿|(®:=ö³Ô÷Ã÷mœfWŠõnåFÒ«ÇdC¬çE!eÑ/hÜhiße`DyïïSÞWŸbãçRßôaÝ‘6éQ¼Œâé
èQõÄÄ®¨UB š(:¹€žROä>úqŠt²9ïܧñºüGbÑf2û;¢íþÛm°˜l=WÏ$±¡{1  @wô émª
Û·×Ôn8’–(„g›³WÐüMA[2$âÿ0gó˜+¥‡X2S·òɃqäû鵄±„ƒÚ×ol7ZŽKÚˆ@‚»­Y×Ç{€™í7n)((>U…Í£^™±ÐÖH[tw'ggcXEX[ím2×Á .~*òk´©|î¬åÔü<¸
îsL`"Wq™â’Ò–\Aòøätøø$G%Ò9-¥K%Ω-ÏZçÓ±åñ%y
€òVÄq¦G¡ÅõK_­® lTmM?IrP¯òÀŸ›p\koî²{¡ÃÌÐÙšöãY¼@ÛlÚñÍ{alø–UõLîg«)Ç5ˆì|­üP2È÷B¦)ûÛzT¢n'DÍ~~×ø}OªžÁQñëkN ?cé#8jEÞi•M‰ƒ‘ôTE.å“Dj¦V¶’¼mÀÖ—÷D³÷´/;àx ¼KwÜÁ7è“ݨ•lˆ¡¸ŒÐqéj•ÔÈS†1ÈÖ‹ZñäX2åËQ‰²» V‹r¸› ꤦïd©Ñ{ÑÞ!Zÿ଄û;$hÛA~[(•:ã¿^f0Eu¯ÉE8A¦;‚¾ Oa4AñÅ?R8&¶^4“̃èãÞ*”Fk ¬Òð]¤LŽÏ¨—#ùâÞó‘[U›• ég¼¾oC¥vÕ?€`›s}ê…m,L¶ãBŽaàürý¤çp&µÞ¦ç-+^¿Û:[0ªéº”¯æè¶TS»]©ÔÅå1‹òéTN‘Éæʼ–
òEŠÏgU›œ[õ3«3ç¤å$†¶,-ð¬Ó©Œ¼k¯Ú–3}È ¡®×åÞà¸èá5RkðrL6¯ˆlt¡¯ ÊédoÁ'„¬ç¤ÙCp%ý–á}a7£¯4Ù-ogßk‹íg#Ú\b“·Îiåa´;ÓEšzõ∾öœ¥"w8rnÆN]‹¯Õ/Äh¢`[»ÈWöA
FŸB-ýæM¼Ã€lIà7¸‘bƦiÛLr:¨:]%­ÇQ?—|ì³Ë¢!ßÚ±8 Êqÿ±’¿+Vß°<ñ5“Òºüȼ
l¸a8–Šœ©F°ƒÕÊ—±É¬CJ
qlýAhzótÄ;cªÀ¯êYûZ!û9ZŠŠS¹²|5VnŒ@Ò„éPrsöTáLa»ãJ³Òh¯/wæÒH2Ø›?ãïŽæˆDõ<Ù`úàI/;5…;:›Úrè9út¶Ž!/Xª—³Q>üçË—ŠØú_VŽU«)²ø±Á F+ÿIÙ÷< ÓÎò’ W.ë`ÆH´Ü·œ¼/ã[½„ÔD5? áä{%ß!ŒÅŽ›6ìï9[]ȹ?Í&O˜4´)Þ”D„-dv%(”WÜÍlú
Gª PaÉ&Ñäš íó¶^ž¼fÌý‡M1¸»(þ‰!<Ãu%Ø …jd‹mòèÝ¥hp!Õ5M¶ìô6»û3ƒ»^_‹éòü+[/DàX’ϘWéË‘©ÆüM±ë1Tt¡d…üiwþퟛJdžU¿ß&®i¥•–)ÀÍ”šÀ”Kr¶kΩí!>4ÔÞŸà±x 0b¤Ènát—Í…“¡pÖK$“<I’Ó:"l­äÿД Ñ„·–öP¶ÿö0©Å¾ÔnªH¯¸›'=F7/I̼‰ÛeV–,¨]¾‹“M;¨Y«¢Š¸$ÛrÀnú9fõÛ“oHQÇ~¯‡{¸dlK§ÿL¨Ýäëoã”üh¾‚è%øÄÊflÍãŠÍ®ÇQS“U/xDÃoˆ©~ÖÜtÉRëggùÀ¶§ïÙS—€Œ¯¬(c,"$ž/\ÞØÆÍ"âa–íxw¤[G .ÎÚ=þàŒ ÿKG+qs<Qø£Ñ(8¯ëÅBÒ-•xb“m§=/ìýõþ¥ªÑü”JÚ/ÒŒÚcw}­yw?Û* È­Ö!i‡¿s—ÌvÀ§‹¢ ‡ó®Já·ž6ÙT•9s_3)¾÷^áÏ*Ë!¨ð¶UR¨·‹¯E{R9-5Ð)E÷¨"]†Ñç>•ó‡?Èô
±“ý%{Ÿ`ýF+-ÚYë
""#¶G¡&I>mÄ`vRúÓ™Þf0ETé-‹®ÜrñI"#5’v0÷Þ¸ø¿öøÉn6r[˜És¬ky;
PCµq3ä–?î8ÏLùÙ9ª„TÅÖY »°vC/÷ [email protected]?yCaÛ$ɳf‘uóS¯ÝËžXÚpƒû˜=^ü’AÚË#†-–#ðEÆÉ*±1;¿]‹
A5+jV1]v&6ùàeûR5è7HšÉŸóU#²èóàõ;â’³7Y¤GÙú›È²lŽ$¶8kg¥#€™,jÀÕ ù}ìôkLòpì³#·å©È/
'Ö.N< ÷œÀ³V©‹<õuÜ åùª@ѧƒ‹`*Ã%'µºjñWÈM9 ël0]ç»côSµµµäôJ`vƒ›¿ËÀÅïwÍþ̺hÅmÁjŸ<ãÿ癪©™ƒ+œKîðz­®šßôã¥~ºô¹OO3ØFîç3ÿd4è!¹ÁÊcþ3>k±x D J
ZZb´‡È4¥7$$ƒmƒÂùÓ`jsÝK
|]ÔßÎë'/¶(u‚¸lèYƒžB±x¯–¬<cÑî7Ï_vךÿ…ÿËœ!;œ0ù:{‰¥ÿ ]>
×ý©úÒ°ûÊs!è2|Ÿ÷x?îHf7¦µä—E‰\
‹'™£æç#ˆÒDCj¥ñÒРý”SH]‘YïïI H6£^†>ß÷èI”. œ¦ñ%­ÌtÀírpJ#³y}´™ÉŽi( Elb²{ÖF!„¢æÒs/r”ñLžFÚÁ£hhé4€h‘ÖE ’¬2–…6,””ž¾ÎϞ躲sqØ?T(LD°‰÷%æ4±Ô
*HšÁy¬ß¨ÍAx…“€F¿ê$-±.7'šx>$!õ>@êÐO¦¥Kˆk+ïû×2µDõ/m2~kCVµúhIá~­”PÍ* ù ¨uŽÀ©«Ý¡uH#/Íå1?q rì.zA‘/ñÀ!E‰4u„°¡¨uÉ ÑïÅéRlÊ¿¶‹‚—þÔÝåæ$™’Êù†ÈâR/ :ylJÒ‰Á;„¤'o°ÉËj Ä”f# ³H\ %ò~_‘<$ºÌ7„QX³¸ÑÀv¿o!àÛlÿ”~²ž¢!;‰w;}æ°¹z‚½ÞTE-Ï°ÌúßÚ$­JWwÁ 8€T#»Ý?îåçnI¢#Už»hä-ÄX«.Ö ­°”Dz'06YZT+QãD›°l\DšÏaoÙ—#¯\üñ½342ßz«¹ÎêÔüÁïèÅ~Ž£¬>«IK®ŠE0¨¥Ú0س^c·ÖÐtó*¶ì˼î´Z wkôî€×ÃcÙp, >HÎMBm›÷Øô­Ç'ËŸº`Ù¬Üÿúß詇~$±/‚rÑYÔ
üˆôºžP‹Û8Ûñ”/»´Ö
§§£2x°RkK^•g;V‰0gÅáPúµhòÈά›Ó_(Y*ë/Ä“sâ(aŽ¼gÖþÏE­˜ãYìöâ™à¬§§âYªý[email protected]šíÀ(©Ó®[email protected]‡ëÞ!*šÃ†hdÂןìÛQÀ–MhŠ¼`cfê\(ÿí'z«Ï“|9¿Ì{Üwûê¿RÕÉÛÁ‹œgLÊxÀRm°®wþùä×Éa;\1[Y}ÆñÿêxºG‹ìI
†Ê ;.JxeŒ¢µê·f˜[9öD­+ú6l©¸¬\'Ax#l¼L ¶@{ ɼ¬w[=Kb¸›¦¤3€'™:Xm
»Ó] ®ì mkš¦šI•‚À°E‘¯d¿Ç¶°ý€êf™C/ôkS™Bmzj°W¬
og¹Št8EËæŠ
çäJ·úlÕoøâ†B£"óÅÙ‚#ýÕ,ZÚ\®X&u%âŸr“3½“n+¸>i£Ü€oZ<ܾúÇq:¡/³^šC¾¢|©5¯
o‘ÐØ Ôý\DH>XZËÙ`Â÷1&>Ö#¸è9wSBgZa±ë|¹Ò*r0:Èä$SŠ«ú\íô¬ˆ­G^ÆNëwl„JdÍÁ7‹+“M#‘+œÇ‹Ëô`ë Ç-úŒ$ãјžò³³ jŸ(ÔX4ž£EDÔ8L¼û/:¿’5»Ó‘êzÜ{€'•;‡Ã*­jç J5 æÓX\s²ç4­TÎЭU?ƒ‚¾6ÃÅ}ß²“FXj#î8-_ž=\?_0p´#íÄ—90 ÐC7²Öó³†B'ºHÌë¢/•Ï“B×!˜Ë¬Ç
Ç|‚Œöq«{'¿X+DŠJ—~Ê°Í0`ìÛø2盎7{øG´U¹w²k#ر®<*À¡ÀµûÈÖ?÷šé®1ö‘B}W°60È@¢‘/d¬©‹#ÓØÂ
½áÛÖkjPû#©Ìj*Rÿ¼lÄ«¹vNcz Û·Ä7é¿~”)õôsCJ”erix€lƒNár”oÙªßǵt¤[Qï˜ÏÌÈ"þŠP?hœ¥óă6¸Û×Å,ößrz˜zG;“
°#2Ô²Ôê^wiâ´=||›Òq dàwBêÇ žV|¸ö.ëÕS¢»hb+*÷ø35Ú'â–ɺ¹Qz\}ÙÃÝôzŠ>rÑ‘9¡1|øüV¥Nu ËTÇFbû°ä;y-{Þ]z3Ñ¡w—Ž±.áÞzÔ pæn=F‡%Ii­¾2D9wÔ¡ÅÀý# ãEÒþ ÀFôI¾Mã\©ä‡›vq \BÁÝÂ× gL›?Úë0šÄì±ÑcË›°éº¹‡ LŸL.'M6‡”­÷Ôv,OÜ8)Áp‚ÎßÏåj‹
Qaé<B)°}(Àš£DéU©ÇgD{K.\©´£_8*N$Ã
R–â™xrï˜3SáÁS®w‰Ý;÷¥zmÒò×ÆÓ %¶¬1Tr£¾M .ÛôÍ¥b_:•LYï:5wsÁH립
•÷IõéÎ¥WnkŠèéQ;VÎ+ÁÍ*2)‰õ#åÄSð¥ii5‚ÝZ89å;‚f¸7’¿¨ðB‘öÐFµe«ÜÜ¡–»—h²Å—ܯÿD=î9'¡ìËvòÕ‰~A» ­Vvìì¬Ú¸èú? n™€œ8ÿp|'…žÅ!Ϥ«c˘$ø+Yœ¤Ÿâ«q1DÏ­®Î3>t¹-*ö[email protected]Š¦Év°\×NQ×é$Í Òø¸
Ž-tç—
š]_œ°ah4“ü4œ^‰„,C'[email protected]Áÿ`5¿ˆÆÀ–'¾©î"ƒPûï¯ó;$Y†õúÇöØíCµ/}E„¦]¥³²7‰ÂxÙ…ŒŠ‰¤y]¼/÷Àt{i&Ϩ]&%$¿œŽ&#dgÕYdÚÁ–qQ°®–[àÖY(_¼Òˆcî.#µîdw/Æé‚3)‘3Â9ó÷¡
ÈÃÜ‘²Ú° ‹ÅìZŒ èBj_:¬N2bƒ>tko’¿ 篶¤cž_(ùÄ`¬¼y…o«•æÔ<gœC‚ç]F¯öÅXýS™÷ ™ÉwnÃëä[ sß5`
x–°þ¨ð-|Ï<²y5i• [ò}Øð|.¿þé¨UOrx^ØDa$·j”Ž{}Ȥ‡ÝD¹ù5u"Œ–üsGN±’»c/Žj
w¦Bu¼]ÏÃÑ£e¹ÞÇ@÷{Dy"J‹)ñýMè¸ä܃Ԕ‹’ÙÙ%ž 9ñž?›ìäö°Ü}˜'ß¡Y†è>b ÛyÎ
}DêÞÔxð‚æ1Øê"âÑÔõ³Ä#÷^zÓDWÏ÷]ëÔùëY8°Ï¶ågOÂŒ´–ÜÔ™{È‘NEû5ò‘XëlðÕ6±éþ ¶60¶¶UÞ؈H°hËÈÿeÍîëºT„œ–™ÊˆJ;
l¿Zd|—^N©±”Í $S$5“&tÈñ²SÅChÙjíæ¾N.`H¦ŽsñÐÓ²!’ÇÃ#ÐLËn^zäcÁï8XpGú‹_h;¸¯}[-NdÑs=ø¯míAÓiïîÄ>W;¶åØ}Å°;€Ì¸œùJ,5j³ôö^­²!A„/x¶›Á0öÿGh=Êl¥IÈš[>ä¸qÞž3&Y»ü¯lp”ñÙé§Á´‰+BÏðÚFC¥i3uþõÇ.ükÍ#6,*§§XcHÞ?¹Pس{­Íò•ñÚn¹|oc]h®v6w,Z‡j[T¶æ·íAõ¦ý&ËMñ3Ak
`ýsôU¬Bs¸ÙÒ»1=•?jl=a!µ‡šÇ·œ¹Æ*P:x¾(ë•á¸Ž%‡€â.ô€=4تœ»‘[Ö‚‡º@gE(Ã@ŒÏòù8xŸù=÷ÁÁpBTYâhúžu—1¶OÔœÎH¨}º«L*À¥ò‘ÌÚxdL–¸“4ÑùùVY›€Ë9TF¢šô–£l'àLá"ò¶©„Ë“l$4‰Sº¿û­‹1Ö·W]퀆z—÷Û^eHìqÏkÐJ¥ $grÐÑ8õáYã¸9uò³p¥¸Öf1w·«“Ð6nê-8'LTÁ -÷¶~ß¹KnAÙò{r’²|+V=%8˜£¶
¡gwh9ýˆ÷—¾ª‚Ü[#3-ÓAÝ‹r V™åï‚7_º-…ò[email protected]~›¤;5Ž@‚æ÷t
gOÐ,íÆçíNø
d–*vVz/ÿq²\$+¡KËCaýÄA6TyõÂ.r•>qòT70ïR‚Å ·¸òJÓüÿ᪲‹;ºl+Ë1«9¾joíõJÚE”iÁ‰CÙo!ã°ÿö”Ä_åÀfÇ
²ýGE …½G"C׸lÞGl­Ï¿œåš§jÖ/¤Ìœ†y™ž¨WéÅ6ÝPýëpÿÝÉ€.ÁB_:¯|»ßhaûê|çù^Kk]Y•ÑðF±´Ÿì ¾ÕŠñÁ‰¾çQý¬5apò5©¥C”GLtˆi᤟º—õò–ÂÂáŸ'nÆÏ¡ûI[¸LÓÓþCñŽÏ/Q©Óräb®õWKƒI7ùJ^çoÀo
Þì5È]ëÿN+„&&AÓH€Ü¸Vù®\M1Ÿeàæ?hÇ¢€hÝÚ¯€¯ay‘lïµ™Ì]xzõÁ:|¶ k
î¾#ÆÑÍrýõŸãVØþZøà´·:ÓÑÕ‡˜d<¾ˆƒêÏå ù±ÈœV)‹eéñ9WæuÞÇWñzÑ÷Á•‘ú˜ß|hqI m:-èFI£
àW¸µA“ÖÆÿÐÛÜáˆ]Ûû––6)1=¦Y})ŸÍc:ð-O¬Ÿž.“NN¹ŒV¹
Ø_'R‘õHGŽT?çyÝA˜.…í‚Ç(5•˜‰[údÌÁ/+/)4#ì NèôÆñ¦¼·êö×`5ï‡ê@t¬Ò1K¾Tq€>(ÖÎШԱ5[Aó=Ç/­÷×ÂƃàN…ù>Ã’hÅ°^gúÖª“4jQÃv¼‰[email protected]ù½Äý#Á²Ÿx*Á!7Éfþ«­ø¨±U«ók$rÔ0E°ª[’7\ÀU¶RþÄgx‰ì™(8(ÙÖÌ5 ]óµN_M¥7í4ìÌBÜè—¼09
2˜'Ù-}/ˆ6D$ù2̉9vç\^¨–pŸc)sÍ×dYJÇÛÌï`'ˆõ0¸¬ÜE“‰“‘ËÔ×fZy³ð›ÃØD¹Éü†9í
;…„+ýÂéÆ%H+µÛdöúóPEè#LIòª
«.¿ZfH=üíÈ"ÐÖy¾0AÍ„Ö[°š>ÏWÿBlÃ¥éN «äˆÙ°[email protected]ªWU°(ñ`Ìpà¤ÛÜá¡5¢èß+RŸh¿½)<=Ç–´¬tzÈj>TEƒH‘ŸâW=¨(­ßñ§bBȼƒàÜþ§A `K䥅àŠÖõT½Ë>¹6þötÆ=oe·T­P[­˜Æßðþ5býæI=¯jŒw60[5¼Äí›k¯êDD
:Î|íþay’ä›ùa™y
âpkx\òÑ£¦hÏ• ǘ¥MIß3èwqiÇh2ÝMÌ™\9·:uII¯cê«pØËëQ‹Ð¬ì*åê*¹ÜHx!d%é7TrPz‡È³¯‹,ݘ(¶1Ò>h"wä¬g-dŒ:cV¢"V†ùŸÙÊ£Ø)ÊÖ=íSìHítÙKÉKõ)ì_—tO§úi½•Zuý¶û´à¯¸Uàï|~°.ã_C‰x€Ç|¾s!øç¨Oz153L Ã)iFäÜÂÙ®p™|–!‰M-¬D¢“Š®¶©›õZ“Gbš-ë¤[email protected]ÔLÏÎózÌ? @Í©ïâìa˜àšÎºBn’ÏÚ¼g…äii
º:•kž¡çß@r¡M1ÊEŸWÙY±o¹…ý¢¸ó(É¿?Q~€*ñÚúY*Ö›!áR¼Óe%À„ÞHO‰5¿Ù³<RºAeIxÚú¸øÓG¯l¾îÄ(ßVëš%üy«qªºšæ¹…æ—‚ˆùñˆµ1ü"ÇË€Þpo•ò¥&¤}Lz¾ãüaÏQªƒE[¤'ºl¸ûðþõžµÞÒˈ|Hoªy˜K3Ìuˆd­GƒH¶§íK[Áð¬[mê’ÂæÂìžž#Ç×Þ¤ry3—WÆ-V*¿ñN’bÃ
…ÖE[7±3N·359¼vL~x^‡ŸêÒß^ÚmA䛞òÕï†k´GZGM<°$*ò—óaZÓj`â¡\ÒÒþÍ=U”„ Jp¿ÂË E4uÈã(!a%â[.ʶf2ÑñˆbY( …×3û²(M£5uÿ 3m§A5µW—gÊ/Ré¯d'[email protected];¸»¨XglÊâã÷Äv7\+x0Ä,úÿ¦—üED˜Ba â·DV÷Þ“²j÷äûÝFÈˉ±ø´MëÒ!Þ¬žÐ¸ñ(Óù›/—Ñwµ ;“:dÙh¢&²AO™°§LW=åwºÈŽ=:fu„Q³Ø¬Îhzå­g)®¦õuŒÎ®rÒšž(¯G[×@,êÍFýקBü‰<ÀÕõ
>Ê?PsN‰Žÿ¨tT3¨KýtJ·F7Ê^žâA°pK0ŒÞM¼(—¹à”$Â0£=šø6¯Mk¾lT¹bhhß
o™çžc,´O2øaàv÷ÔO;]
Wâ˜d•ÎÊ
ñý:›XåTP«6[EW±æË L;+Wöxf¿JDU 
¡5z²$|zJÕ.y³:¥=õ@Àf9ñÁTë¢T4²‘E¦OëQÑYq§–m…ºühõ9š2!èöû E¼À0°x ór¦aãÿ'^d4½pvìn-mõD~,ÄvþnU¨Q›P8·þî$ Uz¤;Å~Ý/O?…W-úÀ:73¯jÚ¶\— ž­,ÄU[ŠÎ.±•O~̤“5ë=r¯ÚYÀ°ÛeŒa`âˆ~ibV«¼¨ÑÌ
€W8ڌƆŠ% +uþÚ‚JB‚ÃÆ[email protected]ʦ´Ë¹ñ«$®Á*z0È è[•ˆì`œÈ¤À²êÖÏO泓éû¹8>†™ÌPyý±“ñ¿žÊ\°‰z€Š^šMï?oáù;cìágì<LƒåÆq/éØ´\~˜†’3ÙÈÃø1y;r^¶âЕ"ÞÀÓwZ`XŸA/z)cP€ÇHžcbdžtéÝgfó‰Ï²/câ.ÞQ©÷’®úËèÓ·ÜãæfþZ‡ƒN?),¢8˜lÒÑåE³7Ö#WjºXh²°Ð>Ç°IpÀ7MoGCTÕnj”òÿÛâÖÓÛf-ÆKö¸ôÉ6\‰vÒõÂËô O6ÊçÉ©¤°Kyå²xJÒ§L]|Ä•ÛÄ;‡ç¬&íAÒÏ®¿_t[ñ¶¯ P¨#‚òVÑ(l$À¥•ý¦ôÇÿ³r,>´H<ÉÏ|@ó^KÁà,ì~ê(t•ÎásÍT”÷)2_ÚχŽèMxøw¹˜‹KKÆÂ3w³ùë~çoAõÕcÛìÖªišÐ²¸´ð† ˆyÂN€¬ÄÜÛ•siz¥,$5ù[ÈQH*:RÌ\ˆùàÿ! #Bp­‡:Gj¸›ä³ÔÆŽGJWÅWT\ÿÚ*¸ôdoßÃßl/‘êh; «ì~óÖëáÊÂ{&q7
 %üžVÿ±
LóÈE.K&Í º¤ñÉ_/U“D°
òb¯Fß~ݤé7”F[(LÀêê÷ŒëÓ
ø;›ÌQ »u|"ƒ“6¾‘®²ÕpôS˜*ÚcBuŠuŸäô{X`Ø!EÛv©áB
0þ`’Kzv¬7På²o#CËÉ°ÃBºöV¢
cz&eq¡Ô±žû“7ǘûÍ”åŠÔïéôÃ@;Õ ‚K]òMy"í4vFAlù’{£rÄÕ†©‡%&~âÈ¿€ØsQ–€/Ï„pžëÄo±qwǯ}¤ô„ahÄ)˜U©['£ã±.> ýLFÀ]fÏš|ìºFGpès5çKI=oÖ˜0f%J¥µváº'Ý?G囯æÛæ©2á×
»}_ãëà.qÁŒÍ²sçvÝڜ襙:Åü1a1·ˆNÆ#{vM_îy—e‡ÐÄðÙgØ“á·gÔ¼+—¯#<*vW\-—1¤Õ(} ³‡ z”üÀ†'æî©9"ðûG~fD^
=¾~”çyëÒs£„¤‹}–teJ¯½j ͹‡ò—¶!™ RÙÙã‚9Ôß!WçžfJÉU£fûèP¥F€âãÉUÊV”ö¹“ÿÂñ§µtYÅ£óà­„Ç4—Í3übÍš°¶¤Ü–;¨ÑV‰ró}¶`@ê§
„±jcÔ¢ß̼ÜB2ÆÈ. àqë€ÀЙo¨p„°#TQ‡ë¾*”X“­·ó’âkÚ"¡ Ç|ù»›ÍÏý]Ñî¤ 4ϧ6´.ì¢e+ÁYʶPËaw"þ÷öôeþ/<KML‘—WÖ¦›`z³'Š
Ç`øÞ\•)mȽb÷¬P)¹ô„p$(/²ûÔôpœ•ö4‘xE×y6më>×XGÑ#âñ^Wí=xSù÷x ³ãëóÝ0.¸—LæøØûʱW|µ â6A+>Ôæ¿ _úÜ'ig%üÄÙRn%cE#¢Æ8ªÜÀƒÐÕó÷5£ª'ÑcàdñåJÕº,Šÿ5€£O"Þã0t'¢ Ó–Ýd4Ä.Êf̱¿*!«Çgl·€ÍÔÓSD1ƒU-9(>`UQ‹WtÃ
¾¨¸ÊÞ¬¯ŽIáø!E¼ÿÈ™þÇz««†¬ØŸ¯­“%CŠ¢â¾üéxR‡eâHœK«‹p–"Ë¿}ñ"¿Á[email protected]#o'ÓòRº„VY§¾RPÐôBˆ“ÁóIb.cU³%-ª$þ†$¹ý^ê;R²Ìb)å“ÔVo¬÷%ŽiƒÒc£‚ÜJÂxr§Ñ”öîÿ´/" 6_” øæzá r
.Éý!¶ôA<ï|§ú\ºa˜ôàÎ 77Fí²aÆS’¢Y80˜ŠKÄiÝ‚øÑŠÌ'í£àïåÀÔ §Õ&J¸sU—æ™Í‘ðÙ¶ˆJÇJôE`§·Ô~‡3š)ŽFæñ
ÐQÄæ[email protected]üÝÄOn› EÒ¸‘/ʆ:TB0Åôx“
ÎýÉF²šÿ[email protected]°Ç$:0~7r⟲䦂?`1½mv,ð"G_¬3·ÙѪ6œÐn‰ï
Ú"
<Ö×¹A†UŒDå`bOìU2ô¼Ò%Ow‘_òðO;<ÒW5â6EŠVa;U\Ä„0s3,{MÌ…²Ñ® "Jlÿ>‡¤•i™ãÅ®dÃÇ£^œO7vyòfZqKö
N‚4!OY, ±àS¶îôoW·Û[‰ýSÂâEý8(ÑêÔ|@Ü)Q„m€…Ûǣ܎‡ÅÕÔäÊmÒ˜»ñ{E;
øýom%"Ÿ ƒz)‚—6S…z¸›³5:p, Ói†
m˜7ùHGbÑ÷ŠÃvû¡Y­›WÄ‘-BÆé×gBˆÿ¡3U)}m}cb.e(§|žSâø§µƒ¯5ç¼]ïN T«<;<‡·žbãLSM3JÄO8ÅÛW áV¶É1>íT~!šŒÌIX‚û;G1“šô[7¥uùÛ#O;òIS«EkÖ|USH¦?N£!ødšŸt§ÕÍ^ó§é®‹ðŠÔü ;ÏØüVƒÞW.©ÛÛ§õÛ%°—õzʉ2ÓÙ
‚ƒXŠ¥Qº•®J&MlýC“[email protected]ÈÐFÎÃœW™-‹ó,
³|ÚI. ´ïÏŠ¬ö,ØšòÔ÷µ:%W„ˆñ+»l'ÙfÑß…¾µ }­-:?¾î…îø6Ç£Øzb,;EHÕ&h «"Ù¥—kä&
®°xH:Ö|º€Ø¯Îä¥\FóôÉ[™?tMEë­˜xN¼ƒÍKˆI;‹²cOKƒÑIË’5 ¤ $10seïYýàãíÞ€æšyÀŒQjpÿ'e#Í@ž«SøËô”ô¥ÈÏ=?ù¤ã3 Â
¡D?åÇ\-³Ï5âCp¿Ý9±›kìÿxn÷ã!–—˜œH­žËãZ¯¥—7
‡naùx*@‘%(LqÂ%2Ä|gKs
„¡š‘¥â‰öoÎzª´
ƒAÝc}c¤\~ªQNeKIiŠ²dl¢ˆ¡I2u8vmØî{ð—´ãzãÔ~ÞÆ)5.m¬4,IÇ$EQP¾z.
~a¶"$ &t†­ó7ÙQ
,|¬ð«[’}ž.cjNÿŠ/(‚¿ªêeéÏwŸì/Ý@Üszà-†¯jã7n”"³w ´?îfZû¦¯ì©gn£KGÎg뚭ݺäíGß›XQí%âfŒ ì›PhºYßW}îGŸ/­‹*
âTTܽ"ö‘WhÅD»Š¸\TðÛ àV}ÝçÞ9-ˆ…”‘ p[->¸!ZŽÄ€LÝéi`sðx'—l$jîBåL‹¶"c+ùè%Ó¨ÑÖBµvcxH¡9ø€Kvw¢Ôf+àm“¥€Ëͬ¾ùŸµ›Íl¬1aDòIJ´ë.ÔßwN‰mno0Ýû¶Ã¦,¬½xû<ª¾Þ¼ÐN‚èÖùý*ñ¡]}ÑŽòxb1·ùÕ&ï œô4Ø+ö»ÍÇŠëJ¨{5i¢ÅÓL©±õÛ՘Ź?¯Êîk*Ý^2r0”,H2—EäÚ¦á¨(§©Ypî6â£ÆÙ’W¨4hgø,‹™Ñæ︰ü#­óEJìFK ºÂü®ÿWzpp¯·PyŸ$v­ywD¸}bþØÌŒáV†âåáWÙ”A©õÅ~†24>F©#¼iz²„üˆÂÔ<vQ‚ÞØîìÆl»5K
°iéP»\a‚ÌPöFÀ_vÍNxÉþœ#4`»fxV²¸’Dz‰éf„úïÎaHÉn—šº[ÌV\³À©¯ë×dQETø•ù+øMÝT §-G€¶†þs|ÑŒ$Îô"ðœ =k:¯ôb!DÙßí+xŠÝu KÂn0cxß+lf§ˆG¤[ÀUŽ¨š³L¹»‚‡ÿùœ³‡SLejù?펱¨´µ^~%ïÿrfѯ–¯LT›°5_ž´AÝeã;þP9À$a|ÔÀæ(…fÚC¥…/Q.¥Ò„¯Pºk’历± q^vzætä
nN8ˆA¬Î¯& ,m›Jô©ƒø^8ßæyµ›Z‹®øæÓBŠŸ$ç¼ßJ¦Ô{¥ùº,Ødòù]Ÿ·e€ÀJÌj¶\ŸÍtvÂpVKª„ÆG·(E›³×d;ØU5´0qvÚ¦RèXc][´Õgƾ´(»Gû‰þÇú[Ïiÿ³«H©4A
ðW‘1ØTšñ\‹ =× e'¢Ü“æE ÿÞEmBêíÊ°‘Äßãö8xÆ!ÕâJ¤ëdÌsþ®}’ÎÀ°×Q3$­€{`¡œi76q”!Ì
ó›èìÓąɸÖ6KYo5Üñ9n¸ëuÖ€CWýb—”ª]^Lì9zWzU+¢•Ï¥¤%u\˜äýǹY¸@[eZ]Ôþ xÒ}ê)–Ëï'¡š{8|üœ`^)ð —xw DÔùvF$4µ«Ìç:÷fÏö6ûKû¬}ú/‹÷)$¿Ãœ×Ò€·g¬!aÛñs‚>îÏÑÇý]Ñ([âÔ­tE¼?S5jþjüõ›®N¿ùT3G¹>tªðìSEp×ó‚£™ˆsm°âg!æÍ h©)À¾à‚(Ø–JêM»¦e9x"êðûà¯ê?="±6°˜¯ý2—ó*Íêš ÂçM®õsJ9¼q¨‹Á]‡ðÒW¢ˆxÝYDBá=ëäõ9¡[Sjæ<A‰t¿NÓƒ+±§~‚7iŒ{¨òªäôŸ– w«Æ¤kÃõ8í;fSþ†ÂÊõ¡>fÛ|¦Sº@VÊ (öÌ'ìu×+ÎÙ­hì°@¢ªÛ§Ž˜c.Œ§"¼;ô‚»ÆÌPFî?”|AöÕÀù7å&
/RÐþÙaG®T²¯¼`ÄÄßaŠ;ÕéyÇ>yµ¡ˆ
|æù©˜•£o5ª[–Á-Åz<Îدý†à@ц%‰2l§leÒ¤KeŒÏ&òåiʘR¿bBw.÷²›¢Š+¯+š¯,­ÀWÚýÚÑñ¡—40TÒ¨tc„e„aIݨüã­'ëÖ°1yß5¥¸tÁÇ$ÊèÆÞõ”éØ”x¸(§Ë?shž²°AáGÿ%H7Ñi¼|$ o)]«SÝã%ªKcñѧ{£ŒpW¦vÉ]OîAs–³ø”pQã‰ËØ>ˆrŠÒÑÓ˜¡¡Ei8ìBŒ&M¹B.ð‚-#±&pèÛœúîø%y<eyÛ¨pjp¨º ¦²EÔ'¯§{ÐÜ2œ™îïÙŸCÒõ"'ùJcâÏ=¬—ÿ%ÈJo<]+;R§ŒM @[»
ÅìûÓýBŽø<‡IŠÀ/–Aørý²¯_Œm¥°óÇçS÷ÝçTÜþ‡ið[’RóŒØâR·¼€ÿ=¤]ì<Ÿç=ÏßtJû0GxôãÈNˆ£3%½©‹Ø‹‚˜Â@ìM_¯›²º˜“•1.Ð1ûüf̵ÏÒRÍ$”g•{Ž}1â´É‡NÆ5zõ¯{J·ÇoùôÒlâù­ó#Uµ/Ü?© cjò]*’;JkÑ÷"­Áà†dd¸÷ 4à¨û6CßzŽÒÆû ûxw‡ŸÔF' ïr’•8÷׿â챞X8L{Ä© ª80ï²¹bæ`¤‡´—É->äè—E0=¤uj¿Ë&™â’:ä]­‚¸ÚÁÅL˜Ñ™~o‡ˆxùå¢ÚéðxXÁ§Še Ä‹ŽàKÑ5"dL5z;ÞÖ˜¬6xˆ
™ì\yÌo£¯—&±ýõõ6ïàc
'ÄèôË]Y#¯Cú4üÜ&X=Š¤€F­ç@u»ªÊŠ4ŠcRpXæÍ'ds=þs—¨lÕŒ'ž´q!¤›µúðÇF§›%…ËbŽ£uó‚&)û½Ï°ˆ9¥Òr±{Õ³Då@í¤ÐÀkUýC7±âŽ· ¡Š,£b”ü¾ó16jž4ð©ö`,ÒŒCÛ}`jØ-hÅÿ´³ÿÚh"^F»¬ÃÔ]c¯'’åbé´FÆï]|ËF,9ÄÙ5³WôÝÓþkÐrÅp1¦Vð6äæ@ŸõVÊ™nÁ$Ô }B.[p·ßÙI¯@±k|Ê"Ïã¡Èßü[“W:!>Ð˸ÐèÃÐôÓ'1Ñ~qw'ÉuDS¦”@˜rS%x„Åõ‡kÉCûðë1Ç£ûÙ)ÛMœÌsÄh€LäúRòbX³{†•¬ñ[Kîê so>È.
ïmpdIdMh½çoV0 ƒÆÊÌ"
¦0Ô 5.Æ1Æ`䌹¸Jêç¦ôÐ|“­ÅÛ#œÚA)êç~¤T¥]îÇ›^´Ä¨nuîð¤ÜäÚY%[9«Ý»·1,$xiDz²ùsGúßÌ ý“z…S°Ç›_TÓPÔTB•ZE
ŽYì@'öŒ8kn9[·b¨­Òlµ@!—Ž¥-/áÎm½Mù\‡¬cäʆ‹‘tk̨¯#vÉÁ·~ä+ ¢?Z¢ŠrËivîáÏÕÕ#ñà•\/Ù©`Vºà29ÒU¿8ˆýÖÆî0¥iÞ6µ…yýúîq¥‹æ´Q¥¦T ÿí¿oðS§“Z]%Ó
=÷x=¾F†ýrYpÿÜf« ztðáöËwügïŽl„J'‘¶~‰‘àZ+ gõíc‚EcD2;™í…0wë®–£ôEùîlc–Ú¨²·¢ çíÍÿ5àâeâ ÓH®ˆ<5žÒR)xG•B˜ÞìÎ9æãcÙDØ1X‚€m8Åu6à‘(yœ^7
+¯›yVg"4i¨ bé/ë|åXÞö‰ó;HÆ· í±¤˜å° Øw],ºUÇN>Ýü€’ˆÉ'±°Z­à0·€Æ= ŽDÃÁ¥ŠJ?À|r;k |¥<_ü0³¥<¤žÒ¬f¥aç”&ê̬řçÄ’pª…Žé_îLÝÒÀqA£G…V`[email protected]!*
ìˆÔù7Ûê¸<Ó°|YÓxêyÜ•˜Ù]B¡ô ¹ Òvd¿mæ’ò·IÀË<qY‹BK×-qº(è{ )|¸ÌüªÖŸ¹g=[ç—D€Ú |ŽMŸ˜N)…=×q¯WÔ€y×aðUªô®Š¶òÕx<ZµÊÅ.^4*>CØ™kâ Íw°›B®ÄŒ'”T6Þ™˜4F°I<Üö¢U&X'/g¾u·‹»ù‹Ä9±ÞÒšóÑo³p‚fØHZ³@u¾³&•P>¯36+·jIAÔª¹@å«Ãe`þ*”MQ³¸†¦@WVÁÁ Ï@´S9FŸ{•m^ØN{톷Å`Y4ðõ¾zo³_a5ØÖ÷ýL{ Éõ[ÝðI–õËw9çÐjqSõÃã_†xœæ}m Ì]1ëø#I¢”EÓk°õ:¶4¤ì_Ú'U×x2= ¿í‚þkÔOÇ.íd
'U‰$¹Ð}ÑÚs¨{›Ž3üŽNŸ ÎÚÈTGp*„Þõ²P./J}Ût˜ñQ}Àà¡™´Ïùô´àv¥¼½[email protected]³ô+.´=.§oÛ^¨°X"á½]š”µF|X‘ÕYO÷9‰;©Æ‬+éÏWYIúÉi¹’>¸\¼†Ý*·ˆ—`XÐg3ìÒü½Þ¤x¥ˆyQƒ’};Ä«ó òöå §åÇ“µ‘SµS¤JŽþf”•Ô"ä’\|’ÛÕ¥¬„¢>"©Pöô)=É€3›ÖL×1Ýóoß74yeÀýûÔ?ÒЄ>Á¢QõïBIeñßü;UŒÉG®Jt/rœâ|´ž#Ÿ[email protected]™JbX¹ðŒ±UÉë
Š-p=Ÿ´@½ì% Äqþ:³~a#‡Õ§<Ï3x±…Bíü†P!p[Hø]¹ ÷‘¾64s®_Š(!©Ãülsö·.CîíIŽvŠ‚e«n"žö÷ðíö§öwJiôQNaÛ½?Œú6IËwà¥Îé„6ó¢í`”¾Ý“rËpS‘«±¤[lšÛ$vÜ"LX”Ì7¢ÖŒ·–nºÂÒgÓ¿¼ai›Ô%¯&+-.ƒ
Û¸{ ^‹þCX»áA½c¾Ud ásžÅ$'3¼A @ΓÁF†ƒlÙÚÄÕq2}7‹ŋkA>5méžäu`’j"“­c‰ÒRöŽŒ8'ðw‡âÃÒ²­Í#’ËKÚÚPCú‰îjQcש#t‡‹Â•·J7Ë‚ )²;[email protected]Ħæ‰b·ƒÐ7?oU0Šj:gT$ "MUŠ›íxDƒt•oÍb¬ÒfÀô@r³ï°çœ›dWrÝó4‹ ¿Ömcsć3[3ÓÚaW«–G­XRfˆs¯úb³ôe‘ZÓ<ÞéÍí@ŸVî^þxÊpgéïäF{p/‘"6Ê<ÄýKŽbøêsâzo7Æàõ‚(­ŒRSTä™|Ì6QèÅÅq&b¡¼â·­¢6ƒ+ßÃ*x7czH¾|Q’þ»YHÒÙnÜò¦2'™¿è9%ƒ¨ ‘Q¸N Ÿpphh¹ ‚áøŽgŒ‹Pÿ/1iC—cÍGjµ­ÒÈË-c?w‰ÃH\µù¡_Ò3‹I"l[fKhÿÌßËÍ;dåñ+ë5ú
’›ŠÐl{; §*0á°¼íjÖC_kJ‰ÙÕ˜VÒ\M]pR|ÉŒ!ÞÉ®ÜA–ÇÉ^¹änÆh‹µdIy—]¦÷vÃø©¿H£®sÑÓ}òù¡²z¿›P­…þÏ}Â5Ö}ÑÈ¡Q¶6×jãã5ó1ZœýxÙ,3¼7TS?E–êçÒ;ÍK¦OÅ“fߦ¦š=ÑÀÂá3É?¼Vf²T0ö
ð¨1ëâmí&R6Í!ËKpÔ‹¤ø`±Iò-gñfX>œù¶þ¾únA?*ý}ÖTøåðÒEmH.ˆ¡›vçºC"²ã±GÖ•ˆ .’¼Ž‹WD÷²}’{¦>?~¤²™±¼ßå
Èþ\øý<[êŒþ2ðÇ5=K»òˆ
¼:n'“£3Æ
Œià :<øqójùœùýr˜¦†ãY¹ù¸Ï3èWÎZo~o#¤`Ê#<‘<Õ€Çû€;¹DQ'$ÝÙ|Ø[º1ÕN°¤œÄ•€‰Ø† /ç.9§.­4¯Ñá÷oáðÐoº
¼¾´Lc_…Ó¼»gy¶^EÞÿ—´?ÖÃÝCqÑ
]ÎC‘Ïëç>Ƴox0Œú¾×@á;<Bvô½Ç!ÄR…L»\ò=P§í)·PÉ“xêZaÓèêý[û§ˆD©MUúÖ±›û–MÛ¼š¾eû>4ÙôRpÌp#ó¶2¥ÿ#4Ѿ­˜™øŸÚñLmõ!ë9QSðÍ´sxƒø½
hÄL§ü"”däE•žðÅ@•xôÄœy9Œ
¯H ´áö„»
á7Œ¾©?Ã{R>½(ÃŽR&Àä#MÆÄòqÀ·ë¾»`F“ QÁu¯ç0DY®¢ùcB¶2q–MFÆ5Dô]xð[›®ÞRúÊÓT1•€¿R™ ­p©ÔÄI‰k¡±Š_ÄôßMŸ—MlËá•ç‰AÎÈåÈ0nÈÂ’ªÄT'#ïÚ‚[email protected]`zçÄdMyØðy#6»B¼¬%8æwRÐ#Xá 0$ô­Õb·ÐÉ*kŸiž÷s‰bY"úðAîpZÀ}5©Y>X³¹ Ÿ”JjÄqx´wB-2Ã/ÑÓË:i¸'&³ùfà¬&z˜ç6xWaI ºhò±°°ÛE¯«Û!ŒgÐ<’¡:Ï?‰¨[àÖ@ÖXbÁ È¥‹â`[email protected]@¥Wæ[ÙüÈÑ€c‚BÞ`×[email protected]Ý#¸—Ý«ŸÔ´®7g8*Û¿¨¡U[w]w·:JÂ}aVG^Ö)‡Pµ0È\ªIº@:8wa‚3â´QWnv¶ñyJd=ïØ6âpŸ·}qì<¶ö’G›ëãn®|Áf–Lgl/@¢3¹U$¥Æ¬Ä/à[k¾0ùžUYŸí¹É˜Án:Ãûà‹d:­zÊHÞ”á
§_C&Ù»e3+ìwÄõd(>ÛcÁ é«d’Ôwùw“ßåbj…ø…Bøä3×iÜÆKɾyOD¨¸YS9”&óÀßUC”˜ÅAêJiШnCmm;($Χé2{9¤Ž†uIÅzüî¥üÈ ¥òL¯ .íN4ê’W›àB%¯·TèÔåî߈ÃÐ:—QaÒ¢›°·ó07oÁ‰µÛý’6S
¬-ÝŸ³Wwœ“\w•1X;Ø–¼æì¦ØDh&¡+òþ]2,kÛ©%­Lª§B¶þÉÍû«²5R›æ¦F­Ò·“hkBžUvtÒ)ÉQ©ÂèÌyé:ŸÍI6çßÝŽ¹Ó~&m>T¤–½~ûû´ö!!ÔÎI7v›Æ¶ð‚—û¥ÿ_åPñº.f²o+Ê^îªî†<®%•«L]™ÁIt+iÔ‚£òýµ]mK¿V¬®s8KÑ1‡’ý6ì3BÇ“°ÄtpOC ¶ÇMÛ±=y!yi²ÊÞW“úþ¦ŒßìÞjn‚rIáíÅÛ›. D+aH^=AT'K|H1%~|T‚)û?7벦Ӧ«Ö—®
×´<$N½ø®·€Õ Dj' ;kh.X¦'^‘|fÅáŒz°›×.Ç)°5xIõ8¹Ëg¤Ž8Œ‘9ötWçwüÆNg:ÉE¹6B²ŸCß-z¯‰[xÅ/^@Åñd?;±¨&ÒYî„c×_­ù2SL.•ÐuÜ3§0›k§€Šˆ!G¸Îƒ%+¾»õ—¨ƒtšmLtn‚dÆñLçwBÍÏB»IdÍV¹Ÿ _a,ž¿”9ß²ÿøl7i°mš­²¬W×]gjâ¯tD¶Í ©¶‰LëOî–q²È(Mw´Z:w+K79omï¥óÅ·9ºáÅU×sNꥯ•ïà,,Êâ Ñ{´?™G×—R-»Vé,~ Í«„ƒF¨Ë+I-ØÊ­fpZö“†J΂¦¨à‹QTÛöuçMûY4&-U ÇuÈ8ZNón… /rqEŽï|ètÖX‰E1ótt€bêçZvÚXiÈÁ,ȈFp7î¸ü-VýÎAà†ïk¦¶Át\¢·ÒÛóìtY>ÚýÃf–ëX}µˆÀ¾AªèÎ}Œí¶´HTXø J£eÐ-[ª/½™{$¶’¾Y.‹v•»×W°ï°3®©OW³¾Ÿ”~AX©IõŽWT5»ch§âAܬÇTq"ª  ‘om-)Ä¿7²Ê@uÆŒU<ûHi/¬¦iY
ôcß^k_.[Na”ZJ=ëQKݶ#’ªoÖ´hÕ¸ÂDê5…J¨o©áéÓ…¬<¦ä)C%P¼£jªŒã3OˆžfKÜè¢v{»R»k-ŠUè
Ë©ßC{ªŸ€·ôãÔ¹â*L°•éÁûpÐWr¸dÌ1£_²ÁðÁ½–¨õ¹]Ý®;dú»CÏFHõ0üOlè‹t¥ ߊ`­ëŠá¥†¬ËðÀè#'ÑLã’z:& Â
³Äd„ºý‘l­É´\~ýÚäKå˜ìclh=+¹XBVmŽî=㈠.Üví”Aöº‘ «~ú´ùóĤȃ4™$ÈùÔ­‰©ºãئ¸aTç›|™®§cæjXy’HVÐVýð;2“|%ºjÎ4Þ&ïK©çN1Cè'ûÿɵOˆ)¿’ýO0
ßey÷3E¿Ë¼GµåþJhœRåøßÃVVݨ÷ŸÜÃ&‡XEÒk/žÌ¥¶¼}È(.pXz´bž„ÒäÝK3ÚB¥,f!ÔÝ¿Þd®2±UR/‘Œ+“š½ÐèJr¹Ÿ{¥›ûyà•£r!¹¤(½d8ûŸÈù£­A%DxA
¤-z{ç|í¿%7³åø=Ò“t¥è,Уé”Fäãl1ÒxÎ5 rA •Šµ[Þ!Bÿ$Åi#WÑaM±âû4âÿ—ÒyÐ'„ìq¦áÃ'F_=5öò¶<§TÝ(S´Œ,ðÇó˜!„õ%Ì߆¶
!±;GCè±ì½>€b”nwØ8yýC<ZrÊÝ!-Šò^ð·Ýv²\Š"åÝr‚7ù¯ûw€€i?ÉY|SóL¡}Â.bù°bš§—òå•ó‘ég,‚–Üì÷ùb#µ×ÃÒü)ÀEŒrŽ>CÒŽOïç#‰£veÉŠ#n»”‘z+ããCtGŠ¬—÷{½æ­u7=½­}Ð&W¦À'ì¯X!t'LÜ´>×~þeÌÏÚLë
Ô876š¼þCŸäÎê”fQð¿øÂxÇV'Hòc—RLá¤Ðßug1O«2.|дûjšêÜÞ_Õ&çÈáK¶ñ.0äýiµÒF¥¹dæØÝT¬%b(ËœºZÏCUBRI®(¯±ßÞ4c)C–© ­çÇCw†'|ý¾ª5Iÿ7·"l•ÞS0ÜÓ]¦É|à–>uK;¥Žü©5Þœÿ¥¯Äûâঠk"㪞’w«Ê#
¤>ž•418s÷×N¾mˆÞµwV^ïh´Öì‡u4˨Cé{»Œ#¶«bŽ9,—ioD8tQÃïñ‚ò67kP^9ÿÄ(ÈH&{)ŸµäÃå*"É[÷t""åf #÷](Ÿ37²ƒwnÆL ÎQ»$j€0ý/ƒ´¹±ÑÚŸ2JRâ‡5>¡Ïîá’^R“u°MâÞ¯óþË_ª2žš:.z~cñ½Þón,%Œ{«Y¸¶•0G†=Ÿ%]•3Ýi.¥~vȮΠ­UÇ ÒY“¤X¸ckWNÁ{l “D^+̽Aó@‘•ßî¨ûjXúvšMûŠ8|©ó1%ûø×ýJ?0á…YËâ€_I‰®¨›“JÎàWI_BõèéÑÌ5ïrÎŒŠE+Ü6Òó ±\,,÷ºðÿ§¦ƒo²™³o_À\Ï¢«û#Ïï}">q1¹¬YBƒb©3&dëuÁòýžœ>(×McïaP(Í›‡ƒà^J«¬yy›
‡ä’Ó[email protected]•¡9Ôº(¸ü§Ç¶íž¶·IüªeýD´w±<8jjÚ&ÖËaѲhäTw¡«$D¯'èJJÃÖ‰´ï1^](i(p*ÿ¡AiU|ÅQœqúg*ÈÖÐê¤_{a¡ö°ùÙ[email protected]†]6hG#4øÇ€{ÔºêŒ@/kˆ¼û°
ºùG›’pÚÓ%ä«CÁ8m2XhX’×.+$Lð4ÿäw*@‹ìÜ‚%^‚º­8'œ:.ˆ¸úÁþŽ(nÖW¬2ÍŸnòƒÆû1Ä` pVÉxt¼Òd¿¯;ED&§Ü+¬{OÞí!âm‡înëʆ©ÌŒ:š a›Gâ•‚„‡+¥vQ©7êŠè{»7)5%Öh3b¦­üܨgѧõiæªÉýx)ø5ã<ékD/¹)|¹àÔ`kÅéÿ3©uðZ6Îô*|º«©8¤Îg‰;eÄ;'ç
BçF–>‰'°®0wèP{å3"Œéd^/½Ñ{4äëd­.Ë üœÈí"$p&ìRø¦Nêð%û]œCã\Ò#©$0zwÜý9ÂË2ÓÚ&Ím¼"½?«0æƒáœc¥²/MDp±Xì lUG‘ –5k>P˜Û—¢W×,ñ?/Ï öé:ï C+1gîˆçdcº÷?'
ÿ¼½GlAòjeߤØo™5` ´ªJe³L:%>þºìéçÒI‡T/TȾœ­üQ**ýðuB2±ˆ
ðvü
–ÇÐN1„µV¯ en‚ºÉ<ôé1j0ÒÞîo‹ëÅ<¡ßÛaÝ.·z·/ufxå‹]óçqÂ,J0æWÀÉYr¶9÷/#ÿþïÃq„0þ#i¿:CáqL[Ìrë->êÀ;¡Eüô,/#éO|þ¸gÏ-Vñ
:@Êù•¼\Üþà€5—ÕÙÕ‰W3Å3ì‘Dô%ÊÈÅ¿hå5ã¤Ô]a׌ƒ'&ñ~Jþ²~xbÙJ£'¬[|ó¯õ+™PEƒÉîïþQf[ÿÅ… ø±®öõØ>Ä„ÓÏÿ`!C%ŠµîèÈ šÒšBÓÝ•R›Ö ™ÎÍÇÁ„C
þîòfA…Ÿ§J¿¬Ë»ÎK\Á‹`™P†“#ÔWÅùS¥5›öšY¬ß`È<;) f³©š{|D{©ÍwŒÞhàªy&€ÝJHexbGh›,äŠÁHô_öV[Øý¸V­"´zÂHzfGËÿ{oFF­‡‘+iDÚ“&˜c,«*L<2ÄÜ%þË<º&4·Ò([ ÏêŽbŽ.^æovŸÔZ\ͽÙûHPxaòáP?këᥫ4
~ºæN#ÎîÍ0úQ]RµQ¼‰sxL’œIãW „š`çvPÄùDļ0øغŠ8–lÕØQˆÍÇZA±˜,Þ4™Ð‰JÕž¾û~®"¹*¦ø¸ÔþpÜÛ–",ZÖu+-kBw×(æä‰ñJ¿OäÚ‚
ûf§:¾šd*4_„€d¦[email protected]^ˆa
òD˜DÇÙå?éõüËkMËø³3{xíÉQ®or[ì…ƒ°,Ù&u·ÚG4ð¦<‡-¾½ôúCUçÒ¬•+ ´£8“Ì?Û_Sz}FŽŠê€5øC‰K›$MŽL¸ªÀ7M¨yÝßbCã]!zâ´HJ2P'@µ("âß «Á˜o2'ƬîV f9ŸøxîŠÍ3îžý£ßë«®¹7œYiI­ ‘©ÃŠcÃœç¨fldu˜ð·•È”×iL¬Â“Ö!ëÚ@ÙÇÖ1rGB׆rp»pD»±ÙÂo9gë[ªf¤gL™Ïá]brÉÚ¨]_F†ø}ÓÅŸf{Í¡s¢dØ}Éu>%kXùk!öI_³ÁêÀÕµ Ÿñ.¬º ²vN»µ4mJﺑCÚ?hS¦€evW{´ý™ýðq×ÈG-ûmYÙÐgU+•|cO«Œ•ŒBCǯ‡h(5H³«y(% êMD=õŠ¥z0¼€J6HçW…(kñg¥Ió—‰)/€ùí,€Ÿ¨Ð‚uc®õ ³ÀøhYhxCÄžr1UtXÆ^xßѲìEc:ÃæPÛ'}uÖÄŸŸ˜Jv›³£‡Dñ]?¼©ò'’ 3<M”Sgà1GÆw,9À4ì!·Ç^ÛÉ…~0TdÍ“5Ðû2³åƒq„—Æ+$YRöÌrC??j·ª“Ľc—ŠÕ8ùÊS[?)Óˆà7¹mæÙ}ž®ÍˆXì­mmÂø%‹0€Ù<,X°E%[5ºc‘çn¬‘•Í2ÙÐL8a€-Œcå”$ô^|=Ä­Ó)þ'Üy™.kCT©:~¾G X‹Í‘;6c¬š:÷*Ú Î³<ÜôågqGò™ÅwŠ—ë<{¢Apm½>í˜*«£BÕ>~~£­TáÑGØóœ4ó-ô»u]ùú`ÿÂ*¾È7qäÉŠ<ažûd ]yu F¸¬ð ä¯ã¨°Ë›.Ù²‰¾­ð^!Šæ*[VËZ9}%EBHîæ×½Éqœ&z\¤Ê¬u5šjÇpöb/“Ù[g§ižñÔå³fåm§TÖrˆå%àµàðáïÏÈ!8ƶèo”ô2꧳‰4,¾•B6Fnû/ÄZÍÿ•«^R…„Å–p•”#
wûÃv“ù¼ëISM±¡ÊÇ]“ÖÏ!7ÖÕ ­äcŽ3Z}<¸ÿˆñ‡é*mN™Ù¡îNô¯'N
Z¬‘ï$Å?1pM<µû¾NÀÀq˾\ Þ?ðéOé
ˆš³¿+bØ)M¶Ó2d °~¡-ŒFÝ0´ŠÎÒ(÷ONŠÕü|ÎÚõÖÒo_äË|ÍqÜ‹òPs´è93}"ÿÕÄrµ4‹c÷’p¨å³s¿Èc¤ß
Æ_E±Ÿ\
G85ÐÔöëKþ–’‰fÅHiøqÂÏÝé
Å„õE:pØ/¼‚)fQó1™ÆÃÂ(e{z·Müª$ïŒ(ìзº†²¿õ÷±ú{„%Çøð¥8ê$päRyor¨Âæο¥=:–à 2 ,Ô0ùÓËÖæËìùWÞ‰Š­Z¥ŠîŽ¦/Í}÷^ ò2“¼HšuÜ·vµÝv­è;¤[ ×ë:Á4ÛKÒÿJÒß2U9 ›LÏž ŒPç:~Žª°Ñ •ø`"zž ùbT#$s®Åsû:7®£ÌØ`Èx f¯CÌD1»2æ"çèò$ð=`Kû[½Èë¶Y˜Ì„?Ÿ–YI_%Ž0‹¿˜Tê!
tEÅ$ìÉÔýÀÖôV†(ÇÄYÛ
©,ºÒmoC)‰$ÍÎÍÄ©XçP*Wî3)QA¯æ’™ )þù/û=HÇñØDª^ÿfl·m®¥ùW0ûÛž1ÒÃóE*6ãò€Þsþ¿IB²?«„€ƒ†YB ÷M'|çú†ì’6t¬ 3Ñ8MU\ÇW,7óì°'©scÄ…v¢D/Ô’zJý^9ÙŒ½y‚èšÂO^záŸeÒ½˜e…ï¥ïá¸øLr°³Úþ¢Ü¿s"­/nv]1wµùâP}õÜ‚pô¦ªn„ӌ؄…ñÎñžpGøZ§Xþ—éˆø­ç_¬@ch†nE¡ª¶Š‡-Œ
ì^õnaÍÏŒÇJÁ"Û¹&ÞÔkÆX¥à¡qÊ€Gõ»ZžP3_î7;¸‰¹0y åv€ÍcJIÿú¡zŽ?Ð9„î©úiHfè¼È”ŠZþÓþ˜?e04h‚߃ù.—í…enâpç«U)æµ¢£G›ôµvãÕ¶iÒöš;Ä“[ù Û¥´s–Áž9ô*gOlˆ-ô#GÄ­ZòߧÛÊ9P)ãNdZ\¸oÓè~¾“¯šò'])4Õ¡¿ÓVö›ÔØQ®ð;8^†©H_‰åêk8L­Á~Éözq‚¤Žë™cw` Ï_v¬¨µ;]²@NË3¡ƒ¤wÍjNàgƒ€Ž]‡ß¹ýïë&`lŽ#ÉÝ âïï:Ë|¦õ|¤”äÌh…­*&¸s—*ïxæ—%I€ó|¼»œi°2À
žè¯€[email protected]†– Ôå²3ïj‰ õ•1aÚ¹ÞƒÙþÏù
½bßÓóöˆÈ½¦ÆR{ÅõØ[åªò›H©@áøq$Å•¶ÑîsÐLE‘Å©©˜’²djç‹
E!ã#ZÐ:…×Lœ3e ¢ª[
2–°î ‹o4µ+ݺѾÉ9b•(¯Tš€°IŠÃ;Gï~
aìKÉâ6°¨k•ˆ¹‘¯½ô÷‘µÄ–¿åØÈ¡·ýàöV”8ÿw¯y9žövQ䘯ufUPY³§}>¨¬Ò!‹!–ø%:bÝ¢`ŽY}âÁÄÔ×(àùî±¢•Ž4„ ArššP,$#zó¡q‰ñN=€^›Ñ ¾„añ—›6¥ô­”ãôÚEVÈû7f*,Õ|-þÍj÷åPáæA•
«5¸÷“ÝT(ç Û¼{+yBEƒOlΪÙáÙ<๮¹ùqŸëüà
ÆÇh°´e$u˜WtbœäÈÕ[åêWD6¡Ál|Õ—Õ‘\ ù­Ë$*=³d_e7ÐK/˜G[ˆ7
þ¤ªxq£Â>C½…?€kpÅ2­%£õ&ú]=jSà¯ÓR&ѬºÃ„‹æV©(–¥Ä`þ‹U7Í-·R¨Ûc$NzSN8ìßâ òÈgSá¢Ò¾zøË8Ô bŒNñ4‹šcú›šÇœW³êˆ{.óHì™ v‚¦‚ïX(O]ƒötÏ6º9Vr0½á‡’>úÄYN‘ü‚m"ÿcu…gâñߨi¤^îJ¢eLJ¿¥nQœÇ30"Âçl^ž z¬¥0g'QÉðXØ5ìym³#e¹XÀÓ@½Pò°RËlñ*‰Ú00%]ÓÑ$š–akvë¿ÎùAÀN‡ÑQ‰¾Bcª?ý ÄF¼1惹ö3sbŸp–?í)F¼n¯.h{”Z™3çE>TKàÎ+ˆ|%šIò/ªõf_¨g0üBµ{1!†à~X¹±ð@\ÈÐëìb{Ãhâ#ÀÀÂ÷ŽÈ[ˆ ·£´ö#ÂòC§Ÿ,íЊô±6=‹†žá9ÇOè^ïŒm¬±ô=аwCáe_`§v4i ß≔tOÃÓ‚´£s¾Âôîsë|
========= End of CMD: =========
 
C:\Users\Evan\AppData\Local\dxmtbtov.log => moved successfully
C:\Users\Evan\AppData\Local\fqgqnssy.log => moved successfully
C:\Users\Evan\AppData\Local\gtlhvkjj.log => moved successfully
C:\Users\Evan\AppData\Local\rraftxqi.log => moved successfully
C:\Users\Evan\AppData\Local\vrwgfbko.log => moved successfully
C:\Users\Evan\AppData\Local\wibtbxol.log => moved successfully
C:\Users\Evan\AppData\Local\xfqjyfrc.log => moved successfully
C:\Users\Evan\AppData\Local\Temp\jansi-32-5951740665947102899.dll => moved successfully
C:\Users\Evan\AppData\Local\Temp\jansi-64-1380607797332911364.dll => moved successfully
C:\Users\Evan\AppData\Local\Temp\jansi-64-3152145344091471539.dll => moved successfully
C:\Users\Evan\AppData\Local\Temp\jansi-64-4146885892808842387.dll => moved successfully
C:\Users\Evan\AppData\Local\Temp\jansi-64-5643878827776892051.dll => moved successfully
C:\Users\Evan\AppData\Local\Temp\lngirfyq.exe => moved successfully
C:\Users\Evan\AppData\Local\Temp\setup.dll => moved successfully
C:\Users\Evan\AppData\Local\Temp\swnwecbe.exe => moved successfully
"C:\Users\Evan\AppData\Local\Temp\taqvmqha.exe" => not found
C:\Users\Evan\AppData\Local\Temp\Uninstall.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B85B22DC-C87F-4AD2-BC01-AF2864F4B2C8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B85B22DC-C87F-4AD2-BC01-AF2864F4B2C8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job => moved successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Classes\regfile => removed successfully
"C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk" => not found
"HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\hide.me VPN.lnk" => removed successfully
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10042018165645322\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk" => Error: No automatic fix found for this entry.
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Intel-SST-CFD-HDA/IntelSST. The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:30:38 ====
Frst.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.10.2018
Ran by Evan (administrator) on LAPTOP-9VM6RJT (07-10-2018 14:11:01)
Running from C:\Users\Evan\Downloads
Loaded Profiles: Evan (Available Profiles: Evan)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Blitz Esports) C:\Program Files\Blitz\Blitz.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blitz Esports) C:\Program Files\Blitz\Blitz.exe
() C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\blitz_helper.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.118.2.33\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.118.2.33\OverwolfHelper64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.118.2.33\OverwolfBrowser.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.118.2.33\OverwolfBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.118.2.33\OverwolfBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Users\Evan\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [LeagueDisplays] => C:\Riot Games\LeagueDisplays\assistant\LeagueDisplaysAssistant.exe [406016 2018-01-31] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [MurGee.com Auto Keyboard] => C:\ProgramData\Auto Keyboard\AutoKeyboard.exe [83440 2015-03-27] (MurGee.com)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Steam] => C:\Program Files (x86)\RealRealSteam\steam.exe [3207968 2018-09-08] (Valve Corporation)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [665216 2018-03-01] ()
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1504584 2018-09-18] (Overwolf Ltd.)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Run: [com.blitz.app] => C:\Program Files\Blitz\Blitz.exe [67603384 2018-07-03] (Blitz Esports)
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\launcher.scr [2417936 2018-01-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-03-23]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico ()
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2018-09-01]
ShortcutTarget: Twitch.lnk -> C:\Users\Evan\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb67c16-5ee4-42e1-937c-1c5246fc58f6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{42efc9c9-0843-433b-95da-54a36e0e3bde}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6019da40-3b6e-43e8-b0a6-f1c7f8013900}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{645a08f7-d26d-11e7-b9df-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9d106ced-10c2-4ac3-a956-faab85e48f62}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a59731b4-a3e0-412d-be16-275f506bbeac}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ab90e9d2-f3f7-4690-970c-1dc6b67546a3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da96d4e7-83a6-4cbc-8dd8-f721e0a20217}: [DhcpNameServer] 172.18.13.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = 
SearchScopes: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001 -> {B9628EA4-831C-4CA0-AC93-1E57CA26985D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-27] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-01-25] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: o33qc0vs.default
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\o33qc0vs.default [2018-10-06]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-01] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-29] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
 
Chrome: 
=======
CHR HomePage: Default -> homepage.ssoextension.com
CHR DefaultSearchURL: Default -> hxxp://search.ssoextension.com/s?q={searchTerms}
CHR DefaultSearchKeyword: Default -> ssoextension.com
CHR DefaultSuggestURL: Default -> hxxp://suggest.ssoextension.com/suggest?q={searchTerms}
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default [2018-10-07]
CHR Extension: (Slides) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-05]
CHR Extension: (YouTube) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-05]
CHR Extension: (Video Downloader professional) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-12]
CHR Extension: (Google Play Music) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-27]
CHR Extension: (Sheets) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (AdBlock) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-09-20]
CHR Extension: (Drumpfinator) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2017-09-25]
CHR Extension: (Violentmonkey) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinjaccalgkegednnccohejagnlnfdag [2018-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-02] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-13] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2018-05-02] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-10-04] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
S2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [136352 2018-04-09] (eVenture Limited)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-05-23] (HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268928 2017-12-20] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-03-01] (The OpenVPN Project)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2308424 2018-09-18] (Overwolf LTD)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [900840 2017-08-14] ()
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2018-09-12] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2018-09-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-02] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758720 2017-12-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-21] (Bluestack System Inc. )
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-10-04] (Intel Corporation)
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-10-04] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-10-04] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-02] ()
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [46040 2017-08-24] (The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-25] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-07 14:10 - 2018-10-07 14:10 - 002414592 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe
2018-10-06 21:42 - 2018-10-06 21:42 - 000605424 _____ (Reimage) C:\Users\Evan\Downloads\ReimageRepair.exe
2018-10-06 21:42 - 2018-10-06 21:42 - 000000099 _____ C:\WINDOWS\Reimage.ini
2018-10-06 20:32 - 2018-10-06 20:32 - 000000000 ___HD C:\ProgramData\temp
2018-10-06 20:28 - 2018-10-06 20:30 - 000088497 _____ C:\Users\Evan\Downloads\Fixlog.txt
2018-10-06 20:28 - 2018-10-06 20:28 - 000000000 ____D C:\Users\Evan\Downloads\FRST-OlderVersion
2018-10-05 14:21 - 2018-10-05 14:21 - 000000000 ____H C:\Users\Evan\BIT5548.tmp
2018-10-04 23:25 - 2018-10-04 23:25 - 000000000 ____D C:\Users\Evan\AppData\Local\HearthSim
2018-10-04 17:18 - 2018-10-04 17:28 - 000086646 _____ C:\Users\Evan\Downloads\Addition.txt
2018-10-04 16:03 - 2018-10-04 16:03 - 000000095 _____ C:\WINDOWS\wininit.ini
2018-10-04 15:59 - 2018-10-04 17:01 - 000000000 ____D C:\Users\Evan\Downloads\VST Plugins Pack Ultimate Collection
2018-10-04 15:23 - 2018-10-04 15:23 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-04 15:23 - 2018-10-04 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-04 01:19 - 2018-10-04 02:06 - 000000000 ____D C:\Users\Evan\Downloads\Nexus Content
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\Program Files (x86)\Uninstall Nexus
2018-10-04 01:15 - 2018-10-04 01:15 - 000000000 ____D C:\Program Files (x86)\Manual
2018-10-04 01:15 - 2009-10-24 21:15 - 001332224 _____ (AD © 2009) C:\WINDOWS\SysWOW64\SYNSOEMU.DLL
2018-10-04 00:50 - 2018-10-04 01:05 - 000000000 ____D C:\Users\Evan\Downloads\ReFX Nexus v2.2 VSTi RTAS DVDR - AiRISO [deepstatus]
2018-10-03 09:26 - 2018-10-03 09:26 - 000098234 _____ C:\WINDOWS\uninstaller.dat
2018-10-01 16:06 - 2018-10-01 16:06 - 000000000 ____D C:\Users\Evan\Downloads\Farming.Simulator.17.v1.2.0.0
2018-10-01 15:43 - 2018-10-01 15:59 - 159114917 _____ C:\Users\Evan\Downloads\Farming.Simulator.17.v1.2.0.0.zip
2018-09-30 16:40 - 2018-10-07 02:15 - 000000000 ____D C:\Users\Evan\Documents\Euro Truck Simulator 2
2018-09-30 16:34 - 2018-09-30 16:34 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 - Krone Trailer Pack
2018-09-30 16:14 - 2018-09-18 10:07 - 000000000 ____D C:\Users\Evan\Downloads\Euro.Truck.Simulator.2.Krone.Trailer.Pack
2018-09-30 15:46 - 2018-09-30 16:13 - 907066883 _____ C:\Users\Evan\Downloads\Euro.Truck.Simulator.2.Krone.Trailer.Pack.rar
2018-09-30 13:48 - 2018-09-30 13:48 - 000000982 _____ C:\Users\Public\Desktop\League of Legends.lnk
2018-09-29 23:02 - 2018-09-29 23:02 - 000002045 _____ C:\Users\Evan\Downloads\animelist_1538276537_-_7406724.xml.gz
2018-09-29 22:59 - 2018-09-29 22:59 - 000004729 _____ C:\Users\Evan\Downloads\animelist_1538276397_-_6752577.xml.gz
2018-09-29 00:59 - 2018-09-29 00:59 - 000789048 _____ (Roblox Corporation) C:\Users\Evan\Downloads\RobloxPlayerLauncher (3).exe
2018-09-28 21:03 - 2018-09-06 17:12 - 000000000 ____D C:\Users\Evan\Downloads\Europa.Universalis.IV.Dharma
2018-09-28 20:37 - 2018-09-28 20:48 - 2706411504 _____ C:\Users\Evan\Downloads\Europa.Universalis.IV.Dharma.rar
2018-09-27 19:17 - 2018-09-27 19:19 - 000000000 ____D C:\Users\Evan\AppData\Roaming\.technic
2018-09-27 19:17 - 2018-09-27 19:17 - 004734928 _____ () C:\Users\Evan\Downloads\TechnicLauncher.exe
2018-09-27 17:22 - 2018-10-04 16:55 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2018-09-27 17:22 - 2018-09-27 17:22 - 000000000 _____ C:\Users\Evan\AppData\Roaming\FC29FA0894FE.ini
2018-09-27 15:33 - 2018-09-27 15:33 - 000576894 _____ C:\Users\Evan\Downloads\download.html
2018-09-26 19:24 - 2018-09-26 19:24 - 000000000 ____D C:\Users\Evan\AppData\Roaming\SEMC
2018-09-26 19:21 - 2018-09-26 19:21 - 000001311 _____ C:\Users\Public\Desktop\Vainglory.lnk
2018-09-26 19:21 - 2018-09-26 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vainglory
2018-09-26 19:02 - 2018-09-26 19:02 - 000000000 ____D C:\Program Files (x86)\Super Evil Megacorp
2018-09-26 18:57 - 2018-09-26 19:00 - 1287846320 _____ (Super Evil Megacorp) C:\Users\Evan\Downloads\VainglorySetup.83651.exe
2018-09-26 18:31 - 2018-09-26 18:31 - 001507328 _____ (Adobe Systems Incorporated) C:\Users\Evan\Downloads\flash_player.exe
2018-09-26 18:18 - 2018-09-26 18:21 - 943293743 _____ (Super Evil Megacorp) C:\Users\Evan\Downloads\Unconfirmed 781250.crdownload
2018-09-26 17:26 - 2018-09-26 17:47 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Tropico 5
2018-09-26 17:26 - 2018-09-26 17:26 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Kalypso Media
2018-09-26 17:25 - 2018-09-26 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tropico 5
2018-09-26 17:21 - 2018-09-27 17:22 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack
2018-09-26 17:21 - 2018-09-26 17:22 - 000000000 ____D C:\Program Files (x86)\Tropico 5
2018-09-26 17:19 - 2018-09-26 17:19 - 000000860 _____ C:\Users\Evan\Desktop\Cities Skylines Parklife.lnk
2018-09-26 17:19 - 2018-09-26 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines Parklife
2018-09-25 00:34 - 2018-09-25 00:34 - 000000000 ____D C:\Users\Evan\AppData\Local\TekkenGame
2018-09-25 00:32 - 2018-09-25 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-09-25 00:28 - 2018-09-25 00:28 - 000002187 _____ C:\Users\Evan\Desktop\TEKKEN 7.lnk
2018-09-25 00:28 - 2018-09-25 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2018-09-24 23:09 - 2018-09-24 23:09 - 000000000 ____D C:\Program Files (x86)\GMT-MAX.ORG
2018-09-24 15:46 - 2018-09-24 15:46 - 000000000 ____D C:\Users\Evan\AppData\Local\mbam
2018-09-23 16:38 - 2018-09-24 23:08 - 000000000 ____D C:\Users\Evan\Downloads\TEKKEN_7_DDE_RePack_MAXAGENT
2018-09-23 12:14 - 2018-09-23 12:28 - 000000000 ____D C:\Users\Evan\Downloads\Tropico.5.v1.10.Inc.All.DLC.Eng.Repack
2018-09-17 22:07 - 2018-05-24 13:52 - 000000000 ____D C:\Users\Evan\Downloads\Cities.Skylines.Parklife
2018-09-17 21:50 - 2018-09-17 22:05 - 1063004405 _____ C:\Users\Evan\Downloads\Cities.Skylines.Parklife.part1.rar
2018-09-17 21:50 - 2018-09-17 21:51 - 183525939 _____ C:\Users\Evan\Downloads\Cities.Skylines.Parklife.part2.rar
2018-09-17 16:05 - 2018-09-17 16:05 - 000000023 _____ C:\WINDOWS\BlendSettings.ini
2018-09-17 16:01 - 2018-09-17 16:01 - 000005842 _____ C:\Users\Evan\Downloads\DCF_plugin-36125-1-3.zip
2018-09-17 16:01 - 2018-09-17 16:01 - 000000000 ____D C:\Users\Evan\Downloads\DCF_plugin-36125-1-3
2018-09-17 15:53 - 2018-09-17 15:53 - 000001710 _____ C:\Users\Public\Desktop\The Elder Scrolls IV - Oblivion.lnk
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Oblivion
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls IV - Oblivion [GOG.com]
2018-09-17 15:53 - 2018-09-17 15:53 - 000000000 ____D C:\ProgramData\GOG.com
2018-09-17 15:43 - 2018-09-17 15:43 - 000000000 ____D C:\GOG Games
2018-09-16 23:25 - 2018-09-16 23:25 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Squeaky Wheel
2018-09-16 23:23 - 2018-08-30 08:59 - 000000000 ____D C:\Users\Evan\Downloads\Academia.School.Simulator.v0.2.49
2018-09-16 22:58 - 2018-09-16 22:58 - 169310482 _____ C:\Users\Evan\Downloads\Academia.School.Simulator.v0.2.49.rar
2018-09-16 21:10 - 2018-09-16 21:10 - 000000000 ____D C:\ProgramData\Undefined game
2018-09-15 19:19 - 2018-09-15 19:42 - 000000000 ____D C:\Users\Evan\Downloads\The Elder Scrolls IV- Oblivion GOTY - GOG
2018-09-15 14:45 - 2018-09-04 18:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-14 16:11 - 2018-08-30 23:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-14 16:11 - 2018-08-30 23:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-14 16:11 - 2018-08-30 23:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-14 16:10 - 2018-08-30 23:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-14 16:10 - 2018-08-30 23:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-14 16:10 - 2018-08-30 23:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-14 16:10 - 2018-08-30 23:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-14 16:10 - 2018-08-30 23:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-14 16:10 - 2018-08-30 23:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-14 16:10 - 2018-08-30 23:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-14 16:10 - 2018-08-30 23:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-14 16:10 - 2018-08-30 23:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-14 16:10 - 2018-08-30 23:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-14 16:10 - 2018-08-30 23:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-14 16:10 - 2018-08-30 23:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-14 16:10 - 2018-08-30 23:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-14 16:10 - 2018-08-30 23:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-14 16:10 - 2018-08-30 23:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-14 16:10 - 2018-08-28 03:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-14 16:10 - 2018-08-09 05:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-14 16:10 - 2018-08-09 05:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-14 16:10 - 2018-08-09 05:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-14 16:10 - 2018-08-09 05:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-14 16:10 - 2018-08-09 05:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-14 16:10 - 2018-08-09 04:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-14 16:10 - 2018-08-09 01:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-14 16:10 - 2018-08-09 00:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-14 16:10 - 2018-08-09 00:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-14 16:10 - 2018-08-09 00:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-14 16:10 - 2018-08-09 00:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-14 16:10 - 2018-08-09 00:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-14 16:10 - 2018-08-09 00:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-14 16:10 - 2018-08-09 00:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-14 16:09 - 2018-08-31 03:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-14 16:09 - 2018-08-31 03:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-14 16:09 - 2018-08-31 03:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-14 16:09 - 2018-08-31 03:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-14 16:09 - 2018-08-31 03:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-14 16:09 - 2018-08-31 03:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-14 16:09 - 2018-08-31 03:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-14 16:09 - 2018-08-31 03:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-14 16:09 - 2018-08-31 03:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-14 16:09 - 2018-08-31 03:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-14 16:09 - 2018-08-31 03:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-14 16:09 - 2018-08-31 03:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-14 16:09 - 2018-08-31 03:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-14 16:09 - 2018-08-31 02:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-14 16:09 - 2018-08-31 02:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-14 16:09 - 2018-08-31 02:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-14 16:09 - 2018-08-31 02:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-14 16:09 - 2018-08-31 02:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-14 16:09 - 2018-08-31 02:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-14 16:09 - 2018-08-30 23:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-14 16:09 - 2018-08-30 23:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-14 16:09 - 2018-08-30 23:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-14 16:09 - 2018-08-30 23:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-14 16:09 - 2018-08-30 23:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-14 16:09 - 2018-08-30 23:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-14 16:09 - 2018-08-30 23:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-14 16:09 - 2018-08-30 23:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-14 16:09 - 2018-08-30 23:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-14 16:09 - 2018-08-30 23:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-14 16:09 - 2018-08-30 23:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-14 16:09 - 2018-08-30 23:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-14 16:09 - 2018-08-30 23:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-14 16:09 - 2018-08-30 23:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-14 16:09 - 2018-08-30 23:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-14 16:09 - 2018-08-30 23:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-14 16:09 - 2018-08-30 23:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-14 16:09 - 2018-08-30 23:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-14 16:09 - 2018-08-30 23:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-14 16:09 - 2018-08-30 23:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-14 16:09 - 2018-08-30 23:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-14 16:09 - 2018-08-30 23:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-14 16:09 - 2018-08-30 23:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-14 16:09 - 2018-08-30 23:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-14 16:09 - 2018-08-30 23:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-14 16:09 - 2018-08-30 23:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-14 16:09 - 2018-08-30 23:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-14 16:09 - 2018-08-30 23:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-14 16:09 - 2018-08-30 23:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-14 16:09 - 2018-08-30 23:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-14 16:09 - 2018-08-30 23:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-14 16:09 - 2018-08-28 02:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-14 16:09 - 2018-08-28 02:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-14 16:09 - 2018-08-28 02:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-14 16:09 - 2018-08-28 01:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-14 16:09 - 2018-08-13 22:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-14 16:09 - 2018-08-09 05:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-14 16:09 - 2018-08-09 05:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-14 16:09 - 2018-08-09 05:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-14 16:09 - 2018-08-09 05:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-14 16:09 - 2018-08-09 05:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-14 16:09 - 2018-08-09 05:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-14 16:09 - 2018-08-09 05:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-14 16:09 - 2018-08-09 05:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-14 16:09 - 2018-08-09 05:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-14 16:09 - 2018-08-09 05:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-14 16:09 - 2018-08-09 05:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-14 16:09 - 2018-08-09 05:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-14 16:09 - 2018-08-09 05:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-14 16:09 - 2018-08-09 05:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-14 16:09 - 2018-08-09 05:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-14 16:09 - 2018-08-09 05:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-14 16:09 - 2018-08-09 05:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-14 16:09 - 2018-08-09 04:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-14 16:09 - 2018-08-09 04:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-14 16:09 - 2018-08-09 04:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-14 16:09 - 2018-08-09 04:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-14 16:09 - 2018-08-09 04:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-14 16:09 - 2018-08-09 04:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-14 16:09 - 2018-08-09 04:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-14 16:09 - 2018-08-09 04:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-14 16:09 - 2018-08-09 04:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-14 16:09 - 2018-08-09 04:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-14 16:09 - 2018-08-09 04:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-14 16:09 - 2018-08-09 04:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-14 16:09 - 2018-08-09 04:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-14 16:09 - 2018-08-09 01:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-14 16:09 - 2018-08-09 00:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-14 16:09 - 2018-08-09 00:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-14 16:09 - 2018-08-09 00:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-14 16:09 - 2018-08-09 00:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-14 16:09 - 2018-08-09 00:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-14 16:09 - 2018-08-09 00:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-14 16:09 - 2018-08-09 00:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-14 16:09 - 2018-08-09 00:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-14 16:09 - 2018-08-09 00:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-14 16:09 - 2018-08-09 00:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-14 16:09 - 2018-08-09 00:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-14 16:09 - 2018-08-09 00:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-14 16:09 - 2018-08-09 00:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-14 16:09 - 2018-08-09 00:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-14 16:09 - 2018-08-09 00:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-14 16:09 - 2018-08-09 00:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-14 16:09 - 2018-08-09 00:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-14 16:09 - 2018-08-09 00:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-14 16:09 - 2018-08-09 00:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-14 16:09 - 2018-08-09 00:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-14 16:09 - 2018-08-09 00:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-14 16:09 - 2018-08-09 00:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-14 16:09 - 2018-08-09 00:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-14 16:09 - 2018-08-09 00:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-14 16:09 - 2018-08-09 00:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-14 16:09 - 2018-08-09 00:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-14 16:09 - 2018-08-09 00:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-14 16:09 - 2018-08-09 00:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-14 16:09 - 2018-08-09 00:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-14 16:09 - 2018-08-09 00:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-14 16:09 - 2018-08-09 00:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-14 16:09 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-14 16:09 - 2018-08-08 23:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-14 16:08 - 2018-08-31 03:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-14 16:08 - 2018-08-31 02:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-14 16:08 - 2018-08-30 23:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-14 16:08 - 2018-08-30 23:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-14 16:08 - 2018-08-30 23:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-14 16:08 - 2018-08-30 23:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-14 16:08 - 2018-08-30 23:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-14 16:08 - 2018-08-30 23:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-14 16:08 - 2018-08-30 23:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-14 16:08 - 2018-08-30 21:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-14 16:08 - 2018-08-28 02:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-14 16:08 - 2018-08-13 22:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-14 16:08 - 2018-08-09 05:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-14 16:08 - 2018-08-09 05:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-14 16:08 - 2018-08-09 05:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-14 16:08 - 2018-08-09 05:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-14 16:08 - 2018-08-09 05:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-14 16:08 - 2018-08-09 04:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-14 16:08 - 2018-08-09 04:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-14 16:08 - 2018-08-09 04:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-14 16:08 - 2018-08-09 00:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-14 16:08 - 2018-08-09 00:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-14 16:08 - 2018-08-09 00:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-14 16:08 - 2018-08-09 00:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-14 16:08 - 2018-08-09 00:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-14 16:08 - 2018-08-09 00:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-14 16:08 - 2018-08-09 00:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-14 16:08 - 2018-08-09 00:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-14 16:08 - 2018-08-09 00:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-13 00:28 - 2018-09-13 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Vegas 2
2018-09-12 20:28 - 2018-09-12 21:08 - 000000000 ____D C:\Users\Evan\Downloads\Rainbow Six Vegas 2
2018-09-12 20:14 - 2018-09-12 20:14 - 000000000 ____D C:\ProgramData\Ubisoft
2018-09-12 20:13 - 2018-09-12 20:14 - 000107832 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 002337865 _____ C:\WINDOWS\SysWOW64\pbsvc.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 000066872 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-12 19:53 - 2018-09-13 00:16 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-09-12 19:23 - 2018-09-12 19:45 - 000000000 ____D C:\Users\Evan\Downloads\www.alt.bitworld.to...Tom.Clancys.Rainbow.Six.Vegas.2-RELOADED
2018-09-11 23:37 - 2018-09-11 23:37 - 000000000 ____D C:\Users\Evan\Downloads\Native Instruments FM8 v1.4.0 Update-R2R [deepstatus]
2018-09-10 17:59 - 2018-09-10 17:59 - 000379481 _____ C:\Users\Evan\Downloads\watch (1).html
2018-09-10 16:02 - 2018-09-10 16:02 - 000004585 _____ C:\Users\Evan\Downloads\FLRegKey.reg
2018-09-10 16:00 - 2018-10-04 01:29 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-09-10 16:00 - 2018-09-10 16:00 - 000002128 _____ C:\Users\Evan\Desktop\FL Studio 12 (64bit).lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000002112 _____ C:\Users\Evan\Desktop\FL Studio 12.lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000001218 _____ C:\Users\Evan\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files\Common Files\VST2
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2018-09-10 16:00 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\Documents\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-10 15:58 - 2018-09-10 15:58 - 000000000 ____D C:\Program Files\Image-Line
2018-09-10 15:46 - 2018-09-10 16:00 - 000000000 ____D C:\Program Files (x86)\Image-Line
2018-09-10 15:39 - 2018-09-10 15:43 - 000000000 ____D C:\Users\Evan\Downloads\FL STUDIO 12 Producer Edition v12.2 [build3]  32Bit & 64Bit + Crack
2018-09-08 01:20 - 2018-09-20 02:19 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Taiga
2018-09-08 01:20 - 2018-09-08 01:20 - 001203581 _____ (erengy) C:\Users\Evan\Downloads\TaigaSetup.exe
2018-09-08 01:20 - 2018-09-08 01:20 - 000001011 _____ C:\Users\Evan\Desktop\Taiga.lnk
2018-09-08 01:20 - 2018-09-08 01:20 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taiga
2018-09-08 00:01 - 2018-09-27 19:05 - 000000393 _____ C:\Users\Evan\Documents\Multihack4.ini
2018-09-08 00:01 - 2018-09-08 00:01 - 000001129 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multihack.lnk
2018-09-08 00:01 - 2018-09-08 00:01 - 000000000 ____D C:\Users\Evan\Downloads\Multihack v4.0_mpgh.net
2018-09-08 00:00 - 2018-09-08 00:00 - 001322651 _____ C:\Users\Evan\Downloads\Multihack v4.0_mpgh.net.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-07 14:12 - 2018-01-05 13:30 - 000340203 _____ C:\WINDOWS\ZAM.krnl.trace
2018-10-07 14:12 - 2017-12-27 13:31 - 000029857 _____ C:\Users\Evan\Downloads\FRST.txt
2018-10-07 14:12 - 2017-12-25 17:21 - 000292224 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-10-07 14:11 - 2017-12-27 13:31 - 000000000 ____D C:\FRST
2018-10-07 14:09 - 2018-05-17 02:53 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01B21D24-031A-4188-BA33-533CE41FA0CB}
2018-10-07 14:06 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-07 00:22 - 2017-07-28 15:54 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2018-10-07 00:22 - 2017-07-28 15:53 - 000000000 ____D C:\Users\Evan\AppData\Local\Battle.net
2018-10-07 00:19 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-06 21:07 - 2017-09-03 16:04 - 000000000 ____D C:\Program Files (x86)\Arena
2018-10-06 20:55 - 2018-07-04 04:36 - 000000000 ____D C:\ProgramData\Packages
2018-10-06 20:55 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-06 20:55 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-06 20:55 - 2017-11-26 01:56 - 000000000 ____D C:\Users\Evan\AppData\Local\Packages
2018-10-06 20:50 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-06 20:49 - 2018-09-01 17:04 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Twitch
2018-10-06 20:48 - 2017-12-22 12:29 - 000000000 ____D C:\Users\Evan\AppData\Local\ElevatedDiagnostics
2018-10-06 20:40 - 2018-06-19 04:14 - 000000000 ____D C:\Users\Evan\AppData\Local\Overwolf
2018-10-06 20:37 - 2018-07-03 13:17 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Blitz
2018-10-06 20:34 - 2017-07-13 19:51 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
2018-10-06 20:32 - 2018-05-17 02:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-06 20:31 - 2018-05-17 02:25 - 000000000 ____D C:\Users\Evan
2018-10-06 20:31 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-06 20:28 - 2018-04-16 16:30 - 000000000 ____D C:\Program Files (x86)\hide.me VPN
2018-10-06 20:24 - 2018-05-17 02:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-05 20:38 - 2018-05-17 02:53 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-05 16:04 - 2018-04-11 17:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-10-05 15:51 - 2017-10-08 16:19 - 000000000 ____D C:\Program Files (x86)\RealRealSteam
2018-10-05 15:08 - 2018-05-03 00:10 - 000000000 ____D C:\Users\Evan\Downloads\Slay.the.Spire.v28.04.2018
2018-10-05 14:21 - 2018-05-17 02:53 - 000003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEvan
2018-10-05 14:15 - 2018-08-14 01:59 - 000000000 ____D C:\Users\Evan\Downloads\memes
2018-10-05 00:07 - 2018-04-14 00:46 - 000000000 ____D C:\Users\Evan\AppData\Roaming\HearthstoneDeckTracker
2018-10-04 22:19 - 2018-04-14 00:46 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2018-10-04 22:19 - 2018-04-14 00:45 - 000000000 ____D C:\Users\Evan\AppData\Local\HearthstoneDeckTracker
2018-10-04 22:19 - 2017-07-15 11:31 - 000000000 ____D C:\Users\Evan\AppData\Local\SquirrelTemp
2018-10-04 22:08 - 2017-10-17 22:18 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-10-04 17:01 - 2018-06-19 04:15 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-10-04 16:53 - 2018-06-19 18:29 - 000000000 ____D C:\Program Files\Football Manager 2017
2018-10-04 16:24 - 2017-12-26 19:42 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-04 16:07 - 2018-05-17 16:55 - 000000000 ____D C:\Users\Evan\AppData\Local\D3DSCache
2018-10-04 16:06 - 2018-09-01 20:24 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-04 16:00 - 2017-12-24 18:02 - 000000000 ____D C:\Users\Evan\AppData\Local\transmission
2018-10-04 07:44 - 2016-10-21 11:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-01 18:01 - 2017-07-17 19:22 - 000000000 ____D C:\Users\Evan\Documents\My Games
2018-09-30 16:40 - 2018-06-28 15:05 - 000000000 ____D C:\Users\Evan\Documents\SkidRow
2018-09-30 16:31 - 2018-05-02 17:40 - 000000000 ____D C:\Games
2018-09-30 13:48 - 2018-01-09 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-09-27 17:32 - 2017-10-08 11:13 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2018-09-26 21:55 - 2018-02-26 23:25 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-09-25 00:43 - 2017-12-25 17:33 - 000000000 ____D C:\Program Files\Unlocker
2018-09-25 00:34 - 2018-02-02 18:53 - 000000000 ____D C:\Users\Evan\AppData\Local\UnrealEngine
2018-09-25 00:32 - 2018-04-04 17:52 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-09-22 01:59 - 2018-05-17 02:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-22 01:59 - 2018-05-17 02:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-21 15:45 - 2018-05-17 02:53 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2198813628-2402096551-3996786398-1001
2018-09-21 15:45 - 2018-05-17 02:25 - 000002416 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-21 15:45 - 2017-07-13 19:55 - 000000000 ___RD C:\Users\Evan\OneDrive
2018-09-17 16:43 - 2018-05-17 02:53 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-09-17 16:07 - 2018-02-11 23:51 - 000000000 ____D C:\Users\Evan\.grasp_settings
2018-09-17 15:43 - 2017-03-23 00:31 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-09-16 21:23 - 2018-06-12 20:04 - 000000000 ____D C:\Users\Evan\AppData\Roaming\StardewValley
2018-09-15 21:45 - 2018-05-17 02:17 - 000290976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-15 21:41 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-15 21:41 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-15 21:28 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-12 19:53 - 2016-10-21 11:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-09-12 02:16 - 2018-05-17 02:24 - 000931512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-11 22:28 - 2017-12-26 19:42 - 000000000 ____D C:\Program Files\CCleaner
2018-09-11 16:07 - 2017-07-13 19:52 - 000000000 ____D C:\Users\Evan\AppData\Local\Publishers
2018-09-09 17:54 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
 
==================== Files in the root of some directories =======
 
2018-02-10 13:47 - 2018-02-09 13:46 - 000038678 _____ () C:\Users\Evan\AppData\Roaming\dhgfhgferr.png
2018-09-27 17:22 - 2018-09-27 17:22 - 000000000 _____ () C:\Users\Evan\AppData\Roaming\FC29FA0894FE.ini
2018-06-21 17:52 - 2018-06-21 18:03 - 000000084 _____ () C:\Users\Evan\AppData\Local\Autosofted License.txt
 
Some files in TEMP:
====================
2017-10-26 04:07 - 2017-10-26 04:07 - 000488960 _____ () C:\Users\Evan\AppData\Local\Temp\sqlite3.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-17 02:17
 
==================== End of FRST.txt ============================
 
 

  • 0

#4
GloryToPrussia

GloryToPrussia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by Evan (07-10-2018 14:13:27)
Running from C:\Users\Evan\Downloads
Windows 10 Home Version 1803 17134.285 (X64) (2018-05-17 06:55:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2198813628-2402096551-3996786398-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2198813628-2402096551-3996786398-503 - Limited - Disabled)
Evan (S-1-5-21-2198813628-2402096551-3996786398-1001 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-2198813628-2402096551-3996786398-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2198813628-2402096551-3996786398-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Arena 3.5.1 (HKLM-x32\...\Arena 3.5.1_is1) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Auto Keyboard v1.6 (HKLM-x32\...\{71E16EE4-BBED-44A8-8724-9E68D05EE945}_is1) (Version: 1.6 - MurGee.com)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-018150a6-0d9b-4ea1-8a0e-7f26ca8bd492) (Version: 3.0.2.48 - WildTangent) Hidden
Betternet (HKLM-x32\...\Betternet) (Version:  - )
Betternet for Windows 3.11.1 (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF7C205999}) (Version: 3.11.1 - Betternet Technologies Inc.)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.10 - Kakao Games Europe B.V.)
Blitz 0.7.10 (HKLM\...\153f8ce0-b97a-575b-ba12-4ff8b1481894) (Version: 0.7.10 - Blitz Esports)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cities Skylines Parklife (HKLM-x32\...\Cities Skylines Parklife_is1) (Version:  - )
Darkest Dungeon The Color of Madness (HKLM-x32\...\Darkest Dungeon The Color of Madness_is1) (Version:  - )
Divinity Original Sin 2 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version:  - )
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dont Starve Together A New Reign (HKLM-x32\...\Dont Starve Together A New Reign_is1) (Version:  - )
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{FE3CD7B8-14D4-46E9-A206-2C8F2C0E6F1F}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Euro Truck Simulator 2 - Krone Trailer Pack (HKLM\...\SKIDROW - Euro Truck Simulator 2 - Krone Trailer Pack) (Version:  - SKIDROW)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Floris Mod Pack 2.54 (HKLM-x32\...\Floris Mod Pack_is1) (Version:  - )
Football Manager 2017 (HKLM\...\Football Manager 2017_is1) (Version: 1.0 - )
Football, Tactics & Glory (HKLM\...\SKIDROW - Football, Tactics & Glory) (Version:  - SKIDROW)
FreeMouseAutoClicker 3.8.3 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Game Summary (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 118.1.4 - Overwolf app)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HearthArena Companion (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.1 - Overwolf app)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\HearthstoneDeckTracker) (Version: 1.7.8 - HearthSim)
hide.me VPN 1.3.4 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.3.4 - eVenture Limited)
Hotspot Shield 7.4.6 (HKLM-x32\...\{65ed84d7-2bc2-4663-9b41-4681aa85be92}) (Version: 7.4.6.10822 - AnchorFree Inc.)
Hotspot Shield 7.4.6 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C1670D69}) (Version: 7.4.6.10822 - AnchorFree Inc.) Hidden
Hotspot Shield 7.4.6 (HKLM-x32\...\HotspotShield) (Version: 7.4.6 - AnchorFree Inc.) Hidden
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.9.24.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
ibVPN All-In-One (HKLM-x32\...\ibVPN All-In-One) (Version: 2.3.4.1534 - AmplusNet SRL)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Chipset Device Software (HKLM-x32\...\{5f5c7829-a6ba-4fc6-9f47-d068f51ed99b}) (Version: 10.1.1.35 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JCleaner 1.8.4 (HKLM-x32\...\JCleaner 1.8.4) (Version: 1.8.4 - VITSoft)
jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.4_03 - Auburn University)
KCleaner 3.6.0 (HKLM-x32\...\KCleaner 3.6.0) (Version: 3.6.0 - KC-SOFTWARES)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League Displays (HKLM-x32\...\LolScreenSaver) (Version: W1.0.992-beta - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
League Of Memories (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\leagueofmemories) (Version: 0.6.2 - LeagueOfMemories)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-8e53addf-f209-4ed7-94b6-52317cac87d9) (Version: 3.0.2.118 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.1.250.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mystika 2 (HKLM-x32\...\WTA-012ad41f-4cb0-410d-93fe-cce0c10c4ca7) (Version: 1.1.2.4 - WildTangent) Hidden
NextUp-ScanSoft Daniel British Voice (HKLM-x32\...\{BE916006-E144-44CF-B467-F733D0F86200}) (Version: 4.0.0 - NextUp.com)
Niche - a genetics survival game (HKLM\...\bmljaGVhZ2VuZXRpY3NzdXJ2aXZhbGdhbWU_is1) (Version: 1 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
OP.GG (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Overwolf_bhefjlijbpddfjbpokonlhdneiljfghigipgaijd) (Version: 1.5.0 - Overwolf app)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenGL Extensions Viewer 5.1 (HKLM-x32\...\GLVIEW3) (Version: 513 - )
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
OpenVPN 2.4.5-I601  (HKLM\...\OpenVPN) (Version: 2.4.5-I601 - OpenVPN Technologies, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.118.2.33 - Overwolf Ltd.)
Path of Exile (HKLM-x32\...\{189c8173-084a-44d5-908d-c3881009d5aa}) (Version: 3.3.0.34126 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.3.0.34126 - Grinding Gear Games) Hidden
PlayVIG (HKLM-x32\...\{6C7CAF7C-51B1-40C0-BD84-9B7445BFE015}) (Version: 103.03.08.09 - PlayVIG)
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.8.4.0 - OpenVPN Technologies)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Roblox Player for Evan (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Runefall (HKLM-x32\...\WTA-1e75b8cf-14bf-48bc-abc5-1158fa9fd873) (Version: 3.0.2.126 - WildTangent) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Sparkle 2 (HKLM-x32\...\WTA-2d2ef3dd-0b0d-41bf-bbac-6382ff10fe81) (Version: 3.0.2.51 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Taiga (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\Taiga) (Version: 1.3.1 - erengy)
TEKKEN 7 version 1.0 (HKLM-x32\...\TEKKEN 7_is1) (Version: 1.0 - GMT-MAX.ORG)
The Elder Scrolls IV: Oblivion (HKLM-x32\...\1458058109_is1) (Version: 1.2.0416 - GOG.com)
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{7AA77536-7DC2-4831-A0CF-B46C49C2D4DF}_is1) (Version: 1.03 - Ubisoft)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Transmission 2.92 (14714) (x64) (HKLM\...\{E2B281FA-6236-4F0D-B710-ECDB6B60EB5E}) (Version: 2.92.0 - Transmission Project)
Tropico.5.v1.10.Inc.All.DLC.Eng.Repack version 1.10 (HKLM-x32\...\{1FF6E821-EEEC-4CED-BFF3-9DF85FFE7BEB}}_is1) (Version: 1.10 - Ali213.net)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Twitch (HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UnZipper 1.0.0 (HKLM-x32\...\UnZipper) (Version: 1.0.0 - UnZipper)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vainglory 3.7 (HKLM-x32\...\Vainglory) (Version: 3.7 - Super Evil Megacorp)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-05] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers1-x32: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => C:\Program Files (x86)\UnZipper\UnZipper.dll [2015-11-04] (Tightrope Interactive)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4-x32: [UnZipper] -> {73950f91-2061-4ea3-8bd5-49ec4bf08ac2} => C:\Program Files (x86)\UnZipper\UnZipper.dll [2015-11-04] (Tightrope Interactive)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\igfxDTCM.dll [2016-12-06] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-05] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01F2FABB-61AE-4D03-8B76-8029519A9CAF} - System32\Tasks\HPCeeScheduleForEvan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {074E5D21-8C6B-41CD-B1AB-E78E0EAD989E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-04] (Microsoft Corporation)
Task: {0AA62996-B05B-43A2-86DB-AD9A3E13137D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-09-15] (Microsoft Corporation)
Task: {0F606C80-D9C9-433F-8CB8-171223121E9A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {1410DDF2-9122-42F9-9DDB-DB21589670A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-04] (Microsoft Corporation)
Task: {299CD121-4EB8-4955-A531-CB799E364335} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {2F0999DD-65C2-43E8-ADA0-678ED4B1CA5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {35D8B312-D4EC-4537-A73D-06B846316DC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-09-15] (Microsoft)
Task: {44399526-5706-48FE-8E44-522FF3B76027} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-04] (Microsoft Corporation)
Task: {49229FE4-3797-498A-9EA0-7C590D0E1783} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {4EE09D7F-3B5A-4D5F-8E5A-72956D2F2F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
Task: {4FFFB024-1484-4C78-84ED-779162CC0D8A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-09-15] (Microsoft Corporation)
Task: {54FD613E-45C7-4C5A-8110-BF733BC61A84} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {5643D652-D2CD-4C65-8D76-BF05DBAB8C34} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-09-18] (Overwolf LTD)
Task: {5796304F-C61A-4285-8DC9-4722DC4C89D5} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {661008FB-5C24-45C8-88F5-A76DDFE3E276} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN38E1W1BK => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {67D67830-8272-4419-8804-E32B3B96AA61} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-09-15] (Microsoft)
Task: {6C7A5DB7-DD8B-485E-A01A-AD17DA20E28D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {7E78CD9E-FBF1-4FFA-A8F4-7C30BC89AD76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {82B51764-1F96-4E1C-8CE1-AE1E52F6F7D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {8B9FB1E1-D099-4E35-8C4F-0660251DF4F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-26] (Google Inc.)
Task: {8F7F0B37-DAA4-412E-9B02-C54492F78C3B} - System32\Tasks\ibVPN-NewService => C:\Program Files (x86)\ibVPN_2.x\ibVPN.exe [2018-03-21] ()
Task: {9D3298BC-607E-4E5D-9FAA-E56F9C097B87} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-13] (Dropbox, Inc.)
Task: {A16EC950-3D91-4AB2-B206-90A6DE4A43D2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-09-15] (Microsoft Corporation)
Task: {A18229D4-977F-4DF5-9BF8-DDA031842F1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {A646456C-5064-48E6-ADDC-9F0401321172} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN6A83Q5Q9 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {ACD8237C-2838-4D53-9180-738DA7D6324D} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {B1A83A08-D736-4815-AC20-44B6FE79B762} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-04] (Microsoft Corporation)
Task: {B45CB9D2-9F46-48DE-86DF-FABCDA39DBBB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {BD0DD682-4AE9-47CE-BE90-E66E70405D61} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-06-11] (McAfee, Inc.)
Task: {BE889667-6269-4869-A634-A75547BA3B94} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-10-04] (McAfee, Inc.)
Task: {C5BE5C07-4157-41FD-9D5C-901F90C6D19E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {C67205F1-1158-49D0-8BBC-8FEEA8B10803} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-04] (Microsoft Corporation)
Task: {CC6A7E62-F548-4330-8797-C88187583F43} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-24] ()
Task: {D2A5B1D7-BDDB-4B34-8BF9-0A975EEE349C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D4BD32CA-7DA8-43EA-ABF0-BD32389B6A3C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {D528E985-0960-4137-8794-97A2F873D815} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-08] (McAfee, Inc.)
Task: {DABC5DFB-0B49-4609-8176-F8B1584D1D06} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
Task: {DF17BCD0-79CE-48A7-8064-21E479A33566} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {DFE134DE-2BA7-44DA-B819-6A2AAC7468F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-04] (Microsoft Corporation)
Task: {E66D4C7C-D6CE-4A5A-8FF3-5E2DF8DCB1E9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-09-15] (Microsoft Corporation)
Task: {E873358B-6B36-4477-98AE-E21A6BAF0E7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {E97B3EAD-25EE-4CC9-B9B1-FDD0E261235C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {EFA4C9E8-B8CB-4674-9027-76CB418DAEE8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-13] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR\OpenGL Extensions Viewer 5.1\OpenGL Extensions Viewer 5.1 Home Page.lnk -> hxxp://www.realtech-vr.com/glview
Shortcut: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR\OpenGL Extensions Viewer 5.1\realtech VR Home Page.lnk -> hxxp://www.realtech-vr.com
 
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi --disable-quic
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-08-14 17:43 - 2017-08-14 17:43 - 000900840 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2018-09-12 20:13 - 2018-09-12 20:13 - 000066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2018-09-12 20:13 - 2018-09-12 20:14 - 000107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-09-06 16:48 - 2017-09-06 16:48 - 000037248 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2018-06-09 16:27 - 2018-09-01 20:23 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-17 13:58 - 2018-01-05 18:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-07-17 13:58 - 2018-01-05 18:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2018-07-17 10:18 - 2018-07-17 10:18 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 10:18 - 2018-07-17 10:18 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 10:18 - 2018-07-17 10:19 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 10:18 - 2018-07-17 10:18 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-01 04:51 - 2018-03-01 04:51 - 000665216 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2018-07-03 13:16 - 2018-07-03 13:16 - 001955328 ____N () C:\Program Files\Blitz\ffmpeg.dll
2018-09-18 03:20 - 2018-09-18 03:20 - 097136968 _____ () C:\Program Files (x86)\Overwolf\0.118.2.33\libcef.DLL
2018-09-19 22:46 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-19 22:46 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 004883480 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\blitz_helper.exe
2018-09-18 03:20 - 2018-09-18 03:20 - 004457800 _____ () C:\Program Files (x86)\Overwolf\0.118.2.33\libglesv2.dll
2018-09-18 03:20 - 2018-09-18 03:20 - 000099656 _____ () C:\Program Files (x86)\Overwolf\0.118.2.33\libegl.dll
2018-09-18 03:20 - 2018-09-18 03:20 - 000070320 _____ () C:\Program Files (x86)\Overwolf\0.118.2.33\win-h264.dll
2018-09-26 17:09 - 2018-09-26 17:12 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-26 17:09 - 2018-09-26 17:09 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 15:22 - 2017-10-05 15:22 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-26 17:09 - 2018-09-26 17:14 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-04-25 15:26 - 2018-04-25 15:26 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-30 20:20 - 2018-08-30 20:24 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-08-30 20:20 - 2018-08-30 20:32 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-08 11:21 - 2018-08-08 11:22 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-08 11:21 - 2018-08-08 11:22 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-04-05 15:39 - 2018-04-05 15:39 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-26 17:09 - 2018-09-26 17:13 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-30 20:20 - 2018-08-30 20:24 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-26 17:09 - 2018-09-26 17:09 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-30 20:20 - 2018-08-30 20:32 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 18:17 - 2018-07-26 18:17 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-14 16:10 - 2018-08-30 23:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-09-16 23:22 - 2018-09-16 23:22 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\f77a8da0f42a5cf2d452575166262fff\BRIDGECommon.ni.dll
2018-09-27 20:06 - 2018-09-27 20:06 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\7fc2a0b2f826155ac6f65d731b550c13\CleanStartController.ni.dll
2018-09-27 20:06 - 2018-09-27 20:06 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\aa6365bd76179a7e51d4b449eeae9393\BridgeExtension.ni.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000103424 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32api.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000111616 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pywintypes36.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000405504 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pythoncom36.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000011264 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\markupsafe._speedups.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000023040 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\greenlet.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 039731712 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\cv2.cv2.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 001240064 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.core.multiarray.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 027268791 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\libopenblas.UWVN3XTD2LSS7SFIFK6TIQ5GONFDBJKU.gfortran-win32.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000648192 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.core.umath.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000015872 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.linalg.lapack_lite.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000087040 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.linalg._umath_linalg.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000044544 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.fft.fftpack_lite.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000673280 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\numpy.random.mtrand.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 001247232 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\PIL._imaging.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000309248 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\tesserocr._tesserocr.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 002480640 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.google.tesseract.libtesseract-3.5.1.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 001948672 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.danbloomberg.leptonica-1.74.4.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000159232 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.png-1.6.30.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000387584 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.tiff-4.0.8.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000253440 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.jpeg-9.2.0.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000429568 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.webp-0.6.0.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000074752 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.madler.zlib-1.2.11.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000130560 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.xz_utils.lzma-5.2.3.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000160768 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\pvt.cppan.demo.openjpeg.openjp2-2.1.2.dll
2018-07-03 13:16 - 2018-07-03 13:16 - 000173568 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32gui.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 001149952 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32ui.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000041984 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32process.pyd
2018-07-03 13:16 - 2018-07-03 13:16 - 000114176 _____ () C:\Program Files\Blitz\resources\blitz_helper\blitz_helper\win32security.pyd
2017-11-09 01:44 - 2017-11-09 01:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\sharepoint.com -> hxxps://fcps-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2018-09-15 21:38 - 000001055 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   www.mefeedia.com
127.0.0.2                   mefeedia.com
127.0.0.1                   delivery.anchorfree.us/land.php
127.0.0.2                   mefeedia.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "LeagueDisplays"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "MurGee.com Auto Keyboard"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2198813628-2402096551-3996786398-1001\...\StartupApproved\Run: => "VPN Unlimited"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{C3D67EE2-B5DB-4AA8-9F47-CAC4CA945DF3}C:\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\divinity original sin 2\bin\eocapp.exe
FirewallRules: [TCP Query User{F62AF028-31B6-48CC-BF70-1CBD600B97DC}C:\divinity original sin 2\bin\eocapp.exe] => (Allow) C:\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{F82D524B-9ED8-4BE7-B049-7D5EF2693483}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{987DA36D-DF8B-4D61-B74D-98E34A8C05EC}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{43DC4A02-2AC4-48E1-BF43-C3266ADB4468}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Conflict of Nations\Conflict of Nations.exe
FirewallRules: [{48CAE3C5-7A01-4C3C-A6A1-24EE8EAC0A5A}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Conflict of Nations\Conflict of Nations.exe
FirewallRules: [{2B326389-5C31-4210-B586-AF380E97CE8A}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{726DAE7E-26C6-4240-8F37-FAED556CE042}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{7F88CBB1-875A-43DF-8420-46DB96D25007}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{094EE9D0-A3F7-4CA9-9AC5-1F9938926123}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{6FEF23E8-1F8A-4DA8-962E-2B447833ADE1}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Victory and Glory Napoleon\autorun.exe
FirewallRules: [{A46B2873-CEEC-4F22-A9A7-8886901F04C4}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Victory and Glory Napoleon\autorun.exe
FirewallRules: [UDP Query User{B08F4BE0-937E-444D-824E-F4EA1DD2C41F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{5F6F06AD-1275-46FE-9CF9-BC352B3FC4CB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0488B2C4-9012-499B-B029-0AD3CFB75095}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{B574450A-20F3-4BFE-89B2-18CFD4073B78}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{4DED5F90-7C51-4345-8BAF-3F666B20EF66}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{08030685-FB25-4E8D-8324-F39B0CB08EB9}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Duelyst\Duelyst.exe
FirewallRules: [{6B6C99C2-27C8-4DED-AA5A-9E5326929722}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Duelyst\Duelyst.exe
FirewallRules: [{5D284A61-BC75-44AC-AF85-47EF87DFEE10}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{79AE8039-989D-41D8-97F0-E600E806EAD5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{8D073D1B-C5F0-44D4-B6E8-32DDFB46F66A}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{AF0F02E3-1520-4DB8-8048-46391D1D5246}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{472D0456-796A-4218-B40C-808EFF184361}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{D0CE3830-CC41-45B5-8D36-FB6964B1EE76}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4A51C092-B767-431C-AFE5-C7A8E9063DBE}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{96EB9ADA-BB2E-4DCB-A654-D43EEA1E201D}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{2024F237-6695-4275-AF37-C3E912068F1E}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{50BEE865-C87A-4DAE-BBBA-A9A24C63E126}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{EA714BCC-C2D1-4869-8A91-546BA154A276}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{281BA4EF-34BC-44FB-A820-6CA3CCAE8A06}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{39C46536-0CF1-4865-9671-B92F88512213}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [UDP Query User{91090AD0-8030-4E72-9E90-AC2FD553F6CA}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{B7324503-A7AB-46A7-AC92-1B294064F0C2}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{52BA4B14-081F-46ED-9E48-A365D7017A35}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{FA996130-17A0-4F1F-9C55-7BD60825A7F3}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [UDP Query User{DA6F5706-FB8E-4BCA-90F9-38289C50CF14}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{BAF63F8C-E6C1-4020-8111-B44BCF6583B9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F8D6A6A9-8EFD-45C5-8812-B249F10E084E}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{E6378CFB-1205-4ABB-B029-C7AFCB09BE38}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{1243EEB5-8AEA-4CA2-9C8A-AB10A23200E4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{C20BCE66-C32F-4EE7-8238-E1E945B01328}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{CBBB4416-47CE-434C-9777-4A2EB1867A93}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\The Great War\MHTGW.exe
FirewallRules: [{D2F94D59-4ED0-4188-A8C3-A258CBD42AE5}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\The Great War\MHTGW.exe
FirewallRules: [{1E6B5AC3-7FBE-4780-8C6E-5F955ED05F0D}] => (Allow) LPort=13148
FirewallRules: [{47B4E1F8-B243-4911-8D06-BA995B66358D}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{EB9A15AF-434F-4AF7-90EF-431E7AA18CC0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AD88F79B-262B-4CD4-8FAD-DC43615EE0D1}] => (Allow) C:\Program Files (x86)\RealRealSteam\Steam.exe
FirewallRules: [{46799E6F-2054-4A03-8C49-1B2AC6936F1C}] => (Allow) C:\Program Files (x86)\RealRealSteam\Steam.exe
FirewallRules: [{36CEAA1C-3BC8-4F6F-8EA3-02548308ACB4}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B0FEC6AD-A296-48FC-AE18-947B589A425E}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{52BC5E9B-4315-43DB-9343-AAF6817A16F7}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{7D2C2E68-73BE-48BF-9266-754B69D2071F}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9713DD79-AC54-4B5E-97BA-F0A1A34FE6BC}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{F97EB3BE-A6DD-4159-B2FD-93CFEB4B0C44}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{B45C717E-9A46-41ED-8359-F7BDA416A5CD}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D0D66E8A-BA84-4EB0-B0A3-64041A0C164B}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{D88F1A4C-FADD-4FC9-8828-2C847BB729C8}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [{43C37F40-FC44-4C67-8D63-BEB71852B043}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Eternal Card Game\Eternal.exe
FirewallRules: [TCP Query User{94A4AD52-EEF7-43F9-AB33-317E5BF9BECC}C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe] => (Allow) C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe
FirewallRules: [UDP Query User{12DF0914-01DD-4ADD-9B53-ABD81E7812F1}C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe] => (Allow) C:\users\evan\downloads\house.flipper.beta\house flipper - beta\houseflipper.exe
FirewallRules: [TCP Query User{A140B056-2855-4A87-88C5-2D8030EE8701}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [UDP Query User{49A737BA-9AF0-44F7-9B18-505B6000CCBB}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.149\deploy\leagueclient.exe
FirewallRules: [{9319D054-1598-477A-BFF1-CF9F927F8EDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DF5D22EF-0E7E-47F6-B2CD-11911C78A21B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{4FA55EB1-C527-4914-99E9-D034284FEADF}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [UDP Query User{760FC215-D804-4177-A572-E270B596411A}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.150\deploy\leagueclient.exe
FirewallRules: [{582A5252-A262-4AE5-A2AE-CC3CF511F71F}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
FirewallRules: [{2BA570B1-FB64-4EE5-A275-EDA933C7C6E8}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\TotallyAccurateBattlegrounds\TotallyAccurateBattlegrounds.exe
FirewallRules: [{493EAF1E-A218-4312-99C4-DD324D0FE892}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Total Tank Simulator Demo\TotalTankSim.exe
FirewallRules: [{66338E94-769D-4817-BA49-365216C684E0}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\Total Tank Simulator Demo\TotalTankSim.exe
FirewallRules: [TCP Query User{19E52F01-3054-4BE4-9AE3-94B27CECD56B}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [UDP Query User{862BB8AD-8E60-4BE6-9A5B-3B6377E0F56E}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.151\deploy\leagueclient.exe
FirewallRules: [{102A5D9F-E0D6-4699-AD83-12258079A3FD}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5895D2EA-2F3B-4BE2-AC48-60E5932F4069}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A84CEFE-F2EA-44E3-AD82-9A7FE753ECC4}] => (Allow) C:\Users\Evan\Downloads\bin\BlackDesert32.exe
FirewallRules: [{6EF8CC4E-6453-41BE-B54E-B05D10949668}] => (Allow) C:\Users\Evan\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{B7B2B0DE-143B-420D-A2A4-29A70A756790}] => (Allow) C:\Users\Evan\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{4E52EE20-1D9B-4C34-8341-1CF71A24C67B}] => (Allow) C:\Users\Evan\Downloads\BlackDesert_Downloader.exe
FirewallRules: [TCP Query User{AEA2E3F8-A3CD-4015-8A25-EBC8D520442B}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [UDP Query User{97097924-A266-4F4D-8F4A-682AA8289A5F}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.153\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B9691E1E-915E-4F9F-A23B-427BECE1CBAC}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3B6F41FF-BF48-4711-8011-DD096E7F2177}C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [{9BDD265B-C8AC-4E87-99F2-9AE7BA1BCC35}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\BrainOut\bin\javaw.exe
FirewallRules: [{24CA6FE8-6841-4CF3-A07A-663CAE6271C2}] => (Allow) C:\Program Files (x86)\RealRealSteam\steamapps\common\BrainOut\bin\javaw.exe
FirewallRules: [TCP Query User{24ED8502-D53F-4E3D-9EC9-6E8063CAC85B}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [UDP Query User{843BF2F6-4DE3-48EA-8F43-43B289DFBA78}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.154\deploy\leagueclient.exe
FirewallRules: [TCP Query User{C8777703-9D29-4960-941D-044E2C498110}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2251D4E3-DF41-4702-BE6F-CE1FE4C44CF9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [TCP Query User{B1C11A9E-3011-49DC-BC50-BA3148D7D398}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [UDP Query User{63DC5E3A-8D9F-4CC8-B32A-6589E680E182}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe
FirewallRules: [TCP Query User{DDE6811C-F154-42D2-8AB3-B12ECD202EDC}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [UDP Query User{B3D30B5C-E608-4062-A5D8-3BA19D71D15F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.157\deploy\leagueclient.exe
FirewallRules: [TCP Query User{E6CB8968-60FD-4BC5-BAA2-177011A8E0F8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{E5530401-90D9-42BE-ABD7-4AD15BDDA2B6}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [TCP Query User{A47CE09A-96B0-41B2-9988-918E66C58E3A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{24A3CCC9-DB98-4D1D-87CD-5EB2155ABE08}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CD298629-DE8F-45CC-8192-97A639504D4C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [UDP Query User{336AC67B-DEE1-464A-A5A4-DC6A2DB34007}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe
FirewallRules: [{C3042CBC-944B-4DDE-926D-7339A347D68D}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{D2D39677-5B31-4939-8F78-B5E42C0618ED}] => (Allow) C:\Program Files (x86)\RealRealSteam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{E7E2365F-33D9-40BA-9EC3-21ACB6F15DF1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [UDP Query User{2DB367CF-C06D-4155-85F7-6E193C699665}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe
FirewallRules: [TCP Query User{351B9873-EDE5-4767-BBDD-3A41927CED34}C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{2C1F1655-D473-43AD-A3FB-05F9E978E930}C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\install\runtime\jre-x64\1.8.0_51\bin\javaw.exe
FirewallRules: [{A846A506-C18E-409A-8778-AD006374D038}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E834BAB8-D4D2-4C4B-8954-E7EA0905CF20}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{6629FDF5-7F46-433E-A7A5-CF12681C414F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D0825621-4B68-49FD-87AE-C8206F195388}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{87283A47-B2EC-4C0F-A264-429130FEF96B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F324E812-62A5-4399-937C-6B0308E7D8E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0FF531EF-E5FA-45A6-8847-D16D89C67A05}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D56B4A66-A651-40C6-B704-394121C412F4}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{D3B6DE63-601C-49AA-8524-0DBDEB0FF638}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe
FirewallRules: [{8C8EB074-CC7E-43B6-B597-E68110643CE0}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [{199E2909-36FA-4638-92A4-8510B303B5DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe
FirewallRules: [TCP Query User{10AA3358-AC3C-4888-AE52-CBBCB91DCB81}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{87507681-CC6A-46BE-BE73-735531405CA6}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [TCP Query User{C5C5771D-9481-4F9B-9C0A-8BCD00B20E1F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{476A2196-F82F-446F-822D-1FC2343C1585}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{E2ADC2E0-66B8-4050-B16D-1447974B69FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FC1657DC-7CBC-4D12-95B8-A2C10C5458D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B05DA637-FBAF-447C-BAE4-EBABF9AE2CBB}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3F9402C2-2105-44D6-9B0D-E5E3EADC4C9F}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe
FirewallRules: [{C3713F0B-A4FA-4347-BA5B-DDC75B8D40D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DC3A0031-9B97-4B8D-8EC8-75ED1998B40E}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{59415173-CB91-4A18-9822-BB6E7542B751}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [TCP Query User{47E1C834-558D-46CA-B418-C1AD0B6E9085}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [UDP Query User{888D2DEC-8741-4752-8B9C-E8D19A535A5D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe
FirewallRules: [TCP Query User{79D518DE-AFFF-478F-990F-BD61E02117D3}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [UDP Query User{0D5712F1-84F5-475F-B96A-6F9E33B58875}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D9D1EAC9-CB0D-45BC-9CB2-47FA87FBCE5D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
FirewallRules: [UDP Query User{46E592ED-ACAB-4B45-9C6D-3A6F4D26ED7A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2018 02:09:50 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (10/07/2018 02:18:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10125
 
Error: (10/07/2018 02:18:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10125
 
Error: (10/07/2018 02:18:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2018 02:18:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8422
 
Error: (10/07/2018 02:18:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8422
 
Error: (10/07/2018 02:18:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/07/2018 02:18:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6750
 
 
System errors:
=============
Error: (10/07/2018 02:15:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/07/2018 02:15:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (10/07/2018 02:14:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/07/2018 02:14:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (10/07/2018 02:13:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/07/2018 02:13:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (10/07/2018 02:12:22 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-9VM6RJT)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Error: (10/07/2018 02:12:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 8107.91 MB
Available physical RAM: 3398.05 MB
Total Virtual: 11563.91 MB
Available Virtual: 6075.17 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:916.59 GB) (Free:205.07 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.69 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{5398533d-34e3-4e60-a945-be5c265f5bcd}\ () (Fixed) (Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{fb5f6249-4564-4dac-a2e5-d6ccf6075441}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DEFADD61)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Looking better.  I would uninstall Bonjour.  Your version is not good on Win 10.  If you need a new version you usually get it when you install or upgrade itunes.

 

Let's check your system files:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


Run Process Explorer as before and post the log.


  • 0

#6
GloryToPrussia

GloryToPrussia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

It did not find any integrity violations

 

first output log:

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 07/10/2018 10:08:34 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/10/2018 2:07:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 2:05:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 2:03:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 2:01:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:59:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:57:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:55:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:53:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:51:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:49:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:47:50 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:45:49 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:43:49 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:41:49 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:39:49 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:37:49 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B68-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:35:49 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:32:30 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 08/10/2018 1:32:24 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {B52D54BB-4818-4EB9-AA80-F9EACD371DF8} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/10/2018 1:32:24 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/10/2018 1:31:25 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/10/2018 1:28:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/10/2018 1:28:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/10/2018 1:28:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 2 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/10/2018 1:28:24 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/10/2018 1:27:55 AM
Type: Warning Category: 0
Event: 15301 Source: Microsoft-Windows-HttpEvent
SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:13148 .
 
Log: 'System' Date/Time: 08/10/2018 1:27:55 AM
Type: Warning Category: 0
Event: 15300 Source: Microsoft-Windows-HttpEvent
SSL Certificate Settings deleted for endpoint : 0.0.0.0:13148 .
 
Log: 'System' Date/Time: 08/10/2018 1:27:12 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
 
Log: 'System' Date/Time: 08/10/2018 1:26:29 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 08/10/2018 12:07:29 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name fonts.gstatic.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/10/2018 12:05:26 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name r2---sn-ab5l6n67.googlevideo.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 11:15:33 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name eemeddldycl timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 11:15:15 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 7:13:50 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name r1---sn-ab5l6nzk.googlevideo.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 6:45:24 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name r1---sn-ab5sznly.googlevideo.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 6:33:20 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 6:33:17 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 6:33:15 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name i.ytimg.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 6:32:54 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/10/2018 6:32:02 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Second output log:
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 07/10/2018 10:10:00 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2018 10:47:40 PM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis.
 
Log: 'Application' Date/Time: 07/10/2018 6:09:50 PM
Type: Error Category: 0
Event: 0 Source: Office 2016 Licensing Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:19 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:19 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:19 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:17 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:17 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:17 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:15 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:15 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:15 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:14 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:14 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:14 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:12 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:12 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:12 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:10 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:10 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/10/2018 6:18:10 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/10/2018 12:07:25 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 7:45:21 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:46:08 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:33:17 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:33:17 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:33:17 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:33:15 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:33:07 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 6:07:24 PM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:40:20 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:40:20 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:40:15 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:40:15 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:39:52 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:39:45 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:39:43 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:33:48 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:33:48 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:33:46 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Log: 'Application' Date/Time: 07/10/2018 4:33:46 AM
Type: Warning Category: 0
Event: 6 Source: HP Comm Recovery
Received Scan fail
 
Wasn't sure if i was supposed to choose both system and application the second time so I just selected application.

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

You did it correctly. 

 

I don't see any more malware.  Might be worth running the free ESET scan:

 

I think they may have changed it some since my canned instructions but you should be able to figure it out:

 

Use IE and go to https://www.eset.com...online-scanner/

  and click on SCAN NOW under ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

IF you don't use IE it will still work but you must download a program and run it.

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

 

 

 

How is it running?  Any problems?


  • 0

#8
GloryToPrussia

GloryToPrussia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

'Export as text file' file:

C:\AdwCleaner\Quarantine\1xVPfvJcrg\amd64_86.exe MSIL/ExtenBro.CX trojan
C:\AdwCleaner\Quarantine\1xVPfvJcrg\kernel_x86.exe a variant of MSIL/ExtenBro.CS trojan
C:\AdwCleaner\Quarantine\1xVPfvJcrg\kernel_x86.lib.dll a variant of MSIL/ExtenBro.CV trojan
C:\AdwCleaner\Quarantine\3soLBPh71Y\4f88d21ddf07f4d90d9157daa4235db4.exe a variant of Win32/Adware.Zdengo.LA application
C:\AdwCleaner\Quarantine\3soLBPh71Y\b3523f6eb5484dbbbead8d88e7fd9fbd.exe a variant of Win32/Adware.Zdengo.LU application
C:\AdwCleaner\Quarantine\3soLBPh71Y\eb1fceb0b931eca9d1b16cc463df76dd.exe a variant of Win32/Adware.Zdengo.LU application
C:\AdwCleaner\Quarantine\rQF69AzBla\AdService.dll a variant of Win32/Spy.Socelars.F trojan
C:\AdwCleaner\Quarantine\RYwTiizs2t\u.exe a variant of Win32/SquareNet.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Evan\AppData\Local\igfxmtc\igfxmtc.exe.xBAD a variant of Win32/Adware.5Hex.R application
C:\FRST\Quarantine\C\Users\Evan\AppData\Local\serztdm\serztdm.exe.xBAD a variant of Win32/Adware.5Hex.L application
C:\FRST\Quarantine\C\Users\Evan\AppData\Local\serztdm\wiarmxs.exe.xBAD a variant of Win32/Adware.5Hex.Q application
C:\FRST\Quarantine\C\Users\Evan\AppData\Local\Temp\lngirfyq.exe.xBAD a variant of Win32/Kryptik.GLIA trojan
C:\FRST\Quarantine\C\Windows\System32\drivers\cgbeilos.sys.xBAD a variant of Win64/Adware.5Hex.G application
C:\Users\Evan\AppData\Local\Temp\nsd18D8.tmp\qLHicJIGgxx.dll a variant of Win32/Adware.Zdengo.BMO application
C:\Users\Evan\AppData\Local\Temp\nse4FDB.tmp\qLHicJIGgxx.dll a variant of Win32/Adware.Zdengo.BMO application
C:\Users\Evan\AppData\Local\Temp\nsw308B.tmp\qLHicJIGgxx.dll a variant of Win32/Adware.Zdengo.BMO application
C:\Users\Evan\Downloads\FOOTBALL.MANAGER.2017\IGG-FOOTBALL.MANAGER.2017.iso a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\Evan\Downloads\stp-fm2017\stp-fm2017.iso a variant of Win32/Packed.VMProtect.ABD trojan
C:\Windows\Temp\nsy5BD1.tmp\qLHicJIGgxx.dll a variant of Win32/Adware.Zdengo.BMO application
My computer has been running fine, nothing was that weird after the first malwarebytes scan and quarantine, the only problem I had was I couldn't change the volume of any of my applications from the main volume control, I had to do it within the programs. That is fixed now. I don't see a folder call "EsetOnlineScanner" in Program Files or Program Files(x86)

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Probably no longer created.  I need to redo my canned.

 

If everything is working then I think we can clean up:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.

You can run it any time that Chrome/Firefox seems slow starting.

If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.


If you use Facebook you need FB Purity: http://www.fbpurity.com/

To prevent a relatively new phishing attack:  In Firefox, type:

https://www.xn--80ak6aa92e.com/

If the URL changes to https://www.apple.cominstead of the correct value
type:
about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.


 "network.standard-url.punycode-host" Leave this one at default of False.
Close and restart firefox.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP