WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help Request - Trojan:JS/Foretype.A!ml then go.microsoft.com/fwlin

Started by henchard , Nov 22 2018 08:09 AM

Maiware Removal trojan

This topic is locked

10 replies to this topic

#1 henchard

New Member

Authentic Member
5 posts

Posted 22 November 2018 - 08:09 AM

Hi all. I think I need help.

Running Windows 8,1 and use Microsoft Defender which picked up this trojan a few days ago on a full scan

Trojan:JS/Foretype.A!ml

I let Microsoft Defender clean it and it does not show up in subsequent scans.

Then today after rebooting my router (and this replicates if I do it again) a Firefox Browser window opens and tries to connect to a link similar to below

go.microsoft.com/fwlink

I then followed your initial instructions and downloaded aswMBR from the link provided on this site. On running it (Right click administrator) a box came up saying that 'This computer supports visulization technology' 'do I wish to use it' (or something similar).

I selected 'Yes' and the computer immediately froze, not even the on/off button would work and I had to unplug the wall socket. Luckily Windows rebooted OK. I am now reluctant to run it again (or the Farbar Recovery Tool which I was going to do next) to post the logs from both. Having to unplug at the wall was a tad scary!

I would be grateful for any advice as to the best way to proceed.

Thanks in advance

John

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 22 November 2018 - 01:45 PM

don't try to run aswMBR again, it will just crash on next attempt.

It's fine to go ahead and use Farbar Recovery Scan Tool

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 henchard

New Member

Authentic Member
5 posts

Posted 22 November 2018 - 02:18 PM

Many thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by John-PC (administrator) on JOHN (22-11-2018 20:07:32)
Running from C:\Users\Fierce-PC\Desktop\Malware Tools
Loaded Profiles: John-PC (Available Profiles: John-PC & Liz)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Schneider Electric) D:\Programmes_misc\APC\PowerChute\mainserv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpnclient_x64.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Schneider Electric) D:\Programmes_misc\APC\PowerChute\dataserv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpnclient_x64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpncmgr_x64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Schneider Electric) D:\Programmes_misc\APC\PowerChute\apcsystray.exe
(The Qt Company Ltd) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The Document Foundation) D:\Programmes_misc\LibreOffice\program\soffice.exe
(The Document Foundation) D:\Programmes_misc\LibreOffice\program\soffice.bin
(Mozilla Corporation) D:\Programmes_misc\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [CrashPlanTray] => D:\Programmes_misc\Crash_Plan\CrashPlanTray.exe
HKLM\...\Run: [SoftEther VPN Client UI Helper] => D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpnclient_x64.exe [5232072 2016-11-01] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3785536 2018-11-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => D:\Programmes_misc\APC\PowerChute\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Run: [EPSON Stylus Photo R340 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAJA.EXE [211456 2006-12-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Run: [CrashPlanTray] => C:\Users\Fierce-PC\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Run: [Uploader] => D:\Programmes_misc\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\RunOnce: [Uninstall C:\Users\Fierce-PC\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fierce-PC\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2018-03-08]
ShortcutTarget: APC UPS Status.lnk -> D:\Programmes_misc\APC\PowerChute\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk [2016-01-30]
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-04-16]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-04-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2016-11-01]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Fierce-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-08-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{C0799AAA-7C58-46E3-A186-694A0367C634}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-23] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-16] (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-16] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-16] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-16] (LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default [2018-11-22]
FF Homepage: Mozilla\Firefox\Profiles\xu40i5jt.default -> hxxp://www.bbc.co.uk/
FF Extension: (CanvasBlocker) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2018-10-13]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-11-17]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\firefox@ghostery.com.xpi [2018-08-23]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\support@lastpass.com.xpi [2018-11-02]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\tineye@ideeinc.com.xpi [2018-10-05]
FF Extension: (NoScript) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-10-17]
FF Extension: (Data Selfie) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\{87dfccf4-b6eb-4297-948a-ac6fd273cbb5}.xpi [2018-06-03]
FF Extension: (Clippings) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2018-11-06]
FF Extension: (Adblock Plus) - C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-17]
FF ProfilePath: C:\Users\Fierce-PC\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\jd14npj9.default [2016-12-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-16] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-16] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Programmes_misc\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Programmes_misc\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/news/"
CHR Profile: C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default [2018-10-18]
CHR Extension: (Slides) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Docs) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Google Drive) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
CHR Extension: (YouTube) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
CHR Extension: (Adblock Plus) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-10-12]
CHR Extension: (Google Search) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (Sheets) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-26]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-14]
CHR Extension: (Gmail) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Fierce-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-12]

Opera:
=======
OPR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Fierce-PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2018-10-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; D:\Programmes_misc\APC\PowerChute\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; D:\Programmes_misc\APC\PowerChute\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-26] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-11-06] (Dropbox, Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 SEVPNCLIENT; D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpnclient_x64.exe [5232072 2016-11-01] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-22] (Malwarebytes)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2016-11-01] (SoftEther Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2016-11-01] (SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2016-11-01] (SoftEther Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 Spyder2; C:\Windows\system32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-22 20:06 - 2018-11-22 20:07 - 000000000 ____D C:\FRST
2018-11-22 13:09 - 2018-11-22 20:07 - 000000000 ____D C:\Users\Fierce-PC\Desktop\Malware Tools
2018-11-17 20:53 - 2018-11-22 11:09 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-14 13:27 - 2018-10-25 00:54 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 13:27 - 2018-10-25 00:51 - 000121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 13:27 - 2018-10-25 00:46 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 13:27 - 2018-10-25 00:45 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 13:27 - 2018-10-18 02:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 13:27 - 2018-10-18 02:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 13:27 - 2018-10-16 03:46 - 007371720 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 13:27 - 2018-10-16 03:39 - 002171800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-14 13:27 - 2018-10-16 03:39 - 001662504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 13:27 - 2018-10-16 03:39 - 001063368 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-14 13:27 - 2018-10-16 03:18 - 001137472 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 13:27 - 2018-10-16 03:02 - 001563584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-14 13:27 - 2018-10-16 03:02 - 001214920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 13:27 - 2018-10-12 20:35 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 13:27 - 2018-10-12 20:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 13:27 - 2018-10-12 20:25 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 13:27 - 2018-10-12 20:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 13:27 - 2018-10-12 20:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 13:27 - 2018-10-12 20:16 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 13:27 - 2018-10-12 20:16 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 13:27 - 2018-10-12 20:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 13:27 - 2018-10-12 20:00 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-11-14 13:27 - 2018-10-12 19:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 13:27 - 2018-10-12 19:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 13:27 - 2018-10-12 19:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 13:27 - 2018-10-12 19:51 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-11-14 13:27 - 2018-10-12 19:47 - 001049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-11-14 13:27 - 2018-10-12 19:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 13:27 - 2018-10-12 19:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 13:27 - 2018-10-12 19:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 13:27 - 2018-10-12 02:16 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 13:27 - 2018-10-12 02:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 13:27 - 2018-10-12 02:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 13:27 - 2018-10-12 02:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 13:27 - 2018-10-12 02:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 13:27 - 2018-10-12 01:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 13:27 - 2018-10-12 01:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 13:27 - 2018-10-12 01:58 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 13:27 - 2018-10-12 01:58 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 13:27 - 2018-10-12 01:35 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-11-14 13:27 - 2018-10-12 01:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 13:27 - 2018-10-12 01:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 13:27 - 2018-10-12 01:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 13:27 - 2018-10-12 01:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 13:27 - 2018-10-12 01:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 13:27 - 2018-10-12 01:17 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 13:27 - 2018-10-12 01:12 - 002882048 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-11-14 13:27 - 2018-10-12 01:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 13:27 - 2018-10-12 00:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 13:27 - 2018-10-06 18:14 - 001547192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-14 13:27 - 2018-10-06 18:14 - 000388536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-11-14 13:27 - 2018-10-06 18:04 - 001308976 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 13:27 - 2018-10-06 18:03 - 000356288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 13:27 - 2018-10-06 16:48 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 13:27 - 2018-10-06 15:41 - 002465792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 13:27 - 2018-10-06 15:34 - 002175488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 13:27 - 2018-10-06 15:32 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 13:27 - 2018-09-28 13:38 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-14 13:27 - 2018-09-28 13:34 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-14 13:27 - 2018-09-23 16:47 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 13:27 - 2018-09-23 16:45 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 13:27 - 2018-09-23 16:45 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 13:27 - 2018-09-23 16:37 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 13:27 - 2018-09-23 16:24 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 13:27 - 2018-09-23 16:23 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 13:27 - 2018-09-23 16:23 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 13:27 - 2018-09-23 16:20 - 002750464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 13:27 - 2018-09-23 16:17 - 000699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 13:27 - 2018-09-23 16:00 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 13:27 - 2018-09-23 16:00 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 13:27 - 2018-09-23 15:58 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 13:27 - 2018-09-23 15:56 - 002551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 13:27 - 2018-09-23 15:53 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 13:27 - 2018-09-23 15:51 - 001920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 13:27 - 2018-09-23 15:50 - 000709632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 13:27 - 2018-09-12 18:30 - 000137008 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-11-14 13:27 - 2018-09-11 15:30 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-11-14 13:27 - 2018-08-26 03:38 - 001200640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2018-11-14 13:27 - 2018-08-26 03:38 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2018-11-14 13:27 - 2018-08-26 03:21 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2018-11-14 13:27 - 2018-08-26 03:21 - 000200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2018-11-14 13:27 - 2018-08-26 01:45 - 000513448 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 13:27 - 2018-08-26 01:45 - 000513448 _____ C:\Windows\system32\locale.nls
2018-11-14 13:27 - 2018-08-21 13:39 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 13:27 - 2018-08-21 13:35 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 13:27 - 2018-08-19 16:22 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 13:27 - 2018-08-19 15:52 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 13:27 - 2018-08-19 15:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-07 19:04 - 2018-11-07 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-11-06 16:26 - 2018-11-06 16:26 - 001640400 _____ C:\Users\Fierce-PC\Downloads\my_name_is_legion-web.pdf
2018-11-06 13:06 - 2018-11-06 13:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-11-06 13:06 - 2018-11-06 13:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-11-06 13:06 - 2018-11-06 13:06 - 000047768 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-11-06 13:06 - 2018-11-06 13:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-11-04 15:24 - 2018-11-04 15:24 - 000067258 _____ C:\Users\Fierce-PC\Downloads\application-pdf(2)
2018-11-04 15:20 - 2018-11-04 15:21 - 004127092 _____ C:\Users\Fierce-PC\Downloads\BarclifNov152.pdf
2018-11-04 15:10 - 2018-11-04 15:10 - 000045765 _____ C:\Users\Fierce-PC\Downloads\application-pdf(1)
2018-11-04 15:10 - 2018-11-04 15:10 - 000018360 _____ C:\Users\Fierce-PC\Downloads\application-pdf
2018-11-03 09:04 - 2018-11-03 09:04 - 000984212 _____ C:\Users\Fierce-PC\Downloads\Etching.pdf
2018-11-01 13:33 - 2018-11-01 13:33 - 000094655 _____ C:\Users\Fierce-PC\Downloads\TaxHavenCostTRLLP.pdf
2018-10-31 08:12 - 2018-10-31 08:12 - 003047665 _____ C:\Users\Fierce-PC\Downloads\pay-policy-statement-2018-19.pdf
2018-10-26 14:40 - 2018-10-26 14:42 - 000000000 ____D C:\Users\Fierce-PC\Downloads\foto_modelo effect 28
2018-10-24 18:42 - 2018-10-24 18:42 - 000000000 ____D C:\Users\Liz\AppData\Local\mbamtray

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-22 19:47 - 2016-01-26 11:08 - 000000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-11-22 14:10 - 2014-04-14 11:12 - 000866884 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-22 14:10 - 2013-08-22 13:36 - 000000000 ____D C:\Windows\Inf
2018-11-22 13:45 - 2016-11-16 10:07 - 000000000 ____D C:\Users\Fierce-PC\AppData\LocalLow\Mozilla
2018-11-22 13:44 - 2016-01-26 11:08 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-11-22 13:44 - 2014-04-14 17:58 - 000000000 ____D C:\Users\Fierce-PC
2018-11-22 13:44 - 2014-04-14 11:14 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-22 13:44 - 2013-08-22 14:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-21 12:05 - 2013-08-22 15:20 - 000000000 ____D C:\Windows\CbsTemp
2018-11-20 08:38 - 2016-11-16 08:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-20 08:38 - 2014-04-15 14:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-19 17:10 - 2014-04-14 11:11 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902596473-1099315985-2057228710-1001
2018-11-19 15:33 - 2017-07-01 07:40 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2018-11-19 15:33 - 2017-04-06 06:53 - 000003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1491461599
2018-11-19 15:33 - 2017-04-06 06:50 - 000000000 ____D C:\Program Files\Opera
2018-11-18 09:02 - 2014-04-15 14:10 - 000001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-17 17:36 - 2013-08-22 13:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-11-17 14:09 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\rescache
2018-11-17 13:23 - 2015-08-01 15:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-17 13:23 - 2013-08-22 15:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-17 13:16 - 2017-07-20 06:28 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2902596473-1099315985-2057228710-1001
2018-11-17 13:16 - 2016-04-22 06:18 - 000002322 _____ C:\Users\Fierce-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-11-17 13:10 - 2015-11-25 06:54 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-17 12:57 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\AppReadiness
2018-11-16 21:29 - 2013-08-22 15:38 - 000834960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-16 21:29 - 2013-08-22 15:38 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-14 13:30 - 2013-08-22 14:44 - 005053192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-14 13:28 - 2014-04-14 12:27 - 000000000 ____D C:\Windows\system32\MRT
2018-11-14 13:27 - 2014-04-14 12:27 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-14 07:49 - 2014-11-23 20:56 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-14 07:40 - 2014-04-19 16:07 - 000000000 ____D C:\Users\Fierce-PC\AppData\Roaming\Thunderbird
2018-11-09 09:51 - 2016-11-27 16:33 - 000000000 ____D C:\Users\Liz\AppData\LocalLow\Mozilla
2018-11-09 09:44 - 2014-05-13 20:00 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2902596473-1099315985-2057228710-1003
2018-11-07 19:04 - 2016-01-26 11:08 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-11-03 10:06 - 2017-10-27 07:53 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-01 11:39 - 2014-04-16 09:39 - 000000000 ____D C:\RECYCLED
2018-11-01 11:38 - 2015-06-09 16:45 - 000000000 ___SD C:\Windows\system32\GWX
2018-11-01 11:38 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\registration
2018-11-01 10:39 - 2014-04-18 19:57 - 000000000 ____D C:\Users\Fierce-PC\AppData\Local\ElevatedDiagnostics
2018-10-31 20:27 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\LiveKernelReports
2018-10-26 15:13 - 2017-02-26 17:00 - 000000000 ____D C:\Users\Fierce-PC\AppData\Local\FXHOME Helper
2018-10-26 15:12 - 2018-08-23 10:25 - 000000000 ____D C:\Users\Fierce-PC\AppData\Local\HitFilm Express Activation
2018-10-24 18:52 - 2013-08-22 15:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-23 15:47 - 2014-05-29 19:01 - 000001456 _____ C:\Users\Fierce-PC\AppData\Local\Adobe Save for Web 12.0 Prefs

==================== Files in the root of some directories =======

2018-03-08 16:48 - 2018-03-08 16:48 - 000021368 _____ (Schneider Electric) C:\Users\Fierce-PC\en_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000021368 _____ (Schneider Electric) C:\Users\Fierce-PC\es_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000021880 _____ (Schneider Electric) C:\Users\Fierce-PC\fr_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000021880 _____ (Schneider Electric) C:\Users\Fierce-PC\grm_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000021368 _____ (Schneider Electric) C:\Users\Fierce-PC\it_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000020344 _____ (Schneider Electric) C:\Users\Fierce-PC\jp_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 001079808 _____ (Microsoft Corporation) C:\Users\Fierce-PC\mfc80u.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000626688 _____ (Microsoft Corporation) C:\Users\Fierce-PC\msvcr80.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 013923704 _____ (Schneider Electric) C:\Users\Fierce-PC\PCPE Setup.exe
2018-03-08 16:48 - 2018-03-08 16:48 - 000021368 _____ (Schneider Electric) C:\Users\Fierce-PC\pt_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000018808 _____ () C:\Users\Fierce-PC\ResourceReader.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000020856 _____ (Schneider Electric) C:\Users\Fierce-PC\ru_res.dll
2018-03-08 16:48 - 2018-03-08 16:48 - 000019832 _____ (Schneider Electric) C:\Users\Fierce-PC\zh_res.dll
2014-04-16 10:26 - 2014-04-16 10:26 - 014883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-11-25 16:51 - 2017-11-25 16:51 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\181a9e99441742df89b7c4fdf2ab809f
2017-11-25 16:51 - 2017-11-25 16:51 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\181a9e99441742df89b7c4fdf2ab809fthumb
2017-11-25 16:19 - 2017-11-25 16:19 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\367a5b674dfb4491be172773f7793232
2017-11-25 16:19 - 2017-11-25 16:19 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\367a5b674dfb4491be172773f7793232thumb
2017-11-25 17:34 - 2017-11-25 17:34 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\37a0b16928134e65b1f2076214c9962c
2017-11-25 17:34 - 2017-11-25 17:34 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\37a0b16928134e65b1f2076214c9962cthumb
2017-11-25 16:59 - 2017-11-25 16:59 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\3886e5b980994c1c89d303c4bbc1c3ba
2017-11-25 16:59 - 2017-11-25 16:59 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\3886e5b980994c1c89d303c4bbc1c3bathumb
2017-11-25 16:54 - 2017-11-25 16:54 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\38b5c3dfd7c6498787e49845f588b23e
2017-11-25 16:54 - 2017-11-25 16:54 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\38b5c3dfd7c6498787e49845f588b23ethumb
2017-11-25 17:50 - 2017-11-25 17:50 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\3f16b91f236e4ff3bdced0d0096fbce0
2017-11-25 17:50 - 2017-11-25 17:50 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\3f16b91f236e4ff3bdced0d0096fbce0thumb
2017-11-25 16:10 - 2017-11-25 16:10 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\481ff661fa5c42718c90ea76bebbd859
2017-11-25 16:10 - 2017-11-25 16:10 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\481ff661fa5c42718c90ea76bebbd859thumb
2017-11-25 16:42 - 2017-11-25 16:42 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\4caf35cc30c445889762babcaa2c5932
2017-11-25 16:42 - 2017-11-25 16:42 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\4caf35cc30c445889762babcaa2c5932thumb
2017-11-25 16:04 - 2017-11-25 16:04 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\69c11474b19342f4ab303c93a4e0a531
2017-11-25 16:04 - 2017-11-25 16:04 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\69c11474b19342f4ab303c93a4e0a531thumb
2017-11-25 17:26 - 2017-11-25 17:26 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\6ea10ad1e84b4a98a90c8145b2416cc2
2017-11-25 17:26 - 2017-11-25 17:26 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\6ea10ad1e84b4a98a90c8145b2416cc2thumb
2017-11-25 16:19 - 2017-11-25 16:19 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\816a6383b6b649d59c79becf889b9c94
2017-11-25 16:19 - 2017-11-25 16:19 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\816a6383b6b649d59c79becf889b9c94thumb
2017-11-25 17:47 - 2017-11-25 17:47 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\8602be5f797e468fb5aa10af0010cef2
2017-11-25 17:47 - 2017-11-25 17:47 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\8602be5f797e468fb5aa10af0010cef2thumb
2017-11-25 17:14 - 2017-11-25 17:14 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\8d37a18784194fbd9fbb8a07422ac544
2017-11-25 17:14 - 2017-11-25 17:14 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\8d37a18784194fbd9fbb8a07422ac544thumb
2017-11-25 17:52 - 2017-11-25 17:52 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\914db3e1656f44ef922b7c72209f6f34
2017-11-25 17:52 - 2017-11-25 17:52 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\914db3e1656f44ef922b7c72209f6f34thumb
2017-11-25 17:01 - 2017-11-25 17:01 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\98eff31432c74f9aa9599ede50445022
2017-11-25 17:01 - 2017-11-25 17:01 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\98eff31432c74f9aa9599ede50445022thumb
2017-11-25 17:04 - 2017-11-25 17:04 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\9e7aae74b8ea41d39f7294b84ae07f70
2017-11-25 17:04 - 2017-11-25 17:04 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\9e7aae74b8ea41d39f7294b84ae07f70thumb
2017-11-25 16:38 - 2017-11-25 16:38 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\9f2c3d8411e744f19415acd9dcdd6dfa
2017-11-25 16:38 - 2017-11-25 16:38 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\9f2c3d8411e744f19415acd9dcdd6dfathumb
2017-05-17 16:20 - 2017-05-17 16:20 - 000000132 _____ () C:\Users\Fierce-PC\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2014-05-25 13:40 - 2018-08-26 13:08 - 000000132 _____ () C:\Users\Fierce-PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-11-25 16:26 - 2017-11-25 16:26 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\b1dbc9afff674ade879a01f90cf9699a
2017-11-25 16:26 - 2017-11-25 16:26 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\b1dbc9afff674ade879a01f90cf9699athumb
2017-11-25 17:41 - 2017-11-25 17:41 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\c93d7a46c2a14095a9920ed2d1dcfa2c
2017-11-25 17:41 - 2017-11-25 17:41 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\c93d7a46c2a14095a9920ed2d1dcfa2cthumb
2017-11-25 16:47 - 2017-11-25 16:47 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\ccac754f344d478fb3e3ea480aa7cbde
2017-11-25 16:47 - 2017-11-25 16:47 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\ccac754f344d478fb3e3ea480aa7cbdethumb
2017-11-25 17:27 - 2017-11-25 17:27 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\d43f7d63aaa045cb9a04cd68e0689891
2017-11-25 17:27 - 2017-11-25 17:27 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\d43f7d63aaa045cb9a04cd68e0689891thumb
2017-11-25 16:34 - 2017-11-25 16:34 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\db8ad293e7384be09bf697bc81a6b7be
2017-11-25 16:34 - 2017-11-25 16:34 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\db8ad293e7384be09bf697bc81a6b7bethumb
2017-11-25 15:57 - 2017-11-25 15:57 - 000095085 _____ () C:\Users\Fierce-PC\AppData\Roaming\DefaultAlbumArt.png
2017-11-25 15:57 - 2017-11-25 15:57 - 000165847 _____ () C:\Users\Fierce-PC\AppData\Roaming\DefaultArtistArt.png
2017-11-25 15:57 - 2017-11-25 15:57 - 000164313 _____ () C:\Users\Fierce-PC\AppData\Roaming\DefaultPlaylistArt.png
2017-11-25 15:57 - 2017-11-25 15:57 - 000095085 _____ () C:\Users\Fierce-PC\AppData\Roaming\DefaultTrackArt.png
2017-11-25 16:05 - 2017-11-25 16:05 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\e851733e93234eb19a19747b4db5adf8
2017-11-25 16:05 - 2017-11-25 16:05 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\e851733e93234eb19a19747b4db5adf8thumb
2017-11-25 17:12 - 2017-11-25 17:12 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\eefb71a3f3cb4c54bf619e22574b029e
2017-11-25 17:12 - 2017-11-25 17:12 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\eefb71a3f3cb4c54bf619e22574b029ethumb
2017-11-25 16:11 - 2017-11-25 16:11 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\f54b29976d094447a67d7d5dd9ea375c
2017-11-25 16:11 - 2017-11-25 16:11 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\f54b29976d094447a67d7d5dd9ea375cthumb
2017-11-25 17:46 - 2017-11-25 17:46 - 000050366 _____ () C:\Users\Fierce-PC\AppData\Roaming\fbacc54488584235a447ac1903e87007
2017-11-25 17:46 - 2017-11-25 17:46 - 000013890 _____ () C:\Users\Fierce-PC\AppData\Roaming\fbacc54488584235a447ac1903e87007thumb
2014-10-30 13:56 - 2017-05-31 08:38 - 036271925 _____ () C:\Users\Fierce-PC\AppData\Roaming\PS12_panel.log
2014-05-29 19:01 - 2018-10-23 15:47 - 000001456 _____ () C:\Users\Fierce-PC\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-12-06 11:29 - 2016-12-06 11:29 - 000000600 _____ () C:\Users\Fierce-PC\AppData\Local\PUTTY.RND
2015-12-20 19:16 - 2015-12-20 19:16 - 000000744 _____ () C:\Users\Fierce-PC\AppData\Local\recently-used.xbel
2014-08-20 09:30 - 2014-08-20 09:30 - 000000017 _____ () C:\Users\Fierce-PC\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-11-25 09:01 - 2017-11-08 14:16 - 002421328 _____ (ON1, Inc.) C:\Users\Fierce-PC\AppData\Local\Temp\ON1Wait.exe
2017-07-18 12:34 - 2018-04-28 06:29 - 016690176 _____ () C:\Users\Fierce-PC\AppData\Local\Temp\SkypeSetup.exe
2014-04-14 11:08 - 2006-05-24 04:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Fierce-PC\AppData\Local\Temp\_isA698.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-14 08:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by John-PC (22-11-2018 20:07:50)
Running from C:\Users\Fierce-PC\Desktop\Malware Tools
Windows 8.1 (Update) (X64) (2014-04-14 17:58:28)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2902596473-1099315985-2057228710-500 - Administrator - Disabled)
Guest (S-1-5-21-2902596473-1099315985-2057228710-501 - Limited - Disabled)
John-PC (S-1-5-21-2902596473-1099315985-2057228710-1001 - Administrator - Enabled) => C:\Users\Fierce-PC
Liz (S-1-5-21-2902596473-1099315985-2057228710-1003 - Limited - Enabled) => C:\Users\Liz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acerose Password Vault (HKLM-x32\...\Acerose Password Vault) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - )
ColorNavigator 6 (HKLM\...\{207AD5A9-A797-4C4B-B8C5-1CB8B54972C8}_is1) (Version: 6.4.7 - EIZO Corporation)
Curvemeister 3 support files (HKLM\...\{A40F1D80-2A79-4054-9E65-4483FDD01B2A}) (Version: 3.8.1 - Curvemeister.com)
Curvemeister3-64 (HKLM\...\Curvemeister3-64) (Version: 3.8.1 - Curvemeister.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.2 - Illustrate)
Dropbox (HKLM-x32\...\Dropbox) (Version: 61.4.95 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrampsAIO64 (HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\GrampsAIO64 4.2.1) (Version: 4.2.1 - The GRAMPS project)
HD Writer AE 5.2 (HKLM-x32\...\{CEA5AB9A-02F0-4D92-AD41-321D49745703}) (Version: 5.02.009.1033 - Panasonic Corporation)
HitFilm Express (HKLM\...\{695EBA08-5295-4472-901D-7A435E88D55F}) (Version: 9.0.7813.07206 - FXHOME)
H-Series_ASIO64 (HKLM\...\{5ACDFB68-D994-48E0-A579-2AFA6B851710}) (Version: 2.0.0.3 - ZOOM)
Intel® Driver Update Utility 2.6 (HKLM-x32\...\{2B710CA5-99F0-4D29-962C-29A7CFF7A989}) (Version: 2.6.0.32 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
join.me (HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\JoinMe) (Version: 3.0.0.3909 - LogMeIn, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LibreOffice 5.4.5.1 (HKLM\...\{7E33997B-06D8-4637-8794-5A0049237308}) (Version: 5.4.5.1 - The Document Foundation)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MJUCjr version 1.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.0.0 - )
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 63.0.3 (x64 en-GB) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-GB)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-GB)) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-GB) (HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Mozilla Thunderbird 31.7.0 (x86 en-GB)) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 60.3.1 (x86 en-US) (HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\Mozilla Thunderbird 60.3.1 (x86 en-US)) (Version: 60.3.1 - Mozilla)
Mp3tag v2.80 (HKLM-x32\...\Mp3tag) (Version: v2.80 - Florian Heidenreich)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
nugster 1.1.232 (HKLM\...\nugster) (Version: 1.1.232 - Nugs, Inc.)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
Opera Stable 56.0.3051.104 (HKLM-x32\...\Opera 56.0.3051.104) (Version: 56.0.3051.104 - Opera Software)
Pale Moon 26.5.0 (x86 en-US) (HKLM-x32\...\Pale Moon 26.5.0 (x86 en-US)) (Version: 26.5.0 - Moonchild Productions)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Scribus 1.4.6 (64bit) (HKLM\...\Scribus 1.4.6) (Version: 1.4.6 - The Scribus Team)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.21.9613 - SoftEther VPN Project)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.43.0 - 2BrightSparks)
TapinRadio 1.72.7 (x64) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Driver Package - Datacolor (Spyder3) USB (09/10/2007 1.0.0.3) (HKLM\...\2F24D930929D08C29A697E2C2E0574EC1CCCAE1D) (Version: 09/10/2007 1.0.0.3 - Datacolor)
Windows Driver Package - Datacolor (Spyder4) USB (06/01/2011 1.0.0.1) (HKLM\...\E5E9268B6D7B0E662E34736CC110C89D595E4222) (Version: 06/01/2011 1.0.0.1 - Datacolor)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\498B9978CE49397903524B0761200F43EC650044) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\67170FB0228B69BCCBEF8CE14A76953A5505D8EA) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - X-Rite (colormunki) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\975DA77B1E3D07FC79378569A82F13404D027518) (Version: 08/21/2006 2.40.0.1315 - X-Rite)
Windows Driver Package - X-Rite (EyeOne) XRiteDevices (04/21/2009 2.40.0.1315) (HKLM\...\60DFC39027B2B7734E1FBB0C005E7A477317D42D) (Version: 04/21/2009 2.40.0.1315 - X-Rite)
Windows Driver Package - X-Rite (EyeOne) XRiteDevices (08/21/2006 2.40.0.1315) (HKLM\...\4BCA7532847C66A175AD419E8ED0CB00EA9F9A4A) (Version: 08/21/2006 2.40.0.1315 - X-Rite)
Windows Driver Package - X-Rite (EyeOneDisplay) XRiteDevices (08/21/2006 2.0.0.0) (HKLM\...\BE6334FA182AB4DD51AECFD703C81D6B65B2BBF3) (Version: 08/21/2006 2.0.0.0 - X-Rite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2902596473-1099315985-2057228710-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Fierce-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programmes_misc\Mp3tag\Mp3tagShell64.dll [2016-11-25] (Florian Heidenreich)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programmes_misc\Mp3tag\Mp3tagShell64.dll [2016-11-25] (Florian Heidenreich)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programmes_misc\Mp3tag\Mp3tagShell64.dll [2016-11-25] (Florian Heidenreich)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2018-11-06] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-07-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0015CFCA-321E-4CFD-931D-C26275F6B69F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {0BA8AD36-7DAE-4FFE-B71D-903BABEEB098} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {16722F4C-DA80-4699-999A-A63B98488141} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-26] (Dropbox, Inc.)
Task: {1A85F5FC-518D-4237-9058-4B0215203050} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {1A85F5FC-518D-4237-9058-4B0215203050} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-02] (Microsoft Corporation)
Task: {220FAF43-4E27-4712-9A59-D75D5F3305B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {259314EE-C2AA-4444-BECA-D814382F08A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {371F96D4-0132-4AED-A934-A926519BD08B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-26] (Dropbox, Inc.)
Task: {39D909CF-B7F9-468D-A26D-A68EB7504506} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {49B3E565-D81D-4745-8560-19F3EC64ECA1} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {5BCC5BB1-728A-4E66-87F0-A2F3B34135FE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-29] (Adobe Systems Incorporated)
Task: {6CB91F38-6603-4B35-92D0-7D09743079B2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {76524142-6B21-4831-A9C0-5A71F941B3FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {7F3A78F9-0895-4CD6-AC93-2CF199384BA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {7F569BB4-3F65-4517-B3B2-E55FBBF249E3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {7F569BB4-3F65-4517-B3B2-E55FBBF249E3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-02] (Microsoft Corporation)
Task: {9881930E-5BBB-4B97-9CCF-1C64550F1422} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9F5BB707-76C3-46C1-9AD1-4FF1B4DD1FD7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A9B69B88-2FE5-43FE-953D-1273127FF0C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {BC148785-E3EC-426A-989D-9500C554237A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-08-31] ()
Task: {C82E57D8-8AD7-4708-B4C0-7D0C483B6FD0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C8FEF3D1-847E-46D7-82F9-C754A6EF686D} - System32\Tasks\Seagate_Install_Launch => D:\Programmes_misc\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {CB836726-2004-47E9-9791-B99357087BBF} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CCB8B105-3882-41CE-8325-04770FA0AB92} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {DB8C19A0-63A0-456E-8183-70DEB65CB3BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {DF0ABA7F-2E9E-4EFA-AFC0-2B41DA90DEA1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E5DC0C1D-4B53-4739-8A23-B494D54D0B75} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {E6B74D2D-5BAA-47D5-92C0-D9C66354F1E8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {E865D0B8-7901-43EE-961E-24CDE5D9CA7A} - System32\Tasks\Opera scheduled Autoupdate 1491461599 => C:\Program Files\Opera\launcher.exe [2018-11-14] (Opera Software)
Task: {EE018624-883A-4941-8910-A8598C0C7201} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F839631B-5058-4964-873B-16C11B1F99A1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-13] (Adobe Systems Incorporated)
Task: {FC699963-A620-4E9C-BCB0-F52630B8776F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {FC699963-A620-4E9C-BCB0-F52630B8776F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {FC699963-A620-4E9C-BCB0-F52630B8776F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-07-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-14 11:13 - 2015-07-23 01:31 - 000116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2014-01-25 01:22 - 2014-01-25 01:22 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-01-30 22:35 - 2018-01-30 22:35 - 001349224 _____ () D:\Programmes_misc\LibreOffice\program\libxml2.dll
2018-01-30 22:35 - 2018-01-30 22:35 - 000231528 _____ () D:\Programmes_misc\LibreOffice\program\libxslt.dll
2018-01-30 22:35 - 2018-01-30 22:35 - 000238696 _____ () D:\Programmes_misc\LibreOffice\program\libxmlsec-mscrypto.dll
2018-01-30 22:35 - 2018-01-30 22:35 - 000394344 _____ () D:\Programmes_misc\LibreOffice\program\libxmlsec.dll
2015-07-30 16:17 - 2015-07-24 04:22 - 000011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-11-07 19:04 - 2018-11-06 13:06 - 001141064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-11-07 19:04 - 2018-11-06 13:06 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-15 16:23 - 2018-11-06 13:09 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-11-07 19:03 - 2018-11-06 13:08 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000142312 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-11-07 19:03 - 2018-11-06 13:08 - 001953640 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-11-07 19:03 - 2018-11-06 13:08 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:06 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-15 16:23 - 2018-11-06 13:06 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000083784 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:06 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-11-07 19:04 - 2018-11-06 13:08 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000061792 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:06 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-11-07 19:03 - 2018-11-06 13:08 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-11-07 19:03 - 2018-11-06 13:08 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000156504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000092488 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 001778000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000518992 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000052056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 001929552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 003821392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000044888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000132944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000218456 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000205656 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-08-01 17:46 - 2018-11-06 13:09 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-11-07 19:03 - 2018-11-06 13:08 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:06 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000102736 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 011144016 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-05-15 16:23 - 2018-11-06 13:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-15 16:23 - 2018-11-06 13:09 - 000035680 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000025920 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-11-07 19:04 - 2018-11-06 13:08 - 001592128 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-15 16:23 - 2018-11-06 13:09 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp35-win32.pyd
2018-10-26 08:18 - 2018-11-06 13:09 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp35-win32.pyd
2018-09-14 07:31 - 2018-11-06 13:09 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000037200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp35-win32.pyd
2018-05-15 16:23 - 2018-11-06 13:09 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000530768 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-11-07 19:04 - 2018-11-06 13:08 - 000348496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2018-01-03 09:44 - 000768506 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.ipp

There are 23932 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img_john.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001\...\StartupApproved\Run: => "GarminExpress"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{039CB8AC-1B44-4F42-B786-AE9D842EB3B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B359EBC7-4B1A-4846-A628-AEF72549C7CA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{6433806E-FCB4-4C5C-B742-B248D7AE4529}D:\programmes_misc\libre_office\program\soffice.bin] => (Block) D:\programmes_misc\libre_office\program\soffice.bin
FirewallRules: [UDP Query User{3CB6FD95-8C38-42D1-9EF1-D316DAEAEF4C}D:\programmes_misc\libre_office\program\soffice.bin] => (Block) D:\programmes_misc\libre_office\program\soffice.bin
FirewallRules: [{6B2D3956-DC40-44E7-9CC7-8FBE330F2C37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AB3087B6-B3BC-4150-8569-4C9AB107F4FC}] => (Allow) LPort=2869
FirewallRules: [{5DD11593-915C-40E4-871E-5ACD42DDB4B2}] => (Allow) LPort=1900
FirewallRules: [{088A4CEC-FF1F-4A9B-BBD2-15C26DAC5276}] => (Allow) C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe
FirewallRules: [{EEA111AB-54D7-4022-87B4-15B1CACA1E99}] => (Allow) C:\Program Files\EIZO\ColorNavigator 6\core\cn6_eacore.exe
FirewallRules: [{A7AC0083-3EB7-4EFA-9E9A-4F9F7759621C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8722CC-9443-4C18-AEBC-5EC369AFFF5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{49D6D599-E899-4092-B2D5-0E3712441179}C:\program files\eizo\colornavigator 6\core\cn6_eacore.exe] => (Allow) C:\program files\eizo\colornavigator 6\core\cn6_eacore.exe
FirewallRules: [UDP Query User{DB82C414-AC02-4FF8-BABE-60818DE519CE}C:\program files\eizo\colornavigator 6\core\cn6_eacore.exe] => (Allow) C:\program files\eizo\colornavigator 6\core\cn6_eacore.exe
FirewallRules: [TCP Query User{9D991754-58FD-4FEB-9429-7F61AD7DB3D3}C:\users\fierce-pc\appdata\local\programs\crashplan\crashplanservice.exe] => (Allow) C:\users\fierce-pc\appdata\local\programs\crashplan\crashplanservice.exe
FirewallRules: [UDP Query User{4352B6BC-C482-491D-ACD9-371BB607D9E8}C:\users\fierce-pc\appdata\local\programs\crashplan\crashplanservice.exe] => (Allow) C:\users\fierce-pc\appdata\local\programs\crashplan\crashplanservice.exe
FirewallRules: [{7544708D-D9BA-4B5F-8E7B-43FCA7F7AB71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{920FFB14-0B16-4A18-B5A6-76F67054F411}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E146B9DD-4BF1-4388-8382-761373EE0AED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1A5007AE-3B06-4340-831E-B9F7AAB740D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0FCBF39A-C0BF-45F3-BE7E-202451D424FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C3511F9C-FA99-4D7A-BCFC-015C94943E96}] => (Allow) C:\Users\Fierce-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{87CDD4A0-A26E-4FA0-8F92-816E7A1782A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9665B70-DFC7-41FB-884E-99C4E39BA130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4C00DB69-BB93-4373-A57C-C8B7CA94B247}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{4484EFA1-2CB6-4DDF-BCE4-F8E1084EAE08}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DFE30BA9-2864-4F72-B96C-CF10833AE525}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [UDP Query User{12E8E4A7-7D4A-4AB9-8E7C-4EDBC118DCB2}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [{EB147085-1E1C-4A17-90C1-ED45441D4C61}] => (Allow) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{2065A4C8-3EEC-48B8-BC3B-EDE9DC799D24}] => (Allow) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{BCE5625D-5134-4534-B755-96665479B04D}] => (Allow) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{E765302F-0807-47BD-8461-FE1DEDBDB905}] => (Allow) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{09E80E64-6E42-4AE3-B888-EE170A091182}] => (Allow) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{4B018551-9E56-4F9B-AACD-A0BD020FA837}] => (Allow) D:\Programmes_misc\VPN_Gate\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{8F1C0F06-FAD9-425D-9C25-E7754124AC95}] => (Allow) D:\Programmes_misc\qBittorrent\qbittorrent.exe
FirewallRules: [{330B08DE-8AB0-40B6-A209-AFA9D9D13C28}] => (Allow) D:\Programmes_misc\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{1FE9467E-8B1F-481E-97A9-7CEDD638F313}D:\programmes_misc\qbittorrent\qbittorrent.exe] => (Allow) D:\programmes_misc\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{672BCF50-A554-4F0F-BF34-92CA5C99224B}D:\programmes_misc\qbittorrent\qbittorrent.exe] => (Allow) D:\programmes_misc\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{0683BD6E-4B3F-490E-BD87-E337B7A88C0B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C55B7588-8E8A-47FB-89D7-EAF8BDDD6F31}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4D971423-B92A-4F3A-8FFD-9D3E92F0BAB9}C:\program files\on1\on1 photo raw 2018\on1 photo raw 2018.exe] => (Allow) C:\program files\on1\on1 photo raw 2018\on1 photo raw 2018.exe
FirewallRules: [UDP Query User{CB28F798-86FF-41C6-9118-8EFD592CB75A}C:\program files\on1\on1 photo raw 2018\on1 photo raw 2018.exe] => (Allow) C:\program files\on1\on1 photo raw 2018\on1 photo raw 2018.exe
FirewallRules: [{CE3E2462-5B53-481A-8AB9-D4D120FB4564}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{6B7E869C-2AB4-4B4C-9BC6-065FBF3C1C2C}] => (Allow) LPort=35699
FirewallRules: [TCP Query User{14229746-3F70-491B-B4F1-E258F0FBD5C8}D:\programmes_misc\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\programmes_misc\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{56291533-AA7E-4528-86E5-A125CF10DFF3}D:\programmes_misc\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\programmes_misc\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{ABF3B812-32A9-4E4E-A5FA-1CE438E5B152}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{2105CD73-B1C8-46F2-AB12-604D07CC51EC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6EBD3FC8-DAE4-43AE-B57B-2A80EC939492}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EC4DA315-A6F8-4B7B-BB49-0E71A700AA94}] => (Allow) C:\Program Files\Opera\56.0.3051.99\opera.exe
FirewallRules: [{89518675-DF71-4BCE-B3B1-D5FC88085698}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{719EF706-F784-4200-A18D-EDB98E6D1167}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5D8835D5-FD65-4B7F-9C14-19041DE64B80}] => (Allow) C:\Program Files\Opera\56.0.3051.104\opera.exe

==================== Restore Points =========================

12-11-2018 17:49:51 Scheduled Checkpoint
20-11-2018 13:18:54 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2018 09:29:36 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (11/17/2018 05:27:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/17/2018 04:00:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d14

Start Time: 01d47e8d4b7ea3b1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: f26f0586-ea81-11e8-835a-94de807e6978

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/17/2018 02:50:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/17/2018 02:36:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/17/2018 02:09:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/14/2018 07:52:53 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (11/12/2018 05:40:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

System errors:
=============
Error: (11/22/2018 01:44:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:12:25 on ‎22/‎11/‎2018 was unexpected.

Error: (11/21/2018 05:56:59 PM) (Source: Schannel) (EventID: 4116) (User: JOHN)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (11/21/2018 05:56:59 PM) (Source: Schannel) (EventID: 4120) (User: JOHN)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (11/21/2018 02:17:26 PM) (Source: Schannel) (EventID: 4116) (User: JOHN)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (11/21/2018 02:17:26 PM) (Source: Schannel) (EventID: 4120) (User: JOHN)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (11/21/2018 08:30:45 AM) (Source: Schannel) (EventID: 4116) (User: JOHN)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (11/21/2018 08:30:45 AM) (Source: Schannel) (EventID: 4120) (User: JOHN)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (11/21/2018 08:30:45 AM) (Source: Schannel) (EventID: 4116) (User: JOHN)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Windows Defender:
===================================
Date: 2018-11-21 12:22:31.516
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {7A7D49A8-8E94-4F7A-A594-E3ACDE57B150}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-21 09:35:53.905
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {AEF7DF89-F5E8-4E2D-9DFA-22EDC038D219}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-11-20 09:29:27.746
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {AE342739-A809-4042-B7EB-409A5D2829E0}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-11-20 09:22:55.018
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {80BCC59F-9566-49C5-917E-65C7FA7336DB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-18 10:23:24.606
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {30DE5642-542F-482F-B310-3C67FA48344F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2018-11-20 08:58:10.312
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-18 08:18:50.122
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-17 13:22:51.001
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-15 07:13:23.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-14 08:03:25.241
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-12 17:39:00.777
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-02 16:46:14.269
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-10-12 11:36:58.699
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 37%
Total physical RAM: 16274 MB
Available physical RAM: 10162.22 MB
Total Virtual: 18706 MB
Available Virtual: 10733.11 MB

==================== Drives ================================

Drive c: (SSD Boot) (Fixed) (Total:118.73 GB) (Free:17.26 GB) NTFS
Drive d: (DATA1) (Fixed) (Total:1863.01 GB) (Free:1156.92 GB) NTFS
Drive e: (Photographs) (Fixed) (Total:1863.01 GB) (Free:180.43 GB) NTFS

\\?\Volume{8090bbee-21a8-470b-9d13-a24d3a838cc2}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: FED46669)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 08E362A4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 22 November 2018 - 10:43 PM

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start::
CloseProcesses:
CreateRestorePoint:
2017-11-25 09:01 - 2017-11-08 14:16 - 002421328 _____ (ON1, Inc.) C:\Users\Fierce-PC\AppData\Local\Temp\ON1Wait.exe
2017-07-18 12:34 - 2018-04-28 06:29 - 016690176 _____ () C:\Users\Fierce-PC\AppData\Local\Temp\SkypeSetup.exe
2014-04-14 11:08 - 2006-05-24 04:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Fierce-PC\AppData\Local\Temp\_isA698.exe
CustomCLSID: HKU\S-1-5-21-2902596473-1099315985-2057228710-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Fierce-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
C:\Windows\Temp\*.*
Emptytemp:
End::

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner - Fix Mode

Download AdwCleaner and move it to your Desktop
Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

****

RogueKiller

Download the right version of RogueKiller for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

Please post these 3 logs when finished.

#5 henchard

New Member

Authentic Member
5 posts

Posted 23 November 2018 - 03:30 AM

Thank you SO much for your assistance. You helpfulness is much appreciated. Ran the software as instructed. Only slight query was that I used the portable version of RogueKiller (not wishing to install yet more software) and as I was not connected to the internet did not run update before running. If I need to do this and run again please advise. I think I owe you a pint of our finest Welsh beer!

Here are the logs:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by John-PC (23-11-2018 08:56:06) Run:1
Running from C:\Users\Fierce-PC\Desktop\Malware Tools
Loaded Profiles: John-PC (Available Profiles: John-PC & Liz)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2017-11-25 09:01 - 2017-11-08 14:16 - 002421328 _____ (ON1, Inc.) C:\Users\Fierce-PC\AppData\Local\Temp\ON1Wait.exe
2017-07-18 12:34 - 2018-04-28 06:29 - 016690176 _____ () C:\Users\Fierce-PC\AppData\Local\Temp\SkypeSetup.exe
2014-04-14 11:08 - 2006-05-24 04:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Fierce-PC\AppData\Local\Temp\_isA698.exe
CustomCLSID: HKU\S-1-5-21-2902596473-1099315985-2057228710-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Fierce-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
C:\Windows\Temp\*.*
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\Fierce-PC\AppData\Local\Temp\ON1Wait.exe => moved successfully
C:\Users\Fierce-PC\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Fierce-PC\AppData\Local\Temp\_isA698.exe => moved successfully
HKU\S-1-5-21-2902596473-1099315985-2057228710-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\.unicode_cache_8931ed56.dat => moved successfully
C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\AdobeARM_NotLocked.log => moved successfully
C:\Windows\Temp\AppAndDeviceInventory.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\C2RIntegrator(20150801162544438).log => moved successfully
C:\Windows\Temp\C2RIntegrator(201508310225211B30).log => moved successfully
C:\Windows\Temp\C2RIntegrator(2016012007371973C).log => moved successfully
C:\Windows\Temp\C2RIntegrator(201603180719296F8).log => moved successfully
C:\Windows\Temp\C2RIntegrator(20161030075820DC).log => moved successfully
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\CProgram FilesOpera44.0.2510.1159opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera45.0.2552.812opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera45.0.2552.881opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera45.0.2552.888opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera45.0.2552.898opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera46.0.2597.32opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera46.0.2597.39opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera46.0.2597.46opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera46.0.2597.57opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera47.0.2631.55opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera47.0.2631.71opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera47.0.2631.80opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera48.0.2685.35opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera48.0.2685.39opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera48.0.2685.50opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera48.0.2685.52opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera49.0.2725.39opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera49.0.2725.47opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera49.0.2725.64opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera51.0.2830.40opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera51.0.2830.55opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera52.0.2871.40opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera52.0.2871.64opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera53.0.2907.68opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera53.0.2907.99opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera54.0.2952.51opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera54.0.2952.54opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera54.0.2952.60opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera54.0.2952.64opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera55.0.2994.44opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera55.0.2994.61opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera56.0.3051.104opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera56.0.3051.36opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera56.0.3051.43opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera56.0.3051.52opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\CProgram FilesOpera56.0.3051.99opera_autoupdate.download.lock => moved successfully
C:\Windows\Temp\dd_vcredistMSI44DE.txt => moved successfully
C:\Windows\Temp\dd_vcredistMSI44E8.txt => moved successfully
C:\Windows\Temp\dd_vcredistUI44DE.txt => moved successfully
C:\Windows\Temp\dd_vcredistUI44E8.txt => moved successfully
C:\Windows\Temp\dd_vstor40_x64MSI4CB4.txt => moved successfully
C:\Windows\Temp\dd_vstor40_x64UI4CB4.txt => moved successfully
C:\Windows\Temp\DEVINV.DLL => moved successfully
C:\Windows\Temp\fwtsqmfile00.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile01.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile02.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile03.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile04.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile05.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile06.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile07.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile08.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile09.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile10.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile11.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile12.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile13.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile14.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile15.sqm => moved successfully
C:\Windows\Temp\fwtsqmfile16.sqm => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073246.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073246_000_GarminExpress.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073246_001_GarminTray.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073246_002_GarminElevatedInstaller.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073246_004_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073258_5_LegacyApplication_Removal.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073259.log => moved successfully
C:\Windows\Temp\Garmin_Express_20161202073259_000_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081631.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081631_000_GarminExpress.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081631_001_GarminTray.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081631_002_GarminElevatedInstaller.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081631_004_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081643_5_LegacyApplication_Removal.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081644.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170112081644_000_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082344.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082344_000_GarminExpress.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082344_001_GarminTray.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082344_002_GarminElevatedInstaller.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082344_004_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082356_5_LegacyApplication_Removal.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082357.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170118082357_000_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080241.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080241_000_GarminExpress.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080241_001_GarminTray.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080241_002_GarminElevatedInstaller.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080241_004_AntDriversX64.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080252_5_LegacyApplication_Removal.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080254.log => moved successfully
C:\Windows\Temp\Garmin_Express_20170401080254_000_AntDriversX64.log => moved successfully
C:\Windows\Temp\jna1192828525377923887.dll => moved successfully
C:\Windows\Temp\jna1919104164475505391.dll => moved successfully
C:\Windows\Temp\jna2631783059091852106.dll => moved successfully
C:\Windows\Temp\jna2694014743243531467.dll => moved successfully
C:\Windows\Temp\jna3015017708768427006.dll => moved successfully
C:\Windows\Temp\jna3579727371570606319.dll => moved successfully
C:\Windows\Temp\jna3823138837186815469.dll => moved successfully
C:\Windows\Temp\jna4098792633874230933.dll => moved successfully
C:\Windows\Temp\jna4147438629045644216.dll => moved successfully
C:\Windows\Temp\jna4777009325664127841.dll => moved successfully
C:\Windows\Temp\jna5170207788181363707.dll => moved successfully
C:\Windows\Temp\jna5566590282397125864.dll => moved successfully
C:\Windows\Temp\jna5689488822822232539.dll => moved successfully
C:\Windows\Temp\jna6036090742818926005.dll => moved successfully
C:\Windows\Temp\jna6161025150743401102.dll => moved successfully
C:\Windows\Temp\jna6162821284997528394.dll => moved successfully
C:\Windows\Temp\jna6252724662267662559.dll => moved successfully
C:\Windows\Temp\jna6601302376999099752.dll => moved successfully
C:\Windows\Temp\jna6684826289277079986.dll => moved successfully
C:\Windows\Temp\jna688281259885527015.dll => moved successfully
C:\Windows\Temp\jna7261214153443747330.dll => moved successfully
C:\Windows\Temp\jna7979540579719156510.dll => moved successfully
C:\Windows\Temp\jna8493156054426974735.dll => moved successfully
C:\Windows\Temp\jna8499571085211423777.dll => moved successfully
C:\Windows\Temp\jna8552702782598629488.dll => moved successfully
C:\Windows\Temp\jna8572905860549304704.dll => moved successfully
C:\Windows\Temp\jna882221649405740229.dll => moved successfully
C:\Windows\Temp\jna8932252424815838348.dll => moved successfully
C:\Windows\Temp\jna9110942819383441888.dll => moved successfully
C:\Windows\Temp\jna9137792566769781090.dll => moved successfully
C:\Windows\Temp\jna9210951285005256446.dll => moved successfully
C:\Windows\Temp\JOHN-20150801-1607.log => moved successfully
C:\Windows\Temp\JOHN-20150802-0322.log => moved successfully
C:\Windows\Temp\JOHN-20150802-0731.log => moved successfully
C:\Windows\Temp\JOHN-20150803-0534.log => moved successfully
C:\Windows\Temp\JOHN-20150803-2121.log => moved successfully
C:\Windows\Temp\JOHN-20150803-2151.log => moved successfully
C:\Windows\Temp\JOHN-20150803-2221.log => moved successfully
C:\Windows\Temp\JOHN-20150804-0525.log => moved successfully
C:\Windows\Temp\JOHN-20150804-0636.log => moved successfully
C:\Windows\Temp\JOHN-20150831-0220.log => moved successfully
C:\Windows\Temp\JOHN-20150831-0220a.log => moved successfully
C:\Windows\Temp\JOHN-20150831-0225.log => moved successfully
C:\Windows\Temp\JOHN-20150831-0225a.log => moved successfully
C:\Windows\Temp\JOHN-20150831-0645.log => moved successfully
C:\Windows\Temp\JOHN-20150901-0430.log => moved successfully
C:\Windows\Temp\JOHN-20150901-0432.log => moved successfully
C:\Windows\Temp\JOHN-20150901-0712.log => moved successfully
C:\Windows\Temp\JOHN-20150901-0728.log => moved successfully
C:\Windows\Temp\JOHN-20150901-0758.log => moved successfully
C:\Windows\Temp\JOHN-20150901-0828.log => moved successfully
C:\Windows\Temp\JOHN-20150902-0456.log => moved successfully
C:\Windows\Temp\JOHN-20150902-2119.log => moved successfully
C:\Windows\Temp\JOHN-20150902-2134.log => moved successfully
C:\Windows\Temp\JOHN-20150902-2204.log => moved successfully
C:\Windows\Temp\JOHN-20150902-2234.log => moved successfully
C:\Windows\Temp\JOHN-20150903-0405.log => moved successfully
C:\Windows\Temp\JOHN-20150904-0351.log => moved successfully
C:\Windows\Temp\JOHN-20150904-0939.log => moved successfully
C:\Windows\Temp\JOHN-20150905-0628.log => moved successfully
C:\Windows\Temp\JOHN-20150906-0413.log => moved successfully
C:\Windows\Temp\JOHN-20150906-0714.log => moved successfully
C:\Windows\Temp\JOHN-20150906-1507.log => moved successfully
C:\Windows\Temp\JOHN-20150906-1537.log => moved successfully
C:\Windows\Temp\JOHN-20150906-1552.log => moved successfully
C:\Windows\Temp\JOHN-20150906-1607.log => moved successfully
C:\Windows\Temp\JOHN-20150906-1622.log => moved successfully
C:\Windows\Temp\JOHN-20150906-1652.log => moved successfully
C:\Windows\Temp\JOHN-20150907-0921.log => moved successfully
C:\Windows\Temp\JOHN-20150908-0634.log => moved successfully
C:\Windows\Temp\JOHN-20150908-0812.log => moved successfully
C:\Windows\Temp\JOHN-20150909-0749.log => moved successfully
C:\Windows\Temp\JOHN-20150909-0804.log => moved successfully
C:\Windows\Temp\JOHN-20150909-0834.log => moved successfully
C:\Windows\Temp\JOHN-20150909-0904.log => moved successfully
C:\Windows\Temp\JOHN-20150910-0744.log => moved successfully
C:\Windows\Temp\JOHN-20150910-0754.log => moved successfully
C:\Windows\Temp\JOHN-20150910-0800.log => moved successfully
C:\Windows\Temp\JOHN-20150910-0830.log => moved successfully
C:\Windows\Temp\JOHN-20150910-0900.log => moved successfully
C:\Windows\Temp\JOHN-20150911-0816.log => moved successfully
C:\Windows\Temp\JOHN-20150911-0831.log => moved successfully
C:\Windows\Temp\JOHN-20150911-0901.log => moved successfully
C:\Windows\Temp\JOHN-20150911-0931.log => moved successfully
C:\Windows\Temp\JOHN-20150911-2107.log => moved successfully
C:\Windows\Temp\JOHN-20150911-2137.log => moved successfully
C:\Windows\Temp\JOHN-20150911-2207.log => moved successfully
C:\Windows\Temp\JOHN-20150912-0857.log => moved successfully
C:\Windows\Temp\JOHN-20150912-0857a.log => moved successfully
C:\Windows\Temp\JOHN-20150912-0902.log => moved successfully
C:\Windows\Temp\JOHN-20150912-0932.log => moved successfully
C:\Windows\Temp\JOHN-20150912-1002.log => moved successfully
C:\Windows\Temp\JOHN-20150912-2154.log => moved successfully
C:\Windows\Temp\JOHN-20150912-2224.log => moved successfully
C:\Windows\Temp\JOHN-20150912-2254.log => moved successfully
C:\Windows\Temp\JOHN-20150913-0850.log => moved successfully
C:\Windows\Temp\JOHN-20150913-0850a.log => moved successfully
C:\Windows\Temp\JOHN-20150913-0855.log => moved successfully
C:\Windows\Temp\JOHN-20150913-0925.log => moved successfully
C:\Windows\Temp\JOHN-20150913-0955.log => moved successfully
C:\Windows\Temp\JOHN-20150913-1951.log => moved successfully
C:\Windows\Temp\JOHN-20150913-2021.log => moved successfully
C:\Windows\Temp\JOHN-20150913-2051.log => moved successfully
C:\Windows\Temp\JOHN-20150915-1312.log => moved successfully
C:\Windows\Temp\JOHN-20150915-1312a.log => moved successfully
C:\Windows\Temp\JOHN-20150915-1318.log => moved successfully
C:\Windows\Temp\JOHN-20150915-1318a.log => moved successfully
C:\Windows\Temp\JOHN-20150915-2110.log => moved successfully
C:\Windows\Temp\JOHN-20150915-2140.log => moved successfully
C:\Windows\Temp\JOHN-20150915-2210.log => moved successfully
C:\Windows\Temp\JOHN-20150916-0834.log => moved successfully
C:\Windows\Temp\JOHN-20150916-0839.log => moved successfully
C:\Windows\Temp\JOHN-20150916-0909.log => moved successfully
C:\Windows\Temp\JOHN-20150916-0939.log => moved successfully
C:\Windows\Temp\JOHN-20150917-0759.log => moved successfully
C:\Windows\Temp\JOHN-20150917-0805.log => moved successfully
C:\Windows\Temp\JOHN-20150917-0835.log => moved successfully
C:\Windows\Temp\JOHN-20150917-0905.log => moved successfully
C:\Windows\Temp\JOHN-20150918-0751.log => moved successfully
C:\Windows\Temp\JOHN-20150918-0751a.log => moved successfully
C:\Windows\Temp\JOHN-20150918-0756.log => moved successfully
C:\Windows\Temp\JOHN-20150918-0826.log => moved successfully
C:\Windows\Temp\JOHN-20150918-0856.log => moved successfully
C:\Windows\Temp\JOHN-20150919-0716.log => moved successfully
C:\Windows\Temp\JOHN-20150919-0721.log => moved successfully
C:\Windows\Temp\JOHN-20150919-0751.log => moved successfully
C:\Windows\Temp\JOHN-20150919-0821.log => moved successfully
C:\Windows\Temp\JOHN-20150919-1527.log => moved successfully
C:\Windows\Temp\JOHN-20150919-1557.log => moved successfully
C:\Windows\Temp\JOHN-20150919-1627.log => moved successfully
C:\Windows\Temp\JOHN-20150920-0956.log => moved successfully
C:\Windows\Temp\JOHN-20150920-0956a.log => moved successfully
C:\Windows\Temp\JOHN-20150920-1001.log => moved successfully
C:\Windows\Temp\JOHN-20150920-1031.log => moved successfully
C:\Windows\Temp\JOHN-20150920-1101.log => moved successfully
C:\Windows\Temp\JOHN-20150921-0807.log => moved successfully
C:\Windows\Temp\JOHN-20150921-0813.log => moved successfully
C:\Windows\Temp\JOHN-20150921-0843.log => moved successfully
C:\Windows\Temp\JOHN-20150921-0913.log => moved successfully
C:\Windows\Temp\JOHN-20150922-0820.log => moved successfully
C:\Windows\Temp\JOHN-20150922-0820a.log => moved successfully
C:\Windows\Temp\JOHN-20150922-0825.log => moved successfully
C:\Windows\Temp\JOHN-20150922-0855.log => moved successfully
C:\Windows\Temp\JOHN-20150922-0925.log => moved successfully
C:\Windows\Temp\JOHN-20150923-0829.log => moved successfully
C:\Windows\Temp\JOHN-20150923-0834.log => moved successfully
C:\Windows\Temp\JOHN-20150923-0904.log => moved successfully
C:\Windows\Temp\JOHN-20150923-0934.log => moved successfully
C:\Windows\Temp\JOHN-20150924-0725.log => moved successfully
C:\Windows\Temp\JOHN-20150924-0731.log => moved successfully
C:\Windows\Temp\JOHN-20150924-0801.log => moved successfully
C:\Windows\Temp\JOHN-20150924-0831.log => moved successfully
C:\Windows\Temp\JOHN-20150924-2020.log => moved successfully
C:\Windows\Temp\JOHN-20150924-2025.log => moved successfully
C:\Windows\Temp\JOHN-20150924-2025a.log => moved successfully
C:\Windows\Temp\JOHN-20150925-0812.log => moved successfully
C:\Windows\Temp\JOHN-20150925-0812a.log => moved successfully
C:\Windows\Temp\JOHN-20150925-0817.log => moved successfully
C:\Windows\Temp\JOHN-20150925-0847.log => moved successfully
C:\Windows\Temp\JOHN-20150925-0917.log => moved successfully
C:\Windows\Temp\JOHN-20150926-0732.log => moved successfully
C:\Windows\Temp\JOHN-20150926-0738.log => moved successfully
C:\Windows\Temp\JOHN-20150926-0808.log => moved successfully
C:\Windows\Temp\JOHN-20150926-0838.log => moved successfully
C:\Windows\Temp\JOHN-20150927-1753.log => moved successfully
C:\Windows\Temp\JOHN-20150927-1753a.log => moved successfully
C:\Windows\Temp\JOHN-20150927-1758.log => moved successfully
C:\Windows\Temp\JOHN-20150927-1828.log => moved successfully
C:\Windows\Temp\JOHN-20150927-1858.log => moved successfully
C:\Windows\Temp\JOHN-20150928-0929.log => moved successfully
C:\Windows\Temp\JOHN-20150928-0938.log => moved successfully
C:\Windows\Temp\JOHN-20150928-1008.log => moved successfully
C:\Windows\Temp\JOHN-20150928-1038.log => moved successfully
C:\Windows\Temp\JOHN-20150929-0946.log => moved successfully
C:\Windows\Temp\JOHN-20150929-0946a.log => moved successfully
C:\Windows\Temp\JOHN-20150929-0951.log => moved successfully
C:\Windows\Temp\JOHN-20150929-1021.log => moved successfully
C:\Windows\Temp\JOHN-20150929-1051.log => moved successfully
C:\Windows\Temp\JOHN-20150930-1055.log => moved successfully
C:\Windows\Temp\JOHN-20150930-1100.log => moved successfully
C:\Windows\Temp\JOHN-20150930-1130.log => moved successfully
C:\Windows\Temp\JOHN-20150930-1200.log => moved successfully
C:\Windows\Temp\JOHN-20151001-0906.log => moved successfully
C:\Windows\Temp\JOHN-20151001-0912.log => moved successfully
C:\Windows\Temp\JOHN-20151001-0942.log => moved successfully
C:\Windows\Temp\JOHN-20151001-1012.log => moved successfully
C:\Windows\Temp\JOHN-20151002-0823.log => moved successfully
C:\Windows\Temp\JOHN-20151002-0823a.log => moved successfully
C:\Windows\Temp\JOHN-20151002-0828.log => moved successfully
C:\Windows\Temp\JOHN-20151002-1251.log => moved successfully
C:\Windows\Temp\JOHN-20151002-1306.log => moved successfully
C:\Windows\Temp\JOHN-20151002-1321.log => moved successfully
C:\Windows\Temp\JOHN-20151002-1351.log => moved successfully
C:\Windows\Temp\JOHN-20151003-0521.log => moved successfully
C:\Windows\Temp\JOHN-20151004-0819.log => moved successfully
C:\Windows\Temp\JOHN-20151004-0819a.log => moved successfully
C:\Windows\Temp\JOHN-20151004-0825.log => moved successfully
C:\Windows\Temp\JOHN-20151004-0855.log => moved successfully
C:\Windows\Temp\JOHN-20151004-0925.log => moved successfully
C:\Windows\Temp\JOHN-20151005-0805.log => moved successfully
C:\Windows\Temp\JOHN-20151005-0811.log => moved successfully
C:\Windows\Temp\JOHN-20151005-0841.log => moved successfully
C:\Windows\Temp\JOHN-20151005-0911.log => moved successfully
C:\Windows\Temp\JOHN-20151006-0751.log => moved successfully
C:\Windows\Temp\JOHN-20151006-0751a.log => moved successfully
C:\Windows\Temp\JOHN-20151006-0757.log => moved successfully
C:\Windows\Temp\JOHN-20151006-0827.log => moved successfully
C:\Windows\Temp\JOHN-20151006-0857.log => moved successfully
C:\Windows\Temp\JOHN-20151007-0819.log => moved successfully
C:\Windows\Temp\JOHN-20151007-0824.log => moved successfully
C:\Windows\Temp\JOHN-20151007-0854.log => moved successfully
C:\Windows\Temp\JOHN-20151007-0924.log => moved successfully
C:\Windows\Temp\JOHN-20151124-1858.log => moved successfully
C:\Windows\Temp\JOHN-20151124-1858a.log => moved successfully
C:\Windows\Temp\JOHN-20151124-1914.log => moved successfully
C:\Windows\Temp\JOHN-20151124-1944.log => moved successfully
C:\Windows\Temp\JOHN-20151124-2014.log => moved successfully
C:\Windows\Temp\JOHN-20151125-0528.log => moved successfully
C:\Windows\Temp\JOHN-20151125-0620.log => moved successfully
C:\Windows\Temp\JOHN-20151125-0636.log => moved successfully
C:\Windows\Temp\JOHN-20151125-0648.log => moved successfully
C:\Windows\Temp\JOHN-20151125-0648a.log => moved successfully
C:\Windows\Temp\JOHN-20151126-0544.log => moved successfully
C:\Windows\Temp\JOHN-20151127-0412.log => moved successfully
C:\Windows\Temp\JOHN-20151127-0458.log => moved successfully
C:\Windows\Temp\JOHN-20151128-0858.log => moved successfully
C:\Windows\Temp\JOHN-20151129-0534.log => moved successfully
C:\Windows\Temp\JOHN-20151129-0911.log => moved successfully
C:\Windows\Temp\JOHN-20151130-0606.log => moved successfully
C:\Windows\Temp\JOHN-20151130-1411.log => moved successfully
C:\Windows\Temp\JOHN-20151130-1441.log => moved successfully
C:\Windows\Temp\JOHN-20151130-1511.log => moved successfully
C:\Windows\Temp\JOHN-20151201-0420.log => moved successfully
C:\Windows\Temp\JOHN-20151201-0550.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1434.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1504.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1534.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1643.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1701.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1731.log => moved successfully
C:\Windows\Temp\JOHN-20151201-1801.log => moved successfully
C:\Windows\Temp\JOHN-20151202-0726.log => moved successfully
C:\Windows\Temp\JOHN-20151202-0732.log => moved successfully
C:\Windows\Temp\JOHN-20151202-0802.log => moved successfully
C:\Windows\Temp\JOHN-20151202-0832.log => moved successfully
C:\Windows\Temp\JOHN-20151202-1706.log => moved successfully
C:\Windows\Temp\JOHN-20151202-1736.log => moved successfully
C:\Windows\Temp\JOHN-20151202-1806.log => moved successfully
C:\Windows\Temp\JOHN-20151203-0909.log => moved successfully
C:\Windows\Temp\JOHN-20151204-0431.log => moved successfully
C:\Windows\Temp\JOHN-20151204-0459.log => moved successfully
C:\Windows\Temp\JOHN-20151205-0431.log => moved successfully
C:\Windows\Temp\JOHN-20151206-0410.log => moved successfully
C:\Windows\Temp\JOHN-20151206-0411.log => moved successfully
C:\Windows\Temp\JOHN-20151206-0411a.log => moved successfully
C:\Windows\Temp\JOHN-20151206-0704.log => moved successfully
C:\Windows\Temp\JOHN-20151207-0913.log => moved successfully
C:\Windows\Temp\JOHN-20151208-0440.log => moved successfully
C:\Windows\Temp\JOHN-20151208-0456.log => moved successfully
C:\Windows\Temp\JOHN-20151209-0511.log => moved successfully
C:\Windows\Temp\JOHN-20151211-2320.log => moved successfully
C:\Windows\Temp\JOHN-20151211-2320a.log => moved successfully
C:\Windows\Temp\JOHN-20151211-2326.log => moved successfully
C:\Windows\Temp\JOHN-20151211-2356.log => moved successfully
C:\Windows\Temp\JOHN-20151212-0026.log => moved successfully
C:\Windows\Temp\JOHN-20151212-0456.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1718.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1748.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1818.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1845.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1915.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1935.log => moved successfully
C:\Windows\Temp\JOHN-20151212-1950.log => moved successfully
C:\Windows\Temp\JOHN-20151212-2020.log => moved successfully
C:\Windows\Temp\JOHN-20151212-2050.log => moved successfully
C:\Windows\Temp\JOHN-20151213-0450.log => moved successfully
C:\Windows\Temp\JOHN-20151213-0454.log => moved successfully
C:\Windows\Temp\JOHN-20151214-0824.log => moved successfully
C:\Windows\Temp\JOHN-20151214-2021.log => moved successfully
C:\Windows\Temp\JOHN-20151214-2051.log => moved successfully
C:\Windows\Temp\JOHN-20151214-2121.log => moved successfully
C:\Windows\Temp\JOHN-20151215-0624.log => moved successfully
C:\Windows\Temp\JOHN-20151215-0803.log => moved successfully
C:\Windows\Temp\JOHN-20151216-0704.log => moved successfully
C:\Windows\Temp\JOHN-20151217-0415.log => moved successfully
C:\Windows\Temp\JOHN-20151218-0504.log => moved successfully
C:\Windows\Temp\JOHN-20151218-0551.log => moved successfully
C:\Windows\Temp\JOHN-20151218-0602.log => moved successfully
C:\Windows\Temp\JOHN-20151218-0602a.log => moved successfully
C:\Windows\Temp\JOHN-20151219-0529.log => moved successfully
C:\Windows\Temp\JOHN-20151220-0430.log => moved successfully
C:\Windows\Temp\JOHN-20151220-0952.log => moved successfully
C:\Windows\Temp\JOHN-20151221-0436.log => moved successfully
C:\Windows\Temp\JOHN-20151222-0615.log => moved successfully
C:\Windows\Temp\JOHN-20151222-0734.log => moved successfully
C:\Windows\Temp\JOHN-20151223-0521.log => moved successfully
C:\Windows\Temp\JOHN-20151223-1709.log => moved successfully
C:\Windows\Temp\JOHN-20151223-1739.log => moved successfully
C:\Windows\Temp\JOHN-20151223-1809.log => moved successfully
C:\Windows\Temp\JOHN-20151224-0751.log => moved successfully
C:\Windows\Temp\JOHN-20151224-0801.log => moved successfully
C:\Windows\Temp\JOHN-20151224-0807.log => moved successfully
C:\Windows\Temp\JOHN-20151224-0837.log => moved successfully
C:\Windows\Temp\JOHN-20151224-0907.log => moved successfully
C:\Windows\Temp\JOHN-20151226-0722.log => moved successfully
C:\Windows\Temp\JOHN-20151226-0723.log => moved successfully
C:\Windows\Temp\JOHN-20151226-0728.log => moved successfully
C:\Windows\Temp\JOHN-20151226-0758.log => moved successfully
C:\Windows\Temp\JOHN-20151226-0828.log => moved successfully
C:\Windows\Temp\JOHN-20151226-1705.log => moved successfully
C:\Windows\Temp\JOHN-20151226-1735.log => moved successfully
C:\Windows\Temp\JOHN-20151226-1805.log => moved successfully
C:\Windows\Temp\JOHN-20151227-0437.log => moved successfully
C:\Windows\Temp\JOHN-20151227-0611.log => moved successfully
C:\Windows\Temp\JOHN-20151228-0949.log => moved successfully
C:\Windows\Temp\JOHN-20151229-0813.log => moved successfully
C:\Windows\Temp\JOHN-20151229-0813a.log => moved successfully
C:\Windows\Temp\JOHN-20151229-0818.log => moved successfully
C:\Windows\Temp\JOHN-20151229-0848.log => moved successfully
C:\Windows\Temp\JOHN-20151229-0918.log => moved successfully
C:\Windows\Temp\JOHN-20151230-1037.log => moved successfully
C:\Windows\Temp\JOHN-20151230-1042.log => moved successfully
C:\Windows\Temp\JOHN-20151230-1112.log => moved successfully
C:\Windows\Temp\JOHN-20151230-1142.log => moved successfully
C:\Windows\Temp\JOHN-20151231-0824.log => moved successfully
C:\Windows\Temp\JOHN-20151231-0829.log => moved successfully
C:\Windows\Temp\JOHN-20151231-0859.log => moved successfully
C:\Windows\Temp\JOHN-20151231-0929.log => moved successfully
C:\Windows\Temp\JOHN-20151231-1358.log => moved successfully
C:\Windows\Temp\JOHN-20151231-1428.log => moved successfully
C:\Windows\Temp\JOHN-20151231-1458.log => moved successfully
C:\Windows\Temp\JOHN-20160101-0833.log => moved successfully
C:\Windows\Temp\JOHN-20160101-0833a.log => moved successfully
C:\Windows\Temp\JOHN-20160101-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160101-0908.log => moved successfully
C:\Windows\Temp\JOHN-20160101-0938.log => moved successfully
C:\Windows\Temp\JOHN-20160102-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160102-0820.log => moved successfully
C:\Windows\Temp\JOHN-20160102-0850.log => moved successfully
C:\Windows\Temp\JOHN-20160102-0920.log => moved successfully
C:\Windows\Temp\JOHN-20160103-0803.log => moved successfully
C:\Windows\Temp\JOHN-20160103-0803a.log => moved successfully
C:\Windows\Temp\JOHN-20160103-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160103-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160103-0908.log => moved successfully
C:\Windows\Temp\JOHN-20160103-1548.log => moved successfully
C:\Windows\Temp\JOHN-20160103-1618.log => moved successfully
C:\Windows\Temp\JOHN-20160103-1648.log => moved successfully
C:\Windows\Temp\JOHN-20160103-2124.log => moved successfully
C:\Windows\Temp\JOHN-20160103-2154.log => moved successfully
C:\Windows\Temp\JOHN-20160103-2224.log => moved successfully
C:\Windows\Temp\JOHN-20160104-0709.log => moved successfully
C:\Windows\Temp\JOHN-20160104-0714.log => moved successfully
C:\Windows\Temp\JOHN-20160104-0744.log => moved successfully
C:\Windows\Temp\JOHN-20160104-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160105-0756.log => moved successfully
C:\Windows\Temp\JOHN-20160105-0756a.log => moved successfully
C:\Windows\Temp\JOHN-20160105-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160105-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160105-0901.log => moved successfully
C:\Windows\Temp\JOHN-20160106-0825.log => moved successfully
C:\Windows\Temp\JOHN-20160106-0832.log => moved successfully
C:\Windows\Temp\JOHN-20160106-0902.log => moved successfully
C:\Windows\Temp\JOHN-20160106-0932.log => moved successfully
C:\Windows\Temp\JOHN-20160107-0805.log => moved successfully
C:\Windows\Temp\JOHN-20160107-0810.log => moved successfully
C:\Windows\Temp\JOHN-20160107-0840.log => moved successfully
C:\Windows\Temp\JOHN-20160107-0910.log => moved successfully
C:\Windows\Temp\JOHN-20160108-0736.log => moved successfully
C:\Windows\Temp\JOHN-20160108-0736a.log => moved successfully
C:\Windows\Temp\JOHN-20160108-0741.log => moved successfully
C:\Windows\Temp\JOHN-20160108-0811.log => moved successfully
C:\Windows\Temp\JOHN-20160108-0841.log => moved successfully
C:\Windows\Temp\JOHN-20160109-0840.log => moved successfully
C:\Windows\Temp\JOHN-20160109-0845.log => moved successfully
C:\Windows\Temp\JOHN-20160109-0915.log => moved successfully
C:\Windows\Temp\JOHN-20160109-0945.log => moved successfully
C:\Windows\Temp\JOHN-20160110-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160110-0809a.log => moved successfully
C:\Windows\Temp\JOHN-20160110-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160110-0844.log => moved successfully
C:\Windows\Temp\JOHN-20160110-0914.log => moved successfully
C:\Windows\Temp\JOHN-20160111-0417.log => moved successfully
C:\Windows\Temp\JOHN-20160112-0629.log => moved successfully
C:\Windows\Temp\JOHN-20160112-0854.log => moved successfully
C:\Windows\Temp\JOHN-20160113-0553.log => moved successfully
C:\Windows\Temp\JOHN-20160114-1137.log => moved successfully
C:\Windows\Temp\JOHN-20160114-1147.log => moved successfully
C:\Windows\Temp\JOHN-20160114-1153.log => moved successfully
C:\Windows\Temp\JOHN-20160114-1223.log => moved successfully
C:\Windows\Temp\JOHN-20160114-1253.log => moved successfully
C:\Windows\Temp\JOHN-20160115-0548.log => moved successfully
C:\Windows\Temp\JOHN-20160115-0607.log => moved successfully
C:\Windows\Temp\JOHN-20160116-0943.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1312.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1328.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1358.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1428.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1627.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1657.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1727.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1812.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1842.log => moved successfully
C:\Windows\Temp\JOHN-20160116-1912.log => moved successfully
C:\Windows\Temp\JOHN-20160117-0343.log => moved successfully
C:\Windows\Temp\JOHN-20160117-0446.log => moved successfully
C:\Windows\Temp\JOHN-20160118-0832.log => moved successfully
C:\Windows\Temp\JOHN-20160118-0837.log => moved successfully
C:\Windows\Temp\JOHN-20160118-0907.log => moved successfully
C:\Windows\Temp\JOHN-20160118-0937.log => moved successfully
C:\Windows\Temp\JOHN-20160119-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160119-0724a.log => moved successfully
C:\Windows\Temp\JOHN-20160119-0729.log => moved successfully
C:\Windows\Temp\JOHN-20160119-0759.log => moved successfully
C:\Windows\Temp\JOHN-20160119-0829.log => moved successfully
C:\Windows\Temp\JOHN-20160120-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160120-0730.log => moved successfully
C:\Windows\Temp\JOHN-20160120-0737.log => moved successfully
C:\Windows\Temp\JOHN-20160120-0737a.log => moved successfully
C:\Windows\Temp\JOHN-20160121-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160121-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160121-0844.log => moved successfully
C:\Windows\Temp\JOHN-20160121-0914.log => moved successfully
C:\Windows\Temp\JOHN-20160122-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160122-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160122-0732.log => moved successfully
C:\Windows\Temp\JOHN-20160122-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160122-0832.log => moved successfully
C:\Windows\Temp\JOHN-20160123-0744.log => moved successfully
C:\Windows\Temp\JOHN-20160123-0749.log => moved successfully
C:\Windows\Temp\JOHN-20160123-0819.log => moved successfully
C:\Windows\Temp\JOHN-20160123-0849.log => moved successfully
C:\Windows\Temp\JOHN-20160124-0741.log => moved successfully
C:\Windows\Temp\JOHN-20160124-0741a.log => moved successfully
C:\Windows\Temp\JOHN-20160124-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160124-0816.log => moved successfully
C:\Windows\Temp\JOHN-20160124-0846.log => moved successfully
C:\Windows\Temp\JOHN-20160124-2015.log => moved successfully
C:\Windows\Temp\JOHN-20160124-2045.log => moved successfully
C:\Windows\Temp\JOHN-20160124-2115.log => moved successfully
C:\Windows\Temp\JOHN-20160125-0753.log => moved successfully
C:\Windows\Temp\JOHN-20160125-0759.log => moved successfully
C:\Windows\Temp\JOHN-20160125-0829.log => moved successfully
C:\Windows\Temp\JOHN-20160125-0859.log => moved successfully
C:\Windows\Temp\JOHN-20160126-0816.log => moved successfully
C:\Windows\Temp\JOHN-20160126-0816a.log => moved successfully
C:\Windows\Temp\JOHN-20160126-0821.log => moved successfully
C:\Windows\Temp\JOHN-20160126-0851.log => moved successfully
C:\Windows\Temp\JOHN-20160126-0921.log => moved successfully
C:\Windows\Temp\JOHN-20160126-1121.log => moved successfully
C:\Windows\Temp\JOHN-20160126-1151.log => moved successfully
C:\Windows\Temp\JOHN-20160126-1221.log => moved successfully
C:\Windows\Temp\JOHN-20160127-0713.log => moved successfully
C:\Windows\Temp\JOHN-20160127-0719.log => moved successfully
C:\Windows\Temp\JOHN-20160127-0749.log => moved successfully
C:\Windows\Temp\JOHN-20160127-0819.log => moved successfully
C:\Windows\Temp\JOHN-20160127-2028.log => moved successfully
C:\Windows\Temp\JOHN-20160127-2058.log => moved successfully
C:\Windows\Temp\JOHN-20160127-2128.log => moved successfully
C:\Windows\Temp\JOHN-20160128-0735.log => moved successfully
C:\Windows\Temp\JOHN-20160128-0740.log => moved successfully
C:\Windows\Temp\JOHN-20160128-0810.log => moved successfully
C:\Windows\Temp\JOHN-20160128-0840.log => moved successfully
C:\Windows\Temp\JOHN-20160129-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160129-0724a.log => moved successfully
C:\Windows\Temp\JOHN-20160129-0730.log => moved successfully
C:\Windows\Temp\JOHN-20160129-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160129-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160129-1004.log => moved successfully
C:\Windows\Temp\JOHN-20160129-1034.log => moved successfully
C:\Windows\Temp\JOHN-20160129-1104.log => moved successfully
C:\Windows\Temp\JOHN-20160130-0756.log => moved successfully
C:\Windows\Temp\JOHN-20160130-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160130-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160130-0901.log => moved successfully
C:\Windows\Temp\JOHN-20160130-1823.log => moved successfully
C:\Windows\Temp\JOHN-20160130-1853.log => moved successfully
C:\Windows\Temp\JOHN-20160130-1923.log => moved successfully
C:\Windows\Temp\JOHN-20160130-1932.log => moved successfully
C:\Windows\Temp\JOHN-20160130-1948.log => moved successfully
C:\Windows\Temp\JOHN-20160130-2018.log => moved successfully
C:\Windows\Temp\JOHN-20160130-2048.log => moved successfully
C:\Windows\Temp\JOHN-20160131-0711.log => moved successfully
C:\Windows\Temp\JOHN-20160131-0721.log => moved successfully
C:\Windows\Temp\JOHN-20160131-0721a.log => moved successfully
C:\Windows\Temp\JOHN-20160131-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160131-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160131-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160201-0846.log => moved successfully
C:\Windows\Temp\JOHN-20160201-0851.log => moved successfully
C:\Windows\Temp\JOHN-20160201-0921.log => moved successfully
C:\Windows\Temp\JOHN-20160201-0951.log => moved successfully
C:\Windows\Temp\JOHN-20160202-0712.log => moved successfully
C:\Windows\Temp\JOHN-20160202-0712a.log => moved successfully
C:\Windows\Temp\JOHN-20160202-0717.log => moved successfully
C:\Windows\Temp\JOHN-20160202-0747.log => moved successfully
C:\Windows\Temp\JOHN-20160202-0817.log => moved successfully
C:\Windows\Temp\JOHN-20160202-1527.log => moved successfully
C:\Windows\Temp\JOHN-20160202-1542.log => moved successfully
C:\Windows\Temp\JOHN-20160202-1812.log => moved successfully
C:\Windows\Temp\JOHN-20160203-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160203-0743.log => moved successfully
C:\Windows\Temp\JOHN-20160203-0813.log => moved successfully
C:\Windows\Temp\JOHN-20160203-0843.log => moved successfully
C:\Windows\Temp\JOHN-20160204-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160204-0729.log => moved successfully
C:\Windows\Temp\JOHN-20160204-0759.log => moved successfully
C:\Windows\Temp\JOHN-20160204-0829.log => moved successfully
C:\Windows\Temp\JOHN-20160204-1417.log => moved successfully
C:\Windows\Temp\JOHN-20160204-1447.log => moved successfully
C:\Windows\Temp\JOHN-20160204-1517.log => moved successfully
C:\Windows\Temp\JOHN-20160205-0644.log => moved successfully
C:\Windows\Temp\JOHN-20160205-0644a.log => moved successfully
C:\Windows\Temp\JOHN-20160205-0649.log => moved successfully
C:\Windows\Temp\JOHN-20160205-0719.log => moved successfully
C:\Windows\Temp\JOHN-20160205-0749.log => moved successfully
C:\Windows\Temp\JOHN-20160207-1548.log => moved successfully
C:\Windows\Temp\JOHN-20160207-1548a.log => moved successfully
C:\Windows\Temp\JOHN-20160207-1554.log => moved successfully
C:\Windows\Temp\JOHN-20160207-1624.log => moved successfully
C:\Windows\Temp\JOHN-20160207-1654.log => moved successfully
C:\Windows\Temp\JOHN-20160208-0759.log => moved successfully
C:\Windows\Temp\JOHN-20160208-0805.log => moved successfully
C:\Windows\Temp\JOHN-20160208-0835.log => moved successfully
C:\Windows\Temp\JOHN-20160208-0905.log => moved successfully
C:\Windows\Temp\JOHN-20160209-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160209-0726a.log => moved successfully
C:\Windows\Temp\JOHN-20160209-0731.log => moved successfully
C:\Windows\Temp\JOHN-20160209-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160209-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160210-0756.log => moved successfully
C:\Windows\Temp\JOHN-20160210-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160210-0832.log => moved successfully
C:\Windows\Temp\JOHN-20160210-0902.log => moved successfully
C:\Windows\Temp\JOHN-20160211-0658.log => moved successfully
C:\Windows\Temp\JOHN-20160211-0713.log => moved successfully
C:\Windows\Temp\JOHN-20160211-0743.log => moved successfully
C:\Windows\Temp\JOHN-20160211-0813.log => moved successfully
C:\Windows\Temp\JOHN-20160212-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160212-0812a.log => moved successfully
C:\Windows\Temp\JOHN-20160212-0817.log => moved successfully
C:\Windows\Temp\JOHN-20160212-0847.log => moved successfully
C:\Windows\Temp\JOHN-20160212-0917.log => moved successfully
C:\Windows\Temp\JOHN-20160212-1408.log => moved successfully
C:\Windows\Temp\JOHN-20160212-1438.log => moved successfully
C:\Windows\Temp\JOHN-20160212-1508.log => moved successfully
C:\Windows\Temp\JOHN-20160213-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160213-0751.log => moved successfully
C:\Windows\Temp\JOHN-20160213-0821.log => moved successfully
C:\Windows\Temp\JOHN-20160213-0851.log => moved successfully
C:\Windows\Temp\JOHN-20160213-1229.log => moved successfully
C:\Windows\Temp\JOHN-20160213-1244.log => moved successfully
C:\Windows\Temp\JOHN-20160213-1314.log => moved successfully
C:\Windows\Temp\JOHN-20160213-1344.log => moved successfully
C:\Windows\Temp\JOHN-20160214-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160214-0727a.log => moved successfully
C:\Windows\Temp\JOHN-20160214-0732.log => moved successfully
C:\Windows\Temp\JOHN-20160214-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160214-0832.log => moved successfully
C:\Windows\Temp\JOHN-20160214-2128.log => moved successfully
C:\Windows\Temp\JOHN-20160214-2158.log => moved successfully
C:\Windows\Temp\JOHN-20160214-2228.log => moved successfully
C:\Windows\Temp\JOHN-20160215-0739.log => moved successfully
C:\Windows\Temp\JOHN-20160215-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160215-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160215-0845.log => moved successfully
C:\Windows\Temp\JOHN-20160216-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160216-0802a.log => moved successfully
C:\Windows\Temp\JOHN-20160216-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160216-0837.log => moved successfully
C:\Windows\Temp\JOHN-20160216-0907.log => moved successfully
C:\Windows\Temp\JOHN-20160217-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160217-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160217-0844.log => moved successfully
C:\Windows\Temp\JOHN-20160217-0914.log => moved successfully
C:\Windows\Temp\JOHN-20160318-0653.log => moved successfully
C:\Windows\Temp\JOHN-20160318-0653a.log => moved successfully
C:\Windows\Temp\JOHN-20160318-0659.log => moved successfully
C:\Windows\Temp\JOHN-20160318-0719.log => moved successfully
C:\Windows\Temp\JOHN-20160318-0719a.log => moved successfully
C:\Windows\Temp\JOHN-20160319-0922.log => moved successfully
C:\Windows\Temp\JOHN-20160320-0600.log => moved successfully
C:\Windows\Temp\JOHN-20160320-0818.log => moved successfully
C:\Windows\Temp\JOHN-20160321-0658.log => moved successfully
C:\Windows\Temp\JOHN-20160321-0700.log => moved successfully
C:\Windows\Temp\JOHN-20160321-0713.log => moved successfully
C:\Windows\Temp\JOHN-20160321-0715.log => moved successfully
C:\Windows\Temp\JOHN-20160321-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160321-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160322-1218.log => moved successfully
C:\Windows\Temp\JOHN-20160322-1218a.log => moved successfully
C:\Windows\Temp\JOHN-20160322-1223.log => moved successfully
C:\Windows\Temp\JOHN-20160322-1253.log => moved successfully
C:\Windows\Temp\JOHN-20160322-1323.log => moved successfully
C:\Windows\Temp\JOHN-20160323-0631.log => moved successfully
C:\Windows\Temp\JOHN-20160324-0428.log => moved successfully
C:\Windows\Temp\JOHN-20160325-0524.log => moved successfully
C:\Windows\Temp\JOHN-20160325-0608.log => moved successfully
C:\Windows\Temp\JOHN-20160326-0753.log => moved successfully
C:\Windows\Temp\JOHN-20160326-0758.log => moved successfully
C:\Windows\Temp\JOHN-20160326-0828.log => moved successfully
C:\Windows\Temp\JOHN-20160326-0858.log => moved successfully
C:\Windows\Temp\JOHN-20160327-0648.log => moved successfully
C:\Windows\Temp\JOHN-20160327-0821.log => moved successfully
C:\Windows\Temp\JOHN-20160327-1550.log => moved successfully
C:\Windows\Temp\JOHN-20160327-1620.log => moved successfully
C:\Windows\Temp\JOHN-20160327-1650.log => moved successfully
C:\Windows\Temp\JOHN-20160328-0910.log => moved successfully
C:\Windows\Temp\JOHN-20160329-0331.log => moved successfully
C:\Windows\Temp\JOHN-20160329-0524.log => moved successfully
C:\Windows\Temp\JOHN-20160330-0447.log => moved successfully
C:\Windows\Temp\JOHN-20160331-0444.log => moved successfully
C:\Windows\Temp\JOHN-20160401-0512.log => moved successfully
C:\Windows\Temp\JOHN-20160401-0541.log => moved successfully
C:\Windows\Temp\JOHN-20160402-0854.log => moved successfully
C:\Windows\Temp\JOHN-20160403-0420.log => moved successfully
C:\Windows\Temp\JOHN-20160403-0929.log => moved successfully
C:\Windows\Temp\JOHN-20160404-0602.log => moved successfully
C:\Windows\Temp\JOHN-20160405-0622.log => moved successfully
C:\Windows\Temp\JOHN-20160405-0813.log => moved successfully
C:\Windows\Temp\JOHN-20160405-0928.log => moved successfully
C:\Windows\Temp\JOHN-20160405-0943.log => moved successfully
C:\Windows\Temp\JOHN-20160405-1013.log => moved successfully
C:\Windows\Temp\JOHN-20160405-1043.log => moved successfully
C:\Windows\Temp\JOHN-20160406-0805.log => moved successfully
C:\Windows\Temp\JOHN-20160406-2003.log => moved successfully
C:\Windows\Temp\JOHN-20160406-2018.log => moved successfully
C:\Windows\Temp\JOHN-20160406-2048.log => moved successfully
C:\Windows\Temp\JOHN-20160406-2118.log => moved successfully
C:\Windows\Temp\JOHN-20160407-0435.log => moved successfully
C:\Windows\Temp\JOHN-20160408-0358.log => moved successfully
C:\Windows\Temp\JOHN-20160408-0548.log => moved successfully
C:\Windows\Temp\JOHN-20160409-0642.log => moved successfully
C:\Windows\Temp\JOHN-20160410-0437.log => moved successfully
C:\Windows\Temp\JOHN-20160410-0806.log => moved successfully
C:\Windows\Temp\JOHN-20160411-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160411-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160411-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160411-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160412-0733.log => moved successfully
C:\Windows\Temp\JOHN-20160412-0733a.log => moved successfully
C:\Windows\Temp\JOHN-20160412-0739.log => moved successfully
C:\Windows\Temp\JOHN-20160412-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160412-0839.log => moved successfully
C:\Windows\Temp\JOHN-20160413-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160413-0731.log => moved successfully
C:\Windows\Temp\JOHN-20160413-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160413-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160414-0652.log => moved successfully
C:\Windows\Temp\JOHN-20160414-0707.log => moved successfully
C:\Windows\Temp\JOHN-20160414-0737.log => moved successfully
C:\Windows\Temp\JOHN-20160414-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160414-2144.log => moved successfully
C:\Windows\Temp\JOHN-20160414-2149.log => moved successfully
C:\Windows\Temp\JOHN-20160415-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160415-0722a.log => moved successfully
C:\Windows\Temp\JOHN-20160415-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160415-0742.log => moved successfully
C:\Windows\Temp\JOHN-20160415-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160415-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160416-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160416-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160416-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160416-0912.log => moved successfully
C:\Windows\Temp\JOHN-20160417-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160417-0722a.log => moved successfully
C:\Windows\Temp\JOHN-20160417-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160417-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160417-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160419-0805.log => moved successfully
C:\Windows\Temp\JOHN-20160419-0805a.log => moved successfully
C:\Windows\Temp\JOHN-20160419-0811.log => moved successfully
C:\Windows\Temp\JOHN-20160419-0811a.log => moved successfully
C:\Windows\Temp\JOHN-20160419-2203.log => moved successfully
C:\Windows\Temp\JOHN-20160419-2233.log => moved successfully
C:\Windows\Temp\JOHN-20160419-2303.log => moved successfully
C:\Windows\Temp\JOHN-20160420-0723.log => moved successfully
C:\Windows\Temp\JOHN-20160420-0728.log => moved successfully
C:\Windows\Temp\JOHN-20160420-0758.log => moved successfully
C:\Windows\Temp\JOHN-20160420-0828.log => moved successfully
C:\Windows\Temp\JOHN-20160420-1440.log => moved successfully
C:\Windows\Temp\JOHN-20160420-1510.log => moved successfully
C:\Windows\Temp\JOHN-20160420-1540.log => moved successfully
C:\Windows\Temp\JOHN-20160421-0616.log => moved successfully
C:\Windows\Temp\JOHN-20160421-0621.log => moved successfully
C:\Windows\Temp\JOHN-20160421-0651.log => moved successfully
C:\Windows\Temp\JOHN-20160421-0721.log => moved successfully
C:\Windows\Temp\JOHN-20160422-0725.log => moved successfully
C:\Windows\Temp\JOHN-20160422-0725a.log => moved successfully
C:\Windows\Temp\JOHN-20160422-0730.log => moved successfully
C:\Windows\Temp\JOHN-20160422-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160422-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160422-1951.log => moved successfully
C:\Windows\Temp\JOHN-20160422-2021.log => moved successfully
C:\Windows\Temp\JOHN-20160422-2051.log => moved successfully
C:\Windows\Temp\JOHN-20160423-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160423-0743.log => moved successfully
C:\Windows\Temp\JOHN-20160423-0813.log => moved successfully
C:\Windows\Temp\JOHN-20160423-0843.log => moved successfully
C:\Windows\Temp\JOHN-20160424-0321.log => moved successfully
C:\Windows\Temp\JOHN-20160424-0836.log => moved successfully
C:\Windows\Temp\JOHN-20160425-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160426-0624.log => moved successfully
C:\Windows\Temp\JOHN-20160426-0639.log => moved successfully
C:\Windows\Temp\JOHN-20160427-0652.log => moved successfully
C:\Windows\Temp\JOHN-20160428-0421.log => moved successfully
C:\Windows\Temp\JOHN-20160504-0220.log => moved successfully
C:\Windows\Temp\JOHN-20160504-0221.log => moved successfully
C:\Windows\Temp\JOHN-20160504-0549.log => moved successfully
C:\Windows\Temp\JOHN-20160505-0950.log => moved successfully
C:\Windows\Temp\JOHN-20160505-1454.log => moved successfully
C:\Windows\Temp\JOHN-20160505-1524.log => moved successfully
C:\Windows\Temp\JOHN-20160505-1554.log => moved successfully
C:\Windows\Temp\JOHN-20160506-0506.log => moved successfully
C:\Windows\Temp\JOHN-20160506-0528.log => moved successfully
C:\Windows\Temp\JOHN-20160507-0711.log => moved successfully
C:\Windows\Temp\JOHN-20160508-0426.log => moved successfully
C:\Windows\Temp\JOHN-20160508-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160508-2000.log => moved successfully
C:\Windows\Temp\JOHN-20160508-2030.log => moved successfully
C:\Windows\Temp\JOHN-20160508-2100.log => moved successfully
C:\Windows\Temp\JOHN-20160508-2311.log => moved successfully
C:\Windows\Temp\JOHN-20160508-2341.log => moved successfully
C:\Windows\Temp\JOHN-20160509-0011.log => moved successfully
C:\Windows\Temp\JOHN-20160509-0612.log => moved successfully
C:\Windows\Temp\JOHN-20160509-2132.log => moved successfully
C:\Windows\Temp\JOHN-20160509-2202.log => moved successfully
C:\Windows\Temp\JOHN-20160509-2232.log => moved successfully
C:\Windows\Temp\JOHN-20160510-0311.log => moved successfully
C:\Windows\Temp\JOHN-20160510-0533.log => moved successfully
C:\Windows\Temp\JOHN-20160511-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160512-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160512-2304.log => moved successfully
C:\Windows\Temp\JOHN-20160512-2319.log => moved successfully
C:\Windows\Temp\JOHN-20160512-2349.log => moved successfully
C:\Windows\Temp\JOHN-20160513-0019.log => moved successfully
C:\Windows\Temp\JOHN-20160513-0333.log => moved successfully
C:\Windows\Temp\JOHN-20160513-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160514-0718.log => moved successfully
C:\Windows\Temp\JOHN-20160515-0558.log => moved successfully
C:\Windows\Temp\JOHN-20160515-0851.log => moved successfully
C:\Windows\Temp\JOHN-20160516-0741.log => moved successfully
C:\Windows\Temp\JOHN-20160516-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160516-0816.log => moved successfully
C:\Windows\Temp\JOHN-20160516-0846.log => moved successfully
C:\Windows\Temp\JOHN-20160516-2122.log => moved successfully
C:\Windows\Temp\JOHN-20160516-2134.log => moved successfully
C:\Windows\Temp\JOHN-20160516-2152.log => moved successfully
C:\Windows\Temp\JOHN-20160516-2204.log => moved successfully
C:\Windows\Temp\JOHN-20160516-2222.log => moved successfully
C:\Windows\Temp\JOHN-20160516-2234.log => moved successfully
C:\Windows\Temp\JOHN-20160517-0327.log => moved successfully
C:\Windows\Temp\JOHN-20160517-0948.log => moved successfully
C:\Windows\Temp\JOHN-20160518-0904.log => moved successfully
C:\Windows\Temp\JOHN-20160519-0737.log => moved successfully
C:\Windows\Temp\JOHN-20160519-0742.log => moved successfully
C:\Windows\Temp\JOHN-20160519-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160519-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160520-0408.log => moved successfully
C:\Windows\Temp\JOHN-20160520-0638.log => moved successfully
C:\Windows\Temp\JOHN-20160521-0916.log => moved successfully
C:\Windows\Temp\JOHN-20160521-0921.log => moved successfully
C:\Windows\Temp\JOHN-20160521-0951.log => moved successfully
C:\Windows\Temp\JOHN-20160521-1021.log => moved successfully
C:\Windows\Temp\JOHN-20160522-0634.log => moved successfully
C:\Windows\Temp\JOHN-20160522-0634a.log => moved successfully
C:\Windows\Temp\JOHN-20160522-0639.log => moved successfully
C:\Windows\Temp\JOHN-20160522-0709.log => moved successfully
C:\Windows\Temp\JOHN-20160526-2104.log => moved successfully
C:\Windows\Temp\JOHN-20160526-2114.log => moved successfully
C:\Windows\Temp\JOHN-20160526-2114a.log => moved successfully
C:\Windows\Temp\JOHN-20160526-2121.log => moved successfully
C:\Windows\Temp\JOHN-20160526-2151.log => moved successfully
C:\Windows\Temp\JOHN-20160526-2221.log => moved successfully
C:\Windows\Temp\JOHN-20160527-0318.log => moved successfully
C:\Windows\Temp\JOHN-20160527-0414.log => moved successfully
C:\Windows\Temp\JOHN-20160527-1811.log => moved successfully
C:\Windows\Temp\JOHN-20160527-1841.log => moved successfully
C:\Windows\Temp\JOHN-20160527-1911.log => moved successfully
C:\Windows\Temp\JOHN-20160528-0704.log => moved successfully
C:\Windows\Temp\JOHN-20160528-0709.log => moved successfully
C:\Windows\Temp\JOHN-20160528-0710.log => moved successfully
C:\Windows\Temp\JOHN-20160528-0710a.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0700.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0710.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0710a.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0716.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160529-0900.log => moved successfully
C:\Windows\Temp\JOHN-20160529-1652.log => moved successfully
C:\Windows\Temp\JOHN-20160529-1707.log => moved successfully
C:\Windows\Temp\JOHN-20160529-1737.log => moved successfully
C:\Windows\Temp\JOHN-20160529-1807.log => moved successfully
C:\Windows\Temp\JOHN-20160530-0706.log => moved successfully
C:\Windows\Temp\JOHN-20160530-0712.log => moved successfully
C:\Windows\Temp\JOHN-20160530-0742.log => moved successfully
C:\Windows\Temp\JOHN-20160530-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160602-1444.log => moved successfully
C:\Windows\Temp\JOHN-20160602-1444a.log => moved successfully
C:\Windows\Temp\JOHN-20160602-1449.log => moved successfully
C:\Windows\Temp\JOHN-20160602-1519.log => moved successfully
C:\Windows\Temp\JOHN-20160602-1549.log => moved successfully
C:\Windows\Temp\JOHN-20160603-0752.log => moved successfully
C:\Windows\Temp\JOHN-20160603-0752a.log => moved successfully
C:\Windows\Temp\JOHN-20160603-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160603-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160603-0857.log => moved successfully
C:\Windows\Temp\JOHN-20160604-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160604-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160604-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160604-0912.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1628.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1628a.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1634.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1635.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1704.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1705.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1734.log => moved successfully
C:\Windows\Temp\JOHN-20160605-1735.log => moved successfully
C:\Windows\Temp\JOHN-20160606-0705.log => moved successfully
C:\Windows\Temp\JOHN-20160606-0710.log => moved successfully
C:\Windows\Temp\JOHN-20160606-0740.log => moved successfully
C:\Windows\Temp\JOHN-20160606-0810.log => moved successfully
C:\Windows\Temp\JOHN-20160607-0647.log => moved successfully
C:\Windows\Temp\JOHN-20160607-0647a.log => moved successfully
C:\Windows\Temp\JOHN-20160607-0652.log => moved successfully
C:\Windows\Temp\JOHN-20160607-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160607-0752.log => moved successfully
C:\Windows\Temp\JOHN-20160607-1528.log => moved successfully
C:\Windows\Temp\JOHN-20160607-1543.log => moved successfully
C:\Windows\Temp\JOHN-20160607-1613.log => moved successfully
C:\Windows\Temp\JOHN-20160607-1643.log => moved successfully
C:\Windows\Temp\JOHN-20160608-0712.log => moved successfully
C:\Windows\Temp\JOHN-20160608-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160608-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160608-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160608-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160609-0725.log => moved successfully
C:\Windows\Temp\JOHN-20160609-0730.log => moved successfully
C:\Windows\Temp\JOHN-20160609-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160609-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160610-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160610-0738a.log => moved successfully
C:\Windows\Temp\JOHN-20160610-0744.log => moved successfully
C:\Windows\Temp\JOHN-20160610-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160610-0844.log => moved successfully
C:\Windows\Temp\JOHN-20160611-0624.log => moved successfully
C:\Windows\Temp\JOHN-20160611-0630.log => moved successfully
C:\Windows\Temp\JOHN-20160612-0854.log => moved successfully
C:\Windows\Temp\JOHN-20160612-0854a.log => moved successfully
C:\Windows\Temp\JOHN-20160612-0859.log => moved successfully
C:\Windows\Temp\JOHN-20160612-0914.log => moved successfully
C:\Windows\Temp\JOHN-20160612-0929.log => moved successfully
C:\Windows\Temp\JOHN-20160612-0959.log => moved successfully
C:\Windows\Temp\JOHN-20160613-0825.log => moved successfully
C:\Windows\Temp\JOHN-20160613-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160613-0900.log => moved successfully
C:\Windows\Temp\JOHN-20160613-0930.log => moved successfully
C:\Windows\Temp\JOHN-20160614-0710.log => moved successfully
C:\Windows\Temp\JOHN-20160614-0710a.log => moved successfully
C:\Windows\Temp\JOHN-20160614-0715.log => moved successfully
C:\Windows\Temp\JOHN-20160614-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160614-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160615-0818.log => moved successfully
C:\Windows\Temp\JOHN-20160615-0823.log => moved successfully
C:\Windows\Temp\JOHN-20160615-0853.log => moved successfully
C:\Windows\Temp\JOHN-20160615-0923.log => moved successfully
C:\Windows\Temp\JOHN-20160615-1501.log => moved successfully
C:\Windows\Temp\JOHN-20160615-1516.log => moved successfully
C:\Windows\Temp\JOHN-20160615-1546.log => moved successfully
C:\Windows\Temp\JOHN-20160615-1616.log => moved successfully
C:\Windows\Temp\JOHN-20160616-0847.log => moved successfully
C:\Windows\Temp\JOHN-20160616-0852.log => moved successfully
C:\Windows\Temp\JOHN-20160616-0922.log => moved successfully
C:\Windows\Temp\JOHN-20160616-0952.log => moved successfully
C:\Windows\Temp\JOHN-20160617-0828.log => moved successfully
C:\Windows\Temp\JOHN-20160617-0828a.log => moved successfully
C:\Windows\Temp\JOHN-20160617-0833.log => moved successfully
C:\Windows\Temp\JOHN-20160617-0903.log => moved successfully
C:\Windows\Temp\JOHN-20160617-0933.log => moved successfully
C:\Windows\Temp\JOHN-20160617-2103.log => moved successfully
C:\Windows\Temp\JOHN-20160617-2133.log => moved successfully
C:\Windows\Temp\JOHN-20160617-2203.log => moved successfully
C:\Windows\Temp\JOHN-20160618-0733.log => moved successfully
C:\Windows\Temp\JOHN-20160618-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160618-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160618-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160619-0810.log => moved successfully
C:\Windows\Temp\JOHN-20160619-0810a.log => moved successfully
C:\Windows\Temp\JOHN-20160619-0816.log => moved successfully
C:\Windows\Temp\JOHN-20160619-0846.log => moved successfully
C:\Windows\Temp\JOHN-20160619-0916.log => moved successfully
C:\Windows\Temp\JOHN-20160620-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160620-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160620-0839.log => moved successfully
C:\Windows\Temp\JOHN-20160620-0909.log => moved successfully
C:\Windows\Temp\JOHN-20160621-0747.log => moved successfully
C:\Windows\Temp\JOHN-20160621-0747a.log => moved successfully
C:\Windows\Temp\JOHN-20160621-0752.log => moved successfully
C:\Windows\Temp\JOHN-20160621-0822.log => moved successfully
C:\Windows\Temp\JOHN-20160621-0852.log => moved successfully
C:\Windows\Temp\JOHN-20160622-0913.log => moved successfully
C:\Windows\Temp\JOHN-20160622-0918.log => moved successfully
C:\Windows\Temp\JOHN-20160622-0924.log => moved successfully
C:\Windows\Temp\JOHN-20160622-0924a.log => moved successfully
C:\Windows\Temp\JOHN-20160623-0628.log => moved successfully
C:\Windows\Temp\JOHN-20160623-0634.log => moved successfully
C:\Windows\Temp\JOHN-20160623-0704.log => moved successfully
C:\Windows\Temp\JOHN-20160623-0734.log => moved successfully
C:\Windows\Temp\JOHN-20160623-1501.log => moved successfully
C:\Windows\Temp\JOHN-20160623-1531.log => moved successfully
C:\Windows\Temp\JOHN-20160623-1601.log => moved successfully
C:\Windows\Temp\JOHN-20160624-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160624-0746a.log => moved successfully
C:\Windows\Temp\JOHN-20160624-0751.log => moved successfully
C:\Windows\Temp\JOHN-20160624-0821.log => moved successfully
C:\Windows\Temp\JOHN-20160624-0851.log => moved successfully
C:\Windows\Temp\JOHN-20160624-1734.log => moved successfully
C:\Windows\Temp\JOHN-20160624-1804.log => moved successfully
C:\Windows\Temp\JOHN-20160624-1834.log => moved successfully
C:\Windows\Temp\JOHN-20160625-0716.log => moved successfully
C:\Windows\Temp\JOHN-20160625-0721.log => moved successfully
C:\Windows\Temp\JOHN-20160625-0751.log => moved successfully
C:\Windows\Temp\JOHN-20160625-0821.log => moved successfully
C:\Windows\Temp\JOHN-20160625-1927.log => moved successfully
C:\Windows\Temp\JOHN-20160625-1957.log => moved successfully
C:\Windows\Temp\JOHN-20160625-2027.log => moved successfully
C:\Windows\Temp\JOHN-20160626-0729.log => moved successfully
C:\Windows\Temp\JOHN-20160626-0729a.log => moved successfully
C:\Windows\Temp\JOHN-20160626-0734.log => moved successfully
C:\Windows\Temp\JOHN-20160626-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160626-0834.log => moved successfully
C:\Windows\Temp\JOHN-20160626-2022.log => moved successfully
C:\Windows\Temp\JOHN-20160626-2052.log => moved successfully
C:\Windows\Temp\JOHN-20160626-2122.log => moved successfully
C:\Windows\Temp\JOHN-20160626-2242.log => moved successfully
C:\Windows\Temp\JOHN-20160627-0703.log => moved successfully
C:\Windows\Temp\JOHN-20160627-0708.log => moved successfully
C:\Windows\Temp\JOHN-20160627-0723.log => moved successfully
C:\Windows\Temp\JOHN-20160627-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160627-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160628-0731.log => moved successfully
C:\Windows\Temp\JOHN-20160628-0731a.log => moved successfully
C:\Windows\Temp\JOHN-20160628-0736.log => moved successfully
C:\Windows\Temp\JOHN-20160628-0806.log => moved successfully
C:\Windows\Temp\JOHN-20160628-0836.log => moved successfully
C:\Windows\Temp\JOHN-20160628-1519.log => moved successfully
C:\Windows\Temp\JOHN-20160628-1549.log => moved successfully
C:\Windows\Temp\JOHN-20160628-1619.log => moved successfully
C:\Windows\Temp\JOHN-20160629-0732.log => moved successfully
C:\Windows\Temp\JOHN-20160629-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160629-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160629-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160629-2054.log => moved successfully
C:\Windows\Temp\JOHN-20160629-2124.log => moved successfully
C:\Windows\Temp\JOHN-20160629-2154.log => moved successfully
C:\Windows\Temp\JOHN-20160630-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160630-0819.log => moved successfully
C:\Windows\Temp\JOHN-20160630-0849.log => moved successfully
C:\Windows\Temp\JOHN-20160630-0919.log => moved successfully
C:\Windows\Temp\JOHN-20160701-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160701-0807a.log => moved successfully
C:\Windows\Temp\JOHN-20160701-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160701-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160701-0912.log => moved successfully
C:\Windows\Temp\JOHN-20160702-0833.log => moved successfully
C:\Windows\Temp\JOHN-20160702-1923.log => moved successfully
C:\Windows\Temp\JOHN-20160702-1953.log => moved successfully
C:\Windows\Temp\JOHN-20160702-2023.log => moved successfully
C:\Windows\Temp\JOHN-20160703-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160703-0800a.log => moved successfully
C:\Windows\Temp\JOHN-20160703-0806.log => moved successfully
C:\Windows\Temp\JOHN-20160703-0836.log => moved successfully
C:\Windows\Temp\JOHN-20160703-0906.log => moved successfully
C:\Windows\Temp\JOHN-20160703-1456.log => moved successfully
C:\Windows\Temp\JOHN-20160703-1841.log => moved successfully
C:\Windows\Temp\JOHN-20160703-1855.log => moved successfully
C:\Windows\Temp\JOHN-20160703-1911.log => moved successfully
C:\Windows\Temp\JOHN-20160703-1941.log => moved successfully
C:\Windows\Temp\JOHN-20160704-0718.log => moved successfully
C:\Windows\Temp\JOHN-20160704-0723.log => moved successfully
C:\Windows\Temp\JOHN-20160704-0753.log => moved successfully
C:\Windows\Temp\JOHN-20160704-0823.log => moved successfully
C:\Windows\Temp\JOHN-20160704-1559.log => moved successfully
C:\Windows\Temp\JOHN-20160704-1629.log => moved successfully
C:\Windows\Temp\JOHN-20160704-1659.log => moved successfully
C:\Windows\Temp\JOHN-20160704-2005.log => moved successfully
C:\Windows\Temp\JOHN-20160704-2035.log => moved successfully
C:\Windows\Temp\JOHN-20160704-2105.log => moved successfully
C:\Windows\Temp\JOHN-20160705-0734.log => moved successfully
C:\Windows\Temp\JOHN-20160705-0734a.log => moved successfully
C:\Windows\Temp\JOHN-20160705-0739.log => moved successfully
C:\Windows\Temp\JOHN-20160705-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160705-0839.log => moved successfully
C:\Windows\Temp\JOHN-20160706-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160706-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160706-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160706-0908.log => moved successfully
C:\Windows\Temp\JOHN-20160707-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160707-0731.log => moved successfully
C:\Windows\Temp\JOHN-20160707-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160707-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160708-0750.log => moved successfully
C:\Windows\Temp\JOHN-20160708-0750a.log => moved successfully
C:\Windows\Temp\JOHN-20160708-0755.log => moved successfully
C:\Windows\Temp\JOHN-20160708-0825.log => moved successfully
C:\Windows\Temp\JOHN-20160708-0855.log => moved successfully
C:\Windows\Temp\JOHN-20160709-0658.log => moved successfully
C:\Windows\Temp\JOHN-20160709-0728.log => moved successfully
C:\Windows\Temp\JOHN-20160709-0758.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0726a.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0731.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0917.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0932.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0934.log => moved successfully
C:\Windows\Temp\JOHN-20160710-0945.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1000.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1030.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1100.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1118.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1133.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1203.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1233.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1648.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1703.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1733.log => moved successfully
C:\Windows\Temp\JOHN-20160710-1803.log => moved successfully
C:\Windows\Temp\JOHN-20160710-2059.log => moved successfully
C:\Windows\Temp\JOHN-20160710-2129.log => moved successfully
C:\Windows\Temp\JOHN-20160710-2159.log => moved successfully
C:\Windows\Temp\JOHN-20160711-0930.log => moved successfully
C:\Windows\Temp\JOHN-20160711-0935.log => moved successfully
C:\Windows\Temp\JOHN-20160711-1005.log => moved successfully
C:\Windows\Temp\JOHN-20160711-1035.log => moved successfully
C:\Windows\Temp\JOHN-20160712-0711.log => moved successfully
C:\Windows\Temp\JOHN-20160712-0711a.log => moved successfully
C:\Windows\Temp\JOHN-20160712-0716.log => moved successfully
C:\Windows\Temp\JOHN-20160712-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160712-0816.log => moved successfully
C:\Windows\Temp\JOHN-20160713-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160713-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160713-0837.log => moved successfully
C:\Windows\Temp\JOHN-20160713-1112.log => moved successfully
C:\Windows\Temp\JOHN-20160713-1127.log => moved successfully
C:\Windows\Temp\JOHN-20160713-1142.log => moved successfully
C:\Windows\Temp\JOHN-20160713-1157.log => moved successfully
C:\Windows\Temp\JOHN-20160713-1212.log => moved successfully
C:\Windows\Temp\JOHN-20160714-0704.log => moved successfully
C:\Windows\Temp\JOHN-20160714-0709.log => moved successfully
C:\Windows\Temp\JOHN-20160714-0739.log => moved successfully
C:\Windows\Temp\JOHN-20160714-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160715-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160715-0724a.log => moved successfully
C:\Windows\Temp\JOHN-20160715-0729.log => moved successfully
C:\Windows\Temp\JOHN-20160715-0759.log => moved successfully
C:\Windows\Temp\JOHN-20160715-0829.log => moved successfully
C:\Windows\Temp\JOHN-20160716-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160716-0816.log => moved successfully
C:\Windows\Temp\JOHN-20160716-0846.log => moved successfully
C:\Windows\Temp\JOHN-20160717-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160717-0814a.log => moved successfully
C:\Windows\Temp\JOHN-20160717-0819.log => moved successfully
C:\Windows\Temp\JOHN-20160717-0849.log => moved successfully
C:\Windows\Temp\JOHN-20160717-0919.log => moved successfully
C:\Windows\Temp\JOHN-20160718-0755.log => moved successfully
C:\Windows\Temp\JOHN-20160718-0825.log => moved successfully
C:\Windows\Temp\JOHN-20160718-0855.log => moved successfully
C:\Windows\Temp\JOHN-20160719-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160719-0722a.log => moved successfully
C:\Windows\Temp\JOHN-20160719-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160719-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160719-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160719-2057.log => moved successfully
C:\Windows\Temp\JOHN-20160720-0740.log => moved successfully
C:\Windows\Temp\JOHN-20160720-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160720-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160720-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160720-0845.log => moved successfully
C:\Windows\Temp\JOHN-20160720-2055.log => moved successfully
C:\Windows\Temp\JOHN-20160720-2125.log => moved successfully
C:\Windows\Temp\JOHN-20160720-2155.log => moved successfully
C:\Windows\Temp\JOHN-20160721-0702.log => moved successfully
C:\Windows\Temp\JOHN-20160721-0707.log => moved successfully
C:\Windows\Temp\JOHN-20160721-0737.log => moved successfully
C:\Windows\Temp\JOHN-20160721-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160722-0659.log => moved successfully
C:\Windows\Temp\JOHN-20160722-0659a.log => moved successfully
C:\Windows\Temp\JOHN-20160722-0704.log => moved successfully
C:\Windows\Temp\JOHN-20160722-0734.log => moved successfully
C:\Windows\Temp\JOHN-20160722-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160722-1724.log => moved successfully
C:\Windows\Temp\JOHN-20160722-1754.log => moved successfully
C:\Windows\Temp\JOHN-20160722-1824.log => moved successfully
C:\Windows\Temp\JOHN-20160723-1041.log => moved successfully
C:\Windows\Temp\JOHN-20160723-1056.log => moved successfully
C:\Windows\Temp\JOHN-20160723-1111.log => moved successfully
C:\Windows\Temp\JOHN-20160723-1126.log => moved successfully
C:\Windows\Temp\JOHN-20160723-1141.log => moved successfully
C:\Windows\Temp\JOHN-20160723-1156.log => moved successfully
C:\Windows\Temp\JOHN-20160724-0736.log => moved successfully
C:\Windows\Temp\JOHN-20160724-0806.log => moved successfully
C:\Windows\Temp\JOHN-20160724-0836.log => moved successfully
C:\Windows\Temp\JOHN-20160724-1517.log => moved successfully
C:\Windows\Temp\JOHN-20160724-1527.log => moved successfully
C:\Windows\Temp\JOHN-20160724-1532.log => moved successfully
C:\Windows\Temp\JOHN-20160724-1602.log => moved successfully
C:\Windows\Temp\JOHN-20160724-1632.log => moved successfully
C:\Windows\Temp\JOHN-20160725-0705.log => moved successfully
C:\Windows\Temp\JOHN-20160726-0754.log => moved successfully
C:\Windows\Temp\JOHN-20160726-0754a.log => moved successfully
C:\Windows\Temp\JOHN-20160726-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160726-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160726-0900.log => moved successfully
C:\Windows\Temp\JOHN-20160727-0733.log => moved successfully
C:\Windows\Temp\JOHN-20160727-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160727-0744.log => moved successfully
C:\Windows\Temp\JOHN-20160727-0744a.log => moved successfully
C:\Windows\Temp\JOHN-20160728-0735.log => moved successfully
C:\Windows\Temp\JOHN-20160728-0741.log => moved successfully
C:\Windows\Temp\JOHN-20160728-0811.log => moved successfully
C:\Windows\Temp\JOHN-20160728-0841.log => moved successfully
C:\Windows\Temp\JOHN-20160729-0723.log => moved successfully
C:\Windows\Temp\JOHN-20160729-0723a.log => moved successfully
C:\Windows\Temp\JOHN-20160729-0728.log => moved successfully
C:\Windows\Temp\JOHN-20160729-0758.log => moved successfully
C:\Windows\Temp\JOHN-20160729-0828.log => moved successfully
C:\Windows\Temp\JOHN-20160730-0725.log => moved successfully
C:\Windows\Temp\JOHN-20160730-0730.log => moved successfully
C:\Windows\Temp\JOHN-20160730-0800.log => moved successfully
C:\Windows\Temp\JOHN-20160730-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160731-0740.log => moved successfully
C:\Windows\Temp\JOHN-20160731-0740a.log => moved successfully
C:\Windows\Temp\JOHN-20160731-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160731-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160731-0845.log => moved successfully
C:\Windows\Temp\JOHN-20160731-1607.log => moved successfully
C:\Windows\Temp\JOHN-20160731-1622.log => moved successfully
C:\Windows\Temp\JOHN-20160731-1652.log => moved successfully
C:\Windows\Temp\JOHN-20160731-1722.log => moved successfully
C:\Windows\Temp\JOHN-20160801-0706.log => moved successfully
C:\Windows\Temp\JOHN-20160801-0721.log => moved successfully
C:\Windows\Temp\JOHN-20160801-0751.log => moved successfully
C:\Windows\Temp\JOHN-20160801-0821.log => moved successfully
C:\Windows\Temp\JOHN-20160801-1048.log => moved successfully
C:\Windows\Temp\JOHN-20160801-1053.log => moved successfully
C:\Windows\Temp\JOHN-20160801-1123.log => moved successfully
C:\Windows\Temp\JOHN-20160801-1153.log => moved successfully
C:\Windows\Temp\JOHN-20160802-0719.log => moved successfully
C:\Windows\Temp\JOHN-20160802-0720.log => moved successfully
C:\Windows\Temp\JOHN-20160802-0725.log => moved successfully
C:\Windows\Temp\JOHN-20160802-0755.log => moved successfully
C:\Windows\Temp\JOHN-20160802-0825.log => moved successfully
C:\Windows\Temp\JOHN-20160803-0722.log => moved successfully
C:\Windows\Temp\JOHN-20160803-0727.log => moved successfully
C:\Windows\Temp\JOHN-20160803-0757.log => moved successfully
C:\Windows\Temp\JOHN-20160803-0827.log => moved successfully
C:\Windows\Temp\JOHN-20160811-0930.log => moved successfully
C:\Windows\Temp\JOHN-20160811-0930a.log => moved successfully
C:\Windows\Temp\JOHN-20160811-0935.log => moved successfully
C:\Windows\Temp\JOHN-20160811-0939.log => moved successfully
C:\Windows\Temp\JOHN-20160811-0955.log => moved successfully
C:\Windows\Temp\JOHN-20160811-1025.log => moved successfully
C:\Windows\Temp\JOHN-20160811-1055.log => moved successfully
C:\Windows\Temp\JOHN-20160812-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160812-0746a.log => moved successfully
C:\Windows\Temp\JOHN-20160812-0752.log => moved successfully
C:\Windows\Temp\JOHN-20160812-0822.log => moved successfully
C:\Windows\Temp\JOHN-20160812-0852.log => moved successfully
C:\Windows\Temp\JOHN-20160812-1406.log => moved successfully
C:\Windows\Temp\JOHN-20160812-1436.log => moved successfully
C:\Windows\Temp\JOHN-20160812-1506.log => moved successfully
C:\Windows\Temp\JOHN-20160813-0843.log => moved successfully
C:\Windows\Temp\JOHN-20160813-0848.log => moved successfully
C:\Windows\Temp\JOHN-20160813-0918.log => moved successfully
C:\Windows\Temp\JOHN-20160813-0948.log => moved successfully
C:\Windows\Temp\JOHN-20160813-1708.log => moved successfully
C:\Windows\Temp\JOHN-20160813-1738.log => moved successfully
C:\Windows\Temp\JOHN-20160813-1808.log => moved successfully
C:\Windows\Temp\JOHN-20160814-0830.log => moved successfully
C:\Windows\Temp\JOHN-20160814-0830a.log => moved successfully
C:\Windows\Temp\JOHN-20160814-0835.log => moved successfully
C:\Windows\Temp\JOHN-20160814-0905.log => moved successfully
C:\Windows\Temp\JOHN-20160814-0935.log => moved successfully
C:\Windows\Temp\JOHN-20160815-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160815-0731.log => moved successfully
C:\Windows\Temp\JOHN-20160815-0801.log => moved successfully
C:\Windows\Temp\JOHN-20160815-0831.log => moved successfully
C:\Windows\Temp\JOHN-20160816-1445.log => moved successfully
C:\Windows\Temp\JOHN-20160816-1445a.log => moved successfully
C:\Windows\Temp\JOHN-20160816-1450.log => moved successfully
C:\Windows\Temp\JOHN-20160816-1520.log => moved successfully
C:\Windows\Temp\JOHN-20160816-1550.log => moved successfully
C:\Windows\Temp\JOHN-20160817-0721.log => moved successfully
C:\Windows\Temp\JOHN-20160817-0726.log => moved successfully
C:\Windows\Temp\JOHN-20160817-0732.log => moved successfully
C:\Windows\Temp\JOHN-20160817-0732a.log => moved successfully
C:\Windows\Temp\JOHN-20160817-2335.log => moved successfully
C:\Windows\Temp\JOHN-20160817-2351.log => moved successfully
C:\Windows\Temp\JOHN-20160818-0754.log => moved successfully
C:\Windows\Temp\JOHN-20160818-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160818-0809.log => moved successfully
C:\Windows\Temp\JOHN-20160818-0839.log => moved successfully
C:\Windows\Temp\JOHN-20160818-0909.log => moved successfully
C:\Windows\Temp\JOHN-20160819-0835.log => moved successfully
C:\Windows\Temp\JOHN-20160819-0835a.log => moved successfully
C:\Windows\Temp\JOHN-20160819-0841.log => moved successfully
C:\Windows\Temp\JOHN-20160819-0911.log => moved successfully
C:\Windows\Temp\JOHN-20160819-0941.log => moved successfully
C:\Windows\Temp\JOHN-20160820-0733.log => moved successfully
C:\Windows\Temp\JOHN-20160820-0917.log => moved successfully
C:\Windows\Temp\JOHN-20160820-0927.log => moved successfully
C:\Windows\Temp\JOHN-20160820-0933.log => moved successfully
C:\Windows\Temp\JOHN-20160820-1003.log => moved successfully
C:\Windows\Temp\JOHN-20160820-1033.log => moved successfully
C:\Windows\Temp\JOHN-20160821-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160821-0802a.log => moved successfully
C:\Windows\Temp\JOHN-20160821-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160821-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160821-0908.log => moved successfully
C:\Windows\Temp\JOHN-20160822-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160822-0812.log => moved successfully
C:\Windows\Temp\JOHN-20160822-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160822-0912.log => moved successfully
C:\Windows\Temp\JOHN-20160823-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160823-0804a.log => moved successfully
C:\Windows\Temp\JOHN-20160823-0810.log => moved successfully
C:\Windows\Temp\JOHN-20160823-0840.log => moved successfully
C:\Windows\Temp\JOHN-20160823-0910.log => moved successfully
C:\Windows\Temp\JOHN-20160824-0739.log => moved successfully
C:\Windows\Temp\JOHN-20160824-0744.log => moved successfully
C:\Windows\Temp\JOHN-20160824-0815.log => moved successfully
C:\Windows\Temp\JOHN-20160824-0852.log => moved successfully
C:\Windows\Temp\JOHN-20160824-0907.log => moved successfully
C:\Windows\Temp\JOHN-20160824-0937.log => moved successfully
C:\Windows\Temp\JOHN-20160824-1007.log => moved successfully
C:\Windows\Temp\JOHN-20160824-1642.log => moved successfully
C:\Windows\Temp\JOHN-20160824-1712.log => moved successfully
C:\Windows\Temp\JOHN-20160824-1742.log => moved successfully
C:\Windows\Temp\JOHN-20160825-0932.log => moved successfully
C:\Windows\Temp\JOHN-20160825-0937.log => moved successfully
C:\Windows\Temp\JOHN-20160825-1007.log => moved successfully
C:\Windows\Temp\JOHN-20160825-1037.log => moved successfully
C:\Windows\Temp\JOHN-20160826-0629.log => moved successfully
C:\Windows\Temp\JOHN-20160826-0629a.log => moved successfully
C:\Windows\Temp\JOHN-20160826-0634.log => moved successfully
C:\Windows\Temp\JOHN-20160826-0704.log => moved successfully
C:\Windows\Temp\JOHN-20160902-1830.log => moved successfully
C:\Windows\Temp\JOHN-20160902-1830a.log => moved successfully
C:\Windows\Temp\JOHN-20160902-1835.log => moved successfully
C:\Windows\Temp\JOHN-20160902-1850.log => moved successfully
C:\Windows\Temp\JOHN-20160902-1905.log => moved successfully
C:\Windows\Temp\JOHN-20160902-1935.log => moved successfully
C:\Windows\Temp\JOHN-20160903-0701.log => moved successfully
C:\Windows\Temp\JOHN-20160903-0707.log => moved successfully
C:\Windows\Temp\JOHN-20160903-0737.log => moved successfully
C:\Windows\Temp\JOHN-20160903-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160904-0719.log => moved successfully
C:\Windows\Temp\JOHN-20160904-0719a.log => moved successfully
C:\Windows\Temp\JOHN-20160904-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160904-0754.log => moved successfully
C:\Windows\Temp\JOHN-20160904-0824.log => moved successfully
C:\Windows\Temp\JOHN-20160905-0744.log => moved successfully
C:\Windows\Temp\JOHN-20160905-0750.log => moved successfully
C:\Windows\Temp\JOHN-20160905-0820.log => moved successfully
C:\Windows\Temp\JOHN-20160905-0850.log => moved successfully
C:\Windows\Temp\JOHN-20160905-1233.log => moved successfully
C:\Windows\Temp\JOHN-20160905-1244.log => moved successfully
C:\Windows\Temp\JOHN-20160905-1259.log => moved successfully
C:\Windows\Temp\JOHN-20160905-1329.log => moved successfully
C:\Windows\Temp\JOHN-20160905-1359.log => moved successfully
C:\Windows\Temp\JOHN-20160906-0748.log => moved successfully
C:\Windows\Temp\JOHN-20160906-0758.log => moved successfully
C:\Windows\Temp\JOHN-20160906-0758a.log => moved successfully
C:\Windows\Temp\JOHN-20160906-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160906-0834.log => moved successfully
C:\Windows\Temp\JOHN-20160906-0904.log => moved successfully
C:\Windows\Temp\JOHN-20160907-0746.log => moved successfully
C:\Windows\Temp\JOHN-20160907-0752.log => moved successfully
C:\Windows\Temp\JOHN-20160907-0822.log => moved successfully
C:\Windows\Temp\JOHN-20160907-0852.log => moved successfully
C:\Windows\Temp\JOHN-20160908-0828.log => moved successfully
C:\Windows\Temp\JOHN-20160908-0833.log => moved successfully
C:\Windows\Temp\JOHN-20160908-0903.log => moved successfully
C:\Windows\Temp\JOHN-20160908-0933.log => moved successfully
C:\Windows\Temp\JOHN-20160908-1144.log => moved successfully
C:\Windows\Temp\JOHN-20160908-1214.log => moved successfully
C:\Windows\Temp\JOHN-20160908-1244.log => moved successfully
C:\Windows\Temp\JOHN-20160909-0750.log => moved successfully
C:\Windows\Temp\JOHN-20160909-0750a.log => moved successfully
C:\Windows\Temp\JOHN-20160909-0756.log => moved successfully
C:\Windows\Temp\JOHN-20160909-0826.log => moved successfully
C:\Windows\Temp\JOHN-20160909-0856.log => moved successfully
C:\Windows\Temp\JOHN-20160910-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160910-0808.log => moved successfully
C:\Windows\Temp\JOHN-20160910-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160910-0908.log => moved successfully
C:\Windows\Temp\JOHN-20160910-1711.log => moved successfully
C:\Windows\Temp\JOHN-20160910-1741.log => moved successfully
C:\Windows\Temp\JOHN-20160910-2159.log => moved successfully
C:\Windows\Temp\JOHN-20160910-2214.log => moved successfully
C:\Windows\Temp\JOHN-20160911-1949.log => moved successfully
C:\Windows\Temp\JOHN-20160911-1959.log => moved successfully
C:\Windows\Temp\JOHN-20160911-1959a.log => moved successfully
C:\Windows\Temp\JOHN-20160911-2004.log => moved successfully
C:\Windows\Temp\JOHN-20160911-2019.log => moved successfully
C:\Windows\Temp\JOHN-20160911-2034.log => moved successfully
C:\Windows\Temp\JOHN-20160911-2104.log => moved successfully
C:\Windows\Temp\JOHN-20160912-0918.log => moved successfully
C:\Windows\Temp\JOHN-20160912-0924.log => moved successfully
C:\Windows\Temp\JOHN-20160912-0954.log => moved successfully
C:\Windows\Temp\JOHN-20160912-1024.log => moved successfully
C:\Windows\Temp\JOHN-20160912-1400.log => moved successfully
C:\Windows\Temp\JOHN-20160912-1430.log => moved successfully
C:\Windows\Temp\JOHN-20160912-1500.log => moved successfully
C:\Windows\Temp\JOHN-20160913-0802.log => moved successfully
C:\Windows\Temp\JOHN-20160913-0802a.log => moved successfully
C:\Windows\Temp\JOHN-20160913-0807.log => moved successfully
C:\Windows\Temp\JOHN-20160913-1112.log => moved successfully
C:\Windows\Temp\JOHN-20160913-1128.log => moved successfully
C:\Windows\Temp\JOHN-20160913-1142.log => moved successfully
C:\Windows\Temp\JOHN-20160913-1158.log => moved successfully
C:\Windows\Temp\JOHN-20160913-1228.log => moved successfully
C:\Windows\Temp\JOHN-20160913-2152.log => moved successfully
C:\Windows\Temp\JOHN-20160913-2222.log => moved successfully
C:\Windows\Temp\JOHN-20160913-2252.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1012.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1018.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1048.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1118.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1337.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1723.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1738.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1753.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1808.log => moved successfully
C:\Windows\Temp\JOHN-20160914-1823.log => moved successfully
C:\Windows\Temp\JOHN-20160915-0729.log => moved successfully
C:\Windows\Temp\JOHN-20160915-0734.log => moved successfully
C:\Windows\Temp\JOHN-20160915-0804.log => moved successfully
C:\Windows\Temp\JOHN-20160915-0834.log => moved successfully
C:\Windows\Temp\JOHN-20160915-1559.log => moved successfully
C:\Windows\Temp\JOHN-20160915-1629.log => moved successfully
C:\Windows\Temp\JOHN-20160915-1659.log => moved successfully
C:\Windows\Temp\JOHN-20160916-0904.log => moved successfully
C:\Windows\Temp\JOHN-20160916-0904a.log => moved successfully
C:\Windows\Temp\JOHN-20160916-0909.log => moved successfully
C:\Windows\Temp\JOHN-20160916-0939.log => moved successfully
C:\Windows\Temp\JOHN-20160916-1009.log => moved successfully
C:\Windows\Temp\JOHN-20160916-1746.log => moved successfully
C:\Windows\Temp\JOHN-20160916-1816.log => moved successfully
C:\Windows\Temp\JOHN-20160916-1846.log => moved successfully
C:\Windows\Temp\JOHN-20160917-0758.log => moved successfully
C:\Windows\Temp\JOHN-20160917-0803.log => moved successfully
C:\Windows\Temp\JOHN-20160917-0833.log => moved successfully
C:\Windows\Temp\JOHN-20160917-0903.log => moved successfully
C:\Windows\Temp\JOHN-20160918-0718.log => moved successfully
C:\Windows\Temp\JOHN-20160918-0718a.log => moved successfully
C:\Windows\Temp\JOHN-20160918-0724.log => moved successfully
C:\Windows\Temp\JOHN-20160918-0754.log => moved successfully
C:\Windows\Temp\JOHN-20160918-0824.log => moved successfully
C:\Windows\Temp\JOHN-20160919-0747.log => moved successfully
C:\Windows\Temp\JOHN-20160919-0752.log => moved successfully
C:\Windows\Temp\JOHN-20160919-0822.log => moved successfully
C:\Windows\Temp\JOHN-20160919-0852.log => moved successfully
C:\Windows\Temp\JOHN-20160919-1209.log => moved successfully
C:\Windows\Temp\JOHN-20160919-1239.log => moved successfully
C:\Windows\Temp\JOHN-20160919-1309.log => moved successfully
C:\Windows\Temp\JOHN-20160919-1611.log => moved successfully
C:\Windows\Temp\JOHN-20160919-1641.log => moved successfully
C:\Windows\Temp\JOHN-20160919-1711.log => moved successfully
C:\Windows\Temp\JOHN-20160920-0740.log => moved successfully
C:\Windows\Temp\JOHN-20160920-0740a.log => moved successfully
C:\Windows\Temp\JOHN-20160920-0745.log => moved successfully
C:\Windows\Temp\JOHN-20160920-0745a.log => moved successfully
C:\Windows\Temp\JOHN-20160920-0745b.log => moved successfully
C:\Windows\Temp\JOHN-20160922-0742.log => moved successfully
C:\Windows\Temp\JOHN-20160922-0747.log => moved successfully
C:\Windows\Temp\JOHN-20160922-0817.log => moved successfully
C:\Windows\Temp\JOHN-20160922-0847.log => moved successfully
C:\Windows\Temp\JOHN-20160922-1431.log => moved successfully
C:\Windows\Temp\JOHN-20160922-1456.log => moved successfully
C:\Windows\Temp\JOHN-20160922-1501.log => moved successfully
C:\Windows\Temp\JOHN-20160922-1526.log => moved successfully
C:\Windows\Temp\JOHN-20160922-1531.log => moved successfully
C:\Windows\Temp\JOHN-20160922-1556.log => moved successfully
C:\Windows\Temp\JOHN-20160923-0806.log => moved successfully
C:\Windows\Temp\JOHN-20160923-0806a.log => moved successfully
C:\Windows\Temp\JOHN-20160923-0811.log => moved successfully
C:\Windows\Temp\JOHN-20160923-0841.log => moved successfully
C:\Windows\Temp\JOHN-20160923-0911.log => moved successfully
C:\Windows\Temp\JOHN-20160923-1355.log => moved successfully
C:\Windows\Temp\JOHN-20160923-1656.log => moved successfully
C:\Windows\Temp\JOHN-20160923-1712.log => moved successfully
C:\Windows\Temp\JOHN-20160923-1742.log => moved successfully
C:\Windows\Temp\JOHN-20160923-1812.log => moved successfully
C:\Windows\Temp\JOHN-20160924-0819.log => moved successfully
C:\Windows\Temp\JOHN-20160924-0829.log => moved successfully
C:\Windows\Temp\JOHN-20160924-0834.log => moved successfully
C:\Windows\Temp\JOHN-20160924-0904.log => moved successfully
C:\Windows\Temp\JOHN-20160924-0934.log => moved successfully
C:\Windows\Temp\JOHN-20160925-0803.log => moved successfully
C:\Windows\Temp\JOHN-20160925-0813.log => moved successfully
C:\Windows\Temp\JOHN-20160925-0814.log => moved successfully
C:\Windows\Temp\JOHN-20160925-0850.log => moved successfully
C:\Windows\Temp\JOHN-20160925-0905.log => moved successfully
C:\Windows\Temp\JOHN-20160925-0935.log => moved successfully
C:\Windows\Temp\JOHN-20160925-1005.log => moved successfully
C:\Windows\Temp\JOHN-20160925-1611.log => moved successfully
C:\Windows\Temp\JOHN-20160925-1626.log => moved successfully
C:\Windows\Temp\JOHN-20160925-1656.log => moved successfully
C:\Windows\Temp\JOHN-20160925-1726.log => moved successfully
C:\Windows\Temp\JOHN-20160926-0858.log => moved successfully
C:\Windows\Temp\JOHN-20160926-0903.log => moved successfully
C:\Windows\Temp\JOHN-20160926-1344.log => moved successfully
C:\Windows\Temp\JOHN-20160926-1358.log => moved successfully
C:\Windows\Temp\JOHN-20160926-1414.log => moved successfully
C:\Windows\Temp\JOHN-20160926-1444.log => moved successfully
C:\Windows\Temp\JOHN-20160927-0738.log => moved successfully
C:\Windows\Temp\JOHN-20160927-0738a.log => moved successfully
C:\Windows\Temp\JOHN-20160927-0743.log => moved successfully
C:\Windows\Temp\JOHN-20160927-0813.log => moved successfully
C:\Windows\Temp\JOHN-20160927-0843.log => moved successfully
C:\Windows\Temp\JOHN-20160927-1904.log => moved successfully
C:\Windows\Temp\JOHN-20160927-1934.log => moved successfully
C:\Windows\Temp\JOHN-20160927-2004.log => moved successfully
C:\Windows\Temp\JOHN-20160928-0832.log => moved successfully
C:\Windows\Temp\JOHN-20160928-0838.log => moved successfully
C:\Windows\Temp\JOHN-20160928-0908.log => moved successfully
C:\Windows\Temp\JOHN-20160928-0938.log => moved successfully
C:\Windows\Temp\JOHN-20160929-0842.log => moved successfully
C:\Windows\Temp\JOHN-20160929-0847.log => moved successfully
C:\Windows\Temp\JOHN-20160929-0917.log => moved successfully
C:\Windows\Temp\JOHN-20160929-0947.log => moved successfully
C:\Windows\Temp\JOHN-20160929-1704.log => moved successfully
C:\Windows\Temp\JOHN-20160929-1734.log => moved successfully
C:\Windows\Temp\JOHN-20160929-1804.log => moved successfully
C:\Windows\Temp\JOHN-20160929-1912.log => moved successfully
C:\Windows\Temp\JOHN-20160929-1942.log => moved successfully
C:\Windows\Temp\JOHN-20160929-2012.log => moved successfully
C:\Windows\Temp\JOHN-20160930-0950.log => moved successfully
C:\Windows\Temp\JOHN-20160930-0950a.log => moved successfully
C:\Windows\Temp\JOHN-20160930-0955.log => moved successfully
C:\Windows\Temp\JOHN-20160930-1025.log => moved successfully
C:\Windows\Temp\JOHN-20160930-1055.log => moved successfully
C:\Windows\Temp\JOHN-20160930-1621.log => moved successfully
C:\Windows\Temp\JOHN-20160930-1651.log => moved successfully
C:\Windows\Temp\JOHN-20160930-1721.log => moved successfully
C:\Windows\Temp\JOHN-20161001-0851.log => moved successfully
C:\Windows\Temp\JOHN-20161001-0906.log => moved successfully
C:\Windows\Temp\JOHN-20161001-0936.log => moved successfully
C:\Windows\Temp\JOHN-20161001-1006.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1007.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1017.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1017a.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1023.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1053.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1155.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1210.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1556.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1611.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1626.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1641.log => moved successfully
C:\Windows\Temp\JOHN-20161002-1711.log => moved successfully
C:\Windows\Temp\JOHN-20161003-1920.log => moved successfully
C:\Windows\Temp\JOHN-20161003-1925.log => moved successfully
C:\Windows\Temp\JOHN-20161003-1955.log => moved successfully
C:\Windows\Temp\JOHN-20161003-2025.log => moved successfully
C:\Windows\Temp\JOHN-20161004-0905.log => moved successfully
C:\Windows\Temp\JOHN-20161004-0905a.log => moved successfully
C:\Windows\Temp\JOHN-20161004-0911.log => moved successfully
C:\Windows\Temp\JOHN-20161004-0941.log => moved successfully
C:\Windows\Temp\JOHN-20161004-1011.log => moved successfully
C:\Windows\Temp\JOHN-20161004-1235.log => moved successfully
C:\Windows\Temp\JOHN-20161004-1305.log => moved successfully
C:\Windows\Temp\JOHN-20161004-1335.log => moved successfully
C:\Windows\Temp\JOHN-20161005-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161005-0847.log => moved successfully
C:\Windows\Temp\JOHN-20161005-0917.log => moved successfully
C:\Windows\Temp\JOHN-20161005-0947.log => moved successfully
C:\Windows\Temp\JOHN-20161005-1707.log => moved successfully
C:\Windows\Temp\JOHN-20161005-1737.log => moved successfully
C:\Windows\Temp\JOHN-20161005-1807.log => moved successfully
C:\Windows\Temp\JOHN-20161006-0806.log => moved successfully
C:\Windows\Temp\JOHN-20161006-0811.log => moved successfully
C:\Windows\Temp\JOHN-20161006-0841.log => moved successfully
C:\Windows\Temp\JOHN-20161006-0911.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0720.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0720a.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0725.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0740.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0755.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0810.log => moved successfully
C:\Windows\Temp\JOHN-20161007-0825.log => moved successfully
C:\Windows\Temp\JOHN-20161008-2038.log => moved successfully
C:\Windows\Temp\JOHN-20161008-2043.log => moved successfully
C:\Windows\Temp\JOHN-20161008-2113.log => moved successfully
C:\Windows\Temp\JOHN-20161008-2143.log => moved successfully
C:\Windows\Temp\JOHN-20161009-0905.log => moved successfully
C:\Windows\Temp\JOHN-20161009-0905a.log => moved successfully
C:\Windows\Temp\JOHN-20161009-0911.log => moved successfully
C:\Windows\Temp\JOHN-20161009-0941.log => moved successfully
C:\Windows\Temp\JOHN-20161009-1011.log => moved successfully
C:\Windows\Temp\JOHN-20161009-1627.log => moved successfully
C:\Windows\Temp\JOHN-20161009-1657.log => moved successfully
C:\Windows\Temp\JOHN-20161009-1727.log => moved successfully
C:\Windows\Temp\JOHN-20161009-2126.log => moved successfully
C:\Windows\Temp\JOHN-20161009-2156.log => moved successfully
C:\Windows\Temp\JOHN-20161010-0829.log => moved successfully
C:\Windows\Temp\JOHN-20161010-0834.log => moved successfully
C:\Windows\Temp\JOHN-20161010-0849.log => moved successfully
C:\Windows\Temp\JOHN-20161010-0904.log => moved successfully
C:\Windows\Temp\JOHN-20161010-0934.log => moved successfully
C:\Windows\Temp\JOHN-20161010-1646.log => moved successfully
C:\Windows\Temp\JOHN-20161010-1716.log => moved successfully
C:\Windows\Temp\JOHN-20161010-1746.log => moved successfully
C:\Windows\Temp\JOHN-20161011-0846.log => moved successfully
C:\Windows\Temp\JOHN-20161011-0846a.log => moved successfully
C:\Windows\Temp\JOHN-20161011-0852.log => moved successfully
C:\Windows\Temp\JOHN-20161011-0922.log => moved successfully
C:\Windows\Temp\JOHN-20161011-0952.log => moved successfully
C:\Windows\Temp\JOHN-20161011-1450.log => moved successfully
C:\Windows\Temp\JOHN-20161011-1520.log => moved successfully
C:\Windows\Temp\JOHN-20161011-1550.log => moved successfully
C:\Windows\Temp\JOHN-20161012-0906.log => moved successfully
C:\Windows\Temp\JOHN-20161012-0911.log => moved successfully
C:\Windows\Temp\JOHN-20161012-0941.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1011.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1017.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1032.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1102.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1132.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1638.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1653.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1723.log => moved successfully
C:\Windows\Temp\JOHN-20161012-1753.log => moved successfully
C:\Windows\Temp\JOHN-20161013-0756.log => moved successfully
C:\Windows\Temp\JOHN-20161013-0801.log => moved successfully
C:\Windows\Temp\JOHN-20161013-1720.log => moved successfully
C:\Windows\Temp\JOHN-20161013-1735.log => moved successfully
C:\Windows\Temp\JOHN-20161013-1750.log => moved successfully
C:\Windows\Temp\JOHN-20161013-1820.log => moved successfully
C:\Windows\Temp\JOHN-20161014-1140.log => moved successfully
C:\Windows\Temp\JOHN-20161014-1150.log => moved successfully
C:\Windows\Temp\JOHN-20161014-1150a.log => moved successfully
C:\Windows\Temp\JOHN-20161014-1156.log => moved successfully
C:\Windows\Temp\JOHN-20161014-1226.log => moved successfully
C:\Windows\Temp\JOHN-20161014-1256.log => moved successfully
C:\Windows\Temp\JOHN-20161015-1125.log => moved successfully
C:\Windows\Temp\JOHN-20161015-1135.log => moved successfully
C:\Windows\Temp\JOHN-20161015-1140.log => moved successfully
C:\Windows\Temp\JOHN-20161015-1210.log => moved successfully
C:\Windows\Temp\JOHN-20161015-1240.log => moved successfully
C:\Windows\Temp\JOHN-20161016-1624.log => moved successfully
C:\Windows\Temp\JOHN-20161016-1624a.log => moved successfully
C:\Windows\Temp\JOHN-20161016-1629.log => moved successfully
C:\Windows\Temp\JOHN-20161016-1659.log => moved successfully
C:\Windows\Temp\JOHN-20161016-1729.log => moved successfully
C:\Windows\Temp\JOHN-20161017-0923.log => moved successfully
C:\Windows\Temp\JOHN-20161017-0928.log => moved successfully
C:\Windows\Temp\JOHN-20161017-0958.log => moved successfully
C:\Windows\Temp\JOHN-20161017-1028.log => moved successfully
C:\Windows\Temp\JOHN-20161018-1000.log => moved successfully
C:\Windows\Temp\JOHN-20161018-1000a.log => moved successfully
C:\Windows\Temp\JOHN-20161018-1004.log => moved successfully
C:\Windows\Temp\JOHN-20161018-1004a.log => moved successfully
C:\Windows\Temp\JOHN-20161019-0855.log => moved successfully
C:\Windows\Temp\JOHN-20161019-0901.log => moved successfully
C:\Windows\Temp\JOHN-20161019-0902.log => moved successfully
C:\Windows\Temp\JOHN-20161019-0902a.log => moved successfully
C:\Windows\Temp\JOHN-20161019-0931.log => moved successfully
C:\Windows\Temp\JOHN-20161019-1001.log => moved successfully
C:\Windows\Temp\JOHN-20161020-0815.log => moved successfully
C:\Windows\Temp\JOHN-20161020-0820.log => moved successfully
C:\Windows\Temp\JOHN-20161020-0850.log => moved successfully
C:\Windows\Temp\JOHN-20161020-0920.log => moved successfully
C:\Windows\Temp\JOHN-20161023-1231.log => moved successfully
C:\Windows\Temp\JOHN-20161023-1231a.log => moved successfully
C:\Windows\Temp\JOHN-20161023-1237.log => moved successfully
C:\Windows\Temp\JOHN-20161023-1307.log => moved successfully
C:\Windows\Temp\JOHN-20161023-1337.log => moved successfully
C:\Windows\Temp\JOHN-20161023-2023.log => moved successfully
C:\Windows\Temp\JOHN-20161023-2053.log => moved successfully
C:\Windows\Temp\JOHN-20161023-2123.log => moved successfully
C:\Windows\Temp\JOHN-20161024-0851.log => moved successfully
C:\Windows\Temp\JOHN-20161024-0856.log => moved successfully
C:\Windows\Temp\JOHN-20161024-0926.log => moved successfully
C:\Windows\Temp\JOHN-20161024-0956.log => moved successfully
C:\Windows\Temp\JOHN-20161025-1033.log => moved successfully
C:\Windows\Temp\JOHN-20161025-1033a.log => moved successfully
C:\Windows\Temp\JOHN-20161025-1039.log => moved successfully
C:\Windows\Temp\JOHN-20161025-1109.log => moved successfully
C:\Windows\Temp\JOHN-20161025-1139.log => moved successfully
C:\Windows\Temp\JOHN-20161026-0932.log => moved successfully
C:\Windows\Temp\JOHN-20161026-0937.log => moved successfully
C:\Windows\Temp\JOHN-20161026-1007.log => moved successfully
C:\Windows\Temp\JOHN-20161026-1037.log => moved successfully
C:\Windows\Temp\JOHN-20161027-0841.log => moved successfully
C:\Windows\Temp\JOHN-20161027-0846.log => moved successfully
C:\Windows\Temp\JOHN-20161027-0916.log => moved successfully
C:\Windows\Temp\JOHN-20161027-0946.log => moved successfully
C:\Windows\Temp\JOHN-20161027-1942.log => moved successfully
C:\Windows\Temp\JOHN-20161027-2012.log => moved successfully
C:\Windows\Temp\JOHN-20161027-2042.log => moved successfully
C:\Windows\Temp\JOHN-20161027-2318.log => moved successfully
C:\Windows\Temp\JOHN-20161028-0823.log => moved successfully
C:\Windows\Temp\JOHN-20161028-0823a.log => moved successfully
C:\Windows\Temp\JOHN-20161028-0828.log => moved successfully
C:\Windows\Temp\JOHN-20161028-0843.log => moved successfully
C:\Windows\Temp\JOHN-20161028-0858.log => moved successfully
C:\Windows\Temp\JOHN-20161028-0928.log => moved successfully
C:\Windows\Temp\JOHN-20161029-0917.log => moved successfully
C:\Windows\Temp\JOHN-20161029-0923.log => moved successfully
C:\Windows\Temp\JOHN-20161029-0953.log => moved successfully
C:\Windows\Temp\JOHN-20161029-1023.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0757.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0757a.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0758.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0758a.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0758b.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0826.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0841.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0911.log => moved successfully
C:\Windows\Temp\JOHN-20161030-0941.log => moved successfully
C:\Windows\Temp\JOHN-20161030-1704.log => moved successfully
C:\Windows\Temp\JOHN-20161030-1706.log => moved successfully
C:\Windows\Temp\JOHN-20161030-1707.log => moved successfully
C:\Windows\Temp\JOHN-20161030-1707a.log => moved successfully
C:\Windows\Temp\JOHN-20161030-1707b.log => moved successfully
C:\Windows\Temp\JOHN-20161030-2034.log => moved successfully
C:\Windows\Temp\JOHN-20161030-2104.log => moved successfully
C:\Windows\Temp\JOHN-20161030-2134.log => moved successfully
C:\Windows\Temp\JOHN-20161031-1104.log => moved successfully
C:\Windows\Temp\JOHN-20161031-1109.log => moved successfully
C:\Windows\Temp\JOHN-20161031-1139.log => moved successfully
C:\Windows\Temp\JOHN-20161031-1209.log => moved successfully
C:\Windows\Temp\JOHN-20161101-0706.log => moved successfully
C:\Windows\Temp\JOHN-20161101-0706a.log => moved successfully
C:\Windows\Temp\JOHN-20161101-0711.log => moved successfully
C:\Windows\Temp\JOHN-20161101-0741.log => moved successfully
C:\Windows\Temp\JOHN-20161101-0811.log => moved successfully
C:\Windows\Temp\JOHN-20161101-2224.log => moved successfully
C:\Windows\Temp\JOHN-20161102-0741.log => moved successfully
C:\Windows\Temp\JOHN-20161102-0746.log => moved successfully
C:\Windows\Temp\JOHN-20161102-0801.log => moved successfully
C:\Windows\Temp\JOHN-20161102-0816.log => moved successfully
C:\Windows\Temp\JOHN-20161102-0846.log => moved successfully
C:\Windows\Temp\JOHN-20161102-2148.log => moved successfully
C:\Windows\Temp\JOHN-20161102-2218.log => moved successfully
C:\Windows\Temp\JOHN-20161102-2248.log => moved successfully
C:\Windows\Temp\JOHN-20161103-0736.log => moved successfully
C:\Windows\Temp\JOHN-20161103-0741.log => moved successfully
C:\Windows\Temp\JOHN-20161103-0811.log => moved successfully
C:\Windows\Temp\JOHN-20161103-0841.log => moved successfully
C:\Windows\Temp\JOHN-20161104-0729.log => moved successfully
C:\Windows\Temp\JOHN-20161104-0729a.log => moved successfully
C:\Windows\Temp\JOHN-20161104-0734.log => moved successfully
C:\Windows\Temp\JOHN-20161104-0804.log => moved successfully
C:\Windows\Temp\JOHN-20161104-0834.log => moved successfully
C:\Windows\Temp\JOHN-20161104-1702.log => moved successfully
C:\Windows\Temp\JOHN-20161104-1732.log => moved successfully
C:\Windows\Temp\JOHN-20161104-1802.log => moved successfully
C:\Windows\Temp\JOHN-20161105-0808.log => moved successfully
C:\Windows\Temp\JOHN-20161105-0813.log => moved successfully
C:\Windows\Temp\JOHN-20161105-0843.log => moved successfully
C:\Windows\Temp\JOHN-20161105-0913.log => moved successfully
C:\Windows\Temp\JOHN-20161106-0814.log => moved successfully
C:\Windows\Temp\JOHN-20161106-0814a.log => moved successfully
C:\Windows\Temp\JOHN-20161106-0819.log => moved successfully
C:\Windows\Temp\JOHN-20161106-0849.log => moved successfully
C:\Windows\Temp\JOHN-20161106-0919.log => moved successfully
C:\Windows\Temp\JOHN-20161107-0733.log => moved successfully
C:\Windows\Temp\JOHN-20161107-1342.log => moved successfully
C:\Windows\Temp\JOHN-20161107-1357.log => moved successfully
C:\Windows\Temp\JOHN-20161107-1412.log => moved successfully
C:\Windows\Temp\JOHN-20161107-1427.log => moved successfully
C:\Windows\Temp\JOHN-20161107-1442.log => moved successfully
C:\Windows\Temp\JOHN-20161108-0806.log => moved successfully
C:\Windows\Temp\JOHN-20161108-0807.log => moved successfully
C:\Windows\Temp\JOHN-20161108-0812.log => moved successfully
C:\Windows\Temp\JOHN-20161108-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161108-0912.log => moved successfully
C:\Windows\Temp\JOHN-20161108-1947.log => moved successfully
C:\Windows\Temp\JOHN-20161108-2003.log => moved successfully
C:\Windows\Temp\JOHN-20161108-2033.log => moved successfully
C:\Windows\Temp\JOHN-20161108-2103.log => moved successfully
C:\Windows\Temp\JOHN-20161109-0733.log => moved successfully
C:\Windows\Temp\JOHN-20161109-0738.log => moved successfully
C:\Windows\Temp\JOHN-20161109-0809.log => moved successfully
C:\Windows\Temp\JOHN-20161109-0839.log => moved successfully
C:\Windows\Temp\JOHN-20161110-0920.log => moved successfully
C:\Windows\Temp\JOHN-20161110-0925.log => moved successfully
C:\Windows\Temp\JOHN-20161110-0955.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1025.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1044.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1121.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1536.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1551.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1606.log => moved successfully
C:\Windows\Temp\JOHN-20161110-1636.log => moved successfully
C:\Windows\Temp\JOHN-20161111-0824.log => moved successfully
C:\Windows\Temp\JOHN-20161111-0824a.log => moved successfully
C:\Windows\Temp\JOHN-20161111-0829.log => moved successfully
C:\Windows\Temp\JOHN-20161111-0859.log => moved successfully
C:\Windows\Temp\JOHN-20161111-0929.log => moved successfully
C:\Windows\Temp\JOHN-20161111-1641.log => moved successfully
C:\Windows\Temp\JOHN-20161111-1711.log => moved successfully
C:\Windows\Temp\JOHN-20161111-1741.log => moved successfully
C:\Windows\Temp\JOHN-20161112-0847.log => moved successfully
C:\Windows\Temp\JOHN-20161112-0852.log => moved successfully
C:\Windows\Temp\JOHN-20161112-0922.log => moved successfully
C:\Windows\Temp\JOHN-20161112-0952.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0830.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0831.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0836.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0850.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0906.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0920.log => moved successfully
C:\Windows\Temp\JOHN-20161113-0936.log => moved successfully
C:\Windows\Temp\JOHN-20161114-0818.log => moved successfully
C:\Windows\Temp\JOHN-20161114-0823.log => moved successfully
C:\Windows\Temp\JOHN-20161114-0853.log => moved successfully
C:\Windows\Temp\JOHN-20161114-0923.log => moved successfully
C:\Windows\Temp\JOHN-20161115-0830.log => moved successfully
C:\Windows\Temp\JOHN-20161115-0831.log => moved successfully
C:\Windows\Temp\JOHN-20161115-0836.log => moved successfully
C:\Windows\Temp\JOHN-20161115-0906.log => moved successfully
C:\Windows\Temp\JOHN-20161115-0936.log => moved successfully
C:\Windows\Temp\JOHN-20161115-1234.log => moved successfully
C:\Windows\Temp\JOHN-20161115-1304.log => moved successfully
C:\Windows\Temp\JOHN-20161115-1334.log => moved successfully
C:\Windows\Temp\JOHN-20161116-0744.log => moved successfully
C:\Windows\Temp\JOHN-20161116-0749.log => moved successfully
C:\Windows\Temp\JOHN-20161116-0820.log => moved successfully
C:\Windows\Temp\JOHN-20161116-0850.log => moved successfully
C:\Windows\Temp\JOHN-20161116-2229.log => moved successfully
C:\Windows\Temp\JOHN-20161116-2259.log => moved successfully
C:\Windows\Temp\JOHN-20161116-2329.log => moved successfully
C:\Windows\Temp\JOHN-20161117-0809.log => moved successfully
C:\Windows\Temp\JOHN-20161117-0814.log => moved successfully
C:\Windows\Temp\JOHN-20161117-0844.log => moved successfully
C:\Windows\Temp\JOHN-20161117-0914.log => moved successfully
C:\Windows\Temp\JOHN-20161118-0816.log => moved successfully
C:\Windows\Temp\JOHN-20161118-0816a.log => moved successfully
C:\Windows\Temp\JOHN-20161118-0821.log => moved successfully
C:\Windows\Temp\JOHN-20161118-0851.log => moved successfully
C:\Windows\Temp\JOHN-20161118-0921.log => moved successfully
C:\Windows\Temp\JOHN-20161118-1657.log => moved successfully
C:\Windows\Temp\JOHN-20161118-1727.log => moved successfully
C:\Windows\Temp\JOHN-20161118-1757.log => moved successfully
C:\Windows\Temp\JOHN-20161119-0726.log => moved successfully
C:\Windows\Temp\JOHN-20161119-0732.log => moved successfully
C:\Windows\Temp\JOHN-20161119-0734.log => moved successfully
C:\Windows\Temp\JOHN-20161119-0746.log => moved successfully
C:\Windows\Temp\JOHN-20161119-0746a.log => moved successfully
C:\Windows\Temp\JOHN-20161119-0746b.log => moved successfully
C:\Windows\Temp\JOHN-20161119-1611.log => moved successfully
C:\Windows\Temp\JOHN-20161119-1614.log => moved successfully
C:\Windows\Temp\JOHN-20161119-1641.log => moved successfully
C:\Windows\Temp\JOHN-20161119-1711.log => moved successfully
C:\Windows\Temp\JOHN-20161120-0800.log => moved successfully
C:\Windows\Temp\JOHN-20161120-0800a.log => moved successfully
C:\Windows\Temp\JOHN-20161120-0805.log => moved successfully
C:\Windows\Temp\JOHN-20161120-0835.log => moved successfully
C:\Windows\Temp\JOHN-20161120-0905.log => moved successfully
C:\Windows\Temp\JOHN-20161120-1612.log => moved successfully
C:\Windows\Temp\JOHN-20161120-1642.log => moved successfully
C:\Windows\Temp\JOHN-20161120-1712.log => moved successfully
C:\Windows\Temp\JOHN-20161121-0847.log => moved successfully
C:\Windows\Temp\JOHN-20161121-0853.log => moved successfully
C:\Windows\Temp\JOHN-20161121-0923.log => moved successfully
C:\Windows\Temp\JOHN-20161121-0953.log => moved successfully
C:\Windows\Temp\JOHN-20161121-1204.log => moved successfully
C:\Windows\Temp\JOHN-20161121-1234.log => moved successfully
C:\Windows\Temp\JOHN-20161121-1304.log => moved successfully
C:\Windows\Temp\JOHN-20161122-0756.log => moved successfully
C:\Windows\Temp\JOHN-20161122-0757.log => moved successfully
C:\Windows\Temp\JOHN-20161122-0802.log => moved successfully
C:\Windows\Temp\JOHN-20161122-0832.log => moved successfully
C:\Windows\Temp\JOHN-20161122-0902.log => moved successfully
C:\Windows\Temp\JOHN-20161123-0822.log => moved successfully
C:\Windows\Temp\JOHN-20161123-0827.log => moved successfully
C:\Windows\Temp\JOHN-20161123-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161123-1306.log => moved successfully
C:\Windows\Temp\JOHN-20161123-1321.log => moved successfully
C:\Windows\Temp\JOHN-20161123-1336.log => moved successfully
C:\Windows\Temp\JOHN-20161123-1406.log => moved successfully
C:\Windows\Temp\JOHN-20161124-0759.log => moved successfully
C:\Windows\Temp\JOHN-20161124-0805.log => moved successfully
C:\Windows\Temp\JOHN-20161124-0835.log => moved successfully
C:\Windows\Temp\JOHN-20161124-0905.log => moved successfully
C:\Windows\Temp\JOHN-20161124-1239.log => moved successfully
C:\Windows\Temp\JOHN-20161124-1309.log => moved successfully
C:\Windows\Temp\JOHN-20161124-1339.log => moved successfully
C:\Windows\Temp\JOHN-20161125-0827.log => moved successfully
C:\Windows\Temp\JOHN-20161125-0827a.log => moved successfully
C:\Windows\Temp\JOHN-20161125-0832.log => moved successfully
C:\Windows\Temp\JOHN-20161125-0902.log => moved successfully
C:\Windows\Temp\JOHN-20161125-0932.log => moved successfully
C:\Windows\Temp\JOHN-20161125-1737.log => moved successfully
C:\Windows\Temp\JOHN-20161125-1807.log => moved successfully
C:\Windows\Temp\JOHN-20161125-1837.log => moved successfully
C:\Windows\Temp\JOHN-20161126-0808.log => moved successfully
C:\Windows\Temp\JOHN-20161126-0813.log => moved successfully
C:\Windows\Temp\JOHN-20161126-0843.log => moved successfully
C:\Windows\Temp\JOHN-20161126-0913.log => moved successfully
C:\Windows\Temp\JOHN-20161126-1632.log => moved successfully
C:\Windows\Temp\JOHN-20161126-1702.log => moved successfully
C:\Windows\Temp\JOHN-20161126-1732.log => moved successfully
C:\Windows\Temp\JOHN-20161127-0805.log => moved successfully
C:\Windows\Temp\JOHN-20161127-0805a.log => moved successfully
C:\Windows\Temp\JOHN-20161127-0810.log => moved successfully
C:\Windows\Temp\JOHN-20161127-0840.log => moved successfully
C:\Windows\Temp\JOHN-20161127-0910.log => moved successfully
C:\Windows\Temp\JOHN-20161127-1647.log => moved successfully
C:\Windows\Temp\JOHN-20161127-1717.log => moved successfully
C:\Windows\Temp\JOHN-20161127-1747.log => moved successfully
C:\Windows\Temp\JOHN-20161128-0737.log => moved successfully
C:\Windows\Temp\JOHN-20161128-0742.log => moved successfully
C:\Windows\Temp\JOHN-20161128-0812.log => moved successfully
C:\Windows\Temp\JOHN-20161128-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161128-1652.log => moved successfully
C:\Windows\Temp\JOHN-20161128-1722.log => moved successfully
C:\Windows\Temp\JOHN-20161128-1752.log => moved successfully
C:\Windows\Temp\JOHN-20161128-2045.log => moved successfully
C:\Windows\Temp\JOHN-20161128-2115.log => moved successfully
C:\Windows\Temp\JOHN-20161128-2145.log => moved successfully
C:\Windows\Temp\JOHN-20161129-0754.log => moved successfully
C:\Windows\Temp\JOHN-20161129-0754a.log => moved successfully
C:\Windows\Temp\JOHN-20161129-0800.log => moved successfully
C:\Windows\Temp\JOHN-20161129-0830.log => moved successfully
C:\Windows\Temp\JOHN-20161129-0900.log => moved successfully
C:\Windows\Temp\JOHN-20161130-0703.log => moved successfully
C:\Windows\Temp\JOHN-20161130-0708.log => moved successfully
C:\Windows\Temp\JOHN-20161130-0739.log => moved successfully
C:\Windows\Temp\JOHN-20161130-0808.log => moved successfully
C:\Windows\Temp\JOHN-20161130-1605.log => moved successfully
C:\Windows\Temp\JOHN-20161130-1635.log => moved successfully
C:\Windows\Temp\JOHN-20161130-1705.log => moved successfully
C:\Windows\Temp\JOHN-20161201-0813.log => moved successfully
C:\Windows\Temp\JOHN-20161201-0819.log => moved successfully
C:\Windows\Temp\JOHN-20161201-0849.log => moved successfully
C:\Windows\Temp\JOHN-20161201-0919.log => moved successfully
C:\Windows\Temp\JOHN-20161201-1601.log => moved successfully
C:\Windows\Temp\JOHN-20161201-1631.log => moved successfully
C:\Windows\Temp\JOHN-20161202-0736.log => moved successfully
C:\Windows\Temp\JOHN-20161202-0736a.log => moved successfully
C:\Windows\Temp\JOHN-20161202-0742.log => moved successfully
C:\Windows\Temp\JOHN-20161202-0756.log => moved successfully
C:\Windows\Temp\JOHN-20161202-0812.log => moved successfully
C:\Windows\Temp\JOHN-20161202-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1100.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1130.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1200.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1456.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1511.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1541.log => moved successfully
C:\Windows\Temp\JOHN-20161202-1611.log => moved successfully
C:\Windows\Temp\JOHN-20161203-0807.log => moved successfully
C:\Windows\Temp\JOHN-20161203-0812.log => moved successfully
C:\Windows\Temp\JOHN-20161203-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161203-0912.log => moved successfully
C:\Windows\Temp\JOHN-20161203-1750.log => moved successfully
C:\Windows\Temp\JOHN-20161203-1820.log => moved successfully
C:\Windows\Temp\JOHN-20161203-1850.log => moved successfully
C:\Windows\Temp\JOHN-20161204-0759.log => moved successfully
C:\Windows\Temp\JOHN-20161204-0759a.log => moved successfully
C:\Windows\Temp\JOHN-20161204-0804.log => moved successfully
C:\Windows\Temp\JOHN-20161204-0834.log => moved successfully
C:\Windows\Temp\JOHN-20161204-0904.log => moved successfully
C:\Windows\Temp\JOHN-20161204-1543.log => moved successfully
C:\Windows\Temp\JOHN-20161204-1613.log => moved successfully
C:\Windows\Temp\JOHN-20161204-1643.log => moved successfully
C:\Windows\Temp\JOHN-20161205-0805.log => moved successfully
C:\Windows\Temp\JOHN-20161205-0810.log => moved successfully
C:\Windows\Temp\JOHN-20161205-0840.log => moved successfully
C:\Windows\Temp\JOHN-20161205-0910.log => moved successfully
C:\Windows\Temp\JOHN-20161205-1217.log => moved successfully
C:\Windows\Temp\JOHN-20161205-1247.log => moved successfully
C:\Windows\Temp\JOHN-20161205-1317.log => moved successfully
C:\Windows\Temp\JOHN-20161206-0804.log => moved successfully
C:\Windows\Temp\JOHN-20161206-0804a.log => moved successfully
C:\Windows\Temp\JOHN-20161206-0809.log => moved successfully
C:\Windows\Temp\JOHN-20161206-0839.log => moved successfully
C:\Windows\Temp\JOHN-20161206-0909.log => moved successfully
C:\Windows\Temp\JOHN-20161206-1708.log => moved successfully
C:\Windows\Temp\JOHN-20161206-1738.log => moved successfully
C:\Windows\Temp\JOHN-20161206-1808.log => moved successfully
C:\Windows\Temp\JOHN-20161207-0815.log => moved successfully
C:\Windows\Temp\JOHN-20161207-0820.log => moved successfully
C:\Windows\Temp\JOHN-20161207-0851.log => moved successfully
C:\Windows\Temp\JOHN-20161207-0921.log => moved successfully
C:\Windows\Temp\JOHN-20161207-1640.log => moved successfully
C:\Windows\Temp\JOHN-20161207-1710.log => moved successfully
C:\Windows\Temp\JOHN-20161207-1740.log => moved successfully
C:\Windows\Temp\JOHN-20161208-0814.log => moved successfully
C:\Windows\Temp\JOHN-20161208-0820.log => moved successfully
C:\Windows\Temp\JOHN-20161208-0850.log => moved successfully
C:\Windows\Temp\JOHN-20161208-0920.log => moved successfully
C:\Windows\Temp\JOHN-20161209-0825.log => moved successfully
C:\Windows\Temp\JOHN-20161209-0826.log => moved successfully
C:\Windows\Temp\JOHN-20161209-0831.log => moved successfully
C:\Windows\Temp\JOHN-20161209-0901.log => moved successfully
C:\Windows\Temp\JOHN-20161209-0931.log => moved successfully
C:\Windows\Temp\JOHN-20161210-0844.log => moved successfully
C:\Windows\Temp\JOHN-20161210-0849.log => moved successfully
C:\Windows\Temp\JOHN-20161210-0919.log => moved successfully
C:\Windows\Temp\JOHN-20161210-0949.log => moved successfully
C:\Windows\Temp\JOHN-20161211-0759.log => moved successfully
C:\Windows\Temp\JOHN-20161211-0759a.log => moved successfully
C:\Windows\Temp\JOHN-20161211-0804.log => moved successfully
C:\Windows\Temp\JOHN-20161211-0834.log => moved successfully
C:\Windows\Temp\JOHN-20161211-1246.log => moved successfully
C:\Windows\Temp\JOHN-20161211-1301.log => moved successfully
C:\Windows\Temp\JOHN-20161211-1316.log => moved successfully
C:\Windows\Temp\JOHN-20161211-1346.log => moved successfully
C:\Windows\Temp\JOHN-20161211-1957.log => moved successfully
C:\Windows\Temp\JOHN-20161211-2027.log => moved successfully
C:\Windows\Temp\JOHN-20161211-2057.log => moved successfully
C:\Windows\Temp\JOHN-20161212-0800.log => moved successfully
C:\Windows\Temp\JOHN-20161212-0806.log => moved successfully
C:\Windows\Temp\JOHN-20161212-0836.log => moved successfully
C:\Windows\Temp\JOHN-20161212-0906.log => moved successfully
C:\Windows\Temp\JOHN-20161212-1215.log => moved successfully
C:\Windows\Temp\JOHN-20161212-1245.log => moved successfully
C:\Windows\Temp\JOHN-20161212-1315.log => moved successfully
C:\Windows\Temp\JOHN-20161213-0804.log => moved successfully
C:\Windows\Temp\JOHN-20161213-0804a.log => moved successfully
C:\Windows\Temp\JOHN-20161213-0809.log => moved successfully
C:\Windows\Temp\JOHN-20161213-0839.log => moved successfully
C:\Windows\Temp\JOHN-20161213-0909.log => moved successfully
C:\Windows\Temp\JOHN-20161214-0823.log => moved successfully
C:\Windows\Temp\JOHN-20161214-0828.log => moved successfully
C:\Windows\Temp\JOHN-20161214-0858.log => moved successfully
C:\Windows\Temp\JOHN-20161214-0928.log => moved successfully
C:\Windows\Temp\JOHN-20161214-1550.log => moved successfully
C:\Windows\Temp\JOHN-20161214-1620.log => moved successfully
C:\Windows\Temp\JOHN-20161214-1650.log => moved successfully
C:\Windows\Temp\JOHN-20161215-0833.log => moved successfully
C:\Windows\Temp\JOHN-20161215-0838.log => moved successfully
C:\Windows\Temp\JOHN-20161215-0908.log => moved successfully
C:\Windows\Temp\JOHN-20161215-0938.log => moved successfully
C:\Windows\Temp\JOHN-20161215-1619.log => moved successfully
C:\Windows\Temp\JOHN-20161215-1649.log => moved successfully
C:\Windows\Temp\JOHN-20161215-1719.log => moved successfully
C:\Windows\Temp\JOHN-20161215-1741.log => moved successfully
C:\Windows\Temp\JOHN-20161215-1757.log => moved successfully
C:\Windows\Temp\JOHN-20161216-0757.log => moved successfully
C:\Windows\Temp\JOHN-20161216-0757a.log => moved successfully
C:\Windows\Temp\JOHN-20161216-0802.log => moved successfully
C:\Windows\Temp\JOHN-20161216-0817.log => moved successfully
C:\Windows\Temp\JOHN-20161216-0832.log => moved successfully
C:\Windows\Temp\JOHN-20161216-0902.log => moved successfully
C:\Windows\Temp\JOHN-20161216-1509.log => moved successfully
C:\Windows\Temp\JOHN-20161216-1539.log => moved successfully
C:\Windows\Temp\JOHN-20161216-1609.log => moved successfully
C:\Windows\Temp\JOHN-20161217-0842.log => moved successfully
C:\Windows\Temp\JOHN-20161217-0846.log => moved successfully
C:\Windows\Temp\JOHN-20161217-0916.log => moved successfully
C:\Windows\Temp\JOHN-20161217-0946.log => moved successfully
C:\Windows\Temp\JOHN-20161217-1628.log => moved successfully
C:\Windows\Temp\JOHN-20161217-1658.log => moved successfully
C:\Windows\Temp\JOHN-20161217-1728.log => moved successfully
C:\Windows\Temp\JOHN-20161218-0854.log => moved successfully
C:\Windows\Temp\JOHN-20161218-0854a.log => moved successfully
C:\Windows\Temp\JOHN-20161218-0859.log => moved successfully
C:\Windows\Temp\JOHN-20161218-0929.log => moved successfully
C:\Windows\Temp\JOHN-20161218-0959.log => moved successfully
C:\Windows\Temp\JOHN-20161218-1706.log => moved successfully
C:\Windows\Temp\JOHN-20161218-1736.log => moved successfully
C:\Windows\Temp\JOHN-20161218-1753.log => moved successfully
C:\Windows\Temp\JOHN-20161218-1806.log => moved successfully
C:\Windows\Temp\JOHN-20161218-1823.log => moved successfully
C:\Windows\Temp\JOHN-20161218-1853.log => moved successfully
C:\Windows\Temp\JOHN-20161219-0820.log => moved successfully
C:\Windows\Temp\JOHN-20161219-0825.log => moved successfully
C:\Windows\Temp\JOHN-20161219-0855.log => moved successfully
C:\Windows\Temp\JOHN-20161219-0925.log => moved successfully
C:\Windows\Temp\JOHN-20161220-0800.log => moved successfully
C:\Windows\Temp\JOHN-20161220-0800a.log => moved successfully
C:\Windows\Temp\JOHN-20161220-0805.log => moved successfully
C:\Windows\Temp\JOHN-20161220-0820.log => moved successfully
C:\Windows\Temp\JOHN-20161220-0835.log => moved successfully
C:\Windows\Temp\JOHN-20161220-1112.log => moved successfully
C:\Windows\Temp\JOHN-20161220-1127.log => moved successfully
C:\Windows\Temp\JOHN-20161220-1142.log => moved successfully
C:\Windows\Temp\JOHN-20161220-1212.log => moved successfully
C:\Windows\Temp\JOHN-20161221-0748.log => moved successfully
C:\Windows\Temp\JOHN-20161221-0753.log => moved successfully
C:\Windows\Temp\JOHN-20161221-0824.log => moved successfully
C:\Windows\Temp\JOHN-20161221-0854.log => moved successfully
C:\Windows\Temp\JOHN-20161221-1614.log => moved successfully
C:\Windows\Temp\JOHN-20161221-1644.log => moved successfully
C:\Windows\Temp\JOHN-20161221-1714.log => moved successfully
C:\Windows\Temp\JOHN-20161222-1139.log => moved successfully
C:\Windows\Temp\JOHN-20161222-1149.log => moved successfully
C:\Windows\Temp\JOHN-20161222-1154.log => moved successfully
C:\Windows\Temp\JOHN-20161222-1224.log => moved successfully
C:\Windows\Temp\JOHN-20161222-1254.log => moved successfully
C:\Windows\Temp\JOHN-20161223-0728.log => moved successfully
C:\Windows\Temp\JOHN-20161223-0728a.log => moved successfully
C:\Windows\Temp\JOHN-20161223-1254.log => moved successfully
C:\Windows\Temp\JOHN-20161223-1309.log => moved successfully
C:\Windows\Temp\JOHN-20161223-1526.log => moved successfully
C:\Windows\Temp\JOHN-20161223-1541.log => moved successfully
C:\Windows\Temp\JOHN-20161223-1556.log => moved successfully
C:\Windows\Temp\JOHN-20161223-1626.log => moved successfully
C:\Windows\Temp\JOHN-20161224-0723.log => moved successfully
C:\Windows\Temp\JOHN-20161224-0728.log => moved successfully
C:\Windows\Temp\JOHN-20161224-0758.log => moved successfully
C:\Windows\Temp\JOHN-20161224-0828.log => moved successfully
C:\Windows\Temp\JOHN-20161227-1407.log => moved successfully
C:\Windows\Temp\JOHN-20161227-1407a.log => moved successfully
C:\Windows\Temp\JOHN-20161227-1412.log => moved successfully
C:\Windows\Temp\JOHN-20161227-1442.log => moved successfully
C:\Windows\Temp\JOHN-20161227-1512.log => moved successfully
C:\Windows\Temp\JOHN-20161228-0808.log => moved successfully
C:\Windows\Temp\JOHN-20161228-0813.log => moved successfully
C:\Windows\Temp\JOHN-20161228-0814.log => moved successfully
C:\Windows\Temp\JOHN-20161228-0822.log => moved successfully
C:\Windows\Temp\JOHN-20161228-0822a.log => moved successfully
C:\Windows\Temp\JOHN-20161228-0822b.log => moved successfully
C:\Windows\Temp\JOHN-20161228-1537.log => moved successfully
C:\Windows\Temp\JOHN-20161228-1552.log => moved successfully
C:\Windows\Temp\JOHN-20161228-1555.log => moved successfully
C:\Windows\Temp\JOHN-20161228-1622.log => moved successfully
C:\Windows\Temp\JOHN-20161228-1652.log => moved successfully
C:\Windows\Temp\JOHN-20161229-0731.log => moved successfully
C:\Windows\Temp\JOHN-20161229-0742.log => moved successfully
C:\Windows\Temp\JOHN-20161229-0747.log => moved successfully
C:\Windows\Temp\JOHN-20161229-1116.log => moved successfully
C:\Windows\Temp\JOHN-20161229-1130.log => moved successfully
C:\Windows\Temp\JOHN-20161229-1146.log => moved successfully
C:\Windows\Temp\JOHN-20161229-1216.log => moved successfully
C:\Windows\Temp\JOHN-20161230-0731.log => moved successfully
C:\Windows\Temp\JOHN-20161230-0731a.log => moved successfully
C:\Windows\Temp\JOHN-20161230-0736.log => moved successfully
C:\Windows\Temp\JOHN-20161230-0806.log => moved successfully
C:\Windows\Temp\JOHN-20161230-0836.log => moved successfully
C:\Windows\Temp\JOHN-20161231-0741.log => moved successfully
C:\Windows\Temp\JOHN-20161231-0756.log => moved successfully
C:\Windows\Temp\JOHN-20161231-0826.log => moved successfully
C:\Windows\Temp\JOHN-20161231-0856.log => moved successfully
C:\Windows\Temp\JOHN-20170101-0756.log => moved successfully
C:\Windows\Temp\JOHN-20170101-0756a.log => moved successfully
C:\Windows\Temp\JOHN-20170101-0801.log => moved successfully
C:\Windows\Temp\JOHN-20170101-0831.log => moved successfully
C:\Windows\Temp\JOHN-20170101-0901.log => moved successfully
C:\Windows\Temp\JOHN-20170102-1611.log => moved successfully
C:\Windows\Temp\JOHN-20170102-1616.log => moved successfully
C:\Windows\Temp\JOHN-20170102-1646.log => moved successfully
C:\Windows\Temp\JOHN-20170102-1716.log => moved successfully
C:\Windows\Temp\JOHN-20170103-0845.log => moved successfully
C:\Windows\Temp\JOHN-20170103-0845a.log => moved successfully
C:\Windows\Temp\JOHN-20170103-0850.log => moved successfully
C:\Windows\Temp\JOHN-20170103-0920.log => moved successfully
C:\Windows\Temp\JOHN-20170103-0950.log => moved successfully
C:\Windows\Temp\JOHN-20170104-0836.log => moved successfully
C:\Windows\Temp\JOHN-20170104-0841.log => moved successfully
C:\Windows\Temp\JOHN-20170104-0911.log => moved successfully
C:\Windows\Temp\JOHN-20170104-0941.log => moved successfully
C:\Windows\Temp\JOHN-20170104-1453.log => moved successfully
C:\Windows\Temp\JOHN-20170104-1523.log => moved successfully
C:\Windows\Temp\JOHN-20170104-1553.log => moved successfully
C:\Windows\Temp\JOHN-20170104-2024.log => moved successfully
C:\Windows\Temp\JOHN-20170104-2054.log => moved successfully
C:\Windows\Temp\JOHN-20170104-2124.log => moved successfully
C:\Windows\Temp\JOHN-20170105-0853.log => moved successfully
C:\Windows\Temp\JOHN-20170105-0857.log => moved successfully
C:\Windows\Temp\JOHN-20170105-0927.log => moved successfully
C:\Windows\Temp\JOHN-20170105-0957.log => moved successfully
C:\Windows\Temp\JOHN-20170105-1505.log => moved successfully
C:\Windows\Temp\JOHN-20170105-1535.log => moved successfully
C:\Windows\Temp\JOHN-20170105-1605.log => moved successfully
C:\Windows\Temp\JOHN-20170106-0805.log => moved successfully
C:\Windows\Temp\JOHN-20170106-0806.log => moved successfully
C:\Windows\Temp\JOHN-20170106-0810.log => moved successfully
C:\Windows\Temp\JOHN-20170106-0840.log => moved successfully
C:\Windows\Temp\JOHN-20170106-1404.log => moved successfully
C:\Windows\Temp\JOHN-20170106-1419.log => moved successfully
C:\Windows\Temp\JOHN-20170106-1434.log => moved successfully
C:\Windows\Temp\JOHN-20170106-1504.log => moved successfully
C:\Windows\Temp\JOHN-20170107-0908.log => moved successfully
C:\Windows\Temp\JOHN-20170107-0913.log => moved successfully
C:\Windows\Temp\JOHN-20170107-0943.log => moved successfully
C:\Windows\Temp\JOHN-20170107-1013.log => moved successfully
C:\Windows\Temp\JOHN-20170107-1539.log => moved successfully
C:\Windows\Temp\JOHN-20170107-1609.log => moved successfully
C:\Windows\Temp\JOHN-20170107-1639.log => moved successfully
C:\Windows\Temp\JOHN-20170108-1010.log => moved successfully
C:\Windows\Temp\JOHN-20170108-1011.log => moved successfully
C:\Windows\Temp\JOHN-20170108-1016.log => moved successfully
C:\Windows\Temp\JOHN-20170108-1046.log => moved successfully
C:\Windows\Temp\JOHN-20170108-1116.log => moved successfully
C:\Windows\Temp\JOHN-20170109-0931.log => moved successfully
C:\Windows\Temp\JOHN-20170109-0937.log => moved successfully
C:\Windows\Temp\JOHN-20170109-1007.log => moved successfully
C:\Windows\Temp\JOHN-20170109-1037.log => moved successfully
C:\Windows\Temp\JOHN-20170109-1532.log => moved successfully
C:\Windows\Temp\JOHN-20170109-1602.log => moved successfully
C:\Windows\Temp\JOHN-20170109-1632.log => moved successfully
C:\Windows\Temp\JOHN-20170110-0842.log => moved successfully
C:\Windows\Temp\JOHN-20170110-0842a.log => moved successfully
C:\Windows\Temp\JOHN-20170110-0847.log => moved successfully
C:\Windows\Temp\JOHN-20170110-0917.log => moved successfully
C:\Windows\Temp\JOHN-20170110-0947.log => moved successfully
C:\Windows\Temp\JOHN-20170111-0650.log => moved successfully
C:\Windows\Temp\JOHN-20170111-0656.log => moved successfully
C:\Windows\Temp\JOHN-20170111-0726.log => moved successfully
C:\Windows\Temp\JOHN-20170111-0756.log => moved successfully
C:\Windows\Temp\JOHN-20170111-1624.log => moved successfully
C:\Windows\Temp\JOHN-20170111-1654.log => moved successfully
C:\Windows\Temp\JOHN-20170111-1724.log => moved successfully
C:\Windows\Temp\JOHN-20170112-0818.log => moved successfully
C:\Windows\Temp\JOHN-20170112-0822.log => moved successfully
C:\Windows\Temp\JOHN-20170112-0852.log => moved successfully
C:\Windows\Temp\JOHN-20170112-0922.log => moved successfully
C:\Windows\Temp\JOHN-20170113-0412.log => moved successfully
C:\Windows\Temp\JOHN-20170113-0945.log => moved successfully
C:\Windows\Temp\JOHN-20170113-0957.log => moved successfully
C:\Windows\Temp\JOHN-20170113-1012.log => moved successfully
C:\Windows\Temp\JOHN-20170113-1042.log => moved successfully
C:\Windows\Temp\JOHN-20170113-1112.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0852.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0908.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0909.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0917.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0917a.log => moved successfully
C:\Windows\Temp\JOHN-20170114-0917b.log => moved successfully
C:\Windows\Temp\JOHN-20170115-0853.log => moved successfully
C:\Windows\Temp\JOHN-20170115-0853a.log => moved successfully
C:\Windows\Temp\JOHN-20170115-0854.log => moved successfully
C:\Windows\Temp\JOHN-20170115-0858.log => moved successfully
C:\Windows\Temp\JOHN-20170115-0928.log => moved successfully
C:\Windows\Temp\JOHN-20170115-0958.log => moved successfully
C:\Windows\Temp\JOHN-20170115-1407.log => moved successfully
C:\Windows\Temp\JOHN-20170115-1437.log => moved successfully
C:\Windows\Temp\JOHN-20170115-1507.log => moved successfully
C:\Windows\Temp\JOHN-20170116-1000.log => moved successfully
C:\Windows\Temp\JOHN-20170116-1005.log => moved successfully
C:\Windows\Temp\JOHN-20170116-1035.log => moved successfully
C:\Windows\Temp\JOHN-20170116-1105.log => moved successfully
C:\Windows\Temp\JOHN-20170117-0824.log => moved successfully
C:\Windows\Temp\JOHN-20170117-0824a.log => moved successfully
C:\Windows\Temp\JOHN-20170117-0828.log => moved successfully
C:\Windows\Temp\JOHN-20170117-0858.log => moved successfully
C:\Windows\Temp\JOHN-20170117-0928.log => moved successfully
C:\Windows\Temp\JOHN-20170118-0827.log => moved successfully
C:\Windows\Temp\JOHN-20170118-0832.log => moved successfully
C:\Windows\Temp\JOHN-20170118-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170118-0932.log => moved successfully
C:\Windows\Temp\JOHN-20170119-1159.log => moved successfully
C:\Windows\Temp\JOHN-20170119-1205.log => moved successfully
C:\Windows\Temp\JOHN-20170119-1235.log => moved successfully
C:\Windows\Temp\JOHN-20170119-1305.log => moved successfully
C:\Windows\Temp\JOHN-20170119-2017.log => moved successfully
C:\Windows\Temp\JOHN-20170119-2047.log => moved successfully
C:\Windows\Temp\JOHN-20170119-2117.log => moved successfully
C:\Windows\Temp\JOHN-20170120-0914.log => moved successfully
C:\Windows\Temp\JOHN-20170120-0914a.log => moved successfully
C:\Windows\Temp\JOHN-20170120-0919.log => moved successfully
C:\Windows\Temp\JOHN-20170120-0949.log => moved successfully
C:\Windows\Temp\JOHN-20170120-1019.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1044.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1049.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1104.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1119.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1134.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1149.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1547.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1617.log => moved successfully
C:\Windows\Temp\JOHN-20170121-1647.log => moved successfully
C:\Windows\Temp\JOHN-20170122-0843.log => moved successfully
C:\Windows\Temp\JOHN-20170122-0843a.log => moved successfully
C:\Windows\Temp\JOHN-20170122-0847.log => moved successfully
C:\Windows\Temp\JOHN-20170122-0917.log => moved successfully
C:\Windows\Temp\JOHN-20170122-0947.log => moved successfully
C:\Windows\Temp\JOHN-20170124-2046.log => moved successfully
C:\Windows\Temp\JOHN-20170124-2046a.log => moved successfully
C:\Windows\Temp\JOHN-20170124-2051.log => moved successfully
C:\Windows\Temp\JOHN-20170124-2121.log => moved successfully
C:\Windows\Temp\JOHN-20170124-2151.log => moved successfully
C:\Windows\Temp\JOHN-20170125-0836.log => moved successfully
C:\Windows\Temp\JOHN-20170126-0718.log => moved successfully
C:\Windows\Temp\JOHN-20170126-0723.log => moved successfully
C:\Windows\Temp\JOHN-20170126-0753.log => moved successfully
C:\Windows\Temp\JOHN-20170126-0823.log => moved successfully
C:\Windows\Temp\JOHN-20170221-1550.log => moved successfully
C:\Windows\Temp\JOHN-20170221-1606.log => moved successfully
C:\Windows\Temp\JOHN-20170221-1608.log => moved successfully
C:\Windows\Temp\JOHN-20170221-1608a.log => moved successfully
C:\Windows\Temp\JOHN-20170221-1636.log => moved successfully
C:\Windows\Temp\JOHN-20170221-1706.log => moved successfully
C:\Windows\Temp\JOHN-20170222-0652.log => moved successfully
C:\Windows\Temp\JOHN-20170222-0657.log => moved successfully
C:\Windows\Temp\JOHN-20170222-0727.log => moved successfully
C:\Windows\Temp\JOHN-20170222-0757.log => moved successfully
C:\Windows\Temp\JOHN-20170223-0716.log => moved successfully
C:\Windows\Temp\JOHN-20170223-0720.log => moved successfully
C:\Windows\Temp\JOHN-20170223-0750.log => moved successfully
C:\Windows\Temp\JOHN-20170223-0820.log => moved successfully
C:\Windows\Temp\JOHN-20170223-1307.log => moved successfully
C:\Windows\Temp\JOHN-20170223-1337.log => moved successfully
C:\Windows\Temp\JOHN-20170223-1407.log => moved successfully
C:\Windows\Temp\JOHN-20170224-0716.log => moved successfully
C:\Windows\Temp\JOHN-20170224-0716a.log => moved successfully
C:\Windows\Temp\JOHN-20170224-0720.log => moved successfully
C:\Windows\Temp\JOHN-20170224-0750.log => moved successfully
C:\Windows\Temp\JOHN-20170224-0820.log => moved successfully
C:\Windows\Temp\JOHN-20170225-0759.log => moved successfully
C:\Windows\Temp\JOHN-20170225-0805.log => moved successfully
C:\Windows\Temp\JOHN-20170225-0835.log => moved successfully
C:\Windows\Temp\JOHN-20170225-0905.log => moved successfully
C:\Windows\Temp\JOHN-20170226-0722.log => moved successfully
C:\Windows\Temp\JOHN-20170226-0722a.log => moved successfully
C:\Windows\Temp\JOHN-20170226-0727.log => moved successfully
C:\Windows\Temp\JOHN-20170226-0757.log => moved successfully
C:\Windows\Temp\JOHN-20170226-0827.log => moved successfully
C:\Windows\Temp\JOHN-20170227-0511.log => moved successfully
C:\Windows\Temp\JOHN-20170228-0813.log => moved successfully
C:\Windows\Temp\JOHN-20170228-0813a.log => moved successfully
C:\Windows\Temp\JOHN-20170228-0818.log => moved successfully
C:\Windows\Temp\JOHN-20170228-0848.log => moved successfully
C:\Windows\Temp\JOHN-20170228-0918.log => moved successfully
C:\Windows\Temp\JOHN-20170301-0907.log => moved successfully
C:\Windows\Temp\JOHN-20170301-0912.log => moved successfully
C:\Windows\Temp\JOHN-20170301-0943.log => moved successfully
C:\Windows\Temp\JOHN-20170301-1013.log => moved successfully
C:\Windows\Temp\JOHN-20170301-1238.log => moved successfully
C:\Windows\Temp\JOHN-20170301-1308.log => moved successfully
C:\Windows\Temp\JOHN-20170301-1338.log => moved successfully
C:\Windows\Temp\JOHN-20170302-0759.log => moved successfully
C:\Windows\Temp\JOHN-20170302-0804.log => moved successfully
C:\Windows\Temp\JOHN-20170302-0834.log => moved successfully
C:\Windows\Temp\JOHN-20170302-0904.log => moved successfully
C:\Windows\Temp\JOHN-20170302-1248.log => moved successfully
C:\Windows\Temp\JOHN-20170302-1318.log => moved successfully
C:\Windows\Temp\JOHN-20170302-1348.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0845.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0845a.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0848.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0849.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0903.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0903a.log => moved successfully
C:\Windows\Temp\JOHN-20170303-0904.log => moved successfully
C:\Windows\Temp\JOHN-20170303-1313.log => moved successfully
C:\Windows\Temp\JOHN-20170303-1316.log => moved successfully
C:\Windows\Temp\JOHN-20170303-1343.log => moved successfully
C:\Windows\Temp\JOHN-20170303-1413.log => moved successfully
C:\Windows\Temp\JOHN-20170304-0741.log => moved successfully
C:\Windows\Temp\JOHN-20170304-0746.log => moved successfully
C:\Windows\Temp\JOHN-20170304-0816.log => moved successfully
C:\Windows\Temp\JOHN-20170304-0846.log => moved successfully
C:\Windows\Temp\JOHN-20170305-0852.log => moved successfully
C:\Windows\Temp\JOHN-20170305-0852a.log => moved successfully
C:\Windows\Temp\JOHN-20170305-0856.log => moved successfully
C:\Windows\Temp\JOHN-20170305-0926.log => moved successfully
C:\Windows\Temp\JOHN-20170305-0956.log => moved successfully
C:\Windows\Temp\JOHN-20170306-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170306-0907.log => moved successfully
C:\Windows\Temp\JOHN-20170306-0937.log => moved successfully
C:\Windows\Temp\JOHN-20170306-1007.log => moved successfully
C:\Windows\Temp\JOHN-20170307-0846.log => moved successfully
C:\Windows\Temp\JOHN-20170307-0846a.log => moved successfully
C:\Windows\Temp\JOHN-20170307-0850.log => moved successfully
C:\Windows\Temp\JOHN-20170307-0920.log => moved successfully
C:\Windows\Temp\JOHN-20170307-0950.log => moved successfully
C:\Windows\Temp\JOHN-20170307-1518.log => moved successfully
C:\Windows\Temp\JOHN-20170307-1548.log => moved successfully
C:\Windows\Temp\JOHN-20170307-1618.log => moved successfully
C:\Windows\Temp\JOHN-20170308-0819.log => moved successfully
C:\Windows\Temp\JOHN-20170308-0823.log => moved successfully
C:\Windows\Temp\JOHN-20170308-0853.log => moved successfully
C:\Windows\Temp\JOHN-20170308-0923.log => moved successfully
C:\Windows\Temp\JOHN-20170308-1544.log => moved successfully
C:\Windows\Temp\JOHN-20170308-1600.log => moved successfully
C:\Windows\Temp\JOHN-20170308-1630.log => moved successfully
C:\Windows\Temp\JOHN-20170308-1700.log => moved successfully
C:\Windows\Temp\JOHN-20170309-0741.log => moved successfully
C:\Windows\Temp\JOHN-20170309-0746.log => moved successfully
C:\Windows\Temp\JOHN-20170309-0816.log => moved successfully
C:\Windows\Temp\JOHN-20170309-0846.log => moved successfully
C:\Windows\Temp\JOHN-20170309-1321.log => moved successfully
C:\Windows\Temp\JOHN-20170309-1351.log => moved successfully
C:\Windows\Temp\JOHN-20170309-1421.log => moved successfully
C:\Windows\Temp\JOHN-20170310-0801.log => moved successfully
C:\Windows\Temp\JOHN-20170310-0802.log => moved successfully
C:\Windows\Temp\JOHN-20170310-0806.log => moved successfully
C:\Windows\Temp\JOHN-20170310-0836.log => moved successfully
C:\Windows\Temp\JOHN-20170310-0906.log => moved successfully
C:\Windows\Temp\JOHN-20170311-0750.log => moved successfully
C:\Windows\Temp\JOHN-20170311-0755.log => moved successfully
C:\Windows\Temp\JOHN-20170311-0825.log => moved successfully
C:\Windows\Temp\JOHN-20170311-0855.log => moved successfully
C:\Windows\Temp\JOHN-20170312-0816.log => moved successfully
C:\Windows\Temp\JOHN-20170312-0816a.log => moved successfully
C:\Windows\Temp\JOHN-20170312-0821.log => moved successfully
C:\Windows\Temp\JOHN-20170312-0851.log => moved successfully
C:\Windows\Temp\JOHN-20170312-0921.log => moved successfully
C:\Windows\Temp\JOHN-20170312-1551.log => moved successfully
C:\Windows\Temp\JOHN-20170312-1621.log => moved successfully
C:\Windows\Temp\JOHN-20170312-1651.log => moved successfully
C:\Windows\Temp\JOHN-20170313-0752.log => moved successfully
C:\Windows\Temp\JOHN-20170313-0756.log => moved successfully
C:\Windows\Temp\JOHN-20170313-0826.log => moved successfully
C:\Windows\Temp\JOHN-20170313-0856.log => moved successfully
C:\Windows\Temp\JOHN-20170314-0758.log => moved successfully
C:\Windows\Temp\JOHN-20170314-0800.log => moved successfully
C:\Windows\Temp\JOHN-20170314-0803.log => moved successfully
C:\Windows\Temp\JOHN-20170314-0833.log => moved successfully
C:\Windows\Temp\JOHN-20170314-0903.log => moved successfully
C:\Windows\Temp\JOHN-20170314-1154.log => moved successfully
C:\Windows\Temp\JOHN-20170314-1224.log => moved successfully
C:\Windows\Temp\JOHN-20170314-1254.log => moved successfully
C:\Windows\Temp\JOHN-20170315-0736.log => moved successfully
C:\Windows\Temp\JOHN-20170315-0741.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1102.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1116.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1132.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1202.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1504.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1534.log => moved successfully
C:\Windows\Temp\JOHN-20170315-1604.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0750.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0755.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0825.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0834.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0852.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0922.log => moved successfully
C:\Windows\Temp\JOHN-20170316-0952.log => moved successfully
C:\Windows\Temp\JOHN-20170317-1815.log => moved successfully
C:\Windows\Temp\JOHN-20170317-1815a.log => moved successfully
C:\Windows\Temp\JOHN-20170317-1820.log => moved successfully
C:\Windows\Temp\JOHN-20170317-1850.log => moved successfully
C:\Windows\Temp\JOHN-20170317-1920.log => moved successfully
C:\Windows\Temp\JOHN-20170318-0833.log => moved successfully
C:\Windows\Temp\JOHN-20170318-0838.log => moved successfully
C:\Windows\Temp\JOHN-20170318-0908.log => moved successfully
C:\Windows\Temp\JOHN-20170318-0938.log => moved successfully
C:\Windows\Temp\JOHN-20170319-0915.log => moved successfully
C:\Windows\Temp\JOHN-20170319-0915a.log => moved successfully
C:\Windows\Temp\JOHN-20170319-0920.log => moved successfully
C:\Windows\Temp\JOHN-20170319-0950.log => moved successfully
C:\Windows\Temp\JOHN-20170319-1020.log => moved successfully
C:\Windows\Temp\JOHN-20170319-1400.log => moved successfully
C:\Windows\Temp\JOHN-20170319-1430.log => moved successfully
C:\Windows\Temp\JOHN-20170319-1500.log => moved successfully
C:\Windows\Temp\JOHN-20170320-0749.log => moved successfully
C:\Windows\Temp\JOHN-20170320-0753.log => moved successfully
C:\Windows\Temp\JOHN-20170320-0823.log => moved successfully
C:\Windows\Temp\JOHN-20170320-0853.log => moved successfully
C:\Windows\Temp\JOHN-20170320-1735.log => moved successfully
C:\Windows\Temp\JOHN-20170320-1805.log => moved successfully
C:\Windows\Temp\JOHN-20170320-1835.log => moved successfully
C:\Windows\Temp\JOHN-20170321-0651.log => moved successfully
C:\Windows\Temp\JOHN-20170321-0651a.log => moved successfully
C:\Windows\Temp\JOHN-20170321-0655.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1211.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1226.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1241.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1311.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1407.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1437.log => moved successfully
C:\Windows\Temp\JOHN-20170321-1507.log => moved successfully
C:\Windows\Temp\JOHN-20170322-0754.log => moved successfully
C:\Windows\Temp\JOHN-20170322-0759.log => moved successfully
C:\Windows\Temp\JOHN-20170322-0829.log => moved successfully
C:\Windows\Temp\JOHN-20170322-0859.log => moved successfully
C:\Windows\Temp\JOHN-20170322-1634.log => moved successfully
C:\Windows\Temp\JOHN-20170322-1704.log => moved successfully
C:\Windows\Temp\JOHN-20170322-1734.log => moved successfully
C:\Windows\Temp\JOHN-20170323-0801.log => moved successfully
C:\Windows\Temp\JOHN-20170323-0806.log => moved successfully
C:\Windows\Temp\JOHN-20170323-0836.log => moved successfully
C:\Windows\Temp\JOHN-20170323-0906.log => moved successfully
C:\Windows\Temp\JOHN-20170323-1433.log => moved successfully
C:\Windows\Temp\JOHN-20170323-1503.log => moved successfully
C:\Windows\Temp\JOHN-20170323-1533.log => moved successfully
C:\Windows\Temp\JOHN-20170324-0742.log => moved successfully
C:\Windows\Temp\JOHN-20170324-0743.log => moved successfully
C:\Windows\Temp\JOHN-20170324-0747.log => moved successfully
C:\Windows\Temp\JOHN-20170324-0817.log => moved successfully
C:\Windows\Temp\JOHN-20170324-0847.log => moved successfully
C:\Windows\Temp\JOHN-20170325-0803.log => moved successfully
C:\Windows\Temp\JOHN-20170325-0808.log => moved successfully
C:\Windows\Temp\JOHN-20170325-0838.log => moved successfully
C:\Windows\Temp\JOHN-20170325-0908.log => moved successfully
C:\Windows\Temp\JOHN-20170325-1442.log => moved successfully
C:\Windows\Temp\JOHN-20170325-1512.log => moved successfully
C:\Windows\Temp\JOHN-20170325-1542.log => moved successfully
C:\Windows\Temp\JOHN-20170326-0849.log => moved successfully
C:\Windows\Temp\JOHN-20170326-0851.log => moved successfully
C:\Windows\Temp\JOHN-20170326-0852.log => moved successfully
C:\Windows\Temp\JOHN-20170326-0922.log => moved successfully
C:\Windows\Temp\JOHN-20170326-0952.log => moved successfully
C:\Windows\Temp\JOHN-20170327-0742.log => moved successfully
C:\Windows\Temp\JOHN-20170327-0746.log => moved successfully
C:\Windows\Temp\JOHN-20170327-0816.log => moved successfully
C:\Windows\Temp\JOHN-20170327-0846.log => moved successfully
C:\Windows\Temp\JOHN-20170327-1207.log => moved successfully
C:\Windows\Temp\JOHN-20170327-1237.log => moved successfully
C:\Windows\Temp\JOHN-20170327-1307.log => moved successfully
C:\Windows\Temp\JOHN-20170327-1743.log => moved successfully
C:\Windows\Temp\JOHN-20170327-1813.log => moved successfully
C:\Windows\Temp\JOHN-20170327-1843.log => moved successfully
C:\Windows\Temp\JOHN-20170328-0731.log => moved successfully
C:\Windows\Temp\JOHN-20170328-0733.log => moved successfully
C:\Windows\Temp\JOHN-20170328-0735.log => moved successfully
C:\Windows\Temp\JOHN-20170328-0805.log => moved successfully
C:\Windows\Temp\JOHN-20170328-0835.log => moved successfully
C:\Windows\Temp\JOHN-20170329-0715.log => moved successfully
C:\Windows\Temp\JOHN-20170329-0720.log => moved successfully
C:\Windows\Temp\JOHN-20170329-0751.log => moved successfully
C:\Windows\Temp\JOHN-20170329-0821.log => moved successfully
C:\Windows\Temp\JOHN-20170329-0947.log => moved successfully
C:\Windows\Temp\JOHN-20170329-1017.log => moved successfully
C:\Windows\Temp\JOHN-20170329-1047.log => moved successfully
C:\Windows\Temp\JOHN-20170329-2242.log => moved successfully
C:\Windows\Temp\JOHN-20170330-0739.log => moved successfully
C:\Windows\Temp\JOHN-20170330-0744.log => moved successfully
C:\Windows\Temp\JOHN-20170330-0759.log => moved successfully
C:\Windows\Temp\JOHN-20170330-0814.log => moved successfully
C:\Windows\Temp\JOHN-20170330-0844.log => moved successfully
C:\Windows\Temp\JOHN-20170330-1630.log => moved successfully
C:\Windows\Temp\JOHN-20170330-1700.log => moved successfully
C:\Windows\Temp\JOHN-20170330-1730.log => moved successfully
C:\Windows\Temp\JOHN-20170330-2046.log => moved successfully
C:\Windows\Temp\JOHN-20170330-2116.log => moved successfully
C:\Windows\Temp\JOHN-20170330-2146.log => moved successfully
C:\Windows\Temp\JOHN-20170331-0800.log => moved successfully
C:\Windows\Temp\JOHN-20170331-0800a.log => moved successfully
C:\Windows\Temp\JOHN-20170331-0805.log => moved successfully
C:\Windows\Temp\JOHN-20170331-0835.log => moved successfully
C:\Windows\Temp\JOHN-20170331-0905.log => moved successfully
C:\Windows\Temp\JOHN-20170401-0805.log => moved successfully
C:\Windows\Temp\JOHN-20170401-0810.log => moved successfully
C:\Windows\Temp\JOHN-20170401-0840.log => moved successfully
C:\Windows\Temp\JOHN-20170401-0910.log => moved successfully
C:\Windows\Temp\JOHN-20170402-0731.log => moved successfully
C:\Windows\Temp\JOHN-20170402-0732.log => moved successfully
C:\Windows\Temp\JOHN-20170402-0736.log => moved successfully
C:\Windows\Temp\JOHN-20170402-0806.log => moved successfully
C:\Windows\Temp\JOHN-20170402-0836.log => moved successfully
C:\Windows\Temp\JOHN-20170402-1352.log => moved successfully
C:\Windows\Temp\JOHN-20170402-1422.log => moved successfully
C:\Windows\Temp\JOHN-20170402-1452.log => moved successfully
C:\Windows\Temp\JOHN-20170402-2012.log => moved successfully
C:\Windows\Temp\JOHN-20170402-2042.log => moved successfully
C:\Windows\Temp\JOHN-20170402-2112.log => moved successfully
C:\Windows\Temp\JOHN-20170403-0829.log => moved successfully
C:\Windows\Temp\JOHN-20170403-0834.log => moved successfully
C:\Windows\Temp\JOHN-20170403-0904.log => moved successfully
C:\Windows\Temp\JOHN-20170403-0934.log => moved successfully
C:\Windows\Temp\JOHN-20170404-0717.log => moved successfully
C:\Windows\Temp\JOHN-20170404-0717a.log => moved successfully
C:\Windows\Temp\JOHN-20170404-0721.log => moved successfully
C:\Windows\Temp\JOHN-20170404-0751.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1038.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1053.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1108.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1138.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1608.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1638.log => moved successfully
C:\Windows\Temp\JOHN-20170404-1708.log => moved successfully
C:\Windows\Temp\JOHN-20170405-0758.log => moved successfully
C:\Windows\Temp\JOHN-20170405-0803.log => moved successfully
C:\Windows\Temp\JOHN-20170405-0806.log => moved successfully
C:\Windows\Temp\JOHN-20170405-0819.log => moved successfully
C:\Windows\Temp\JOHN-20170405-0819a.log => moved successfully
C:\Windows\Temp\JOHN-20170405-0819b.log => moved successfully
C:\Windows\Temp\JOHN-20170406-0709.log => moved successfully
C:\Windows\Temp\JOHN-20170406-0713.log => moved successfully
C:\Windows\Temp\JOHN-20170406-0715.log => moved successfully
C:\Windows\Temp\JOHN-20170406-0743.log => moved successfully
C:\Windows\Temp\JOHN-20170406-0813.log => moved successfully
C:\Windows\Temp\JOHN-20170406-1639.log => moved successfully
C:\Windows\Temp\JOHN-20170406-2210.log => moved successfully
C:\Windows\Temp\JOHN-20170406-2225.log => moved successfully
C:\Windows\Temp\JOHN-20170406-2240.log => moved successfully
C:\Windows\Temp\JOHN-20170407-0736.log => moved successfully
C:\Windows\Temp\JOHN-20170407-0737.log => moved successfully
C:\Windows\Temp\JOHN-20170407-0741.log => moved successfully
C:\Windows\Temp\JOHN-20170407-0756.log => moved successfully
C:\Windows\Temp\JOHN-20170407-0811.log => moved successfully
C:\Windows\Temp\JOHN-20170407-0841.log => moved successfully
C:\Windows\Temp\JOHN-20170409-0956.log => moved successfully
C:\Windows\Temp\JOHN-20170410-0746.log => moved successfully
C:\Windows\Temp\JOHN-20170410-1404.log => moved successfully
C:\Windows\Temp\JOHN-20170410-1418.log => moved successfully
C:\Windows\Temp\JOHN-20170410-1434.log => moved successfully
C:\Windows\Temp\JOHN-20170410-1448.log => moved successfully
C:\Windows\Temp\JOHN-20170410-1504.log => moved successfully
C:\Windows\Temp\JOHN-20170411-0753.log => moved successfully
C:\Windows\Temp\JOHN-20170411-0753a.log => moved successfully
C:\Windows\Temp\JOHN-20170411-0757.log => moved successfully
C:\Windows\Temp\JOHN-20170411-0827.log => moved successfully
C:\Windows\Temp\JOHN-20170411-0857.log => moved successfully
C:\Windows\Temp\JOHN-20170411-1201.log => moved successfully
C:\Windows\Temp\JOHN-20170411-1231.log => moved successfully
C:\Windows\Temp\JOHN-20170411-1301.log => moved successfully
C:\Windows\Temp\JOHN-20170412-0755.log => moved successfully
C:\Windows\Temp\JOHN-20170412-0800.log => moved successfully
C:\Windows\Temp\JOHN-20170412-0830.log => moved successfully
C:\Windows\Temp\JOHN-20170412-0900.log => moved successfully
C:\Windows\Temp\JOHN-20170413-0826.log => moved successfully
C:\Windows\Temp\JOHN-20170413-0836.log => moved successfully
C:\Windows\Temp\JOHN-20170413-0842.log => moved successfully
C:\Windows\Temp\JOHN-20170413-0912.log => moved successfully
C:\Windows\Temp\JOHN-20170413-0942.log => moved successfully
C:\Windows\Temp\JOHN-20170413-1522.log => moved successfully
C:\Windows\Temp\JOHN-20170413-1552.log => moved successfully
C:\Windows\Temp\JOHN-20170413-1622.log => moved successfully
C:\Windows\Temp\JOHN-20170413-1955.log => moved successfully
C:\Windows\Temp\JOHN-20170413-2025.log => moved successfully
C:\Windows\Temp\JOHN-20170413-2055.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0839.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0839a.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0844.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0858.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0914.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0928.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0944.log => moved successfully
C:\Windows\Temp\JOHN-20170414-0952.log => moved successfully
C:\Windows\Temp\JOHN-20170414-1022.log => moved successfully
C:\Windows\Temp\JOHN-20170414-1052.log => moved successfully
C:\Windows\Temp\JOHN-20170414-2025.log => moved successfully
C:\Windows\Temp\JOHN-20170414-2055.log => moved successfully
C:\Windows\Temp\JOHN-20170414-2125.log => moved successfully
C:\Windows\Temp\JOHN-20170415-0914.log => moved successfully
C:\Windows\Temp\JOHN-20170415-0919.log => moved successfully
C:\Windows\Temp\JOHN-20170415-0949.log => moved successfully
C:\Windows\Temp\JOHN-20170415-1019.log => moved successfully
C:\Windows\Temp\JOHN-20170415-1444.log => moved successfully
C:\Windows\Temp\JOHN-20170415-1514.log => moved successfully
C:\Windows\Temp\JOHN-20170415-1544.log => moved successfully
C:\Windows\Temp\JOHN-20170416-0813.log => moved successfully
C:\Windows\Temp\JOHN-20170416-0813a.log => moved successfully
C:\Windows\Temp\JOHN-20170416-0818.log => moved successfully
C:\Windows\Temp\JOHN-20170416-0848.log => moved successfully
C:\Windows\Temp\JOHN-20170416-0918.log => moved successfully
C:\Windows\Temp\JOHN-20170416-1633.log => moved successfully
C:\Windows\Temp\JOHN-20170416-1703.log => moved successfully
C:\Windows\Temp\JOHN-20170416-1733.log => moved successfully
C:\Windows\Temp\JOHN-20170417-0937.log => moved successfully
C:\Windows\Temp\JOHN-20170417-0943.log => moved successfully
C:\Windows\Temp\JOHN-20170417-1013.log => moved successfully
C:\Windows\Temp\JOHN-20170417-1043.log => moved successfully
C:\Windows\Temp\JOHN-20170418-0901.log => moved successfully
C:\Windows\Temp\JOHN-20170418-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170418-0906.log => moved successfully
C:\Windows\Temp\JOHN-20170418-0936.log => moved successfully
C:\Windows\Temp\JOHN-20170418-1006.log => moved successfully
C:\Windows\Temp\JOHN-20170419-0920.log => moved successfully
C:\Windows\Temp\JOHN-20170419-0925.log => moved successfully
C:\Windows\Temp\JOHN-20170419-0940.log => moved successfully
C:\Windows\Temp\JOHN-20170419-0955.log => moved successfully
C:\Windows\Temp\JOHN-20170419-1010.log => moved successfully
C:\Windows\Temp\JOHN-20170419-1025.log => moved successfully
C:\Windows\Temp\JOHN-20170419-1622.log => moved successfully
C:\Windows\Temp\JOHN-20170419-1652.log => moved successfully
C:\Windows\Temp\JOHN-20170419-1722.log => moved successfully
C:\Windows\Temp\JOHN-20170420-0827.log => moved successfully
C:\Windows\Temp\JOHN-20170420-0832.log => moved successfully
C:\Windows\Temp\JOHN-20170420-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170420-0932.log => moved successfully
C:\Windows\Temp\JOHN-20170421-0726.log => moved successfully
C:\Windows\Temp\JOHN-20170421-0727.log => moved successfully
C:\Windows\Temp\JOHN-20170421-0731.log => moved successfully
C:\Windows\Temp\JOHN-20170421-0801.log => moved successfully
C:\Windows\Temp\JOHN-20170421-0831.log => moved successfully
C:\Windows\Temp\JOHN-20170422-0745.log => moved successfully
C:\Windows\Temp\JOHN-20170422-0750.log => moved successfully
C:\Windows\Temp\JOHN-20170422-0820.log => moved successfully
C:\Windows\Temp\JOHN-20170422-0850.log => moved successfully
C:\Windows\Temp\JOHN-20170423-0841.log => moved successfully
C:\Windows\Temp\JOHN-20170423-0841a.log => moved successfully
C:\Windows\Temp\JOHN-20170423-0845.log => moved successfully
C:\Windows\Temp\JOHN-20170423-0915.log => moved successfully
C:\Windows\Temp\JOHN-20170423-0945.log => moved successfully
C:\Windows\Temp\JOHN-20170424-0956.log => moved successfully
C:\Windows\Temp\JOHN-20170424-1001.log => moved successfully
C:\Windows\Temp\JOHN-20170424-1031.log => moved successfully
C:\Windows\Temp\JOHN-20170424-1101.log => moved successfully
C:\Windows\Temp\JOHN-20170425-0303.log => moved successfully
C:\Windows\Temp\JOHN-20170425-1029.log => moved successfully
C:\Windows\Temp\JOHN-20170425-1035.log => moved successfully
C:\Windows\Temp\JOHN-20170425-1105.log => moved successfully
C:\Windows\Temp\JOHN-20170425-1135.log => moved successfully
C:\Windows\Temp\JOHN-20170426-0808.log => moved successfully
C:\Windows\Temp\JOHN-20170426-0814.log => moved successfully
C:\Windows\Temp\JOHN-20170426-0844.log => moved successfully
C:\Windows\Temp\JOHN-20170426-0914.log => moved successfully
C:\Windows\Temp\JOHN-20170427-0946.log => moved successfully
C:\Windows\Temp\JOHN-20170428-0803.log => moved successfully
C:\Windows\Temp\JOHN-20170428-0803a.log => moved successfully
C:\Windows\Temp\JOHN-20170428-0808.log => moved successfully
C:\Windows\Temp\JOHN-20170428-0838.log => moved successfully
C:\Windows\Temp\JOHN-20170428-0908.log => moved successfully
C:\Windows\Temp\JOHN-20170428-2129.log => moved successfully
C:\Windows\Temp\JOHN-20170428-2159.log => moved successfully
C:\Windows\Temp\JOHN-20170428-2229.log => moved successfully
C:\Windows\Temp\JOHN-20170429-0447.log => moved successfully
C:\Windows\Temp\JOHN-20170430-0655.log => moved successfully
C:\Windows\Temp\JOHN-20170430-0655a.log => moved successfully
C:\Windows\Temp\JOHN-20170430-0659.log => moved successfully
C:\Windows\Temp\JOHN-20170430-0729.log => moved successfully
C:\Windows\Temp\JOHN-20170430-0759.log => moved successfully
C:\Windows\Temp\JOHN-20170501-0820.log => moved successfully
C:\Windows\Temp\JOHN-20170501-0825.log => moved successfully
C:\Windows\Temp\JOHN-20170501-0855.log => moved successfully
C:\Windows\Temp\JOHN-20170501-0925.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0732.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0732a.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0735.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0737.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0746.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0746a.log => moved successfully
C:\Windows\Temp\JOHN-20170502-0746b.log => moved successfully
C:\Windows\Temp\JOHN-20170502-1125.log => moved successfully
C:\Windows\Temp\JOHN-20170502-1127.log => moved successfully
C:\Windows\Temp\JOHN-20170502-1155.log => moved successfully
C:\Windows\Temp\JOHN-20170502-1225.log => moved successfully
C:\Windows\Temp\JOHN-20170503-0626.log => moved successfully
C:\Windows\Temp\JOHN-20170503-0630.log => moved successfully
C:\Windows\Temp\JOHN-20170503-0700.log => moved successfully
C:\Windows\Temp\JOHN-20170503-0730.log => moved successfully
C:\Windows\Temp\JOHN-20170503-1541.log => moved successfully
C:\Windows\Temp\JOHN-20170503-1611.log => moved successfully
C:\Windows\Temp\JOHN-20170503-1641.log => moved successfully
C:\Windows\Temp\JOHN-20170504-0726.log => moved successfully
C:\Windows\Temp\JOHN-20170504-0731.log => moved successfully
C:\Windows\Temp\JOHN-20170504-0801.log => moved successfully
C:\Windows\Temp\JOHN-20170504-0831.log => moved successfully
C:\Windows\Temp\JOHN-20170505-0709.log => moved successfully
C:\Windows\Temp\JOHN-20170505-0709a.log => moved successfully
C:\Windows\Temp\JOHN-20170505-0714.log => moved successfully
C:\Windows\Temp\JOHN-20170505-0744.log => moved successfully
C:\Windows\Temp\JOHN-20170505-0814.log => moved successfully
C:\Windows\Temp\JOHN-20170506-0711.log => moved successfully
C:\Windows\Temp\JOHN-20170506-0716.log => moved successfully
C:\Windows\Temp\JOHN-20170506-0746.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1035.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1050.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1105.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1135.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1700.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1716.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1730.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1746.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1800.log => moved successfully
C:\Windows\Temp\JOHN-20170506-1816.log => moved successfully
C:\Windows\Temp\JOHN-20170507-0806.log => moved successfully
C:\Windows\Temp\JOHN-20170507-0806a.log => moved successfully
C:\Windows\Temp\JOHN-20170507-0811.log => moved successfully
C:\Windows\Temp\JOHN-20170507-0841.log => moved successfully
C:\Windows\Temp\JOHN-20170507-0911.log => moved successfully
C:\Windows\Temp\JOHN-20170507-2050.log => moved successfully
C:\Windows\Temp\JOHN-20170507-2120.log => moved successfully
C:\Windows\Temp\JOHN-20170507-2150.log => moved successfully
C:\Windows\Temp\JOHN-20170508-0749.log => moved successfully
C:\Windows\Temp\JOHN-20170508-0753.log => moved successfully
C:\Windows\Temp\JOHN-20170508-0823.log => moved successfully
C:\Windows\Temp\JOHN-20170508-0853.log => moved successfully
C:\Windows\Temp\JOHN-20170509-2152.log => moved successfully
C:\Windows\Temp\JOHN-20170509-2152a.log => moved successfully
C:\Windows\Temp\JOHN-20170509-2157.log => moved successfully
C:\Windows\Temp\JOHN-20170509-2227.log => moved successfully
C:\Windows\Temp\JOHN-20170509-2232.log => moved successfully
C:\Windows\Temp\JOHN-20170510-0744.log => moved successfully
C:\Windows\Temp\JOHN-20170510-0749.log => moved successfully
C:\Windows\Temp\JOHN-20170510-0804.log => moved successfully
C:\Windows\Temp\JOHN-20170510-0819.log => moved successfully
C:\Windows\Temp\JOHN-20170510-0834.log => moved successfully
C:\Windows\Temp\JOHN-20170510-0849.log => moved successfully
C:\Windows\Temp\JOHN-20170510-1710.log => moved successfully
C:\Windows\Temp\JOHN-20170510-1740.log => moved successfully
C:\Windows\Temp\JOHN-20170510-1810.log => moved successfully
C:\Windows\Temp\JOHN-20170511-0718.log => moved successfully
C:\Windows\Temp\JOHN-20170511-0722.log => moved successfully
C:\Windows\Temp\JOHN-20170511-0752.log => moved successfully
C:\Windows\Temp\JOHN-20170511-0822.log => moved successfully
C:\Windows\Temp\JOHN-20170512-0740.log => moved successfully
C:\Windows\Temp\JOHN-20170512-0741.log => moved successfully
C:\Windows\Temp\JOHN-20170512-0744.log => moved successfully
C:\Windows\Temp\JOHN-20170512-0814.log => moved successfully
C:\Windows\Temp\JOHN-20170512-0844.log => moved successfully
C:\Windows\Temp\JOHN-20170513-0716.log => moved successfully
C:\Windows\Temp\JOHN-20170513-0721.log => moved successfully
C:\Windows\Temp\JOHN-20170513-0723.log => moved successfully
C:\Windows\Temp\JOHN-20170513-0729.log => moved successfully
C:\Windows\Temp\JOHN-20170513-0729a.log => moved successfully
C:\Windows\Temp\JOHN-20170513-0729b.log => moved successfully
C:\Windows\Temp\JOHN-20170514-0509.log => moved successfully
C:\Windows\Temp\JOHN-20170514-0511.log => moved successfully
C:\Windows\Temp\JOHN-20170514-0649.log => moved successfully
C:\Windows\Temp\JOHN-20170514-1719.log => moved successfully
C:\Windows\Temp\JOHN-20170514-1749.log => moved successfully
C:\Windows\Temp\JOHN-20170514-1819.log => moved successfully
C:\Windows\Temp\JOHN-20170515-0735.log => moved successfully
C:\Windows\Temp\JOHN-20170515-0739.log => moved successfully
C:\Windows\Temp\JOHN-20170515-0809.log => moved successfully
C:\Windows\Temp\JOHN-20170515-0839.log => moved successfully
C:\Windows\Temp\JOHN-20170516-0749.log => moved successfully
C:\Windows\Temp\JOHN-20170516-0749a.log => moved successfully
C:\Windows\Temp\JOHN-20170516-0754.log => moved successfully
C:\Windows\Temp\JOHN-20170516-0824.log => moved successfully
C:\Windows\Temp\JOHN-20170516-0854.log => moved successfully
C:\Windows\Temp\JOHN-20170516-2017.log => moved successfully
C:\Windows\Temp\JOHN-20170516-2047.log => moved successfully
C:\Windows\Temp\JOHN-20170516-2117.log => moved successfully
C:\Windows\Temp\JOHN-20170517-0458.log => moved successfully
C:\Windows\Temp\JOHN-20170518-0402.log => moved successfully
C:\Windows\Temp\JOHN-20170518-1052.log => moved successfully
C:\Windows\Temp\JOHN-20170518-1122.log => moved successfully
C:\Windows\Temp\JOHN-20170518-1152.log => moved successfully
C:\Windows\Temp\JOHN-20170519-0858.log => moved successfully
C:\Windows\Temp\JOHN-20170519-0858a.log => moved successfully
C:\Windows\Temp\JOHN-20170519-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170519-0932.log => moved successfully
C:\Windows\Temp\JOHN-20170519-1002.log => moved successfully
C:\Windows\Temp\JOHN-20170520-0724.log => moved successfully
C:\Windows\Temp\JOHN-20170520-0728.log => moved successfully
C:\Windows\Temp\JOHN-20170520-0758.log => moved successfully
C:\Windows\Temp\JOHN-20170520-0828.log => moved successfully
C:\Windows\Temp\JOHN-20170521-0747.log => moved successfully
C:\Windows\Temp\JOHN-20170521-0747a.log => moved successfully
C:\Windows\Temp\JOHN-20170521-0751.log => moved successfully
C:\Windows\Temp\JOHN-20170521-0821.log => moved successfully
C:\Windows\Temp\JOHN-20170521-0851.log => moved successfully
C:\Windows\Temp\JOHN-20170523-1327.log => moved successfully
C:\Windows\Temp\JOHN-20170523-1328.log => moved successfully
C:\Windows\Temp\JOHN-20170523-1332.log => moved successfully
C:\Windows\Temp\JOHN-20170523-1402.log => moved successfully
C:\Windows\Temp\JOHN-20170523-1432.log => moved successfully
C:\Windows\Temp\JOHN-20170524-0752.log => moved successfully
C:\Windows\Temp\JOHN-20170524-0757.log => moved successfully
C:\Windows\Temp\JOHN-20170524-0827.log => moved successfully
C:\Windows\Temp\JOHN-20170524-0857.log => moved successfully
C:\Windows\Temp\JOHN-20170525-1719.log => moved successfully
C:\Windows\Temp\JOHN-20170525-1724.log => moved successfully
C:\Windows\Temp\JOHN-20170525-1754.log => moved successfully
C:\Windows\Temp\JOHN-20170525-1824.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0738.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0738a.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0740.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0743.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0751.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0751a.log => moved successfully
C:\Windows\Temp\JOHN-20170526-0751b.log => moved successfully
C:\Windows\Temp\JOHN-20170527-0747.log => moved successfully
C:\Windows\Temp\JOHN-20170527-0757.log => moved successfully
C:\Windows\Temp\JOHN-20170527-0802.log => moved successfully
C:\Windows\Temp\JOHN-20170527-0802a.log => moved successfully
C:\Windows\Temp\JOHN-20170527-0832.log => moved successfully
C:\Windows\Temp\JOHN-20170527-0902.log => moved successfully
C:\Windows\Temp\JOHN-20170528-0743.log => moved successfully
C:\Windows\Temp\JOHN-20170528-0744.log => moved successfully
C:\Windows\Temp\JOHN-20170528-0748.log => moved successfully
C:\Windows\Temp\JOHN-20170528-0818.log => moved successfully
C:\Windows\Temp\JOHN-20170528-0848.log => moved successfully
C:\Windows\Temp\JOHN-20170528-1723.log => moved successfully
C:\Windows\Temp\JOHN-20170528-1753.log => moved successfully
C:\Windows\Temp\JOHN-20170528-1823.log => moved successfully
C:\Windows\Temp\JOHN-20170529-0755.log => moved successfully
C:\Windows\Temp\JOHN-20170529-0800.log => moved successfully
C:\Windows\Temp\JOHN-20170529-0830.log => moved successfully
C:\Windows\Temp\JOHN-20170529-0900.log => moved successfully
C:\Windows\Temp\JOHN-20170530-0748.log => moved successfully
C:\Windows\Temp\JOHN-20170530-0748a.log => moved successfully
C:\Windows\Temp\JOHN-20170530-0753.log => moved successfully
C:\Windows\Temp\JOHN-20170530-0823.log => moved successfully
C:\Windows\Temp\JOHN-20170530-0853.log => moved successfully
C:\Windows\Temp\JOHN-20170531-0621.log => moved successfully
C:\Windows\Temp\JOHN-20170601-0734.log => moved successfully
C:\Windows\Temp\JOHN-20170601-0739.log => moved successfully
C:\Windows\Temp\JOHN-20170601-0809.log => moved successfully
C:\Windows\Temp\JOHN-20170601-0839.log => moved successfully
C:\Windows\Temp\JOHN-20170602-0845.log => moved successfully
C:\Windows\Temp\JOHN-20170602-0845a.log => moved successfully
C:\Windows\Temp\JOHN-20170602-0850.log => moved successfully
C:\Windows\Temp\JOHN-20170602-0920.log => moved successfully
C:\Windows\Temp\JOHN-20170602-0950.log => moved successfully
C:\Windows\Temp\JOHN-20170603-0730.log => moved successfully
C:\Windows\Temp\JOHN-20170603-0735.log => moved successfully
C:\Windows\Temp\JOHN-20170603-0805.log => moved successfully
C:\Windows\Temp\JOHN-20170603-0835.log => moved successfully
C:\Windows\Temp\JOHN-20170604-0742.log => moved successfully
C:\Windows\Temp\JOHN-20170604-0743.log => moved successfully
C:\Windows\Temp\JOHN-20170604-0747.log => moved successfully
C:\Windows\Temp\JOHN-20170604-0817.log => moved successfully
C:\Windows\Temp\JOHN-20170604-0847.log => moved successfully
C:\Windows\Temp\JOHN-20170604-1608.log => moved successfully
C:\Windows\Temp\JOHN-20170604-1638.log => moved successfully
C:\Windows\Temp\JOHN-20170604-1708.log => moved successfully
C:\Windows\Temp\JOHN-20170604-1941.log => moved successfully
C:\Windows\Temp\JOHN-20170604-2011.log => moved successfully
C:\Windows\Temp\JOHN-20170604-2041.log => moved successfully
C:\Windows\Temp\JOHN-20170605-0811.log => moved successfully
C:\Windows\Temp\JOHN-20170605-0815.log => moved successfully
C:\Windows\Temp\JOHN-20170605-0845.log => moved successfully
C:\Windows\Temp\JOHN-20170605-0915.log => moved successfully
C:\Windows\Temp\JOHN-20170606-0723.log => moved successfully
C:\Windows\Temp\JOHN-20170606-0723a.log => moved successfully
C:\Windows\Temp\JOHN-20170606-0728.log => moved successfully
C:\Windows\Temp\JOHN-20170606-0758.log => moved successfully
C:\Windows\Temp\JOHN-20170606-0828.log => moved successfully
C:\Windows\Temp\JOHN-20170606-1448.log => moved successfully
C:\Windows\Temp\JOHN-20170609-0620a.log => moved successfully
C:\Windows\Temp\JOHN-20180518-2008.log => moved successfully
C:\Windows\Temp\JOHN-20180524-1954.log => moved successfully
C:\Windows\Temp\JOHN-20180530-1151.log => moved successfully
C:\Windows\Temp\JOHN-20180601-1911.log => moved successfully
C:\Windows\Temp\JOHN-20180606-1728.log => moved successfully
C:\Windows\Temp\JOHN-20180729-1110.log => moved successfully
C:\Windows\Temp\JOHN-20180904-0956.log => moved successfully
C:\Windows\Temp\JOHN-20180925-2021.log => moved successfully
C:\Windows\Temp\JOHN-20181101-1024.log => moved successfully
Could not move "C:\Windows\Temp\JOHN-20181123-0856.log" => Scheduled to move on reboot.
C:\Windows\Temp\KB973544log.txt => moved successfully
C:\Windows\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20150802_085053175-Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-MSP0.txt => moved successfully
C:\Windows\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20150802_085053175-Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-MSP0.txt => moved successfully
C:\Windows\Temp\Microsoft Visual Studio Tools for Office Runtime 2010 Setup_20150802_085053175.html => moved successfully
C:\Windows\Temp\MpCmdRun-29-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock => moved successfully
C:\Windows\Temp\MpCmdRun-4E-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MPENGINE.DLL => moved successfully
C:\Windows\Temp\MPGEAR.DLL => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2015090221193764C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20150910074457608).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20151218060222CC0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160130193253618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201605280710227B4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160529070049618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160529074511610).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2016052916520963C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2016060715282061C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201606220924151930).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2016071011180960C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201607270744105DC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160731160735664).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201608170732591EFC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160817233515624).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160818075409630).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160820073338614).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160820091750618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160824085227614).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160905123356620).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160905124437640).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160920074543EE8).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160923165651638).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160924081926630).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160925080357638).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201609250850065C4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20160925161128644).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2016100108513163C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20161012101712600).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20161012163829628).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201610141140505F0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2015090221193764C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20150910074457608).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20151218060222CC0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160130193253618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201605280710227B4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160529070049618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160529074511610).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2016052916520963C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2016060715282061C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201606220924151930).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2016071011180960C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201607270744105DC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160731160735664).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201608170732591EFC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160817233515624).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160818075409630).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160820073338614).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160820091750618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160824085228614).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160905123356620).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160905124437640).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160920074543EE8).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160923165651638).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160924081926630).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160925080357638).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201609250850065C4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20160925161129644).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2016100108513163C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20161012101713600).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20161012163829628).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201610141140505F0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20161215174141610).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20161228153705604).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20161229073113628).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170113095703608).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2017011409170778).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2017030309035730D4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2017052607515510BC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170527074713608).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2017060419262961C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170606144812624).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170607064953620).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170608140831628).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201706152300381708).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170713170344628).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170714183712618).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170717074040634).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170717183548614).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170718222050148C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201707271121471F60).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170819064435628).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2017082010564563C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170820110827630).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2017082717112660C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20170923170658604).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20171011083114610).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20171017084644648).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201710221429241C68).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20171118075634974).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201801120854281558).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180228124503CF4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201802281306281D88).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201803010724131E8C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180302090630630).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180302195754640).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180303155817644).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180308163648624).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180308191227620).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018031409062663C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180315065553604).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180315135022600).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201803170918441E90).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018031809241865C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018033108364621A8).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180403132841664).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018041510305410CC).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180515082627674).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180518191247668).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201805190817341124).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180525080730674).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018060118023019B8).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180603080009658).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018060710455364C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180613172852684).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201807010847011C8C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018070608060065C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201807200847313D4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180728095247670).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180823105133690).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180824132754668).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180831140247648).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018090320055368C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180910192431174C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180912170943648).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20180914154208B94).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018092611441864C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201810231012311E44).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181101100656694).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018110111393262C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018110315300611C8).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181112164519664).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181114133033638).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181115065759668).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181117173709608).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018111808072564C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2018112008381865C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181122134421664).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20181123070245644).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(201811230856081C14).log" => Scheduled to move on reboot.
C:\Windows\Temp\ood_stream.x86.en-us.dat => moved successfully
C:\Windows\Temp\ood_stream.x86.x-none.dat => moved successfully
C:\Windows\Temp\opera_crashreporter.log => moved successfully
C:\Windows\Temp\Opera_installer_180315092330727.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315092331039.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315092331196.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315092331336.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315092331680.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315092331821.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315092332836.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315093243358.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315135522178.dll => moved successfully
C:\Windows\Temp\Opera_installer_180315141415429.dll => moved successfully
C:\Windows\Temp\Opera_installer_180316144415567.dll => moved successfully
C:\Windows\Temp\Opera_installer_180317092334443.dll => moved successfully
C:\Windows\Temp\Opera_installer_180318092920222.dll => moved successfully
C:\Windows\Temp\Opera_installer_180319092334377.dll => moved successfully
C:\Windows\Temp\Opera_installer_180320092334414.dll => moved successfully
C:\Windows\Temp\Opera_installer_180321092334277.dll => moved successfully
C:\Windows\Temp\Opera_installer_180322092334255.dll => moved successfully
C:\Windows\Temp\Opera_installer_180323092334386.dll => moved successfully
C:\Windows\Temp\Opera_installer_180324092334322.dll => moved successfully
C:\Windows\Temp\Opera_installer_180325082334357.dll => moved successfully
C:\Windows\Temp\Opera_installer_180326062656999.dll => moved successfully
C:\Windows\Temp\Opera_installer_180326155006466.dll => moved successfully
C:\Windows\Temp\Opera_installer_180327082335086.dll => moved successfully
C:\Windows\Temp\Opera_installer_180328082335072.dll => moved successfully
C:\Windows\Temp\Opera_installer_180329082335048.dll => moved successfully
C:\Windows\Temp\Opera_installer_180330091845154.dll => moved successfully
C:\Windows\Temp\Opera_installer_180331082335070.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082335164.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082500488.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082501003.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082501144.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082501269.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082501613.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082501769.dll => moved successfully
C:\Windows\Temp\Opera_installer_180401082502769.dll => moved successfully
C:\Windows\Temp\Opera_installer_180402082504730.dll => moved successfully
C:\Windows\Temp\Opera_installer_180403082504792.dll => moved successfully
C:\Windows\Temp\Opera_installer_180403123341371.dll => moved successfully
C:\Windows\Temp\Opera_installer_180404082504486.dll => moved successfully
C:\Windows\Temp\Opera_installer_180405174922107.dll => moved successfully
C:\Windows\Temp\Opera_installer_180405175022268.dll => moved successfully
C:\Windows\Temp\Opera_installer_180406115519096.dll => moved successfully
C:\Windows\Temp\Opera_installer_180407083622181.dll => moved successfully
C:\Windows\Temp\Opera_installer_180408154920019.dll => moved successfully
C:\Windows\Temp\Opera_installer_180409082505258.dll => moved successfully
C:\Windows\Temp\Opera_installer_180410082505228.dll => moved successfully
C:\Windows\Temp\Opera_installer_180411082505210.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412101602019.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104241289.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104328511.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104328636.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104328777.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104328933.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104329324.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104329449.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412104331199.dll => moved successfully
C:\Windows\Temp\Opera_installer_180412105945672.dll => moved successfully
C:\Windows\Temp\Opera_installer_180413121724276.dll => moved successfully
C:\Windows\Temp\Opera_installer_180414161145486.dll => moved successfully
C:\Windows\Temp\Opera_installer_180415104333152.dll => moved successfully
C:\Windows\Temp\Opera_installer_180416104333036.dll => moved successfully
C:\Windows\Temp\Opera_installer_180417104333342.dll => moved successfully
C:\Windows\Temp\Opera_installer_180418142621146.dll => moved successfully
C:\Windows\Temp\Opera_installer_180419011743322.dll => moved successfully
C:\Windows\Temp\Opera_installer_180419104333113.dll => moved successfully
C:\Windows\Temp\Opera_installer_180420111936505.dll => moved successfully
C:\Windows\Temp\Opera_installer_180421173530203.dll => moved successfully
C:\Windows\Temp\Opera_installer_180422104333104.dll => moved successfully
C:\Windows\Temp\Opera_installer_180423104333016.dll => moved successfully
C:\Windows\Temp\Opera_installer_180424104333043.dll => moved successfully
C:\Windows\Temp\Opera_installer_180425104333070.dll => moved successfully
C:\Windows\Temp\Opera_installer_180426104523090.dll => moved successfully
C:\Windows\Temp\Opera_installer_180427104333132.dll => moved successfully
C:\Windows\Temp\Opera_installer_180428134648489.dll => moved successfully
C:\Windows\Temp\Opera_installer_180429104934137.dll => moved successfully
C:\Windows\Temp\Opera_installer_180430153754289.dll => moved successfully
C:\Windows\Temp\Opera_installer_180501104333099.dll => moved successfully
C:\Windows\Temp\Opera_installer_180502104333037.dll => moved successfully
C:\Windows\Temp\Opera_installer_180503110338655.dll => moved successfully
C:\Windows\Temp\Opera_installer_180507181457816.dll => moved successfully
C:\Windows\Temp\Opera_installer_180514220631796.dll => moved successfully
C:\Windows\Temp\Opera_installer_180515073126913.dll => moved successfully
C:\Windows\Temp\Opera_installer_180515104333024.dll => moved successfully
C:\Windows\Temp\Opera_installer_180515190400357.dll => moved successfully
C:\Windows\Temp\Opera_installer_180516104333044.dll => moved successfully
C:\Windows\Temp\Opera_installer_180517104332961.dll => moved successfully
C:\Windows\Temp\Opera_installer_180518150051990.dll => moved successfully
C:\Windows\Temp\Opera_installer_180518181747204.dll => moved successfully
C:\Windows\Temp\Opera_installer_180519070337388.dll => moved successfully
C:\Windows\Temp\Opera_installer_180519141617891.dll => moved successfully
C:\Windows\Temp\Opera_installer_180520115030765.dll => moved successfully
C:\Windows\Temp\Opera_installer_180521104333174.dll => moved successfully
C:\Windows\Temp\Opera_installer_180522104333021.dll => moved successfully
C:\Windows\Temp\Opera_installer_180523123421111.dll => moved successfully
C:\Windows\Temp\Opera_installer_180524142656095.dll => moved successfully
C:\Windows\Temp\Opera_installer_2018321412143.dll => moved successfully
C:\Windows\Temp\Opera_installer_2018321412440.dll => moved successfully
C:\Windows\Temp\Opera_installer_2018321412596.dll => moved successfully
C:\Windows\Temp\Opera_installer_2018321412737.dll => moved successfully
C:\Windows\Temp\Opera_installer_2018321413158.dll => moved successfully
C:\Windows\Temp\Opera_installer_201832141349.dll => moved successfully
C:\Windows\Temp\Opera_installer_2018321414221.dll => moved successfully
C:\Windows\Temp\Opera_installer_201832254609.dll => moved successfully
C:\Windows\Temp\Opera_installer_20183355449.dll => moved successfully
C:\Windows\Temp\Opera_installer_20183365596.dll => moved successfully
C:\Windows\Temp\Silverlight0.log => moved successfully
C:\Windows\Temp\SilverlightMSI.log => moved successfully
C:\Windows\Temp\SKY1E74.tmp => moved successfully
C:\Windows\Temp\tmp2B62.tmp => moved successfully
C:\Windows\Temp\tmp2B62.tmp.exe => moved successfully
C:\Windows\Temp\tmp357F.tmp => moved successfully
C:\Windows\Temp\tmp357F.tmp.exe => moved successfully
C:\Windows\Temp\tmp7AB1.tmp => moved successfully
C:\Windows\Temp\tmp7AB1.tmp.exe => moved successfully
C:\Windows\Temp\tmpE7A8.tmp => moved successfully
C:\Windows\Temp\tmpE7A8.tmp.exe => moved successfully
C:\Windows\Temp\TS_2981.tmp => moved successfully
C:\Windows\Temp\TS_2A3E.tmp => moved successfully
C:\Windows\Temp\WER8AF7.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WERC865.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WERDB39.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\WERE273.tmp.appcompat.txt => moved successfully
C:\Windows\Temp\winstore.log => moved successfully
C:\Windows\Temp\{03857897-0389-4D76-B5D8-FDBA763547B6}-nikcollection-1.2.9.exe13db1fd8 => moved successfully
C:\Windows\Temp\{453E9D08-0F0F-4746-892F-E2788B679770} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{609D2BBD-93CB-4CA9-A64B-F90005537879} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{78DA1551-E821-439F-A217-C1403DF6C65E} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{7B7C1E8E-3ED5-48DE-AA9C-5861D4115E6B}-DropboxClient_16.4.30.exe => moved successfully
C:\Windows\Temp\{8F5AAA3F-CCF7-4B6F-B336-F08C64D96136} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{99503A31-789A-445B-8748-E970DD06DCE6} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{B616B8A2-0A5A-4365-BC48-F08FB150BE6B} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{BE73060E-1736-4F25-8B84-6B56DE910D22} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{EEDA8B42-5115-493B-BEBC-B518A02B901B} - OProcSessId.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 180503642 B
Java, Flash, Steam htmlcache => 115912 B
Windows/system/drivers => 355139168 B
Edge => 0 B
Chrome => 348611448 B
Firefox => 1153542974 B
Opera => 348459057 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 560 B
LocalService => 6463 B
NetworkService => 16200 B
Fierce-PC => 10117064735 B
Liz => 32719768 B

RecycleBin => 0 B
EmptyTemp: => 11.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-11-2018 08:58:40)

C:\Windows\Temp\JOHN-20181123-0856.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201811230856081C14).log => Is moved successfully

==== End of Fixlog 08:58:40 ====

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-09-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-23-2018
# Duration: 00:00:01
# OS:       Windows 8.1
# Cleaned: 2
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask Jeeves
Deleted       Ask Jeeves

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1299 octets] - [23/11/2018 09:02:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

RogueKiller Anti-Malware V13.0.12.0 (x64) [Nov 21 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 8.1 (6.3.9600) 64 bits
Started in : Normal mode
User : John-PC [Administrator]
Started from : C:\Users\Fierce-PC\Desktop\Malware Tools\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2018/11/23 09:08:33 (Duration : 00:05:07)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Hosts file is too big

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Firefox Config
[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine (C:\Users\Fierce-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xu40i5jt.default\prefs.js) -- Google UK -> Found

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 23 November 2018 - 06:11 AM

I think I owe you a pint of our finest Welsh beer

Thank you!

Let's look for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
After the installation IS complete let it update if it asks.
Under SETTINGS.....APPLICATIONS leave everything at default
Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
Then click on POST
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Emsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

#7 henchard

New Member

Authentic Member
5 posts

Posted 23 November 2018 - 07:25 AM

Once again thank you for your kindness.

I already had Malwarebytes on my computer I'm presuming that this is the same you wanted me to install as version numbers etc were the same. However, I could not select Automatic Quarantine as this is a paid feature after the trial period has expired. On running it no items were detected anyway. I then ran EEK and again no items were detected. The logs follow

The computer seems fine and the browser is not now trying to redirect to

go.microsoft.com/fwlink

Once again I think I'm in your debt for more than one pint!

-----------------------------------------------------------------------------------------

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/23/18
Scan Time: 12:40 PM
Log File: fc4c6f42-ef1c-11e8-864b-00ac8e9dcc3c.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7987
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: JOHN\John-PC

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 284201
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------------------------

Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
OS: Windows 8.1 (Version 6.3, Build 9600, 64-bit Edition)

Forensics log

Date   Component   Action   Details
23/11/2018 13:15:18   Scanner   Scan finished   Scanned 95113 objects and found nothing.
23/11/2018 13:14:12   User JOHN\John-PC   Scan started   Malware Scan
23/11/2018 13:14:12   User JOHN\John-PC   Setting modified   "Detect PUPs" has been changed to "Enabled".
23/11/2018 13:13:43   User   Update   Downloaded and installed 73 files (27187 kb) (2 min. 30 sec.).
23/11/2018 13:13:43   User JOHN\John-PC   Setting modified   "Recommended readings & news" has been changed to "Enabled".
23/11/2018 13:11:20   User JOHN\John-PC   Setting modified   "Recommended readings & news" has been changed to "Disabled".
23/11/2018 13:11:13   Core   Notification   "Recommended Reading:Beware: New wave of malware spreads via ISO file email attachments".
23/11/2018 13:11:10   User   Update   Failed with error "Server returned error" (0 sec.).

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 23 November 2018 - 07:45 AM

I think we're in good shape here. Paid or free versions would had found the same thing so it really doesan't matter.

Let's remove tools and quarantine files now.

DelFix

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

***********

henchard likes this

#9 henchard

New Member

Authentic Member
5 posts

Posted 23 November 2018 - 07:55 AM

Done.

I can't thank you enough for the fast, clear help that you have offered.

Wishing you a belated 'Happy Thanksgiving' and if you ever should make your way to Wales the beers are on me.

Thanks again

John

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 23 November 2018 - 08:36 AM

Thank you, your welcome.

henchard likes this

#11 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 25 November 2018 - 06:31 AM

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Also tagged with one or more of these keywords: Maiware Removal, trojan

Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 88,687 views	Noalch 11 Dec 2022
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 80,982 views	Noalch 11 Dec 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Jerky Mouse Movements Solved By Disconnecting Myself From The Internet Started by Cage , 20 Apr 2019 hacked, spyware, windows 10 and 3 more...	3 replies 40,362 views	Juliet 02 May 2019
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → please help TROJAN.MULTI.ACCESSTR detected by Kaspersky Started by chuck666 , 05 Dec 2018 Trojan	8 replies 11,914 views	Juliet 19 Dec 2018
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Infection Removal Help Needed - Trojan.Zbot [Closed] Started by jdmandthegiant , 18 May 2017 Trojan, Zbot, Cridex	2 replies 4,066 views	ken545 21 May 2017

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Body Background

skin color theme