Fixing my malware Round 2

**Malnutrition** · 12-07-2016, 03:50 AM

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

[MEDIA=imgur]LOr0Gd7[/MEDIA]

Hit Ok.

[MEDIA=imgur]sYFsqHx[/MEDIA]

Hit next make sure to leave all items checked, for removal.

[MEDIA=imgur]8NcZjGc[/MEDIA]

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

**Lardalish** · 12-07-2016, 06:02 AM

Alrighty, heres a text dump of each of those!
[HEADING=1]AdwCleaner v6.040 - Logfile created 07/12/2016 at 00:22:41[/HEADING]
[HEADING=1]Updated on 02/12/2016 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2016-12-06.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 10 Home (X64)[/HEADING]
[HEADING=1]Username : Bryan - BRYAN-PC[/HEADING]
[HEADING=1]Running from : C:\Users\Bryan\Downloads\adwcleaner_6.040.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : https://www.malwarebytes.com/support[/HEADING]
***** [ Services ] *****

[-] Service deleted: BCUService

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0814av
[-] Folder deleted: C:\ProgramData\Avg_Update_1214tb
[-] Folder deleted: C:\Users\Bryan\AppData\Local\GeniusBox
[-] Folder deleted: C:\Users\Bryan\AppData\Local\MalwareProtectionLive
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Mindspark
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\Search Settings
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\BrowserExtensions
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\Search Protection
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\SimpleFiles
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\ConduitCommon
[#] Folder deleted on reboot: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\conduitcommon
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[-] Folder deleted: C:\Program Files (x86)\Conduit
[-] Folder deleted: C:\Program Files (x86)\DeviceVM
[-] Folder deleted: C:\Program Files (x86)\Vuze Remote toolbar
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Geckofx
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk

***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\Conduit.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\dregol.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\c om.mindspark.snapmyscreen_bf
[-] Key deleted: HKLM\SOFTWARE\5928ddfb16ebd46
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT1460988
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2504091
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2801948
[-] Key deleted: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[-] Key deleted: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook. 1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook. 1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserTool bar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{05478A66-EDB6-4A22-A870-A5987F80A7DA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{C430996F-4AA8-4AA8-81DE-F54432CD5786}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{05478A66-EDB6-4A22-A870-A5987F80A7DA}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{05478A66-EDB6-4A22-A870-A5987F80A7DA}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\DataMngr
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\DataMngr_Toolbar
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Search Settings
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\SimpleFiles
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Datamngr
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\Browser Extensions
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\ConduitSearchSco pes
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\PriceGong
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\Search Settings
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Uni nstall{3A787631-66A2-4634-B928-A37E73B58FB6}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\SweetIM
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\DataMngr
[#] Key deleted on reboot: HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\Search Settings
[#] Key deleted on reboot: HKCU\Software\SimpleFiles
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Datamngr
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Browser Extensions
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Search Settings
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\Search Settings
[-] Key deleted: HKLM\SOFTWARE\SimpleFiles
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall{3A787631-66A2-4634-B928-A37E73B58FB6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{5B363E1D-8C36-4458-BAE4-D5081999E094}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\Search Settings
[#] Key deleted on reboot: [x64] HKCU\Software\SimpleFiles
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Datamngr
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Browser Extensions
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Search Settings
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall{3A787631-66A2-4634-B928-A37E73B58FB6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\SearchScopes{0CAF6133-B363-4737-8A62-F8CE22CA518A}
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\SearchScopes{4565BD94-6AA8-4B61-A848-A9323292E492}
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0CAF6133-B363-4737-8A62-F8CE22CA518A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{4565BD94-6AA8-4B61-A848-A9323292E492}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{0CAF6133-B363-4737-8A62-F8CE22CA518A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{4565BD94-6AA8-4B61-A848-A9323292E492}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32 [BCU]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchSettings
[-] Value deleted: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmk lkikfigmjhbmmpmkmpooj
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcpp mmioggniknbnbdbcigpkk
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahf lnipadmlpgbjmagmjchkk
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\gclijllifhf pomppedeljakfegbcpojn
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhf pomppedeljakfegbcpojn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\gclijllifhf pomppedeljakfegbcpojn
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: “CT2801948..clientLogIsEnabled” - false
[-] Chrome preferences cleaned: “CT2801948..clientLogServiceUrl” - “hxxp://clientlog.users.tbccint.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent”
[-] Chrome preferences cleaned: “CT2801948..uninstallLogServiceUrl” - “hxxp://uninstall.users.tbccint.com/Uninstall.asmx/RegisterToolbarUninstallation”
[-] Chrome preferences cleaned: “CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR” - false
[-] Chrome preferences cleaned: “CT2801948.AboutPrivacyUrl” - “hxxp://www.conduit.com/privacy/default.aspx”
[-] Chrome preferences cleaned: “CT2801948.BrowserCompStateIsOpen_1297995036865235 41” - true
[-] Chrome preferences cleaned: “CT2801948.BrowserCompStateIsOpen_1359634298000” - true
[-] Chrome preferences cleaned: “CT2801948.CTID” - “CT2801948”
[-] Chrome preferences cleaned: “CT2801948.CurrentServerDate” - “23-6-2015”
[-] Chrome preferences cleaned: “CT2801948.DSInstall” - true
[-] Chrome preferences cleaned: “CT2801948.DialogsAlignMode” - “LTR”
[-] Chrome preferences cleaned: “CT2801948.DialogsGetterLastCheckTime” - “Mon Jun 22 2015 22:08:05 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.DownloadReferralCookieData” - “”
[-] Chrome preferences cleaned: “CT2801948.EMailNotifierPollDate” - “Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.FirstServerDate” - “23-6-2015”
[-] Chrome preferences cleaned: “CT2801948.FirstTime” - true
[-] Chrome preferences cleaned: “CT2801948.FirstTimeFF3” - true
[-] Chrome preferences cleaned: “CT2801948.FirstTimeHiddenVer” - true
[-] Chrome preferences cleaned: “CT2801948.FixPageNotFoundErrors” - true
[-] Chrome preferences cleaned: “CT2801948.GroupingServerCheckInterval” - 1440
[-] Chrome preferences cleaned: “CT2801948.GroupingServiceUrl” - “hxxp://grouping.tbccint.com/”
[-] Chrome preferences cleaned: “CT2801948.HPInstall” - true
[-] Chrome preferences cleaned: “CT2801948.HasUserGlobalKeys” - true
[-] Chrome preferences cleaned: “CT2801948.HomePageProtectorEnabled” - true
[-] Chrome preferences cleaned: “CT2801948.HomepageBeforeUnload” - “hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13”
[-] Chrome preferences cleaned: “CT2801948.Initialize” - true
[-] Chrome preferences cleaned: “CT2801948.InitializeCommonPrefs” - true
[-] Chrome preferences cleaned: “CT2801948.InstallationAndCookieDataSentCount” - 2
[-] Chrome preferences cleaned: “CT2801948.InstallationId” - “ConduitInstaller.exe”
[-] Chrome preferences cleaned: “CT2801948.InstallationType” - “ConduitNSISIntegration”
[-] Chrome preferences cleaned: “CT2801948.InstalledDate” - “Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.InvalidateCache” - false
[-] Chrome preferences cleaned: “CT2801948.IsAlertDBUpdated” - true
[-] Chrome preferences cleaned: “CT2801948.IsGrouping” - false
[-] Chrome preferences cleaned: “CT2801948.IsInitSetupIni” - true
[-] Chrome preferences cleaned: “CT2801948.IsMulticommunity” - false
[-] Chrome preferences cleaned: “CT2801948.IsOpenThankYouPage” - false
[-] Chrome preferences cleaned: “CT2801948.IsOpenUninstallPage” - true
[-] Chrome preferences cleaned: “CT2801948.IsProtectorsInit” - true
[-] Chrome preferences cleaned: “CT2801948.LanguagePackLastCheckTime” - “Mon Jun 22 2015 22:08:04 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.LanguagePackReloadIntervalMM” - 1440
[-] Chrome preferences cleaned: “CT2801948.LanguagePackServiceUrl” - “hxxp://translation.users.tbccint.com/Translation.ashx”
[-] Chrome preferences cleaned: “CT2801948.LastLogin_3.13.0.6” - “Mon Jun 22 2015 22:08:03 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.LatestVersion” - “3.20.0.4”
[-] Chrome preferences cleaned: “CT2801948.Locale” - “en-us”
[-] Chrome preferences cleaned: “CT2801948.MCDetectTooltipHeight” - “83”
[-] Chrome preferences cleaned: “CT2801948.MCDetectTooltipUrl” - “hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1”
[-] Chrome preferences cleaned: “CT2801948.MCDetectTooltipWidth” - “295”
[-] Chrome preferences cleaned: “CT2801948.MyStuffEnabledAtInstallation” - false
[-] Chrome preferences cleaned: “CT2801948.OriginalFirstVersion” - “3.13.0.6”
[-] Chrome preferences cleaned: “CT2801948.RadioIsPodcast” - false
[-] Chrome preferences cleaned: “CT2801948.RadioLastCheckTime” - “Mon Jun 22 2015 22:08:03 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.RadioLastUpdateIPServer” - “3”
[-] Chrome preferences cleaned: “CT2801948.RadioLastUpdateServer” - “129307496595170000”
[-] Chrome preferences cleaned: “CT2801948.RadioMediaID” - “21435220”
[-] Chrome preferences cleaned: “CT2801948.RadioMediaType” - “Media Player”
[-] Chrome preferences cleaned: “CT2801948.RadioMenuSelectedID” - “EBRadioMenu_CT280194821435220”
[-] Chrome preferences cleaned: “CT2801948.RadioShrinkedFromSetup” - false
[-] Chrome preferences cleaned: “CT2801948.RadioStationName” - “Virgin%20Radio%20Classic%20Rock”
[-] Chrome preferences cleaned: “CT2801948.RadioStationURL” - “hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb”
[-] Chrome preferences cleaned: “CT2801948.SavedHomepage” - “hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=”
[-] Chrome preferences cleaned: “CT2801948.SearchCaption” - “NCH EN Customized Web Search”
[-] Chrome preferences cleaned: “CT2801948.SearchEngineBeforeUnload” - “NCH EN Customized Web Search”
[-] Chrome preferences cleaned: “CT2801948.SearchFromAddressBarIsInit” - true
[-] Chrome preferences cleaned: “CT2801948.SearchFromAddressBarUrl” - “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=”
[-] Chrome preferences cleaned: “CT2801948.SearchInNewTabEnabled” - true
[-] Chrome preferences cleaned: “CT2801948.SearchInNewTabIntervalMM” - 1440
[-] Chrome preferences cleaned: “CT2801948.SearchInNewTabLastCheckTime” - “Mon Jun 22 2015 22:08:02 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.SearchInNewTabServiceUrl” - “hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID”
[-] Chrome preferences cleaned: “CT2801948.SearchProtectorEnabled” - false
[-] Chrome preferences cleaned: “CT2801948.SearchProtectorToolbarDisabled” - false
[-] Chrome preferences cleaned: “CT2801948.SendProtectorDataViaLogin” - true
[-] Chrome preferences cleaned: “CT2801948.ServiceMapLastCheckTime” - “Mon Jun 22 2015 22:08:01 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.SettingsLastCheckTime” - “Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.SettingsLastUpdate” - “1434831031”
[-] Chrome preferences cleaned: “CT2801948.TBHomePageUrl” - “hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13”
[-] Chrome preferences cleaned: “CT2801948.ThirdPartyComponentsInterval” - 504
[-] Chrome preferences cleaned: “CT2801948.ThirdPartyComponentsLastCheck” - “Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.ThirdPartyComponentsLastUpdate” - “1331805997”
[-] Chrome preferences cleaned: “CT2801948.ToolbarShrinkedFromSetup” - false
[-] Chrome preferences cleaned: “CT2801948.TrusteLinkUrl” - “hxxp://trust.cpccint.com”
[-] Chrome preferences cleaned: “CT2801948.TrustedApiDomains” - “conduit.com,conduit-hosting.com,conduit-services.com,tbclient.tbccint.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm”
[-] Chrome preferences cleaned: “CT2801948.UserID” - “UN43114603891290484”
[-] Chrome preferences cleaned: “CT2801948.WeatherNetwork” - “”
[-] Chrome preferences cleaned: “CT2801948.WeatherPollDate” - “Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.WeatherUnit” - “C”
[-] Chrome preferences cleaned: “CT2801948.alertChannelId” - “1194029”
[-] Chrome preferences cleaned: “CT2801948.backendstorage.searchappstate” - “32”
[-] Chrome preferences cleaned: “CT2801948.backendstorage.searchapptracking” - “31”
[-] Chrome preferences cleaned: “CT2801948.generalConfigFromLogin” - “{"ApiMaxAlerts":"12","SocialDomains":"social.cond uit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.apps.tbccint.com;apps.cpccint.com","AppsDetectionUrlPattern":"hxxp://appdownload.conduit.com/","RevertSettingsEnabled":"true","WorkingAppsWhenH iddenList":"[\"6cfe5439-68c4-4541-859e-cf72ae454b3e\",\"2d2f2f16-9432-4890-9f93-624a84cf6261\"]","ChInterval":"1"}”
[-] Chrome preferences cleaned: “CT2801948.globalFirstTimeInfoLastCheckTime” - “Mon Jun 22 2015 22:08:01 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.homepageProtectorEnableByLogin” - true
[-] Chrome preferences cleaned: “CT2801948.initDone” - true
[-] Chrome preferences cleaned: “CT2801948.isAppTrackingManagerOn” - false
[-] Chrome preferences cleaned: “CT2801948.isFirstRadioInstallation” - false
[-] Chrome preferences cleaned: “CT2801948.myStuffEnabled” - true
[-] Chrome preferences cleaned: “CT2801948.myStuffPublihserMinWidth” - 400
[-] Chrome preferences cleaned: “CT2801948.myStuffSearchUrl” - “hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB _TOOLBAR_ID&octid=EB_ORIGINAL_CTID”
[-] Chrome preferences cleaned: “CT2801948.myStuffServiceIntervalMM” - 1440
[-] Chrome preferences cleaned: “CT2801948.myStuffServiceUrl” - “hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTAN CE_GUID&lut=EB_MY_STUFF_LUT”
[-] Chrome preferences cleaned: “CT2801948.navigateToUrlOnSearch” - false
[-] Chrome preferences cleaned: “CT2801948.revertSettingsEnabled” - true
[-] Chrome preferences cleaned: “CT2801948.searchProtectorDialogDelayInSec” - 10
[-] Chrome preferences cleaned: “CT2801948.searchProtectorEnableByLogin” - true
[-] Chrome preferences cleaned: “CT2801948.testingCtid” - “”
[-] Chrome preferences cleaned: “CT2801948.toolbarAppMetaDataLastCheckTime” - “Mon Jun 22 2015 22:08:03 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CT2801948.toolbarContextMenuLastCheckTime” - “Mon Jun 22 2015 22:08:05 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CommunityToolbar.ConduitHomepagesList” - “hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13”
[-] Chrome preferences cleaned: “CommunityToolbar.ConduitSearchList” - “NCH EN Customized Web Search”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948” - “"3e0da5be33ce296700ead6967f52b0be3"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/US” - “"9e9bc8fd2fa54ed040204b5d8b03201f"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://alerts.tbccint.com/root/1194029/1189706/US” - “"9e9bc8fd2fa54ed040204b5d8b03201f"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948” - “"1335304596"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=CT2801948” - “wXadKzlxrTPi94Uh0RyfYA==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT2801948” - “wXadKzlxrTPi94Uh0RyfYA==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT2801948” - “4mR7UAmaE577t0ehc6wMRQ==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT2801948” - “4mR7UAmaE577t0ehc6wMRQ==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=CT2801948” - “9gZwAmVbKXLKgoQfYaFHDw==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT2801948” - “9gZwAmVbKXLKgoQfYaFHDw==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=CT2801948” - “/Tci0o49cXaopKSi//woyw==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT2801948” - “/Tci0o49cXaopKSi//woyw==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT2801948&UM=UM_UNINSTALL_ID” - “/Tci0o49cXaopKSi//woyw==”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg” - “"f4cb1557a8bece1:4d2"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6” - “"f414eeaa6bece1:4d2"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948” - “"a238378f7d0708034a0defa297cb8b8b"”
[-] Chrome preferences cleaned: “CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us” - “"eaf73610e336ff8f64237fc73930dfe4"”
[-] Chrome preferences cleaned: “CommunityToolbar.LatestLibsPath” - “file:///C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\conduitCommon\modules\3.13. 0.6”
[-] Chrome preferences cleaned: “CommunityToolbar.LatestToolbarVersionInstalled” - “3.13.0.6”
[-] Chrome preferences cleaned: “CommunityToolbar.SearchFromAddressBarSavedUrl” - “”
[-] Chrome preferences cleaned: “CommunityToolbar.ToolbarsList” - “CT2801948”
[-] Chrome preferences cleaned: “CommunityToolbar.ToolbarsList2” - “CT2801948”
[-] Chrome preferences cleaned: “CommunityToolbar.ToolbarsList4” - “CT2801948”
[-] Chrome preferences cleaned: “CommunityToolbar.globalUserId” - “6038bd9c-bfd1-40dd-9cb5-d23d60482669”
[-] Chrome preferences cleaned: “CommunityToolbar.isAlertUrlAddedToFeedItemTable” - true
[-] Chrome preferences cleaned: “CommunityToolbar.isClickActionAddedToFeedItemTabl e” - true
[-] Chrome preferences cleaned: “CommunityToolbar.keywordURLSelectedCTID” - “CT2801948”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.alertDialogsGetter LastCheckTime” - “Mon Jun 22 2015 22:08:05 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.alertInfoInterval” - 60
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.alertInfoLastCheck Time” - “Mon Jun 22 2015 22:08:12 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.clientsServerUrl” - “hxxp://alertsnotifications.ourtoolbar.com”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.locale” - “en”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.loginIntervalMin” - 1440
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.loginLastCheckTime ” - “Mon Jun 22 2015 22:08:04 GMT-0400 (Eastern Daylight Time)”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.loginLastUpdateTim e” - “1401369664”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.messageShowTimeSec ” - 20
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.servicesServerUrl” - “hxxp://alert.services.tbccint.com”
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.showTrayIcon” - false
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.userCloseIntervalM in” - 300
[-] Chrome preferences cleaned: “CommunityToolbar.notifications.userId” - “d02c081d-9702-4d18-b214-6cc918573afa”
[-] Chrome preferences cleaned: “CommunityToolbar.originalHomepage” - “hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=”
[-] Chrome preferences cleaned: “CommunityToolbar.originalSearchEngine” - “Dregol”
[-] Chrome preferences cleaned: “browser.search.defaultenginename.US” - “NCH EN Customized Web Search”
[-] Chrome preferences cleaned: “browser.search.defaultthis.engineName” - “NCH EN Customized Web Search”
[-] Chrome preferences cleaned: “browser.search.defaulturl” - “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={s earchTerms}”
[-] Chrome preferences cleaned: “browser.search.selectedEngine” - “NCH EN Customized Web Search”
[-] Chrome preferences cleaned: “browser.startup.homepage” - “hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13”
[-] Chrome preferences cleaned: “keyword.URL” - “hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=”
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: dregol
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=&uref=chmm
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [extension] Deleted: gclijllifhfpomppedeljakfegbcpojn
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [extension] Deleted: ihokndmjeombjojnfkmapfnjeghjohim
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=&uref=chmm
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: dregol.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.dregol.com/?f=7&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gclijllifhfpomppedeljakfegbcpojn
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ihokndmjeombjojnfkmapfnjeghjohim
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=

:: “Tracing” keys deleted
:: Winsock settings cleared

C:\AdwCleaner\AdwCleaner[C0].txt - [39216 Bytes] - [07/12/2016 00:22:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [46827 Bytes] - [07/12/2016 00:20:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [39364 Bytes] ##########

Code:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Bryan (Administrator) on Wed 12/07/2016 at  0:30:18.31

File System: 5

Successfully deleted: C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad 3b802ffd897 (File)
Successfully deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\extensions{37483b40-c254-4a72-bda4-22ee90182c1e}\searchplugin\conduit.xml (File)
Successfully deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\user.js (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\0814avUpdateInfo (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)

Registry: 0

Code:

Scan was completed on Wed 12/07/2016 at  0:35:11.93
End of JRT log

[-] Deleted ->> File ->> C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Chromium\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localsto rage
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Chromium\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localsto rage-journal
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localsto rage
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localsto rage-journal
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ RegValue: AppPath RegData: C:\Program Files (x86)\Run_Dregol\ : C:\Program Files (x86)\Run_Dregol\
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Low Rights\ElevationPolicy\ RegValue: AppPath RegData: C:\Program Files (x86)\Run_Dregol\ : C:\Program Files (x86)\Run_Dregol\
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ RegValue: AppPath RegData: C:\Program Files (x86)\Run_Dregol\ : C:\Program Files (x86)\Run_Dregol\
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Low Rights\ElevationPolicy\ RegValue: AppPath RegData: C:\Program Files (x86)\Run_Dregol\ : C:\Program Files (x86)\Run_Dregol\
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\Software\AppDataLow\Software\Sma rtbar

~ ZHPCleaner v2016.12.6.210 by Nicolas Coolman (2016/12/04)
~ Run by Bryan (Administrator) (07/12/2016 00:55:00)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Bryan\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bryan\AppData\Roaming\ZHP\ZHPCleaner_Quar antine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (7)
REPLACED Google Chrome Preferences: " https://d31qbv1cthcecs.cloudfront.net/ " =>.Superfluous.CloudfrontNet
REPLACED Google Chrome Preferences: " https://d5nxst8fruw4z.cloudfront.net/ " =>.Superfluous.CloudfrontNet
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyOverride [Bad : <-loopback>] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyServer [Bad : http=127.0.0.1:60190;https=127.0.0.1:60190] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyEnable [Bad : 0] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy

—\ Hosts file (1)
~ The hosts file is legitimate (14796)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (90)
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\extensions{37483b40-c254-4a72-bda4-22ee90182c1e}\modules\SearchProtector.jsm =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\SearchProtectorRetakeover.c ss =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\SearchProtectorRetakeover.j s =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\Icon.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\bubble.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\bubble.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\information.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-default-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-default-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-mouseover-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-mouseover-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\images\ok-button.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\images\separation-line.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\images\warning.png =>PUP.Optional.SearchProtect
MOVED file: C:\Windows\Installer\wix{328CC232-CFDC-468B-A214-2E21300E4CB5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{404BB1FF-A84F-432F-B77B-301E88E8D1C7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9C98CA38-4C1A-4AC8-B55C-169497C8826B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9EFC40E3-5F31-4F75-8445-286273F74D8E}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\Bryan\Downloads\CR_Downloader_for_dolphin .exe [Program - Application Internet Web Setup] =>Adware.Amonetize
MOVED file: C:\Users\Bryan\Downloads\How to Have a Frugally Fabulous Wedding.pdf =>PUP.Optional.CrossRider
MOVED file: C:\Users\Bryan\Downloads\SnapMyScreenSetup.SnapMyS creen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe [Mindspark Interactive Network - SnapMyScreen Setup] =>.Superfluous.MindSpark
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage-journal =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.local storage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.local storage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.local storage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.local storage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstora ge =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstora ge-journal =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorag e =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorag e-journal =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage-journal =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED folder: C:\Users\Bryan\AppData\Roaming\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Users\Bryan\AppData\Local\CrashReportClient =>.Superfluous.CrashReports
MOVED folder: C:\Users\Bryan\AppData\Local\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI5B93.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7E5F.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI812E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC276.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC4F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID350.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID356.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID71A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIE3F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIEE68.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF501.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF7E4.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (10)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\weatherbug.com =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\WeatherBugStub. exe =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{4B969F2F-E383-4EBD-8B34-EDA2D737D096} [Spigot, Inc.] =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{90E4CD0C-426F-4207-805B-7885AB32D43F} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions

—\ Summary of the elements found (23)
Redirecting... =>.Superfluous.CloudfrontNet
Redirecting... =>Hijacker.Proxy
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.BDYahoo
https://www.nicolascoolman.com/fr/pup-searchprotect/ =>PUP.Optional.SearchProtect
Blog - Nicolas Coolman =>.Superfluous.Empty
Redirecting... =>Adware.Amonetize
Redirecting... =>PUP.Optional.CrossRider
Redirecting... =>.Superfluous.MindSpark
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
Redirecting... =>PUP.Optional.Generic
Blog - Nicolas Coolman =>.Superfluous.AkamaiHD
Blog - Nicolas Coolman =>.Superfluous.Softonic
Redirecting... =>.Superfluous.IronSourceLtd
https://www.nicolascoolman.com/fr/spyware-putlocker/ =>PUP.Optional.PutLocker
https://www.nicolascoolman.com/fr/adware-addlyrics/ =>PUP.Optional.AddLyrics
Redirecting... =>.Superfluous.FastWeb
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.WeatherBug
Blog - Nicolas Coolman =>.Superfluous.CrashReports
Redirecting... =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.BrowserExtensions
https://www.nicolascoolman.com/fr/pup-dealio/ =>PUP.Optional.Dealio
Redirecting... =>Heuristic.Suspect

—\ Other deletions. (12)
~ Registry Keys Tracing deleted (12)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.

—\ Statistics
~ Items scanned : 30192
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 107

~ End of clean in 00h00mn30s
~====================
ZHPCleaner-[R]-07122016-00_55_30.txt
ZHPCleaner–07122016-00_54_19.txt

~ ZHPCleaner v2016.12.6.210 by Nicolas Coolman (2016/12/04)
~ Run by Bryan (Administrator) (07/12/2016 00:55:00)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Bryan\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bryan\AppData\Roaming\ZHP\ZHPCleaner_Quar antine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (7)
REPLACED Google Chrome Preferences: " https://d31qbv1cthcecs.cloudfront.net/ " =>.Superfluous.CloudfrontNet
REPLACED Google Chrome Preferences: " https://d5nxst8fruw4z.cloudfront.net/ " =>.Superfluous.CloudfrontNet
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyOverride [Bad : <-loopback>] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyServer [Bad : http=127.0.0.1:60190;https=127.0.0.1:60190] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyEnable [Bad : 0] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy

—\ Hosts file (1)
~ The hosts file is legitimate (14796)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (90)
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\extensions{37483b40-c254-4a72-bda4-22ee90182c1e}\modules\SearchProtector.jsm =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\SearchProtectorRetakeover.c ss =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\SearchProtectorRetakeover.j s =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\Icon.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorRetakeoverDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\bubble.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\bubble.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\information.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-default-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-default-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-mouseover-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\SearchPro tectorBubbleDialog\images\x-mouseover-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\images\ok-button.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\images\separation-line.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\CT2801948\Dialogs\NewSearch ProtectorDialog\images\warning.png =>PUP.Optional.SearchProtect
MOVED file: C:\Windows\Installer\wix{328CC232-CFDC-468B-A214-2E21300E4CB5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{404BB1FF-A84F-432F-B77B-301E88E8D1C7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9C98CA38-4C1A-4AC8-B55C-169497C8826B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9EFC40E3-5F31-4F75-8445-286273F74D8E}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\Bryan\Downloads\CR_Downloader_for_dolphin .exe [Program - Application Internet Web Setup] =>Adware.Amonetize
MOVED file: C:\Users\Bryan\Downloads\How to Have a Frugally Fabulous Wedding.pdf =>PUP.Optional.CrossRider
MOVED file: C:\Users\Bryan\Downloads\SnapMyScreenSetup.SnapMyS creen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe [Mindspark Interactive Network - SnapMyScreen Setup] =>.Superfluous.MindSpark
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.loca lstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage-journal =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.local storage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.local storage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.local storage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.local storage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstora ge =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstora ge-journal =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorag e =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorag e-journal =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage-journal =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED folder: C:\Users\Bryan\AppData\Roaming\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Users\Bryan\AppData\Local\CrashReportClient =>.Superfluous.CrashReports
MOVED folder: C:\Users\Bryan\AppData\Local\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI5B93.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7E5F.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI812E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC276.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC4F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID350.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID356.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID71A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIE3F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIEE68.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF501.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF7E4.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (10)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\weatherbug.com =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\WeatherBugStub. exe =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{4B969F2F-E383-4EBD-8B34-EDA2D737D096} [Spigot, Inc.] =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{90E4CD0C-426F-4207-805B-7885AB32D43F} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions

—\ Summary of the elements found (23)
Redirecting... =>.Superfluous.CloudfrontNet
Redirecting... =>Hijacker.Proxy
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.BDYahoo
https://www.nicolascoolman.com/fr/pup-searchprotect/ =>PUP.Optional.SearchProtect
Blog - Nicolas Coolman =>.Superfluous.Empty
Redirecting... =>Adware.Amonetize
Redirecting... =>PUP.Optional.CrossRider
Redirecting... =>.Superfluous.MindSpark
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
Redirecting... =>PUP.Optional.Generic
Blog - Nicolas Coolman =>.Superfluous.AkamaiHD
Blog - Nicolas Coolman =>.Superfluous.Softonic
Redirecting... =>.Superfluous.IronSourceLtd
https://www.nicolascoolman.com/fr/spyware-putlocker/ =>PUP.Optional.PutLocker
https://www.nicolascoolman.com/fr/adware-addlyrics/ =>PUP.Optional.AddLyrics
Redirecting... =>.Superfluous.FastWeb
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.WeatherBug
Blog - Nicolas Coolman =>.Superfluous.CrashReports
Redirecting... =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.BrowserExtensions
https://www.nicolascoolman.com/fr/pup-dealio/ =>PUP.Optional.Dealio
Redirecting... =>Heuristic.Suspect

—\ Other deletions. (12)
~ Registry Keys Tracing deleted (12)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.

—\ Statistics
~ Items scanned : 30192
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 107

~ End of clean in 00h00mn30s
~====================
ZHPCleaner-[R]-07122016-00_55_30.txt
ZHPCleaner–07122016-00_54_19.txt

**Malnutrition** · 12-07-2016, 02:35 PM

Step 1: Remove Useless Programs.
[ul]

- - Remove these items below with Geek Uninstaller.
    
    [/ul]

µTorrent (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
Browser Configuration Utility (HKLM-x32...{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Browser Extensions (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION
HP Webcam User’s Guide (HKLM-x32...{D31612BB-C6D7-4142-96AE-16DB062354CF}) (Version: - Hewlett-Packard)
Java 8 Update 101 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Spybot - Search & Destroy (HKLM-x32...{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Vuze (HKLM-x32...\8461-7759-5462-8226) (Version: 5.7.2.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.9 (HKLM-x32...{4B969F2F-E383-4EBD-8B34-EDA2D737D096}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION

Step 2: Zemana Deep Scan.

[ul]
[li]Right click on Zemana and run as admin.[/li][li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li]
[li]Select Advanced - I have read the warning and wish to proceed.[/li][li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][li]Then click the house icon in Zemana.[/li][li]Then hit your start button at the lower left hand corner of your desktop.[/li]
[li]Then left click on Computer.[/li][li]Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.[/li][li]http://i.imgur.com/bOVO6lY.png[/li][li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][li]Double click to open the latest log-file.[/li][li]Copy it to your clipboard.[/li]
[li]Post the log here in your next reply.[/li][/ul]

Step3: FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 5: Emsisoft Scan

We will need a Log from Emsisoft Emergency Kit.

Please go HERE and download Emsisoft Emergency Kit, save it to somewhere you can find it, the desktop will be the best place. Once downloaded Double left click on the desktop icon

[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_07/emsisoft1.jpg.251643c685e83cda9d969cc7ad431659.jpg[/URL]

The installer will open and display the license agreement and the proposed default program folder location, accept this and then click the install button.

[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_07/emsisoft2.jpg.8cb8f68392e26b51d4fa0c7ce7c11d61.jpg[/URL]

It will take a minute or two to extract all the files into the destination folder and when complete the folder should open in an explorer window. If by chance it does not, open Windows Explorer and navigate to C:\EEK and the folder contents should appear similar to that below.

Right click the “Start Emergency Kit Scanner.exe” file and select Run as Administrator from the drop down menu.

[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_07/emsisoft3.jpg.dd3a6a543b93eaba8dfd801cdaad59aa.jpg[/URL]

The malware signatures will load and a prompt will appear to update online. Click “Yes” to update.

[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_07/emsisoft4.thumb.jpg.e2bc40e9e231eb554aac1d0707b565 31.jpg[/URL]

The update will take a few minutes and the Update now box for step one will turn green. In the second box labelled “2. Scan” click on the “Custom Scan” label as per picture below.

[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_08/emsisoft5a.thumb.jpg.696f05469b941f034f8d008fe981d 348.jpg[/URL]

The custom scan options box will open and by default will have selected the default operating system drive by default. Accept the “Scan Object” and “Scan Settings” options already checked, and click the next button.

[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_08/emsisoft7a.thumb.jpg.f0f170f1d7c887d86b8cfc5d91e6e 3f9.jpg[/URL]

The scan will begin which may take some time to complete. If any suspicious files are found they will be listed and automatically selected for quarantine.

[ol]
[li]Select “Quarantine Selected”[/li][li]Then select “View Report”[/li][/ol]
[URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_08/emsisoft6b.thumb.jpg.08f8f9d77576de82a4ef42c460bbe 4b8.jpg[/URL]

A notepad file will open with the results of the scan.
A copy of the report can also be found by clicking the logs “Logs” box on the program main opening screen.
Please copy and paste the contents of the report in your next reply.

Step 4: HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 5: Autoruns Log.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

**Malnutrition** · 12-09-2016, 08:29 PM

@Lardalish How about an update for us?

**Malnutrition** · 12-11-2016, 09:41 PM

@Lardalish How about an update for us? If there is no update in 48 Hours, this thread will be closed.

**Lardalish** · 01-05-2017, 04:13 AM

Ok, so I had made a thread before and got through a lot of programs and then life got in the way. I got back to it and followed the last instructions I was given. Anyway, heres the old thread:

Forums - PC Help Forum

https://pchelpforum.net/threads/the-staff-here-said-i-might-have-malware.14557/

PCHF Forums

I removed those files listed with Geek Uninstaller except for
"Browser Configuration Utility (HKLM-x32...{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Browser Extensions (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION"
I could not find those in the list.
And here are the log files from that last post.
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bryan (04-01-2017 11:42:00) Run:1
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: Bryan & DefaultAppPool)
Boot Mode: Normal[/HEADING]
fixlist content:

CreateRestorePoint:
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
Task: {FB4D4D83-6484-4BE4-A897-CF12E8EC8E84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd → No File <==== ATTENTION
Task: {EFF7FA9B-71DC-4715-8BA8-16EDA373369A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d → No File <==== ATTENTIO
Task: {E13EA930-A87B-4819-9872-458FE8488AB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B → No File <==== ATTENTION
Task: {BBD59593-6DE4-4CC2-AB20-F3553D295A31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d → No File <==== ATTENTION
Task: {BF1174BF-859A-4DF8-8CA8-7C7042882E67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5759DD7-35B7-4664-A8FD-289C8435B7A3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization → No File <==== ATTENTION
Task: {D4CC058D-6E8A-423C-92E2-75CAACBD282E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {D7999EBD-BC8F-45D5-8664-AB3408E8385A} - \Safer-Networking\Spybot - Search and Destroy\Scan the system → No File <==== ATTENTION
Task: {B9300E86-CD64-48F7-94DD-A456DD72D7C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {AECB5684-4A48-4980-B887-555DB5406C67} - \Microsoft\Windows\Setup\gwx\launchtrayprocess → No File <==== ATTENTION
Task: {950C771E-8461-4B25-B839-3BE725D37F29} - \Safer-Networking\Spybot - Search and Destroy\Check for updates → No File <==== ATTENTION
Task: {9931FF85-3351-42DE-8F34-B03F5B1AF536} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d → No File <==== ATTENTION
Task: {8290ABE3-4049-4AF7-AE71-A90F12CB7647} - System32\Tasks{D7800F6C-F764-4C79-B124-9E3AA70471DC} => pcalua.exe -a “C:\Users\Bryan\Desktop\New Folder\crack\UPDATE\assassins_creed_2_1.01_us.exe” -d “C:\Users\Bryan\Desktop\New Folder\crack\UPDATE”
Task: {6F2B85AE-85DB-46A2-B01E-15610C28006E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig → No File <==== ATTENTION
Task: {5A67B648-E6F4-40D6-918D-FCEEB121DD4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent → No File <==== ATTENTION
Task: {4C3086EE-8C38-4F1C-BB8C-8BEEEF8B855C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {29F34EC9-1504-43B5-A7E5-3992EB83042E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d → No File <==== ATTENTION
Task: {27FF1ACE-77AE-4DD2-ABC4-63AC7824A216} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1BD4D10D-0E13-4A44-B061-7748355BA825} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent → No File <==== ATTENTION
Task: {157B46F2-A7BC-4E9B-8A8B-DCF1469CB341} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d → No File <==== ATTENTION
C:\Users\Bryan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Bryan\AppData\Local\Temp\SkypeSetup.exe
2010-04-13 11:01 - 2010-05-29 18:01 - 0000004 _____ () C:\Users\Bryan\AppData\Roaming\FC0951
2010-04-13 11:01 - 2010-05-29 18:01 - 0870128 _____ () C:\Users\Bryan\AppData\Roaming\mcs.rma
2014-12-13 23:46 - 2014-12-13 23:46 - 0000064 _____ () C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad 3b802ffd897
2010-05-22 21:20 - 2010-05-22 21:20 - 0000600 _____ () C:\Users\Bryan\AppData\Local\PUTTY.RND
2012-08-15 21:59 - 2012-09-22 02:21 - 0000044 ___SH () C:\ProgramData.zreglib
2010-04-01 12:18 - 2010-04-01 12:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad 3b802ffd897
C:\Users\Bryan\AppData\Roaming\uTorrent
C:\Users\Bryan\AppData\Roaming\Azureus
C:\Users\Bryan\Downloads[ www.Torrenting.com ] - Sweeny Todd The Demon Barber Of Fleet Street 2007 DVDRIP Xvid AC3-BHRG
U3 idsvc; no ImagePath
DisableService: DirMngr
DisableService: GfExperienceService
DisableService: WdNisSvc
DisableService: WinDefend
DisableService: IDriverT
CHR HKLM-x32...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Bryan\AppData\Local\Temp\tbch.crx
CHR HKLM-x32...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppe deljakfegbcpojn.crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppe deljakfegbcpojn.crx
CHR HKLM-x32...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx
CHR HKLM-x32...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppe deljakfegbcpojn.crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppe deljakfegbcpojn.crx
CHR HKLM-x32...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx
CHR HomePage: Default → hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=
CHR StartupUrls: Default → “hxxp://www.dregol.com/?f=7&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEz ytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAt FzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1 L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0 DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1 Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0 DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=9433145 30&ir=”,“”
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin → C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.1.0\FF => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wtu-secure-search.xml [2014-11-06]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\avg-secure-search.xml [2014-11-06]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\conduit.xml [2012-06-14]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\searchplugins\Dregol.xml [2015-06-22]
FF Extension: (Address Bar Search) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\Extensions{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-16] [not signed]
FF Homepage: Mozilla\Firefox\Profiles\thahfu1s.default → hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
FF Keyword.URL: Mozilla\Firefox\Profiles\thahfu1s.default → hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=
FF user.js: detected! => C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\user.js [2013-08-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\thahfu1s.default → Yahoo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\thahfu1s.default → NCH EN Customized Web Search
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\thahfu1s.default → hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={s earchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\9.9\vuzeToolbarIE.dll [2014-10-10] (Spigot, Inc.)
BHO-x32: No Name → {95B7759C-8C7F-4BF1-B163-73684A933233} → No File
BHO-x32: No Name → {02478D38-C3F9-4efb-9B51-7695ECA05670} → No File
BHO-x32: Vuze Remote Toolbar → {05478A66-EDB6-4A22-A870-A5987F80A7DA} → C:\Program Files (x86)\Vuze Remote Toolbar\IE\9.9\vuzeToolbarIE.dll [2014-10-10] (Spigot, Inc.)
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKLM → {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 → DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2801948
SearchScopes: HKLM-x32 → {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2801948
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → DefaultScope {99653235-66E7-4294-A58A-C006B3CE06AB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DCF1DF&PC=DCF1&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → {0CAF6133-B363-4737-8A62-F8CE22CA518A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC 0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN 1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G 1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzy tAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z 1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyE tG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&c r=943314530&ir=
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → {3E762472-5EC9-4cc1-9400-8372E2898368} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV% 3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AF FFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFO RID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → {4565BD94-6AA8-4B61-A848-A9323292E492} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → {99653235-66E7-4294-A58A-C006B3CE06AB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2801948
ProxyServer: [S-1-5-21-3534269808-1485983137-1280583553-1000] => http=127.0.0.1:60190;https=127.0.0.1:60190
Hosts:
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip..\Interfaces{244551fa-f4f7-4d10-b506-eb7f183024c0}: [DhcpNameServer] 192.168.1.254
Tcpip..\Interfaces{85e448af-b9ba-4d26-b108-bc168d199adc}: [DhcpNameServer] 192.168.1.254
Tcpip..\Interfaces{a07d11a2-db66-4097-b889-d94922c1d720}: [DhcpNameServer] 192.168.1.1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk [2010-03-30]
ShortcutTarget: NCProTray.lnk → C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)
Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\GameVox.lnk [2015-09-24]
ShortcutTarget: GameVox.lnk → C:\Program Files (x86)\GameVox\GameVox.exe (GameVox LLC)
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => No File
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll
HKLM-x32...\Run: =>
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Restore point was successfully created.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
“C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job” => not found.
“C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job” => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{FB4D4D8 3-6484-4BE4-A897-CF12E8EC8E84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FB4D4D8 3-6484-4BE4-A897-CF12E8EC8E84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{EFF7FA9 B-71DC-4715-8BA8-16EDA373369A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{EFF7FA9 B-71DC-4715-8BA8-16EDA373369A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E13EA93 0-A87B-4819-9872-458FE8488AB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E13EA93 0-A87B-4819-9872-458FE8488AB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{BBD5959 3-6DE4-4CC2-AB20-F3553D295A31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BBD5959 3-6DE4-4CC2-AB20-F3553D295A31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{BF1174B F-859A-4DF8-8CA8-7C7042882E67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BF1174B F-859A-4DF8-8CA8-7C7042882E67} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C5759DD 7-35B7-4664-A8FD-289C8435B7A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C5759DD 7-35B7-4664-A8FD-289C8435B7A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D4CC058 D-6E8A-423C-92E2-75CAACBD282E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D4CC058 D-6E8A-423C-92E2-75CAACBD282E} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D7999EB D-BC8F-45D5-8664-AB3408E8385A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D7999EB D-BC8F-45D5-8664-AB3408E8385A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B9300E8 6-CD64-48F7-94DD-A456DD72D7C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B9300E8 6-CD64-48F7-94DD-A456DD72D7C2} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Remova lTools\MRT_HB => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\RemovalTools\MRT_HB => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{AECB568 4-4A48-4980-B887-555DB5406C67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AECB568 4-4A48-4980-B887-555DB5406C67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{950C771 E-8461-4B25-B839-3BE725D37F29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{950C771 E-8461-4B25-B839-3BE725D37F29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9931FF8 5-3351-42DE-8F34-B03F5B1AF536} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9931FF8 5-3351-42DE-8F34-B03F5B1AF536} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8290ABE 3-4049-4AF7-AE71-A90F12CB7647} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8290ABE 3-4049-4AF7-AE71-A90F12CB7647} => key removed successfully
C:\WINDOWS\System32\Tasks{D7800F6C-F764-4C79-B124-9E3AA70471DC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{D7800F6C-F764-4C79-B124-9E3AA70471DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{6F2B85A E-85DB-46A2-B01E-15610C28006E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6F2B85A E-85DB-46A2-B01E-15610C28006E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{5A67B64 8-E6F4-40D6-918D-FCEEB121DD4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5A67B64 8-E6F4-40D6-918D-FCEEB121DD4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{4C3086E E-8C38-4F1C-BB8C-8BEEEF8B855C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4C3086E E-8C38-4F1C-BB8C-8BEEEF8B855C} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{29F34EC 9-1504-43B5-A7E5-3992EB83042E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{29F34EC 9-1504-43B5-A7E5-3992EB83042E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{27FF1AC E-77AE-4DD2-ABC4-63AC7824A216} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{27FF1AC E-77AE-4DD2-ABC4-63AC7824A216} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1BD4D10 D-0E13-4A44-B061-7748355BA825} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1BD4D10 D-0E13-4A44-B061-7748355BA825} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{157B46F 2-A7BC-4E9B-8A8B-DCF1469CB341} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{157B46F 2-A7BC-4E9B-8A8B-DCF1469CB341} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
C:\Users\Bryan\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Bryan\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Bryan\AppData\Roaming\FC0951 => moved successfully
C:\Users\Bryan\AppData\Roaming\mcs.rma => moved successfully
“C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3da d3b802ffd897” => not found.
C:\Users\Bryan\AppData\Local\PUTTY.RND => moved successfully
C:\ProgramData.zreglib => moved successfully
C:\ProgramData\ezsidmv.dat => moved successfully
“C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3da d3b802ffd897” => not found.
C:\Users\Bryan\AppData\Roaming\uTorrent => moved successfully
C:\Users\Bryan\AppData\Roaming\Azureus => moved successfully
C:\Users\Bryan\Downloads[ www.Torrenting.com ] - Sweeny Todd The Demon Barber Of Fleet Street 2007 DVDRIP Xvid AC3-BHRG => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
DirMngr => Unable to disable service
GfExperienceService => Unable to disable service
WdNisSvc => Unable to disable service
WinDefend => Unable to disable service
IDriverT => Unable to disable service
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \ojpijjmpahflnipadmlpgbjmagmjchkk => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \mhkaekfpcppmmioggniknbnbdbcigpkk => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\gclijllifhf pomppedeljakfegbcpojn => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gclijllifhfpomppedeljakfegbcpojn => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \icdlfehblmklkikfigmjhbmmpmkmpooj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \ihokndmjeombjojnfkmapfnjeghjohim => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\gclijllifhf pomppedeljakfegbcpojn => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\ihokndmjeom bjojnfkmapfnjeghjohim => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gclijllifhfpomppedeljakfegbcpojn => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \icdlfehblmklkikfigmjhbmmpmkmpooj => key not found.
Chrome HomePage => not found.
Chrome StartupUrls => not found.
HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins@pandonetworks.com/PandoWebPlugin => key removed successfully
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Mozilla\Firefox\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} => value not found.
“C:\Program Files (x86)\mozilla firefox\searchplugins\wtu-secure-search.xml” => not found.
“C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pr ofiles\thahfu1s.default\searchplugins\avg-secure-search.xml” => not found.
“C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pr ofiles\thahfu1s.default\searchplugins\conduit.xml” => not found.
“C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pr ofiles\thahfu1s.default\searchplugins\Dregol.xml” => not found.

“C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pr ofiles\thahfu1s.default\Extensions{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}” folder move:

Could not move “C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pr ofiles\thahfu1s.default\Extensions{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}” => Scheduled to move on reboot.

Firefox “homepage” removed successfully
FF Keyword.URL: Mozilla\Firefox\Profiles\thahfu1s.default → hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q= => not found
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\user.js => not found.
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\user.js => not found.
Firefox DefaultSearchEngine removed successfully
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\thahfu1s.default → NCH EN Customized Web Search => not found
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\thahfu1s.default → hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={s earchTerms} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value could not remove.
HKCR\CLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => value not found.
HKCR\Wow6432Node\CLSID{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233} => could not remove key. Access Denied.
HKCR\Wow6432Node\CLSID{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670} => could not remove key. Access Denied.
HKCR\Wow6432Node\CLSID{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{05478A66-EDB6-4A22-A870-A5987F80A7DA} => could not remove key. Access Denied.
HKCR\Wow6432Node\CLSID{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\Main\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key removed successfully
HKCR\CLSID{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKCR\Wow6432Node\CLSID{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0CAF6133-B363-4737-8A62-F8CE22CA518A} => key not found.
HKCR\CLSID{0CAF6133-B363-4737-8A62-F8CE22CA518A} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{3E762472-5EC9-4cc1-9400-8372E2898368} => key removed successfully
HKCR\CLSID{3E762472-5EC9-4cc1-9400-8372E2898368} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{4565BD94-6AA8-4B61-A848-A9323292E492} => key not found.
HKCR\CLSID{4565BD94-6AA8-4B61-A848-A9323292E492} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{99653235-66E7-4294-A58A-C006B3CE06AB} => key removed successfully
HKCR\CLSID{99653235-66E7-4294-A58A-C006B3CE06AB} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKCR\CLSID{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyServer => value could not remove.
“C:\Windows\System32\Drivers\etc\hosts” => Could not move.
Could not restore Hosts.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value could not remove.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{244551fa-f4f7-4d10-b506-eb7f183024c0}\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{85e448af-b9ba-4d26-b108-bc168d199adc}\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{a07d11a2-db66-4097-b889-d94922c1d720}\DhcpNameServer => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk => moved successfully
C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe => moved successfully
C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\GameVox.lnk => moved successfully
C:\Program Files (x86)\GameVox\GameVox.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\00avast => key could not remove, key could be protected
HKCR\CLSID{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\ => value could not remove.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

========= End of Reg: =========

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyServer => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

========= End of CMD: =========

========= ipconfig /flushdns =========

========= End of CMD: =========

========= netsh winsock reset catalog =========

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

========= End of CMD: =========

========= ipconfig /release =========

========= End of CMD: =========

========= ipconfig /renew =========

========= End of CMD: =========

========= netsh int ipv4 reset =========

========= End of CMD: =========

========= netsh int ipv6 reset =========

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 1134528 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 380953044 B
Java, Flash, Steam htmlcache => 566945269 B
Windows/system/drivers => 1221076 B
Edge => 561192 B
Chrome => 737516311 B
Firefox => 21405846 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 30498 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 100500 B
NetworkService => 2247546 B
Bryan => 426865780 B
DefaultAppPool => 22818 B

Zemana AntiMalware 2.70.2.262 (Installed)

Scan Result : Completed
Scan Date : 2017/1/4
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i5-6500 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 12664A99569BA5006DAFB7
Scan Type : Custom Scan
Duration : 157m 38s
Scanned Objects : 640658
Detected Objects : 17
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
openofficeussuite-setup.exe
Status : Scanned
Object : %userprofile%\downloads\openofficeussuite-setup.exe
MD5 : B7948B3574C89862A962C317E8220178
Publisher : Download Admin
Size : 476528
Version : -
Detection : Win32/Adware.Downloader!Ep
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\openofficeussuite-setup.exe

braid_full_1015.exe
Status : Scanned
Object : %userprofile%\downloads\braid_full_1015.exe
MD5 : 2F14B93A901C16B2ADBADB0430AB383D
Publisher : -
Size : 53248
Version : 0.0.0.0
Detection : Malware:Win32/Tazzi.A!Emka
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\braid_full_1015.exe

switch.exe
Status : Scanned
Object : %programfiles%\nch software\switch\switch.exe
MD5 : D5ECD86F070A257EDD9BC6D904A397FC
Publisher : -
Size : 1295876
Version : 0.0.0.0
Detection : Adware:Win32/Conduit!Sig
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\nch software\switch\switch.exe
Reference - C:\Users\Bryan\Desktop\Stuff\Switch Sound File Converter.lnk

CR_Downloader_for_dolphin.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\cr_downloader_for_dolphin .exe
MD5 : FCA2C2DE4F913B0DAFF09CD6D8B3E1DB
Publisher : eCHANG Net Inc.
Size : 747288
Version : 0.0.0.0
Detection : Adware:Win32/eCHANG!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\cr_downloader_for_dolphin .exe

SnapMyScreenSetup.SnapMyScreen_bf.jhimebnnaphjchlh cdgdlbfmlbbbaank.ch.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\snapmyscreensetup.snapmys creen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe
MD5 : 50583DB4761FCAD44673F668AF2A3D6A
Publisher : Mindspark Interactive Network
Size : 3336576
Version : 1.0.7907.151
Detection : Adware:Win32/Mindspark!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\snapmyscreensetup.snapmys creen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe

Tales of Zestiria.exe
Status : Scanned
Object : %programfiles%\steam\steamapps\common\tales of zestiria\tales of zestiria.exe
MD5 : 09BD1B01547FF11D3B47FCFF2E5C06AB
Publisher : -
Size : 30426624
Version : -
Detection : Heur.Malicious!Pc
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\steam\steamapps\common\tales of zestiria\tales of zestiria.exe

uninst.exe
Status : Scanned
Object : %programfiles%\nch software\switch\uninst.exe
MD5 : E0FC8363DC75DE27D1FDDBD50008AC8B
Publisher : -
Size : 1295876
Version : 0.0.0.0
Detection : Adware:Win32/Conduit!Sig
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\nch software\switch\uninst.exe

ConduitInstaller.exe
Status : Scanned
Object : %programfiles%\nch software\components\nchtoolbars\conduit\conduitins taller.exe
MD5 : 710626F0C8B94C9CF89458409E3EE12E
Publisher : Conduit Ltd.
Size : 211792
Version : 5.5.0.10
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\nch software\components\nchtoolbars\conduit\conduitins taller.exe

Uninstall.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\uninstall.exe
MD5 : 52FF6E9F2F601BA0FF9400C15558893D
Publisher : -
Size : 592895
Version : 2.8.8.11
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\uninstall.exe

ButtonWrap64.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\buttonwrap64.dll
MD5 : 3D5D360F7445A73CAE300B83B9A2846E
Publisher : Spigot, Inc.
Size : 86512
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\buttonwrap64.dll

ButtonWrap.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\buttonwrap.dll
MD5 : FA669DE8C72194087FCBED3EC7AD7227
Publisher : Spigot, Inc.
Size : 79344
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\buttonwrap.dll

Button64.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\button64.exe
MD5 : 385F1ADA432EE82FFBFE03B009FCE751
Publisher : Spigot, Inc.
Size : 28656
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\button64.exe

Button.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\button.exe
MD5 : 8B82563C680BCA3549A6D3B869DE7DE6
Publisher : Spigot, Inc.
Size : 29168
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\button.exe

BEHelper.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\behelper.exe
MD5 : 3B22DC547A12AEC14A650805258FC444
Publisher : Spigot, Inc.
Size : 553968
Version : 2.8.8.11
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmse dgfjlgmdcamregwnqmpecj\behelper.exe

WidgiHelper.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\avmcxqdjnk akxxzybvfnetvsybfhutcm\widgihelper.exe
MD5 : 66E5737A7B68D3DCD78C9AE923345548
Publisher : Spigot, Inc.
Size : 112448
Version : 9.9.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\avmcxqdjnk akxxzybvfnetvsybfhutcm\widgihelper.exe

vuzeToolbarIE.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\avmcxqdjnk akxxzybvfnetvsybfhutcm\ie\9.9\vuzetoolbarie.dll
MD5 : 5BBD7FFDFED00D2B9D0F091825CCAE06
Publisher : Spigot, Inc.
Size : 1574208
Version : 9.9.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\avmcxqdjnk akxxzybvfnetvsybfhutcm\ie\9.9\vuzetoolbarie.dll

vuzeToolbarFF.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\avmcxqdjnk akxxzybvfnetvsybfhutcm\ff\components\vuzetoolbarff .dll
MD5 : B172D7E7E8684BF18C20F9F69E3DC82D
Publisher : Spigot, Inc.
Size : 1385280
Version : 9.9.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\avmcxqdjnk akxxzybvfnetvsybfhutcm\ff\components\vuzetoolbarff .dll
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 17
Reported as safe : 0
Failed : 0

Emsisoft Emergency Kit - Version 12.0
Last update: 1/4/2017 12:27:53 PM
User account: Bryan-PC\Bryan
Computer name: BRYAN-PC
OS version: Windows 10x64

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:, F:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 1/4/2017 12:41:53 PM
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpD1D5.xpi → chrome/content/saebay.js detected: Application.Spigot.BrowExt.V (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpCC45.xpi → chrome/content/startpage.js detected: Application.MAC.Spigot.AK (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpD138.xpi → chrome/content/savingsslider.xul detected: Application.Spigot.BrowExt.A (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpD1D5.xpi → chrome/content/ebay.xul detected: Application.Spigot.BrowExt.A (B) [krnl.xmd]

Scanned 572054
Found 4

Scan end: 1/4/2017 3:42:15 PM
Scan time: 3:00:22

C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpD1D5.xpi Application.Spigot.BrowExt.A (B)
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpD138.xpi Application.Spigot.BrowExt.A (B)
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpCC45.xpi Application.MAC.Spigot.AK (B)
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdc amregwnqmpecj~xpD1D5.xpi Application.Spigot.BrowExt.V (B)

Quarantined 4

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:38 PM, on 1/4/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\Bryan\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bryan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search - Microsoft Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search - Microsoft Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM..\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM..\Run: [ConnectionCenter] “C:\Program Files (x86)\Citrix\ICA Client\concentr.exe” /startup
O4 - HKLM..\Run: [Dropbox] “C:\Program Files (x86)\Dropbox\Client\Dropbox.exe” /systemstartup
O4 - HKLM..\Run: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe” MSRun
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM..\Run: [QHSafeTray] “C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe” /start
O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\Bryan\AppData\Roaming\Spotify\Data\Spoti fyWebHelper.exe”
O4 - HKCU..\Run: [OneDrive] “C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\O neDrive.exe” /background
O4 - HKCU..\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17 .3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\1 7.3.6281.1202_1\amd64”
O4 - Startup: https—www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.Sta ndardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.Standa rdCollector.Service.exe (file missing)
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

–
End of file - 12173 bytes

“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “1/4/2017 8:12 AM” “”

“HotKeysCmds” “” “” “File not found: C:\WINDOWS\system32\hkcmd.exe.exe” “” “”
“IgfxTray” “” “” “File not found: C:\WINDOWS\system32\igfxtray.exe.exe” “” “”
“IntelliPoint” “IPoint.exe” “Microsoft Corporation” “c:\program files\microsoft intellipoint\ipoint.exe” “7/28/2011 8:24 PM” “”
“NvBackend” “NVIDIA Backend” “NVIDIA Corporation” “c:\program files (x86)\nvidia corporation\update core\nvbackend.exe” “3/23/2016 6:49 PM” “”
“Persistence” “” “” “File not found: C:\WINDOWS\system32\igfxpers.exe.exe” “” “”
“ShadowPlay” “NVIDIA Capture Server Proxy” “NVIDIA Corporation” “c:\windows\system32\nvspcap64.dll” “3/23/2016 5:57 AM” “”
“ZAM” “ZAM” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zam.exe” “12/30/2016 9:47 AM” “”
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curre ntVersion\Run” “” “” “” “1/4/2017 8:05 AM” “”
“amd_dc_opt” “AMD Dual-Core Optimizer” “AMD” “c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe” “7/22/2008 1:53 PM” “”
“APSDaemon” “Apple Push” “Apple Inc.” “c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe” “8/16/2012 9:59 PM” “”
“BrHelp” “Brother Help Application” “Brother Industries, Ltd.” “c:\program files (x86)\brother\brother help\brotherhelp.exe” “10/21/2014 9:04 PM” “”
“BrStsMon00” “Status Monitor Application” “Brother Industries, Ltd.” “c:\program files (x86)\browny02\brother\brstmonw.exe” “11/11/2014 3:24 AM” “”
“ConnectionCenter” “Citrix online plug-in Connection Center” “Citrix Systems, Inc.” “c:\program files (x86)\citrix\ica client\concentr.exe” “3/11/2010 12:21 AM” “”
“ControlCenter4” “ControlCenter Launcher” “Brother Industries, Ltd.” “c:\program files (x86)\controlcenter4\brccboot.exe” “1/29/2015 3:04 AM” “”
“Dropbox” “Dropbox” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropbox.exe” “1/12/2016 1:33 PM” “”
“QHSafeTray” “360 Total Security” “QIHU 360 SOFTWARE CO. LIMITED” “c:\program files (x86)\360\total security\safemon\360tray.exe” “7/4/2016 9:47 PM” “”
“StartCCC” “Catalyst® Control Center Launcher” “Advanced Micro Devices, Inc.” “c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe” “11/4/2015 4:40 PM” “”
“HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “8/9/2016 8:18 AM” “”
“OneDrive” “Microsoft OneDrive” “Microsoft Corporation” “c:\users\bryan\appdata\local\microsoft\onedrive\o nedrive.exe” “5/9/2016 2:31 PM” “”
“RESTART_STICKY_NOTES” “” “” “File not found: C:\Windows\System32\StikyNot.exe.exe” “” “”
“Skype” "Skype " “Skype Technologies S.A.” “c:\program files (x86)\skype\phone\skype.exe” “11/15/2016 11:28 AM” “”
“Spotify Web Helper” “SpotifyWebHelper” “Spotify Ltd” “c:\users\bryan\appdata\roaming\spotify\data\spoti fywebhelper.exe” “6/25/2014 11:19 AM” “”
“HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru nOnce” “” “” “” “12/7/2016 12:26 AM” “”
“Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17 .3.6281.1202_1\amd64” “” “” “File not found: rmdir” “” “”
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup” “” “” “” “1/4/2017 11:44 AM” “”
“D-Link AirPlus G Wireless Utility.lnk” “WLAN Adapter Utility” “D-Link” “c:\program files (x86)\d-link\airplus g wireless adapter utility\airplus.exe” “4/6/2004 3:40 AM” “”
“C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup” “” “” “” “1/4/2017 11:44 AM” “”
“https—www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url” “” “” “c:\users\bryan\appdata\roaming\microsoft\windows\ start menu\programs\startup\https—www.youtube.com-v-w-il4tsg1x8&feature=youtu.be&autoplay=1.url” “12/20/2014 10:10 AM” “”
“HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” “” “” “” “8/9/2016 7:25 AM” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files\windows mail\winmail.exe” “7/15/2016 9:25 PM” “”
“Microsoft Windows Media Player” “” “” “File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe” “” “”
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components” “” “” “” “9/16/2016 9:47 PM” “”
“Google Chrome” “Google Chrome Installer” “Google Inc.” “c:\program files (x86)\google\chrome\application\55.0.2883.87\insta ller\chrmstp.exe” “12/8/2016 1:25 AM” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files (x86)\windows mail\winmail.exe” “7/15/2016 8:41 PM” “”
“HKLM\SOFTWARE\Classes\Protocols\Handler” “” “” “” “8/9/2016 7:38 AM” “”
“skype-ie-addon-data” “Skype Click to Call for Internet Explorer” “Skype Technologies S.A.” “c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll” “5/14/2013 8:18 AM” “”
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s” “” “” “” “1/4/2017 8:12 AM” “”
“2.0 Zemana AntiMalware” “Zemana AntiMalware” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zamshellext64.dll” “9/29/2016 6:41 AM” “”
“DropboxExt” “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
“PowerISO” “PowerISOShell DLL” “Power Software Ltd” “c:\program files\poweriso\pwrisosh.dll” “2/3/2014 1:34 AM” “”
“SD360” “360 Total Security” “” “c:\program files (x86)\360\total security\menuex64.dll” “8/12/2016 7:14 AM” “”
“VirtualCloneDrive” “CloseTray” “Elaborate Bytes AG” “c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell1.dll” “12/14/2009 12:16 PM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “3/15/2010 1:28 AM” “”
“HKLM\Software\Classes\Drive\ShellEx\ContextMenuHa ndlers” “” “” “” “9/21/2016 12:33 AM” “”
“VirtualCloneDrive” “CloseTray” “Elaborate Bytes AG” “c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell1.dll” “12/14/2009 12:16 PM” “”
“HKLM\Software\Classes\Directory\ShellEx\ContextMe nuHandlers” “” “” “” “9/21/2016 12:33 AM” “”
“DropboxExt” “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
“PowerISO” “PowerISOShell DLL” “Power Software Ltd” “c:\program files\poweriso\pwrisosh.dll” “2/3/2014 1:34 AM” “”
“SD360” “360 Total Security” “” “c:\program files (x86)\360\total security\menuex64.dll” “8/12/2016 7:14 AM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “3/15/2010 1:28 AM” “”
“HKLM\Software\Classes\Directory\Shellex\DragDropH andlers” “” “” “” “8/9/2016 7:37 AM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “3/15/2010 1:28 AM” “”
“HKLM\Software\Classes\Directory\Shellex\CopyHookH andlers” “” “” “” “8/9/2016 7:37 AM” “”
“DropboxCopyHook” “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
“HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers” “” “” “” “8/9/2016 7:37 AM” “”
“ACE” “AMD Desktop Control Panel” “Advanced Micro Devices, Inc.” “c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll” “11/4/2015 4:40 PM” “”
“DropboxExt” “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
“NvCplDesktopContext” “NVIDIA Display Shell Extension” “NVIDIA Corporation” “c:\windows\system32\nvshext.dll” “3/21/2016 9:28 PM” “”
“HKLM\Software\Classes\Folder\Shellex\ColumnHandle rs” “” “” “” “8/9/2016 7:37 AM” “”
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” “” “” “File not found: C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll” “” “”
“HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ ColumnHandlers” “” “” “” “8/9/2016 7:37 AM” “”
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” “” “Apache Software Foundation” “c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll” “8/10/2012 9:51 AM” “”
“HKLM\Software\Classes\Folder\ShellEx\ContextMenuH andlers” “” “” “” “1/4/2017 8:12 AM” “”
“2.0 Zemana AntiMalware” “Zemana AntiMalware” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zamshellext64.dll” “9/29/2016 6:41 AM” “”
“PowerISO” “PowerISOShell DLL” “Power Software Ltd” “c:\program files\poweriso\pwrisosh.dll” “2/3/2014 1:34 AM” “”
“SD360” “360 Total Security” “” “c:\program files (x86)\360\total security\menuex64.dll” “8/12/2016 7:14 AM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “3/15/2010 1:28 AM” “”
“HKLM\Software\Classes\Folder\ShellEx\DragDropHand lers” “” “” “” “8/9/2016 7:37 AM” “”
“WinRAR” “” “” “c:\program files\winrar\rarext.dll” “3/15/2010 1:28 AM” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers” “” “” “” “8/9/2016 7:38 AM” “”
" DropboxExt1" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt2" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt3" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt4" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt5" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt6" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt7" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
" DropboxExt8" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext64.33.dll” “2/16/2016 1:37 PM” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers” “” “” “” “8/9/2016 7:41 AM” “”
" DropboxExt1" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt2" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt3" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt4" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt5" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt6" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt7" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
" DropboxExt8" “Dropbox Shell Extension” “Dropbox, Inc.” “c:\program files (x86)\dropbox\client\dropboxext.33.dll” “2/16/2016 1:36 PM” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects” “” “” “” “8/9/2016 7:38 AM” “”
“Skype add-on for Internet Explorer” “Skype Click to Call for Internet Explorer” “Skype Technologies S.A.” “c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll” “5/14/2013 8:18 AM” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects” “” “” “” “1/4/2017 8:05 AM” “”
“Skype Browser Helper” “Skype Click to Call for Internet Explorer” “Skype Technologies S.A.” “c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll” “5/14/2013 8:25 AM” “”
“HKLM\Software\Microsoft\Internet Explorer\Extensions” “” “” “” “8/9/2016 7:38 AM” “”
“Skype Click to Call” “Skype Click to Call for Internet Explorer” “Skype Technologies S.A.” “c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll” “5/14/2013 8:18 AM” “”
“HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions” “” “” “” “8/9/2016 7:41 AM” “”
“Skype Click to Call” “Skype Click to Call for Internet Explorer” “Skype Technologies S.A.” “c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll” “5/14/2013 8:25 AM” “”
“Task Scheduler” “” “” “” “” “”
“\Microsoft\Windows\Media Center\ActivateWindowsSearch” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\ConfigureInternetTimeService” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\DispatchRecoveryTasks” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\ehDRMInit” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\InstallPlayReady” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\mcupdate” “” “” “File not found: C:\WINDOWS\ehome\mcupdate” “” “”
“\Microsoft\Windows\Media Center\mcupdate_scheduled” “” “” “File not found: C:\WINDOWS\ehome\mcupdate” “” “”
“\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\OCURActivate” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\OCURDiscovery” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PBDADiscovery” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PBDADiscoveryW1” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PBDADiscoveryW2” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
X “\Microsoft\Windows\Media Center\PeriodicScanRetry” “” “” “File not found: C:\WINDOWS\ehome\MCUpdate.exe” “” “”
“\Microsoft\Windows\Media Center\PvrRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\PvrScheduleTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
X “\Microsoft\Windows\Media Center\RecordingRestart” “” “” “File not found: C:\WINDOWS\ehome\ehrec” “” “”
“\Microsoft\Windows\Media Center\RegisterSearch” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\ReindexSearchRoot” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\StartRecording” “” “” “File not found: C:\WINDOWS\ehome\ehrec” “” “”
“\Microsoft\Windows\Media Center\UpdateRecordPath” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “7/16/2016 6:42 AM” “”
X “\Microsoft\Windows\Shell\WindowsParentalControls” “” “” “File not found: C:\Windows\SysWOW64\wpcumi.dll” “” “”
X “\Microsoft\Windows\Shell\WindowsParentalControlsM igration” “” “” “File not found: C:\Windows\SysWOW64\wpcmig.dll” “” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “7/15/2016 9:25 PM” “”
“\Microsoft_Hardware_Launch_IPoint_exe” “IPoint.exe” “Microsoft Corporation” “c:\program files\microsoft intellipoint\ipoint.exe” “7/28/2011 8:24 PM” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “1/4/2017 12:26 PM” “”
“AdobeARMservice” “Adobe Acrobat Updater keeps your Adobe software up to date.” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe” “9/16/2016 1:18 PM” “”
“AdobeFlashPlayerUpdateSvc” “This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.” “Adobe Systems Incorporated” “c:\windows\syswow64\macromed\flash\flashplayerupd ateservice.exe” “12/10/2016 6:16 PM” “”
“Apple Mobile Device” “Provides the interface to Apple mobile devices.” “Apple Inc.” “c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe” “5/17/2012 10:06 PM” “”
“Bonjour Service” “Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.” “Apple Inc.” “c:\program files\bonjour\mdnsresponder.exe” “8/31/2011 12:52 AM” “”
“BrYNSvc” “BrYNCSvc” “Brother Industries, Ltd.” “c:\program files (x86)\browny02\brynsvc.exe” “10/23/2014 12:21 AM” “”
“dbupdate” “Keeps your Dropbox software up to date. If this service is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Dropbox software using it.” “Dropbox, Inc.” “c:\program files (x86)\dropbox\update\dropboxupdate.exe” “6/16/2015 6:40 PM” “”
“dbupdatem” “Keeps your Dropbox software up to date. If this service is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Dropbox software using it.” “Dropbox, Inc.” “c:\program files (x86)\dropbox\update\dropboxupdate.exe” “6/16/2015 6:40 PM” “”
“DirMngr” “” “” “c:\program files (x86)\gnu\gnupg\dirmngr.exe” “3/2/2011 10:20 AM” “”
“GfExperienceService” “NVIDIA GeForce Experience Service” “NVIDIA Corporation” “c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe” “3/23/2016 5:48 AM” “”
“gupdate” “Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.” “Google Inc.” “c:\program files (x86)\google\update\googleupdate.exe” “8/21/2015 9:13 PM” “”
“gupdatem” “Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.” “Google Inc.” “c:\program files (x86)\google\update\googleupdate.exe” “8/21/2015 9:13 PM” “”
“HiPatchService” “HiPatchService” “Hi-Rez Studios” “c:\program files (x86)\hi-rez studios\hipatchservice.exe” “8/21/2015 10:11 AM” “”
“IDriverT” “Provides support for the Running Object Table for InstallShield Drivers” “Macrovision Corporation” “c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe” “4/4/2005 12:41 AM” “”
“iPod Service” “iPod hardware management services” “Apple Inc.” “c:\program files\ipod\bin\ipodservice.exe” “9/10/2012 12:31 AM” “”
“LMS” “Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe” “9/30/2009 9:33 PM” “”
“NvNetworkService” “NVIDIA Network Service” “NVIDIA Corporation” “c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe” “12/22/2015 4:46 PM” “”
“NvStreamNetworkSvc” “Network Service for SHIELD Streaming” “NVIDIA Corporation” “c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe ” “3/23/2016 11:56 PM” “”
“NvStreamSvc” “Service for SHIELD Streaming” “NVIDIA Corporation” “c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe” “3/23/2016 11:55 PM” “”
“nvsvc” “Provides system and desktop level support to the NVIDIA display driver” “NVIDIA Corporation” “c:\windows\system32\nvvsvc.exe” “3/21/2016 9:28 PM” “”
“QHActiveDefense” “360 Total Security” “QIHU 360 SOFTWARE CO. LIMITED” “c:\program files (x86)\360\total security\safemon\qhactivedefense.exe” “11/2/2016 5:12 AM” “”
“SkypeUpdate” “Enables the detection, download and installation of updates for Skype.” “Skype Technologies” “c:\program files (x86)\skype\updater\updater.exe” “9/20/2016 7:51 AM” “”
“Steam Client Service” “Steam Client Service monitors and updates Steam content” “Valve Corporation” “c:\program files (x86)\common files\steam\steamservice.exe” “9/20/2016 1:20 PM” “”
“Stereo Service” “Provides system support for NVIDIA Stereoscopic 3D driver” “NVIDIA Corporation” “c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe” “3/21/2016 8:54 PM” “”
“UNS” “Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe” “9/30/2009 9:34 PM” “”
“WdNisSvc” “Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols” “Microsoft Corporation” “c:\program files\windows defender\nissrv.exe” “7/15/2016 9:24 PM” “”
“WinDefend” “Helps protect users from malware and other potentially unwanted software” “Microsoft Corporation” “c:\program files\windows defender\msmpeng.exe” “7/15/2016 9:27 PM” “”
“WMPNetworkSvc” “Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play” “Microsoft Corporation” “c:\program files\windows media player\wmpnetwk.exe” “9/6/2016 11:41 PM” “”
“ZAMSvc” “ZAM” “Zemana Ltd.” “c:\program files (x86)\zemana antimalware\zam.exe” “12/30/2016 9:47 AM” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “1/4/2017 12:26 PM” “”
“360AntiHacker” “360安全卫士网络防黑模块” “360.cn” “c:\windows\system32\drivers\360antihacker64.sys” “7/25/2016 9:04 PM” “”
“360AvFlt” “360杀毒文件监控驱动” “360.cn” “c:\windows\system32\drivers\360avflt.sys” “7/19/2016 3:45 AM” “”
“360Box64” “360Box64” “360.cn” “c:\windows\system32\drivers\360box64.sys” “6/27/2016 5:31 AM” “”
“360Camera” “360安全卫士木马防火墙模块” “360.cn” “c:\windows\system32\drivers\360camera64.sys” “6/26/2016 10:47 PM” “”
“360FsFlt” “360 Total Security” “360.cn” “c:\windows\system32\drivers\360fsflt.sys” “7/22/2016 3:30 AM” “”
“3ware” “LSI 3ware SCSI Storport Driver” “LSI” “c:\windows\system32\drivers\3ware.sys” “5/18/2015 5:28 PM” “”
“ADP80XX” “PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller” “PMC-Sierra” “c:\windows\system32\drivers\adp80xx.sys” “4/9/2015 3:49 PM” “”
“amdsata” “AHCI 1.3 Device Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdsata.sys” “5/14/2015 7:14 AM” “”
“amdsbs” “AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform” “AMD Technologies Inc.” “c:\windows\system32\drivers\amdsbs.sys” “12/11/2012 4:21 PM” “”
“amdxata” “Storage Filter Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdxata.sys” “4/30/2015 7:55 PM” “”
“arcsas” “Adaptec SAS RAID WS03 Driver” “PMC-Sierra, Inc.” “c:\windows\system32\drivers\arcsas.sys” “4/9/2015 2:12 PM” “”
“AtiHdmiService” “ATI High Definition Audio Function Driver” “ATI Technologies, Inc.” “c:\windows\system32\drivers\atihdmi.sys” “8/23/2009 7:35 AM” “”
“atksgt” “” “” “c:\windows\system32\drivers\atksgt.sys” “10/20/2008 2:50 AM” “”
“b06bdrv” “QLogic Gigabit Ethernet VBD” “QLogic Corporation” “c:\windows\system32\drivers\bxvbda.sys” “5/25/2016 2:03 AM” “”
“BAPIDRV” “BAPIDRV” “360.cn” “c:\windows\system32\drivers\bapidrv64.sys” “9/1/2016 4:46 AM” “”
“bcmfn” “BCM Function 2 Device Driver” “Windows (R) Win 7 DDK provider” “c:\windows\system32\drivers\bcmfn.sys” “6/8/2015 3:32 AM” “”
“bcmfn2” “BCM Function 2 Device Driver” “Windows (R) Win 7 DDK provider” “c:\windows\system32\drivers\bcmfn2.sys” “3/16/2014 5:07 AM” “”
“cht4iscsi” “Chelsio iSCSI VMiniport Driver” “Chelsio Communications” “c:\windows\system32\drivers\cht4sx64.sys” “4/20/2016 4:54 AM” “”
“cht4vbd” “Virtual Bus Driver for Chelsio ® T4 Chipset” “Chelsio Communications” “c:\windows\system32\drivers\cht4vx64.sys” “4/15/2016 2:32 AM” “”
“ctxusbm” “Citrix USB Filter Driver” “Citrix Systems, Inc.” “c:\windows\system32\drivers\ctxusbm.sys” “9/7/2009 1:09 PM” “”
“dg_ssudbus” “SAMSUNG USB Composite Device Driver” “Samsung Electronics Co., Ltd.” “c:\windows\system32\drivers\ssudbus.sys” “8/24/2016 3:00 AM” “”
“ebdrv” “QLogic 10 GigE VBD” “QLogic Corporation” “c:\windows\system32\drivers\evbda.sys” “5/25/2016 2:01 AM” “”
“ElbyCDIO” “ElbyCD Windows x64 I/O driver” “Elaborate Bytes AG” “c:\windows\system32\drivers\elbycdio.sys” “12/16/2010 5:58 PM” “”
“GEARAspiWDM” “CD DVD Filter” “GEAR Software Inc.” “c:\windows\system32\drivers\gearaspiwdm.sys” “5/3/2012 2:56 PM” “”
“hamachi” “Hamachi Virtual Network Interface Driver” “LogMeIn, Inc.” “c:\windows\system32\drivers\hamachi.sys” “2/19/2009 5:36 AM” “”
“HpSAMD” “Smart Array SAS/SATA Controller Media Driver” “Hewlett-Packard Company” “c:\windows\system32\drivers\hpsamd.sys” “3/26/2013 4:36 PM” “”
“iagpio” “Intel(R) Serial IO GPIO Controller Driver” “Intel(R) Corporation” “c:\windows\system32\drivers\iagpio.sys” “2/18/2016 2:35 AM” “”
“iai2c” “Intel(R) Serial IO I2C Driver” “Intel(R) Corporation” “c:\windows\system32\drivers\iai2c.sys” “9/22/2015 1:53 AM” “”
“iaLPSS2i_GPIO2” “Intel(R) Serial IO GPIO Driver v2” “Intel Corporation” “c:\windows\system32\drivers\ialpss2i_gpio2.sys” “3/2/2016 9:06 PM” “”
“iaLPSS2i_I2C” “Intel(R) Serial IO I2C Driver v2” “Intel Corporation” “c:\windows\system32\drivers\ialpss2i_i2c.sys” “3/2/2016 9:06 PM” “”
“iaLPSSi_GPIO” “Intel(R) Serial IO GPIO Controller Driver” “Intel Corporation” “c:\windows\system32\drivers\ialpssi_gpio.sys” “2/2/2015 4:00 AM” “”
“iaLPSSi_I2C” “Intel(R) Serial IO I2C Controller Driver” “Intel Corporation” “c:\windows\system32\drivers\ialpssi_i2c.sys” “2/24/2015 10:52 AM” “”
“iaStorAV” “Intel(R) Rapid Storage Technology driver (inbox) - x64” “Intel Corporation” “c:\windows\system32\drivers\iastorav.sys” “2/19/2015 7:08 AM” “”
“iaStorV” “Intel Matrix Storage Manager driver - x64” “Intel Corporation” “c:\windows\system32\drivers\iastorv.sys” “4/11/2011 1:48 PM” “”
“ibbus” “InfiniBand Fabric Bus Driver” “Mellanox” “c:\windows\system32\drivers\ibbus.sys” “4/10/2016 8:46 AM” “”
“IntcAzAudAddService” “Realtek(r) High Definition Audio Function Driver” “Realtek Semiconductor Corp.” “c:\windows\system32\drivers\rtkvhd64.sys” “11/3/2009 6:39 AM” “”
“lirsgt” “” “” “c:\windows\system32\drivers\lirsgt.sys” “3/6/2004 2:53 PM” “”
“LSI_SAS” “LSI Fusion-MPT SAS Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas.sys” “3/25/2015 2:36 PM” “”
“LSI_SAS2i” “LSI SAS Gen2 Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas2i.sys” “3/28/2016 1:49 PM” “”
“LSI_SAS3i” “Avago SAS Gen3 Driver (StorPort)” “Avago Technologies” “c:\windows\system32\drivers\lsi_sas3i.sys” “3/28/2016 1:49 PM” “”
“LSI_SSS” “LSI SSS PCIe/Flash Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sss.sys” “3/15/2013 6:39 PM” “”
“megasas” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\megasas.sys” “3/4/2015 9:36 PM” “”
“megasas2i” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\megasas2i.sys” “7/22/2016 4:36 PM” “”
“megasr” “LSI MegaRAID Software RAID Driver” “LSI Corporation, Inc.” “c:\windows\system32\drivers\megasr.sys” “6/3/2013 5:02 PM” “”
“MEIx64” “Intel(R) Management Engine Interface” “Intel Corporation” “c:\windows\system32\drivers\teedriverw8x64.sys” “8/31/2015 2:49 PM” “”
“mlx4_bus” “MLX4 Bus Driver” “Mellanox” “c:\windows\system32\drivers\mlx4_bus.sys” “4/10/2016 8:49 AM” “”
“mvumis” “Marvell Flash Controller Driver” “Marvell Semiconductor, Inc.” “c:\windows\system32\drivers\mvumis.sys” “5/23/2014 3:39 PM” “”
“ndfltr” “NetworkDirect Support Filter Driver” “Mellanox” “c:\windows\system32\drivers\ndfltr.sys” “4/10/2016 8:46 AM” “”
“NetAdapterCx” “” “” “c:\windows\system32\drivers\netadaptercx.sys” “7/15/2016 9:28 PM” “”
“NVHDA” “NVIDIA HDMI Audio Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvhda64v.sys” “9/21/2015 4:44 AM” “”
“nvlddmkm” "NVIDIA Windows Kernel Mode Driver, Version 364.72 " “NVIDIA Corporation” “c:\windows\system32\drivers\nvlddmkm.sys” “3/21/2016 8:44 PM” “”
“nvraid” “NVIDIA® nForce™ RAID Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvraid.sys” “4/21/2014 1:28 PM” “”
“nvstor” “NVIDIA® nForce™ Sata Performance Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvstor.sys” “4/21/2014 1:34 PM” “”
“NvStreamKms” “Nvidia Streaming Kernel Service” “NVIDIA Corporation” “c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys” “3/18/2016 4:26 PM” “”
“nvvad_WaveExtensible” “NVIDIA Virtual Audio Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvvad64v.sys” “3/14/2016 1:27 AM” “”
“percsas2i” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\percsas2i.sys” “3/14/2016 7:50 PM” “”
“percsas3i” “MEGASAS RAID Controller Driver for Windows” “Avago Technologies” “c:\windows\system32\drivers\percsas3i.sys” “3/4/2016 4:22 PM” “”
“rt640x64” "Realtek 8136/8168/8169 NDIS 6.40 64-bit Driver " "Realtek " “c:\windows\system32\drivers\rt640x64.sys” “1/21/2016 3:17 AM” “”
“SCDEmu” “PowerISO Virtual Drive” “Power Software Ltd” “c:\windows\system32\drivers\scdemu.sys” “2/3/2014 1:36 AM” “”
“SiSRaid2” “SiS RAID Stor Miniport Driver” “Silicon Integrated Systems Corp.” “c:\windows\system32\drivers\sisraid2.sys” “9/24/2008 1:28 PM” “”
“SiSRaid4” “SiS AHCI Stor-Miniport Driver” “Silicon Integrated Systems” “c:\windows\system32\drivers\sisraid4.sys” “10/1/2008 4:56 PM” “”
“stexstor” “Promise SuperTrak EX Series Driver for Windows x64” “Promise Technology, Inc.” “c:\windows\system32\drivers\stexstor.sys” “11/26/2012 7:02 PM” “”
“VClone” “VirtualCloneCD Driver” “Elaborate Bytes AG” “c:\windows\system32\drivers\vclone.sys” “1/15/2011 11:21 AM” “”
“vsmraid” “VIA RAID DRIVER FOR AMD-X86-64” “VIA Technologies Inc.,Ltd” “c:\windows\system32\drivers\vsmraid.sys” “4/22/2014 2:21 PM” “”
“VSTXRAID” “VIA StorX RAID Controller Driver” “VIA Corporation” “c:\windows\system32\drivers\vstxraid.sys” “1/21/2013 2:00 PM” “”
“WinMad” “Kernel WinMad” “Mellanox” “c:\windows\system32\drivers\winmad.sys” “4/10/2016 8:46 AM” “”
“WinVerbs” “Kernel WinVerbs” “Mellanox” “c:\windows\system32\drivers\winverbs.sys” “4/10/2016 8:46 AM” “”
“ZAM” “ZAM” “Zemana Ltd.” “c:\windows\system32\drivers\zam64.sys” “8/17/2016 12:06 PM” “”
“ZAM_Guard” “ZAM” “Zemana Ltd.” “c:\windows\system32\drivers\zamguard64.sys” “8/17/2016 12:06 PM” “”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers” “” “” “” “8/9/2016 7:25 AM” “”
“Adobe Type Manager” “Windows NT OpenType/Type 1 Font Driver” “Adobe Systems Incorporated” “c:\windows\system32\atmfd.dll” “11/2/2016 5:31 AM” “”
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “8/9/2016 7:28 AM” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codeca.acm” “7/15/2016 9:26 PM” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “8/9/2016 7:28 AM” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\syswow64\l3codeca.acm” “7/15/2016 8:41 PM” “”
“vidc.cvid” “Cinepak® Codec” “Radius Inc.” “c:\windows\syswow64\iccvid.dll” “7/15/2016 8:42 PM” “”
“HKLM\Software\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance” “” “” “” “8/9/2016 7:37 AM” “”
“AMD MJPEG Decoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI MPEG Audio Encoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI MPEG File Writer” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI MPEG Multiplexer” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI MPEG Video Decoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI MPEG Video Encoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI Video Rotation Filter” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“ATI Video Scaler Filter” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files\common files\ati technologies\multimedia\atimpenc64.dll” “3/28/2013 9:28 PM” “”
“HKLM\Software\Wow6432Node\Classes\CLSID{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance” “” “” “” “8/19/2016 5:48 PM” “”
“AMD MJPEG Decoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI MPEG Audio Encoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI MPEG File Writer” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI MPEG Multiplexer” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI MPEG Video Decoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI MPEG Video Encoder” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI Video Rotation Filter” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“ATI Video Scaler Filter” “ATI MPEG Encoder” “Advanced Micro Devices Inc.” “c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll” “3/28/2013 9:23 PM” “”
“Audio Destination” “WAVDest Filter (Sample)” “Microsoft Corporation” “c:\program files (x86)\google\google earth\plugin\wavdest.ax” “5/20/2015 6:07 PM” “”
“HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command (Default)” “” “” “” “8/9/2016 7:54 AM” “”
“C:\Program Files\Internet Explorer\IEXPLORE.EXE” “Internet Explorer” “Microsoft Corporation” “c:\program files\internet explorer\iexplore.exe” “7/15/2016 9:17 PM” “”
“HKLM\System\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries” “” “” “” “8/9/2016 7:43 AM” “”
“mdnsNSP” “Bonjour Namespace Provider” “Apple Inc.” “c:\program files (x86)\bonjour\mdnsnsp.dll” “8/31/2011 12:44 AM” “”
“HKLM\System\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries64” “” “” “” “8/9/2016 7:43 AM” “”
“mdnsNSP” “Bonjour Namespace Provider” “Apple Inc.” “c:\program files\bonjour\mdnsnsp.dll” “8/31/2011 12:53 AM” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Print\Monit ors” “” “” “” “8/9/2016 7:48 AM” “”
“BJ Language Monitor3_2” “Canon Inkjet Printer Driver” “CANON INC.” “c:\windows\system32\cnblm3_2.dll” “7/13/2009 8:27 PM” “”
“LIDIL hpzllw71” “LanguageMonitor” “Hewlett-Packard Corporation” “c:\windows\system32\hpzllw71.dll” “7/13/2009 8:28 PM” “”
“LIDIL hpzllwn7” “LanguageMonitor” “Hewlett-Packard Company” “c:\windows\system32\hpzllwn7.dll” “7/13/2009 8:28 PM” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Securit y Packages” “” “” “” “12/14/2016 9:31 AM” “”
“livessp” “” “” “File not found: livessp” “” “”
“HKLM\Software\Microsoft\Office\Outlook\Addins” “” “” “” “8/9/2016 7:38 AM” “”
“Connect Class” “OutlookChangeNotifier” “Apple Inc.” “c:\program files\common files\apple\mobile device support\outlookchangenotifieraddin.dll” “7/2/2012 8:08 PM” “”
“HKCU\Software\Microsoft\Office\Outlook\Addins” “” “” “” “8/9/2016 7:35 AM” “”
X “CalendarHelper Class” “iTunes Outlook Add-in” “Apple Inc.” “c:\program files\itunes\itunesoutlookaddin.dll” “9/10/2012 1:17 AM” “”
“HKLM\Software\Wow6432Node\Microsoft\Office\Outloo k\Addins” “” “” “” “8/9/2016 7:41 AM” “”
X “Connect Class” “OutlookChangeNotifier” “Apple Inc.” “c:\program files (x86)\common files\apple\mobile device support\outlookchangenotifieraddin.dll” “7/2/2012 8:13 PM” “”

**Malnutrition** · 01-05-2017, 10:35 PM

Step 1: Fix with HijackThis!

Close all other programs!

Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKLM..\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM..\Run: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe” MSRun
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKCU..\Run: [Spotify Web Helper] “C:\Users\Bryan\AppData\Roaming\Spotify\Data\Spoti fyWebHelper.exe”
O4 - HKCU..\Run: [OneDrive] “C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\O neDrive.exe” /background
O4 - HKCU..\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17 .3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\1 7.3.6281.1202_1\amd64”
O4 - Startup: https—www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?

Click fix checked.
Accept the prompt.
Reboot the machine after.

Step 2: Fix with Autoruns.

Open Autoruns as administrator and under the “Task Scheduler” tab and uncheck these items.

“\Microsoft\Windows\Media Center\ActivateWindowsSearch” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\ConfigureInternetTimeService” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\DispatchRecoveryTasks” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\ehDRMInit” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\InstallPlayReady” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\mcupdate” “” “” “File not found: C:\WINDOWS\ehome\mcupdate” “” “”
“\Microsoft\Windows\Media Center\mcupdate_scheduled” “” “” “File not found: C:\WINDOWS\ehome\mcupdate” “” “”
“\Microsoft\Windows\Media Center\MediaCenterRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\OCURActivate” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\OCURDiscovery” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PBDADiscovery” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PBDADiscoveryW1” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PBDADiscoveryW2” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\PvrRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\PvrScheduleTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\RegisterSearch” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\ReindexSearchRoot” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\Media Center\SqlLiteRecoveryTask” “” “” “File not found: C:\WINDOWS\ehome\mcupdate.exe” “” “”
“\Microsoft\Windows\Media Center\StartRecording” “” “” “File not found: C:\WINDOWS\ehome\ehrec” “” “”
“\Microsoft\Windows\Media Center\UpdateRecordPath” “” “” “File not found: C:\WINDOWS\ehome\ehPrivJob.exe” “” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “7/16/2016 6:42 AM” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “7/15/2016 9:25 PM” “”
“\Microsoft_Hardware_Launch_IPoint_exe” “IPoint.exe” “Microsoft Corporation” “c:\program files\microsoft intellipoint\ipoint.exe” “7/28/2011 8:24 PM” “”

Fresh FRST Logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply

**Lardalish** · 01-05-2017, 11:18 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Bryan (administrator) on BRYAN-PC (05-01-2017 18:00:21)
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: Bryan & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64. exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17. 7608.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.7714.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe
HKLM...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)
HKLM...\Run: [ShadowPlay] => “C:\WINDOWS\system32\rundll32.exe” C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
HKLM...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14073072 2016-12-30] (Zemana Ltd.)
HKLM-x32...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32...\Run: =>
HKLM-x32...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM-x32...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.)
HKLM-x32...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
HKLM-x32...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\MountPoints2: {19db19ec-bf22-11e6-8dbb-305a3a4632db} - “G:\LaunchU3.exe” -a
ShellIconOverlayIdentifiers: [ DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3534269808-1485983137-1280583553-1000] => 127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip..\Interfaces{85e448af-b9ba-4d26-b108-bc168d199adc}: [DhcpNameServer] 192.168.1.254
[HEADING=1]Internet Explorer:[/HEADING]
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 → DefaultScope {99653235-66E7-4294-A58A-C006B3CE06AB} URL =
BHO: Skype add-on for Internet Explorer → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Skype Browser Helper → {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} → C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default [2017-01-04]
FF Extension: (NCH EN Community Toolbar) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Pro files\thahfu1s.default\Extensions{37483b40-c254-4a72-bda4-22ee90182c1e} [2012-06-18] [not signed]
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-01]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-22] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-22] [not signed]
FF HKLM-x32...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_ 186.dll [2016-12-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer → C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_ 186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer → C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638 .dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 → C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin → C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame → C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-08-26] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin → C:\Users\Bryan\AppData\Roaming\raidcall\plugins\np rcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3534269808-1485983137-1280583553-1000: Ubisoft | Welcome to the official Ubisoft website → C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-06-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-03-11] (Citrix Systems, Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Session Restore: Default → is enabled.
CHR Profile: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default [2017-01-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-12-15]
CHR Extension: (AdBlock) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2016-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-12-15]
CHR HKLM-x32...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome.IUQXFHMJJWWHTVALRXCKWCOXHM - C:\Users\Bryan\AppData\Local\Google\Chrome\Applica tion\old_chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-08-21] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14073072 2016-12-30] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [160768 2016-08-01] (360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2016-08-01] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2016-11-25] (360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2016-11-25] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57856 2016-08-01] (360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [400384 2016-08-01] (360.cn)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2012-07-20] ()
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [197632 2016-09-09] (360.cn)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2012-07-20] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-04] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 17:53 - 2017-01-05 17:53 - 00000022 _____ C:\WINDOWS\S.dirmngr
2017-01-05 17:51 - 2017-01-05 17:51 - 00000000 ____D C:\Users\Bryan\Downloads\backups
2017-01-04 23:06 - 2017-01-04 23:06 - 00074908 _____ C:\Users\Bryan\Desktop\BRYAN-PC.txt
2017-01-04 23:04 - 2017-01-04 23:04 - 00000000 ____D C:\Users\Bryan\Desktop\Autoruns
2017-01-04 23:03 - 2017-01-04 23:03 - 01304400 _____ C:\Users\Bryan\Downloads\Autoruns.zip
2017-01-04 23:02 - 2017-01-04 23:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bryan\Downloads\HijackThis.exe
2017-01-04 23:01 - 2017-01-04 23:01 - 00003150 _____ C:\Users\Bryan\Desktop\scan_170104-124153.txt
2017-01-04 12:25 - 2017-01-04 23:03 - 00000000 ____D C:\EEK
2017-01-04 12:09 - 2017-01-04 12:23 - 279605344 _____ C:\Users\Bryan\Downloads\EmsisoftEmergencyKit.exe
2017-01-04 12:09 - 2017-01-04 12:09 - 00009576 _____ C:\Users\Bryan\Desktop\2017.01.04-08.14.43-i3-t2-d17.txt
2017-01-04 11:42 - 2017-01-05 17:59 - 00036158 _____ C:\Users\Bryan\Desktop\Fixlog.txt
2017-01-04 11:41 - 2017-01-04 11:41 - 00000000 ____D C:\Users\Bryan\Desktop\FRST-OlderVersion
2017-01-04 11:37 - 2017-01-04 11:37 - 00013758 _____ C:\Users\Bryan\Desktop\fixlist.txt
2017-01-04 08:12 - 2017-01-05 18:02 - 00126719 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-04 08:12 - 2017-01-05 18:02 - 00021875 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-04 08:12 - 2017-01-04 08:12 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-04 08:12 - 2017-01-04 08:12 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-04 08:12 - 2017-01-04 08:12 - 00001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-01-04 08:12 - 2017-01-04 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-01-04 08:12 - 2017-01-04 08:12 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-04 08:11 - 2017-01-04 08:11 - 00000000 ____D C:\Users\Bryan\AppData\Local\Zemana
2017-01-04 08:10 - 2017-01-04 08:10 - 05463976 _____ ( ) C:\Users\Bryan\Downloads\Zemana.AntiMalware.Setup. exe
2017-01-04 08:09 - 2017-01-04 11:56 - 00000066 _____ C:\Users\Bryan\Desktop\Virus Stuff.txt
2017-01-04 07:56 - 2017-01-04 09:05 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Geek Uninstaller
2017-01-04 07:56 - 2017-01-04 07:56 - 02796364 _____ C:\Users\Bryan\Downloads\geek.zip
2016-12-30 20:56 - 2016-12-30 21:30 - 00017026 _____ C:\Users\Bryan\Desktop\2017 Ledger.ods
2016-12-29 18:22 - 2016-12-29 18:22 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\uTorrent
2016-12-26 17:54 - 2016-12-26 17:54 - 02306202 _____ C:\Users\Bryan\Downloads\MIM_1934.jpg
2016-12-22 22:44 - 2016-12-22 22:44 - 00000000 ____D C:\Users\Bryan\Downloads\Captain America Civil War (2016) [1080p] [YTS.AG]
2016-12-19 20:01 - 2016-12-19 20:01 - 00938948 _____ C:\Users\Bryan\Downloads\Copy of Map.jpg
2016-12-19 18:33 - 2016-12-19 18:33 - 00002224 _____ C:\Users\Bryan.recently-used.xbel
2016-12-18 23:01 - 2016-12-18 23:14 - 00000000 ____D C:\Users\Bryan\Downloads\Avengers Age of Ultron (2015) [1080p]
2016-12-16 23:46 - 2016-12-16 23:49 - 00000000 ____D C:\Users\Bryan\Downloads\Avatar - The Legend of Korra
2016-12-15 16:01 - 2016-12-15 16:01 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Trion Worlds
2016-12-15 01:39 - 2016-12-15 01:39 - 00000000 ____D C:\ProgramData.mono
2016-12-15 00:38 - 2016-12-15 00:38 - 00001991 _____ C:\Users\Bryan\Desktop\Atlas Reactor Live.lnk
2016-12-15 00:33 - 2016-12-15 00:34 - 72849888 _____ (Trion Worlds Inc.) C:\Users\Bryan\Downloads\GlyphInstall-1-150.exe
2016-12-13 17:56 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 17:56 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 17:56 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 17:56 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 17:56 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 17:56 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 17:56 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 17:56 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 17:56 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 17:56 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 17:56 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 17:56 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 17:56 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 17:56 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 17:56 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 17:56 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 17:56 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 17:56 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 17:56 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 17:56 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 17:56 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 17:56 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 17:56 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 17:56 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 17:56 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 17:56 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2016-12-13 17:56 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 17:56 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 17:56 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 17:56 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 17:56 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 17:56 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 17:56 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 17:56 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 17:56 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 17:56 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 17:56 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 17:56 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 17:56 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 17:56 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2016-12-13 17:56 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 17:56 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 17:56 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 17:56 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 17:56 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 17:56 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 17:56 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 17:56 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 17:56 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 17:56 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 17:56 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 17:56 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 17:56 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2016-12-13 17:56 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 17:56 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 17:56 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockS creen.dll
2016-12-13 17:56 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 17:56 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 17:56 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 17:56 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 17:56 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 17:56 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 17:56 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 17:56 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 17:56 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 17:56 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 17:56 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 17:56 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 17:56 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 17:56 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.OnlineId.dll
2016-12-13 17:56 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 17:56 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2016-12-13 17:56 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 17:56 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 17:56 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 17:56 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 17:56 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 17:56 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 17:56 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 17:56 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 17:56 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 17:56 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 17:56 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 17:56 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 17:56 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 17:56 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 17:56 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 17:56 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 17:56 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 17:56 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 17:56 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 17:56 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 17:56 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 17:56 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 17:56 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 17:56 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authenticatio n.OnlineId.dll
2016-12-13 17:56 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2016-12-13 17:56 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 17:51 - 2016-12-13 17:52 - 00000000 ____D C:\Users\Bryan\Downloads\Robin.Hood.Men.In.Tights. 1993.1080p.BluRay.x264.anoXmous
2016-12-12 09:57 - 2016-12-12 09:57 - 00002331 _____ C:\Users\Bryan\Desktop\Citra Edge.lnk
2016-12-12 09:57 - 2016-12-12 09:57 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Citra Development Team
2016-12-12 09:57 - 2016-12-12 09:57 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Citra
2016-12-12 09:57 - 2016-12-12 09:57 - 00000000 ____D C:\Users\Bryan\AppData\Local\citra
2016-12-12 09:56 - 2016-12-12 09:56 - 25552896 _____ (Citra Development Team) C:\Users\Bryan\Downloads\CitraSetup.exe
2016-12-10 17:59 - 2016-12-10 18:00 - 05563530 _____ C:\Users\Bryan\Downloads\1D3A4871.JPG
2016-12-10 17:59 - 2016-12-10 17:59 - 05838112 _____ C:\Users\Bryan\Downloads\1D3A4867.JPG
2016-12-10 17:59 - 2016-12-10 17:59 - 04904545 _____ C:\Users\Bryan\Downloads\1D3A4857.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 05241136 _____ C:\Users\Bryan\Downloads\1D3A4840.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04934602 _____ C:\Users\Bryan\Downloads\1D3A4843.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04934602 _____ C:\Users\Bryan\Downloads\1D3A4843 (1).JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04504973 _____ C:\Users\Bryan\Downloads\1D3A4847.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04440778 _____ C:\Users\Bryan\Downloads\1D3A4850.JPG
2016-12-10 17:57 - 2016-12-10 17:57 - 05175409 _____ C:\Users\Bryan\Downloads\1D3A4836.JPG
2016-12-10 17:57 - 2016-12-10 17:57 - 05045241 _____ C:\Users\Bryan\Downloads\1D3A4837.JPG
2016-12-10 17:56 - 2016-12-10 17:56 - 06814167 _____ C:\Users\Bryan\Downloads\1D3A4825.JPG
2016-12-10 17:56 - 2016-12-10 17:56 - 05204228 _____ C:\Users\Bryan\Downloads\1D3A4824.JPG
2016-12-10 17:55 - 2016-12-10 17:55 - 05022657 _____ C:\Users\Bryan\Downloads\1D3A4796.JPG
2016-12-10 17:55 - 2016-12-10 17:55 - 04809263 _____ C:\Users\Bryan\Downloads\1D3A4798.JPG
2016-12-10 17:54 - 2016-12-10 17:54 - 05227058 _____ C:\Users\Bryan\Downloads\1D3A4756.JPG
2016-12-10 17:54 - 2016-12-10 17:54 - 04982945 _____ C:\Users\Bryan\Downloads\1D3A4783.JPG
2016-12-10 17:53 - 2016-12-10 17:53 - 05116066 _____ C:\Users\Bryan\Downloads\1D3A4752.JPG
2016-12-10 17:53 - 2016-12-10 17:53 - 04886740 _____ C:\Users\Bryan\Downloads\1D3A4745.JPG
2016-12-10 17:53 - 2016-12-10 17:53 - 04822507 _____ C:\Users\Bryan\Downloads\1D3A4749.JPG
2016-12-10 17:52 - 2016-12-10 17:52 - 04844773 _____ C:\Users\Bryan\Downloads\1D3A4743.JPG
2016-12-10 17:51 - 2016-12-10 17:51 - 04150667 _____ C:\Users\Bryan\Downloads\20160925_115923.jpg
2016-12-10 17:50 - 2016-12-10 17:50 - 04815239 _____ C:\Users\Bryan\Downloads\20160924_190228.jpg
2016-12-10 17:50 - 2016-12-10 17:50 - 04183543 _____ C:\Users\Bryan\Downloads\20160924_190226.jpg
2016-12-10 17:50 - 2016-12-10 17:50 - 03801046 _____ C:\Users\Bryan\Downloads\20160924_193110.jpg
2016-12-10 17:49 - 2016-12-10 17:49 - 04446095 _____ C:\Users\Bryan\Downloads\20160924_190158.jpg
2016-12-10 17:49 - 2016-12-10 17:49 - 04295929 _____ C:\Users\Bryan\Downloads\20160924_185159.jpg
2016-12-10 17:49 - 2016-12-10 17:49 - 04118702 _____ C:\Users\Bryan\Downloads\20160924_185151.jpg
2016-12-10 17:48 - 2016-12-10 17:48 - 04804068 _____ C:\Users\Bryan\Downloads\20160924_180905.jpg
2016-12-10 17:48 - 2016-12-10 17:48 - 04783990 _____ C:\Users\Bryan\Downloads\20160924_180939.jpg
2016-12-10 17:47 - 2016-12-10 17:48 - 03867864 _____ C:\Users\Bryan\Downloads\20160924_180902.jpg
2016-12-10 17:47 - 2016-12-10 17:47 - 07389552 _____ C:\Users\Bryan\Downloads\20160924_180813.jpg
2016-12-10 17:47 - 2016-12-10 17:47 - 06653304 _____ C:\Users\Bryan\Downloads\20160924_180809.jpg
2016-12-10 17:46 - 2016-12-10 17:46 - 05380442 _____ C:\Users\Bryan\Downloads\20160924_173913.jpg
2016-12-10 17:46 - 2016-12-10 17:46 - 04786114 _____ C:\Users\Bryan\Downloads\20160924_173918.jpg
2016-12-10 17:45 - 2016-12-10 17:45 - 03670002 _____ C:\Users\Bryan\Downloads\20160924_164215.jpg
2016-12-10 17:45 - 2016-12-10 17:45 - 03637101 _____ C:\Users\Bryan\Downloads\20160924_164242.jpg
2016-12-10 17:44 - 2016-12-10 17:44 - 07679060 _____ C:\Users\Bryan\Downloads\20160924_151325.jpg
2016-12-10 17:44 - 2016-12-10 17:44 - 05781742 _____ C:\Users\Bryan\Downloads\20160924_151402.jpg
2016-12-10 17:44 - 2016-12-10 17:44 - 03563382 _____ C:\Users\Bryan\Downloads\20160924_164211.jpg
2016-12-10 17:43 - 2016-12-10 17:43 - 07561362 _____ C:\Users\Bryan\Downloads\20160924_151319.jpg
2016-12-10 17:43 - 2016-12-10 17:43 - 01933259 _____ C:\Users\Bryan\Downloads\20160924_151037.jpg
2016-12-10 17:43 - 2016-12-10 17:43 - 01926437 _____ C:\Users\Bryan\Downloads\20160924_151034.jpg
2016-12-10 17:42 - 2016-12-10 17:42 - 04758725 _____ C:\Users\Bryan\Downloads\20160924_150920.jpg
2016-12-10 17:42 - 2016-12-10 17:42 - 03476946 _____ C:\Users\Bryan\Downloads\20160924_150847.jpg
2016-12-10 17:41 - 2016-12-10 17:41 - 07676167 _____ C:\Users\Bryan\Downloads\20160924_150545.jpg
2016-12-10 17:41 - 2016-12-10 17:41 - 03386182 _____ C:\Users\Bryan\Downloads\20160924_150505.jpg
2016-12-10 17:40 - 2016-12-10 17:40 - 03477200 _____ C:\Users\Bryan\Downloads\20160924_150451.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 07716820 _____ C:\Users\Bryan\Downloads\20160924_150334.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 03472587 _____ C:\Users\Bryan\Downloads\20160924_150445.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 03420053 _____ C:\Users\Bryan\Downloads\20160924_150435.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 03392038 _____ C:\Users\Bryan\Downloads\20160924_150440.jpg
2016-12-10 17:38 - 2016-12-10 17:38 - 07396725 _____ C:\Users\Bryan\Downloads\20160924_150330.jpg
2016-12-10 17:38 - 2016-12-10 17:38 - 07145869 _____ C:\Users\Bryan\Downloads\20160924_150253.jpg
2016-12-10 17:38 - 2016-12-10 17:38 - 06858457 _____ C:\Users\Bryan\Downloads\20160924_150325.jpg
2016-12-10 17:37 - 2016-12-10 17:37 - 06041811 _____ C:\Users\Bryan\Downloads\20160924_150215.jpg
2016-12-10 17:37 - 2016-12-10 17:37 - 03708124 _____ C:\Users\Bryan\Downloads\20160924_145632.jpg
2016-12-10 17:36 - 2016-12-10 17:36 - 04883318 _____ C:\Users\Bryan\Downloads\20160924_132806.jpg
2016-12-10 17:36 - 2016-12-10 17:36 - 04668613 _____ C:\Users\Bryan\Downloads\20160924_140311.jpg
2016-12-10 17:35 - 2016-12-10 17:35 - 03761030 _____ C:\Users\Bryan\Downloads\20160924_131637.jpg
2016-12-10 17:35 - 2016-12-10 17:35 - 03728759 _____ C:\Users\Bryan\Downloads\20160924_131616.jpg
2016-12-10 17:34 - 2016-12-10 17:34 - 04428671 _____ C:\Users\Bryan\Downloads\20160924_121128.jpg
2016-12-10 17:34 - 2016-12-10 17:34 - 03612593 _____ C:\Users\Bryan\Downloads\20160924_112507.jpg
2016-12-10 17:34 - 2016-12-10 17:34 - 03185032 _____ C:\Users\Bryan\Downloads\20160924_131244.jpg
2016-12-10 17:33 - 2016-12-10 17:33 - 04202071 _____ C:\Users\Bryan\Downloads\20160924_110441.jpg
2016-12-10 17:33 - 2016-12-10 17:33 - 03761700 _____ C:\Users\Bryan\Downloads\20160924_103511.jpg
2016-12-10 17:32 - 2016-12-10 17:32 - 04835008 _____ C:\Users\Bryan\Downloads\20160924_103459.jpg
2016-12-10 17:32 - 2016-12-10 17:32 - 04772917 _____ C:\Users\Bryan\Downloads\20160924_103435.jpg
2016-12-10 17:32 - 2016-12-10 17:32 - 04641885 _____ C:\Users\Bryan\Downloads\20160924_103419.jpg
2016-12-10 17:31 - 2016-12-10 17:31 - 04261432 _____ C:\Users\Bryan\Downloads\20160924_102244.jpg
2016-12-10 17:31 - 2016-12-10 17:31 - 03383683 _____ C:\Users\Bryan\Downloads\20160924_102314.jpg
2016-12-10 17:30 - 2016-12-10 17:30 - 03694139 _____ C:\Users\Bryan\Downloads\20160924_102001.jpg
2016-12-10 17:30 - 2016-12-10 17:30 - 03541692 _____ C:\Users\Bryan\Downloads\20160924_101804.jpg
2016-12-10 17:28 - 2016-12-10 17:28 - 04259996 _____ C:\Users\Bryan\Downloads\DSC_0582.jpg
2016-12-10 17:28 - 2016-12-10 17:28 - 04113393 _____ C:\Users\Bryan\Downloads\DSC_0580 (1).jpg
2016-12-10 17:27 - 2016-12-10 17:27 - 04240841 _____ C:\Users\Bryan\Downloads\DSC_0578 (1).jpg
2016-12-10 17:27 - 2016-12-10 17:27 - 03590851 _____ C:\Users\Bryan\Downloads\DSC_0576 (1).jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 04293853 _____ C:\Users\Bryan\Downloads\DSC_0564 (1).jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 03853193 _____ C:\Users\Bryan\Downloads\DSC_0559 (1).jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 03718723 _____ C:\Users\Bryan\Downloads\DSC_0560.jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 03387851 _____ C:\Users\Bryan\Downloads\DSC_0571.jpg
2016-12-10 17:25 - 2016-12-10 17:25 - 04116133 _____ C:\Users\Bryan\Downloads\DSC_0557 (1).jpg
2016-12-10 17:25 - 2016-12-10 17:25 - 03777487 _____ C:\Users\Bryan\Downloads\DSC_0558.jpg
2016-12-10 17:24 - 2016-12-10 17:24 - 04684307 _____ C:\Users\Bryan\Downloads\DSC_0544 (1).jpg
2016-12-10 17:24 - 2016-12-10 17:24 - 04188860 _____ C:\Users\Bryan\Downloads\DSC_0554 (1).jpg
2016-12-10 17:23 - 2016-12-10 17:23 - 04295543 _____ C:\Users\Bryan\Downloads\DSC_0537 (1).jpg
2016-12-10 17:23 - 2016-12-10 17:23 - 04101185 _____ C:\Users\Bryan\Downloads\DSC_0536.jpg
2016-12-10 17:22 - 2016-12-10 17:22 - 04881046 _____ C:\Users\Bryan\Downloads\DSC_0528.jpg
2016-12-10 17:21 - 2016-12-10 17:21 - 04979431 _____ C:\Users\Bryan\Downloads\DSC_0521.jpg
2016-12-10 17:21 - 2016-12-10 17:21 - 04979431 _____ C:\Users\Bryan\Downloads\DSC_0521 (1).jpg
2016-12-10 17:21 - 2016-12-10 17:21 - 04932866 _____ C:\Users\Bryan\Downloads\DSC_0525.jpg
2016-12-10 17:20 - 2016-12-10 17:20 - 04850541 _____ C:\Users\Bryan\Downloads\DSC_0519 (1).jpg
2016-12-10 17:20 - 2016-12-10 17:20 - 04741647 _____ C:\Users\Bryan\Downloads\DSC_0515 (1).jpg
2016-12-10 17:20 - 2016-12-10 17:20 - 04634466 _____ C:\Users\Bryan\Downloads\DSC_0513 (1).jpg
2016-12-10 17:19 - 2016-12-10 17:19 - 04943012 _____ C:\Users\Bryan\Downloads\DSC_0510.jpg
2016-12-10 17:19 - 2016-12-10 17:19 - 04883375 _____ C:\Users\Bryan\Downloads\DSC_0512.jpg
2016-12-10 17:17 - 2016-12-10 17:17 - 04757003 _____ C:\Users\Bryan\Downloads\DSC_0508.jpg
2016-12-10 17:17 - 2016-12-10 17:17 - 04716294 _____ C:\Users\Bryan\Downloads\DSC_0507.jpg
2016-12-10 17:17 - 2016-12-10 17:17 - 04691463 _____ C:\Users\Bryan\Downloads\DSC_0506.jpg
2016-12-10 17:16 - 2016-12-10 17:16 - 04430140 _____ C:\Users\Bryan\Downloads\DSC_0493.jpg
2016-12-10 17:16 - 2016-12-10 17:16 - 04047766 _____ C:\Users\Bryan\Downloads\DSC_0498 (1).jpg
2016-12-10 17:15 - 2016-12-10 17:15 - 04667420 _____ C:\Users\Bryan\Downloads\DSC_0497.jpg
2016-12-10 17:14 - 2016-12-10 17:14 - 04430718 _____ C:\Users\Bryan\Downloads\DSC_0492.jpg
2016-12-10 17:12 - 2016-12-10 17:12 - 05409689 _____ C:\Users\Bryan\Downloads\20160827_181811.jpg
2016-12-10 17:03 - 2016-12-10 17:03 - 04842176 _____ C:\Users\Bryan\Downloads\20160827_181735.jpg
2016-12-09 09:40 - 2016-11-11 05:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 09:40 - 2016-11-11 05:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 09:40 - 2016-11-11 05:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 09:40 - 2016-11-11 05:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 09:40 - 2016-11-11 05:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 09:40 - 2016-11-11 05:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utiliti es.dll
2016-12-09 09:40 - 2016-11-11 05:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 09:40 - 2016-11-11 05:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 09:40 - 2016-11-11 05:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 09:40 - 2016-11-11 05:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 09:40 - 2016-11-11 05:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 09:40 - 2016-11-11 05:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 09:40 - 2016-11-11 05:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationDat a.dll
2016-12-09 09:40 - 2016-11-11 05:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 09:40 - 2016-11-11 05:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 09:40 - 2016-11-11 05:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 09:40 - 2016-11-11 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 09:40 - 2016-11-11 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2016-12-09 09:40 - 2016-11-11 05:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 09:40 - 2016-11-11 05:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 09:40 - 2016-11-11 05:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 09:40 - 2016-11-11 04:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 09:40 - 2016-11-11 04:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 09:40 - 2016-11-11 04:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 09:40 - 2016-11-11 04:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 09:40 - 2016-11-11 04:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 09:40 - 2016-11-11 04:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 09:40 - 2016-11-11 04:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 09:40 - 2016-11-11 04:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 09:40 - 2016-11-11 04:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 09:40 - 2016-11-11 04:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 09:40 - 2016-11-11 04:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 09:40 - 2016-11-11 04:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 09:40 - 2016-11-11 04:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 09:40 - 2016-11-11 04:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 09:40 - 2016-11-11 04:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 09:40 - 2016-11-11 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 09:40 - 2016-11-11 04:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 09:40 - 2016-11-11 04:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 09:40 - 2016-11-11 04:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 09:40 - 2016-11-11 04:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 09:40 - 2016-11-11 04:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker. dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient. dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundT ransfer.BackgroundManagerPolicy.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 09:40 - 2016-11-11 04:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 09:40 - 2016-11-11 04:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandle r.dll
2016-12-09 09:40 - 2016-11-11 04:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 09:40 - 2016-11-11 04:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 09:40 - 2016-11-11 04:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 09:40 - 2016-11-11 04:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 09:40 - 2016-11-11 04:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 09:40 - 2016-11-11 04:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense. dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dl l
2016-12-09 09:40 - 2016-11-11 04:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 09:40 - 2016-11-11 04:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 09:40 - 2016-11-11 04:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .TestingFramework.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 09:40 - 2016-11-11 04:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 09:40 - 2016-11-11 04:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 09:40 - 2016-11-11 04:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 09:40 - 2016-11-11 04:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 09:40 - 2016-11-11 04:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 09:40 - 2016-11-11 04:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 09:40 - 2016-11-11 04:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 09:40 - 2016-11-11 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 09:40 - 2016-11-11 04:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 09:40 - 2016-11-11 04:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 09:40 - 2016-11-11 04:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 09:40 - 2016-11-11 04:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 09:40 - 2016-11-11 04:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 09:40 - 2016-11-11 04:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 09:40 - 2016-11-11 04:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 09:40 - 2016-11-11 04:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 09:40 - 2016-11-11 04:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 09:40 - 2016-11-11 04:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 09:40 - 2016-11-11 04:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 09:40 - 2016-11-11 04:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 09:40 - 2016-11-11 04:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 09:40 - 2016-11-11 04:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 09:40 - 2016-11-11 04:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 09:40 - 2016-11-11 04:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 09:40 - 2016-11-11 04:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
2016-12-09 09:40 - 2016-11-11 04:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 09:40 - 2016-11-11 04:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 09:40 - 2016-11-11 04:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 09:40 - 2016-11-11 04:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 09:40 - 2016-11-11 03:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 09:40 - 2016-11-11 03:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 09:40 - 2016-11-11 02:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 09:40 - 2016-11-11 02:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 09:40 - 2016-11-11 02:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 09:40 - 2016-11-11 02:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationDat a.dll
2016-12-09 09:40 - 2016-11-11 02:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 09:40 - 2016-11-11 02:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 09:40 - 2016-11-11 02:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 09:40 - 2016-11-11 02:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 09:40 - 2016-11-11 02:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 09:40 - 2016-11-11 02:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 09:40 - 2016-11-11 02:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 09:40 - 2016-11-11 02:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 09:40 - 2016-11-11 02:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 09:40 - 2016-11-11 02:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 09:40 - 2016-11-11 02:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandle r.dll
2016-12-09 09:40 - 2016-11-11 02:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 09:40 - 2016-11-11 02:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient. dll
2016-12-09 09:40 - 2016-11-11 02:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 09:40 - 2016-11-11 02:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 09:40 - 2016-11-11 02:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 09:40 - 2016-11-11 02:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundT ransfer.BackgroundManagerPolicy.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dl l
2016-12-09 09:40 - 2016-11-11 02:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 09:40 - 2016-11-11 02:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 09:40 - 2016-11-11 02:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 09:40 - 2016-11-11 02:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 09:40 - 2016-11-11 02:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 09:40 - 2016-11-11 02:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 09:40 - 2016-11-11 02:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 09:40 - 2016-11-11 02:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 09:40 - 2016-11-11 02:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 09:40 - 2016-11-11 02:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 09:40 - 2016-11-11 02:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 09:40 - 2016-11-11 02:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 09:40 - 2016-11-11 02:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 09:40 - 2016-11-11 02:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 09:40 - 2016-11-11 02:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 09:39 - 2016-11-11 05:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 09:39 - 2016-11-11 04:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 09:39 - 2016-11-11 04:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 09:39 - 2016-11-11 04:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 09:39 - 2016-11-11 04:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 09:39 - 2016-11-11 04:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 09:39 - 2016-11-11 04:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 09:39 - 2016-11-11 04:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 09:39 - 2016-11-11 04:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 09:39 - 2016-11-11 04:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 09:39 - 2016-11-11 04:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 09:39 - 2016-11-11 04:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 09:39 - 2016-11-11 04:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 09:39 - 2016-11-11 04:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 09:39 - 2016-11-11 04:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 09:39 - 2016-11-11 04:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 09:39 - 2016-11-11 04:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 09:39 - 2016-11-11 04:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 09:39 - 2016-11-11 04:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 09:39 - 2016-11-11 04:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 09:39 - 2016-11-11 04:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 09:39 - 2016-11-11 04:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 09:39 - 2016-11-11 04:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 09:39 - 2016-11-11 04:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 09:39 - 2016-11-11 04:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 09:39 - 2016-11-11 04:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 09:39 - 2016-11-11 04:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 09:39 - 2016-11-11 04:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 09:39 - 2016-11-11 04:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 09:39 - 2016-11-11 04:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 09:39 - 2016-11-11 04:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 09:39 - 2016-11-11 04:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 09:39 - 2016-11-11 04:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 09:39 - 2016-11-11 04:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 09:39 - 2016-11-11 04:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 09:39 - 2016-11-11 04:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 09:39 - 2016-11-11 04:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 09:39 - 2016-11-11 04:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 09:39 - 2016-11-11 03:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 09:39 - 2016-11-11 03:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 09:39 - 2016-11-11 03:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 09:39 - 2016-11-11 02:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll
2016-12-09 09:39 - 2016-11-11 02:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 09:39 - 2016-11-11 02:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 09:39 - 2016-11-11 02:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 09:39 - 2016-11-11 02:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 09:39 - 2016-11-11 02:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 09:39 - 2016-11-11 02:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 09:39 - 2016-11-11 02:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 09:39 - 2016-11-11 02:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 09:39 - 2016-11-11 02:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 09:39 - 2016-11-11 02:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 09:39 - 2016-11-11 02:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 09:39 - 2016-11-11 02:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .TestingFramework.dll
2016-12-09 09:39 - 2016-11-11 02:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 09:39 - 2016-11-11 02:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-07 01:01 - 2016-12-07 01:01 - 00011090 _____ C:\Users\Bryan\Desktop\SecurityCheck.txt
2016-12-07 01:00 - 2016-12-07 01:00 - 00000000 ____D C:\SecurityCheck
2016-12-07 00:58 - 2016-12-07 00:58 - 00511034 _____ (glax24 (safezone.cc)) C:\Users\Bryan\Downloads\SecurityCheck.exe
2016-12-07 00:54 - 2016-12-07 00:55 - 00019209 _____ C:\Users\Bryan\Desktop\ZHPCleaner.txt
2016-12-07 00:48 - 2016-12-07 00:55 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\ZHP
2016-12-07 00:48 - 2016-12-07 00:48 - 02591744 _____ C:\Users\Bryan\Downloads\ZHPCleaner.exe
2016-12-07 00:48 - 2016-12-07 00:48 - 00000913 _____ C:\Users\Bryan\Desktop\ZHPCleaner.lnk
2016-12-07 00:47 - 2016-12-07 00:47 - 00001821 _____ C:\Users\Bryan\Desktop\Adware Removal Tool.txt
2016-12-07 00:36 - 2016-12-07 00:36 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-12-07 00:36 - 2016-12-07 00:36 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-12-07 00:35 - 2016-12-07 00:36 - 00752296 _____ C:\Users\Bryan\Downloads\Adware Removal Tool by TSA.exe
2016-12-07 00:35 - 2016-12-07 00:35 - 00001066 _____ C:\Users\Bryan\Desktop\JRT.txt
2016-12-07 00:28 - 2016-12-07 00:28 - 01631928 _____ (Malwarebytes) C:\Users\Bryan\Downloads\JRT.exe
2016-12-07 00:27 - 2016-12-07 00:27 - 00039656 _____ C:\Users\Bryan\Desktop\AdwCleaner[C0].txt
2016-12-07 00:17 - 2016-12-07 00:22 - 00000000 ____D C:\AdwCleaner
2016-12-07 00:16 - 2016-12-07 00:16 - 03956368 _____ (Crystal Dew World ) C:\Users\Bryan\Downloads\Unconfirmed 64682.crdownload
2016-12-07 00:16 - 2016-12-07 00:16 - 02554274 _____ C:\Users\Bryan\Downloads\Unconfirmed 855627.crdownload
2016-12-06 22:58 - 2016-12-06 22:58 - 03968464 _____ C:\Users\Bryan\Downloads\adwcleaner_6.040.exe
2016-12-06 22:32 - 2016-12-06 22:32 - 00001273 _____ C:\Users\Bryan\Desktop\CrystalDiskInfo.lnk
2016-12-06 22:32 - 2016-12-06 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2016-12-06 22:32 - 2016-12-06 22:32 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-12-06 22:31 - 2016-12-06 22:31 - 03956368 _____ (Crystal Dew World ) C:\Users\Bryan\Downloads\CrystalDiskInfo7_0_4-en.exe
2016-12-06 22:24 - 2016-12-06 22:24 - 00002113 _____ C:\Users\Bryan\Desktop\aswMBR.txt
2016-12-06 22:24 - 2016-12-06 22:24 - 00000512 _____ C:\Users\Bryan\Desktop\MBR.dat
2016-12-06 22:20 - 2016-12-06 22:20 - 00530188 _____ C:\WINDOWS\Minidump\120616-38609-01.dmp
2016-12-06 22:20 - 2016-12-06 22:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-06 22:19 - 2016-12-06 22:19 - 883275267 _____ C:\WINDOWS\MEMORY.DMP
2016-12-06 22:18 - 2016-12-06 22:18 - 05200384 _____ (AVAST Software) C:\Users\Bryan\Downloads\aswmbr.exe
2016-12-06 22:09 - 2016-12-06 22:10 - 00123827 _____ C:\Users\Bryan\Desktop\Addition.txt
2016-12-06 22:08 - 2017-01-05 18:00 - 00020291 _____ C:\Users\Bryan\Desktop\FRST.txt
2016-12-06 22:07 - 2017-01-05 18:00 - 00000000 ____D C:\FRST
2016-12-06 17:43 - 2017-01-04 11:41 - 02418176 _____ (Farbar) C:\Users\Bryan\Desktop\FRST64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 17:59 - 2016-08-09 07:54 - 00002346 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launc h_IPoint_exe
2017-01-05 17:53 - 2016-08-09 07:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-05 17:53 - 2016-08-09 07:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-05 17:51 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-05 17:31 - 2016-03-09 09:17 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\360WD
2017-01-05 17:22 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-05 17:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-04 22:57 - 2016-08-09 07:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-04 11:56 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-04 11:44 - 2015-09-24 12:44 - 00000000 ____D C:\Program Files (x86)\GameVox
2017-01-04 11:44 - 2012-06-18 22:06 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Temp
2017-01-04 11:31 - 2010-03-31 13:59 - 00000000 ____D C:\Users\Bryan\Desktop\Stuff
2017-01-04 08:05 - 2010-05-26 14:00 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-04 08:03 - 2011-03-22 23:25 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-04 08:03 - 2010-03-30 10:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-30 22:14 - 2015-09-10 20:19 - 00042869 _____ C:\Users\Bryan\Desktop\2016 Ledger.ods
2016-12-30 20:56 - 2016-07-16 20:51 - 00044859 _____ C:\Users\Bryan\Desktop\Budget.ods
2016-12-30 20:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-30 20:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\System32
2016-12-30 08:53 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-29 18:33 - 2016-11-16 10:29 - 00000000 ____D C:\Users\Bryan\Downloads\Cloverfield (2008) [1080p]
2016-12-29 18:22 - 2010-03-30 10:11 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow
2016-12-24 09:22 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-24 01:30 - 2010-05-01 19:04 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\vlc
2016-12-23 12:56 - 2016-08-09 07:32 - 00000000 ____D C:\Users\Bryan
2016-12-23 12:48 - 2010-04-01 12:17 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Skype
2016-12-19 18:34 - 2010-03-31 11:03 - 00000000 ____D C:\Users\Bryan.gimp-2.6
2016-12-19 18:33 - 2010-03-31 11:04 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\gtk-2.0
2016-12-18 02:18 - 2014-09-05 00:05 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-12-18 01:35 - 2014-09-05 00:05 - 00000000 ____D C:\Users\Bryan\AppData\Local\Glyph
2016-12-17 09:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 09:15 - 2016-08-09 07:31 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regt rans-ms
2016-12-17 09:15 - 2016-08-09 07:31 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-17 09:15 - 2016-07-16 01:04 - 45875200 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-15 18:23 - 2012-07-05 10:25 - 00000000 ____D C:\Users\Bryan\Desktop\Important stuff
2016-12-15 00:38 - 2014-09-05 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-12-15 00:38 - 2014-09-05 00:05 - 00000000 ____D C:\ProgramData\Glyph
2016-12-14 21:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-14 20:47 - 2013-09-23 13:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 19:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 18:40 - 2016-08-09 07:31 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regt rans-ms
2016-12-14 12:53 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-14 09:31 - 2016-08-09 07:24 - 00243520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 00:28 - 2016-08-09 07:24 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regt rans-ms
2016-12-14 00:28 - 2016-08-09 07:24 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 00:28 - 2016-02-14 19:02 - 00002185 _____ C:\WINDOWS\BRRBCOM.INI
2016-12-14 00:27 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 00:27 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-13 18:10 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 18:05 - 2013-07-18 12:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 18:02 - 2010-04-03 22:30 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 10:40 - 2016-10-26 09:25 - 00008264 _____ C:\WINDOWS\setupact.log
2016-12-12 09:57 - 2016-08-09 07:32 - 00000000 ___RD C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs
2016-12-12 09:57 - 2015-11-11 23:27 - 00000000 ____D C:\Users\Bryan\AppData\Local\SquirrelTemp
2016-12-11 18:56 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:56 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 02:41 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-10 22:08 - 2016-08-09 07:32 - 00524288 ___SH C:\Users\Bryan\NTUSER.DAT{8939d2a3-5e34-11e6-b4ac-cc86332f2e5a}.TMContainer00000000000000000001.regt rans-ms
2016-12-10 22:08 - 2016-08-09 07:32 - 00065536 ___SH C:\Users\Bryan\NTUSER.DAT{8939d2a3-5e34-11e6-b4ac-cc86332f2e5a}.TM.blf
2016-12-10 18:16 - 2010-03-30 10:18 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Microsoft
2016-12-10 17:08 - 2015-11-09 10:21 - 00000000 ____D C:\Users\Bryan\Desktop\Pics
2016-12-10 16:53 - 2016-08-09 07:31 - 01301518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-10 16:53 - 2016-07-16 06:49 - 01055170 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-10 16:53 - 2016-07-16 06:49 - 00240778 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-10 16:49 - 2016-08-09 08:14 - 00000174 ___SH C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\desktop.ini
2016-12-10 16:49 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 16:49 - 2010-03-30 10:11 - 00000282 ___SH C:\Users\Bryan\Downloads\desktop.ini
2016-12-10 16:49 - 2010-03-30 10:11 - 00000282 ___SH C:\Users\Bryan\Desktop\desktop.ini
2016-12-10 16:49 - 2010-03-30 10:11 - 00000174 ___SH C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\desktop.ini
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Searches
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Saved Games
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Links
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Favorites
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Contacts
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools
2016-12-10 16:48 - 2016-07-16 01:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 09:21 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-07 01:50 - 2016-06-05 00:54 - 00000000 __SHD C:$360Section
2016-12-07 01:50 - 2016-03-09 09:31 - 00000000 ____D C:\ProgramData\360Quarant
2016-12-07 00:23 - 2016-03-09 09:17 - 00000000 _RSHD C:\360SANDBOX
2016-12-07 00:21 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files
2016-12-06 22:17 - 2010-04-14 22:00 - 00000000 ____D C:\Program Files (x86)\Vuze

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-30 08:53

==================== End of FRST.txt ============================
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bryan (05-01-2017 18:04:52)
Running from C:\Users\Bryan\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-09 13:01:39)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3534269808-1485983137-1280583553-500 - Administrator - Disabled)
Bryan (S-1-5-21-3534269808-1485983137-1280583553-1000 - Administrator - Enabled) => C:\Users\Bryan
DefaultAccount (S-1-5-21-3534269808-1485983137-1280583553-503 - Limited - Disabled)
Guest (S-1-5-21-3534269808-1485983137-1280583553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3534269808-1485983137-1280583553-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32...\360TotalSecurity) (Version: 9.0.0.1069 - 360 Security Center)
7-Zip 9.20 (HKLM-x32...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM...{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
And Yet It Moves 1.2.0 (HKLM-x32...{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1) (Version: - Broken Rules)
Apple Application Support (HKLM-x32...{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM...{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
AppLogLibSetup (x32 Version: 1.0.2.0 - Brother Industries Ltd.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Atlas Reactor Live (HKLM-x32...\Glyph Atlas Reactor Live) (Version: - Trion Worlds, Inc.)
AutoREALM Version 2.2.1 (HKLM-x32...\AutoREALM_is1) (Version: - )
AviSynth 2.5 (HKLM-x32...\AviSynth) (Version: - )
Bastion (HKLM-x32...\Bastion_is1) (Version: - )
Bastion (HKLM-x32...\Steam App 107100) (Version: - Supergiant Games)
Batman: Arkham Asylum (HKLM-x32...{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Inc/Warner Brothers)
Batman: Arkham City™ (HKLM-x32...\Steam App 57400) (Version: - Rocksteady)
Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM...{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32...\Borderlands 2_is1) (Version: - )
Braid (Version 1.015) (HKLM-x32...\Braid_is1) (Version: - )
BrLauncher (x32 Version: 1.1.6.0 - Brother Industries Ltd.) Hidden
BrLogRx (x32 Version: 1.0.1.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (x32 Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (x32 Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (x32 Version: 1.0.5.2 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (x32 Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Castle Crashers (HKLM-x32...\Steam App 204360) (Version: - The Behemoth)
Character Builder (HKLM-x32...{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Cities in Motion 2 (HKLM-x32...\Steam App 225420) (Version: - Colossal Order Ltd.)
Citra Edge (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\citra) (Version: 0.1.83 - Citra Development Team)
Citrix online plug-in - web (HKLM-x32...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Cockatrice (HKLM-x32...\Cockatrice) (Version: - )
Cogs (HKLM-x32...\Cogs) (Version: - )
ControlCenter4 (x32 Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (x32 Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
CPUID CPU-Z 1.75 (HKLM...\CPUID CPU-Z_is1) (Version: - )
Crayon Physics Deluxe version 55 (HKLM-x32...{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
Crypt of the NecroDancer (HKLM-x32...\Steam App 247080) (Version: - Brace Yourself Games)
CrystalDiskInfo 7.0.4 (HKLM-x32...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
Darksiders (HKLM-x32...\Steam App 50620) (Version: - Vigil Games)
DeviceDetect (x32 Version: 1.0.3.4 - Brother Industries Ltd.) Hidden
DFOLauncher (HKLM-x32...\DFO) (Version: - )
Diablo III (HKLM-x32...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32...\Diablo III Beta) (Version: 0.11.0.9359 - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
D-Link AirPlus G Wireless LAN Adapter (HKLM-x32...{111B8587-C888-4B7B-A20D-8CC767437A90}) (Version: - )
Dolphin x86 (HKLM-x32...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKLM-x32...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32...{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epic Games Launcher (HKLM-x32...{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry® 3 Blood Dragon (HKLM-x32...\Steam App 233270) (Version: - Ubisoft Montreal)
FocalBlade 2.0 Demo Plugin (HKLM-x32...\FocalBlade 2.0 Demo Plugin_is1) (Version: - The Plugin Site)
Gameforge Live 2.0.11 (HKLM-x32...{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.11 - Gameforge)
GameVox 0.18.4.56 (HKLM-x32...{d1b6d93c-44b5-4130-bff4-95c9b6d141d3}) (Version: 0.18.4.56 - GameVox LLC)
GameVox 0.18.4.56 (x32 Version: 0.18.4.56 - GameVox LLC) Hidden
Gauntlet™ (HKLM-x32...\Steam App 258970) (Version: - Arrowhead Game Studios)
Gigantic Installer (HKLM-x32...{fb714f96-ecf3-484b-b780-edbd9e241da7}) (Version: 1.0.0.2 - Motiga Inc.)
Gigantic Launcher (64-bit) (Version: 1.3.0.1 - Motiga Inc.) Hidden
GIMP 2.6.8 (HKLM-x32...\WinGimp-2.0_is1) (Version: - )
Glyph (HKLM-x32...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32...{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM-x32...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
Grey Cubes (HKLM-x32...\Steam App 371500) (Version: - Deion Mobile)
GTK+ Runtime 2.14.7 rev a (remove only) (HKLM-x32...\GTK 2.0) (Version: - )
Guacamelee! Gold Edition (HKLM-x32...\Steam App 214770) (Version: - DrinkBox Studios)
Guardians of Graxia (HKLM-x32...\Steam App 90500) (Version: - )
Hearthstone (HKLM-x32...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HEX 1.0 (HKLM-x32...{6EDED3CB-CAC5-4200-A534-CCA1732EAF23}_is1) (Version: 1.0 - Gameforge4d)
Hextech Repair Tool (HKLM-x32...{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32...{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HowToGuide (x32 Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HP Button Manager (HKLM-x32...{7390FC95-D842-448A-A3A2-C8DC89AEB83A}) (Version: 1.6.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
InFlac 1.1.1 (HKLM-x32...\InFlac) (Version: 1.1.1 - Michael Facquet)
Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM...{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jamestown: Legend of the Lost Colony (HKLM-x32...{DC76D52B-1266-4A73-9020-02694193B907}) (Version: 1.0.1 - Final Form Games)
JavaFX 2.1.1 (HKLM-x32...{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Landmark Beta (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 1.0020 - Riot Games) Hidden
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LOOT (HKLM-x32...\LOOT) (Version: 0.7.0 - LOOT Development Team)
Magic Duels (HKLM-x32...\Steam App 316010) (Version: - Stainless Games Ltd.)
Magicka (HKLM-x32...\Steam App 42910) (Version: - Arrowhead Game Studios)
MechWarrior Online (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32...{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Metal Slug 3 (HKLM-x32...\Steam App 250180) (Version: - DotEmu)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32...{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32...{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32...{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32...{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM...{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM...{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM...{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM...{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32...{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM...{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32...{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32...{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32...{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32...{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Minimum (HKLM-x32...\Steam App 214190) (Version: - Human Head Studios)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
MTX (HKLM-x32...{6583D00E-0924-4950-8BE9-5D09FE70B333}) (Version: 1.0.0 - mektek.net)
Mumble 1.2.16 (HKLM-x32...{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
Natural Color Pro (HKLM-x32...{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0005 - )
NetworkRepairTool (x32 Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Nexon Game Manager (HKLM-x32...{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
NVIDIA 3D Vision Controller Driver 364.44 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.46 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oblivion (HKLM-x32...{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32...{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Orcs Must Die! (HKLM-x32...\Steam App 102600) (Version: - Robot Entertainment)
Origin (HKLM-x32...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Overwatch (HKLM-x32...\Overwatch) (Version: - Blizzard Entertainment)
Path of Exile (HKLM-x32...{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29375 - Grinding Gear Games)
PC-FAXReceive (x32 Version: 1.3.8.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (x32 Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32...\pcsx2-r4600) (Version: - )
PicPick (HKLM-x32...\PicPick) (Version: 2.3.0 - Wiziple)
Pidgin (HKLM-x32...\Pidgin) (Version: 2.6.6 - )
Portal (HKLM-x32...\Steam App 400) (Version: - Valve)
PowerISO (HKLM-x32...\PowerISO) (Version: 5.9 - Power Software Ltd)
Project64 1.6 (HKLM-x32...{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts Demo (HKLM-x32...\Steam App 3840) (Version: - Double Fine)
Puzzle Bots v1.0 (HKLM-x32...{12B839E5-8271-4888-B19F-4811A8D8770F}_is1) (Version: - Wadjet Eye Games)
Quantum Conundrum (HKLM-x32...\Steam App 200010) (Version: - Airtight Games)
QuickTime (HKLM-x32...{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RaidCall (HKLM-x32...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
RemoteSetup (x32 Version: 3.8.0.0 - Brother Industries Ltd.) Hidden
Reus (HKLM-x32...{D991ED13-3BDE-40B9-9C7D-C459E342C0D5}_is1) (Version: 1.3.1.0 - Abbey Games)
Rise of the Tomb Raider (HKLM...\Steam App 391220) (Version: - Crystal Dynamics)
Saints Row IV (HKLM-x32...\Steam App 206420) (Version: - Deep Silver Volition)
Samsung Data Migration (HKLM-x32...{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Sanctum (HKLM-x32...\Steam App 91600) (Version: - Coffee Stain Studios)
ScannerUtilityInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Shadowgrounds 1.05b (HKLM-x32...\Shadowgrounds_is1) (Version: - Frozenbyte, Inc.)
Shadowrun Returns (HKLM-x32...\Shadowrun Returns_is1) (Version: - Harebrained Holdings)
Shadowrun Returns (HKLM-x32...\Steam App 234650) (Version: - Harebrained Schemes)
Shadowrun: Dragonfall - Director’s Cut (HKLM-x32...\Steam App 300550) (Version: - Harebrained Schemes)
Shadowrun: Hong Kong - Extended Edition (HKLM-x32...\Steam App 346940) (Version: - Harebrained Schemes)
Shatter (HKLM-x32...{84D008A6-8159-442E-8FD8-0148EF42F3E0}) (Version: 1.0.5 - Sidhe Interactive)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.46 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32...{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Smite (HKLM-x32...{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.12.2920.4 - Hi-Rez Studios)
SPORE™ (HKLM-x32...{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
Starbound (HKLM-x32...\Steam App 211820) (Version: - )
StarCraft II (HKLM-x32...\StarCraft II) (Version: - Blizzard Entertainment)
StatusMonitor (x32 Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32...{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (HKLM-x32...\Switch) (Version: - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32...{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
Tales of Zestiria (HKLM...\Steam App 351970) (Version: - BANDAI NAMCO Studio Inc.)
Team Fortress 2 (HKLM-x32...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32...\Steam App 105600) (Version: - )
Terrorhedron (HKLM-x32...\Steam App 299720) (Version: - Dan Walters)
The Darkness II (HKLM-x32...\The Darkness II_is1) (Version: - )
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM-x32...\The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1) (Version: 1 - )
The Elder Scrolls V: Skyrim (HKLM-x32...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable (HKLM-x32...\Steam App 221910) (Version: - Galactic Cafe)
The Wolf Among Us (HKLM-x32...\Steam App 250320) (Version: - )
Transistor (HKLM-x32...\Steam App 237930) (Version: - Supergiant Games)
Trine 1.09 (HKLM-x32...\Trine_is1) (Version: - Frozenbyte, Inc.)
Ubisoft Game Launcher (HKLM-x32...{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32...\Uplay) (Version: 2.1 - Ubisoft)
UsbRepairTool (x32 Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Ventrilo Client (HKLM-x32...{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VirtualCloneDrive (HKLM-x32...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.5.1 (HKLM...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
VVVVVV version 2.0 (HKLM-x32...{C39601A7-9FF4-4148-A41B-93181E35D122}_is1) (Version: 2.0 - Terry Cavanagh)
WinDirStat 1.1.2 (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\WinDirStat) (Version: - )
Windows Live ID Sign-in Assistant (HKLM...{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32...{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM...\WinRAR archiver) (Version: - )
wolfman-x (HKLM-x32...\wolfman-x) (Version: - )
World of Warcraft (HKLM-x32...\World of Warcraft) (Version: - Blizzard Entertainment)
Zemana AntiMalware (HKLM-x32...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.262 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C6896E-B9B8-41AE-A29A-21736796C03D} - System32\Tasks{C5EF7A5E-A71D-4612-B1EF-EF01324E83B7} => pcalua.exe -a C:\Users\Bryan\Downloads\XBOX360Eng.exe -d C:\Users\Bryan\Downloads
Task: {05B1E339-F4C9-4517-B722-89D06C5F9283} - System32\Tasks{45B9A611-6A72-478B-8D97-9CA8C093E8C9} => pcalua.exe -a “C:\Program Files (x86)\InstallShield Installation Information{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe” -c -runfromtemp -l0x0009 -removeonly
Task: {0CB7E6D1-1090-416D-B413-5ABAA6A9A786} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {122B7A12-C9DB-4645-A1D8-1EED56795338} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17FF28B4-01CF-48DF-9FD3-9D44C98FAE58} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {186653D0-2616-474D-822A-BA7717C06468} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {265F771F-4B79-4DA7-AC8C-4FD4EBBB4C26} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {2C94A6AC-4E94-49AA-BFEC-CA6715D5838F} - System32\Tasks{1346A54B-F643-49CA-A380-C2712D7819C1} => pcalua.exe -a “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder\07 CB_Oct_2009.exe” -d “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder”
Task: {34DFE721-5B05-4151-8B49-2B15AD35F39D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {37723692-5D04-4540-97C0-78E7E80FFEAE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {39776033-3639-4CFF-B3F0-D3E166186F2A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4852CF62-AECB-4107-8218-CD5AFF616C58} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49D19FFA-B5B7-4AD1-A9B7-7DD463033CE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A55BBC8-0419-4456-872E-360B9BC11EEE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {571FE537-F861-4706-AE97-CC121265D995} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5BFCE883-EF1C-4824-A392-6D09E5F54BBF} - System32\Tasks{AA7EEC8E-BF7E-4C73-8E64-90A32D5C2A1A} => pcalua.exe -a “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder\09 CB_Jan_2010.exe” -d “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder”
Task: {624DB11D-9A48-4054-A438-E538962C7346} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {62CE3F92-9560-4354-9AAC-B4E1766A97E5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6848E300-9948-42C2-8B0A-C438060CC47A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B9891DA-A55C-4A43-80FB-2313C0F228A5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7D7CA63D-FABA-4AF6-B2E7-218561B58CFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83A238BD-45C6-41D0-9C4A-BDC07A1CC9E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_ex e => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {848C5324-075C-467C-A726-19657AE71E55} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C645592-6934-4799-87D2-75E17790E39C} - System32\Tasks{852D79DA-9E6D-43AE-BA09-691A1176B8FA} => pcalua.exe -a “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder\08 CB_Nov_2009.exe” -d “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder”
Task: {8F019CD9-7319-4344-A511-3923CE659744} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {9084C9CB-5B7F-4B64-B362-5ED7C9DCD0FA} - System32\Tasks{48F2B6BC-1E5A-4182-AE0E-81B6E1EEF2D7} => pcalua.exe -a “C:\Users\Bryan\Documents\Vuze Downloads\Mass Effect 2 Full DLC Pack 2011 -illiria\DP_Setup.exe” -d “C:\Users\Bryan\Documents\Vuze Downloads\Mass Effect 2 Full DLC Pack 2011 -illiria”
Task: {9C7B6025-EAE0-4D78-A7DC-A49F25504B4A} - System32\Tasks{4E8710E2-664D-498F-90C0-4B8CEBC28AF6} => pcalua.exe -a “C:\Program Files (x86)\Steam\steam.exe” -c steam://uninstall/12910
Task: {AD4D3F7F-1D77-425D-B26C-3B782769013F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {AF650805-499B-4717-817B-54ED677A76A0} - System32\Tasks{B9E7CB81-77BB-4FDA-9A2C-ED13CC009FBE} => pcalua.exe -a “C:\program files (x86)\steam\steamapps\common\alien swarm\bin\addoninstaller.exe” -d “c:\program files (x86)\steam\steamapps\common\alien swarm” -c /register
Task: {B77FA3C9-F4A0-4C8B-992B-7BD7062C91AA} - System32\Tasks{EA03FC6D-E036-49A6-BDF4-640D8C123B6F} => pcalua.exe -a D:\Setup.exe -d D:
Task: {B9C2E9A6-1EB9-49B3-A703-1402FCAC6EA9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {DB399A18-9BFA-4FC3-905E-155F9BB8F6EA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E46180A8-9666-4547-AE86-3E99A18B8A88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5250716-C46E-42C2-8A19-99388F88F6A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1DD8418-E09C-468F-8D34-004E1185B32A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F86A213F-DE25-47C3-BA16-D5DF653C4E0F} - System32\Tasks{E2321764-CBCB-4E30-8CD4-553A205566D2} => pcalua.exe -a “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder\01 CB_Apr_2009.exe” -d “C:\Users\Bryan\Documents\Vuze Downloads\Dungeons & Dragons - Character Builder”

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 17:56 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-09 07:27 - 2016-03-21 21:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-02 10:20 - 2011-03-02 10:20 - 00224256 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2016-04-25 10:16 - 2016-03-24 00:35 - 00368184 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-14 19:02 - 2005-04-22 13:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-12-13 17:56 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-09 08:18 - 2016-08-09 08:18 - 00959168 _____ () C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17 .3.6390.0509\amd64\ClientTelemetry.dll
2010-05-02 09:08 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2017-01-04 08:12 - 2017-01-04 08:12 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.d ll
2016-04-25 10:16 - 2016-03-24 00:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardP lugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-20 22:20 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2016-12-13 17:56 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-11-10 00:33 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-11-10 00:33 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2016-11-10 00:33 - 2016-11-02 05:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-11-10 00:33 - 2016-11-02 05:13 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-09-29 21:34 - 2016-09-15 12:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDel iveryManager_cw5n1h2txyewy\ContentDeliveryManager. Background.dll
2016-09-20 22:20 - 2016-09-07 00:36 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDel iveryManager_cw5n1h2txyewy\ContentManagementSDK.dl l
2016-12-13 17:47 - 2016-12-13 17:47 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.100 1.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-12-14 18:24 - 2016-12-14 18:25 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 18:24 - 2016-12-14 18:25 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00208384 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2011-03-02 10:11 - 2011-03-02 10:11 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00073216 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2011-03-02 10:17 - 2011-03-02 10:17 - 00603136 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-03-02 10:13 - 2011-03-02 10:13 - 00048640 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\clonewarsadventures.com → clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\freerealms.com → freerealms.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\soe.com → soe.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\sony.com → sony.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\007guard.com → install.007guard.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\008k.com → www.008k.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\00hq.com → www.00hq.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\010402.com → 010402.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\032439.com → 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\0scan.com → www.0scan.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\1-2005-search.com → www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\1-domains-registrations.com → www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\1000gratisproben.com → www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\1001namen.com → www.1001namen.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\100888290cs.com → mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\100sexlinks.com → www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\10sek.com → www.10sek.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\12-26.net → user1.12-26.net
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\12-27.net → user1.12-27.net
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\123fporn.info → www.123fporn.info
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\123haustiereundmehr.com → www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\123moviedownload.com → www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\123simsen.com → www.123simsen.com

There are 7545 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2010-12-29 17:20 - 00428463 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 14741 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Control Panel\Desktop\Wallpaper → C:\Users\Bryan\Desktop\Pics\Keepers\New Orleans 10-2015\IMAG0147.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: C3 => C:\Program Files (x86)\Vivox\C3\c3.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => “C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe”
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: LogMeIn Hamachi Ui => “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
MSCONFIG\startupreg: Spotify => “C:\Users\Bryan\AppData\Roaming\Spotify\spotify.ex e” /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => “C:\Users\Bryan\AppData\Roaming\Spotify\Data\Spoti fyWebHelper.exe”
MSCONFIG\startupreg: Steam => “C:\Program Files (x86)\Steam\steam.exe” -silent
MSCONFIG\startupreg: VirtualCloneDrive => “C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s
HKLM...\StartupApproved\Run: => “RtHDVCpl”
HKLM...\StartupApproved\Run: => “IntelliPoint”
HKLM...\StartupApproved\Run32: => “AVG_UI”
HKLM...\StartupApproved\Run32: => “Dropbox”
HKLM...\StartupApproved\Run32: => “PWRISOVM.EXE”
HKLM...\StartupApproved\Run32: => “AvgUi”
HKLM...\StartupApproved\Run32: => “StartCCC”
HKLM...\StartupApproved\Run32: => “BrHelp”
HKLM...\StartupApproved\Run32: => “ControlCenter4”
HKLM...\StartupApproved\Run32: => “BrStsMon00”
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\StartupApproved\StartupFolder: => “GameVox.lnk”
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000...\StartupApproved\Run: => “Skype”

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{9E566EC4-B07A-48A8-9591-95E69F7E1266}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starb ound.exe
FirewallRules: [{9092EA15-0FFB-445C-B7DE-47685B75F530}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starb ound.exe
FirewallRules: [{08122964-936D-4D84-AAA4-BA6ACFC45B21}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_u ploader.exe
FirewallRules: [{E8D03A6D-82F1-46BE-8AE2-4BD4D8FF82DA}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_u ploader.exe
FirewallRules: [{76E601CD-1552-4750-82FC-F5C5A5BE78A4}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starb ound_server.exe
FirewallRules: [{762E0C23-15C1-4124-A575-51D98A9E11A0}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starb ound_server.exe
FirewallRules: [{8DDA7BAD-C1DF-4523-B664-B7FC527E08B1}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starb ound.exe
FirewallRules: [{B5790F62-6704-4FBE-B077-CE0C7F98C4FE}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starb ound.exe
FirewallRules: [{18CEBEEE-6437-46CF-A519-8D66B90851CC}] => C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\Sh adowOfMordor.exe
FirewallRules: [{ED650210-475C-44B3-A183-02F40D3BE1F0}] => C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\Sh adowOfMordor.exe
FirewallRules: [{603D3FDF-2DF2-40E4-8220-DB4BCCFC83E2}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{E72591A9-DDF4-4D89-ABB0-D83349FB27D1}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{BF504995-1C75-4C86-9FB6-34463C5295AD}] => C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{70FCDB59-3668-4EED-9B55-A5301FBE73EE}] => C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{D9D1185D-506D-4EB1-942D-B212A093A4D1}] => C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{35DE6871-869C-49EE-AF15-2FEA0A854B4D}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{55E6FC19-C522-4B85-8D81-C73467A316D1}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{D0E9B37C-DEE1-4D03-98B1-51EACB25A7DF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe
FirewallRules: [TCP Query User{B5293982-D661-4FE9-B0A8-3A641A5CA624}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslaun cher.exe
FirewallRules: [UDP Query User{39664CC1-4E67-443D-9FFD-7CB38679E3C0}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe
FirewallRules: [TCP Query User{4C48D48E-9211-4F9A-96DD-BBA4EF92B26F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslaun cher.exe
FirewallRules: [{6D2EB750-6B33-4FEA-88B7-1A7C7E28BF90}] => C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{05AE6CB3-349C-41C5-8584-34EF5EFD3418}] => C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{075FEC8B-6E4D-4CBF-8320-ADDF2DBF4053}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC178713-DFF0-4770-89B1-D50080EF2AEF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66E2E888-0495-467B-8F0A-382773990B87}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B026A64-46AD-4150-BE1E-C4B7A0F96C0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{503F90E6-E5B0-4AD3-BE36-41D7F19B3AB3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9B8276F7-808C-4D3D-A4D7-59E184DED9B4}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3F51B2E5-E86F-4BA7-B1E3-B8DAB090993E}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{02F80957-5EB0-436E-87D6-4227168645F4}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{9ADE4919-4BB0-44EC-B2E3-FDED38404505}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{A4F588E9-B2C9-46B2-A6BE-C562107AEEAF}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{3B001959-5CFF-47AD-9C72-38F5625BF88A}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{A247CA7F-B597-4C9C-9836-204094337673}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71A64160-579C-449C-BB0D-E4EEC2C6600D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{1F57335E-3E17-4A7E-AED9-26A8178385FD}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{EFDD72A9-D6BE-4145-A654-1DBD9FCBA791}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{DD6A64A1-0883-417E-9389-E42CF77AD2F7}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{B4DA0C7E-4768-47C0-BF75-63804B8F1177}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D466861B-7FFD-4A16-B2DC-786708773A73}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6F626A2B-EF2D-43C4-AFF0-1D25E33B6F2A}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{434756D2-F79C-4E2C-B81C-FFCF1C0E45BD}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2D082E90-5A70-4D10-BFB9-161917D73D4B}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [{3CAE2205-90F6-4721-8F4B-B8A46720B421}] => C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D7863F6D-2937-4ABF-A9C7-762D4089D18B}] => C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [UDP Query User{89DC9B87-EE47-4115-A2F0-1325A1409CCA}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{55661E35-A578-47C2-A96B-6145CF5808C9}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [{6550343A-62BB-44A0-8DC6-9E607D0C811E}] => C:\Program Files (x86)\Steam\steamapps\common\GreyCubes\GreyCubes.e xe
FirewallRules: [{471E32BC-2906-4CFC-B180-95077AB38F43}] => C:\Program Files (x86)\Steam\steamapps\common\GreyCubes\GreyCubes.e xe
FirewallRules: [{BC821BCA-E3A7-49BD-B04B-E136B84E2DED}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BED30BB2-EBB3-41E1-93B6-599CD8AEB783}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{4147B5C8-E5B0-45A1-B9D8-902D0CC33FE7}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{44AD2575-DA35-4BF9-8AB0-11D879605CF4}] => LPort=54925
FirewallRules: [{41D64912-84F6-4E80-A17F-76AC40AF2F9E}] => H:\Install\wlan_wiz.\wlan_assistant\waw.exe
FirewallRules: [{DFF42BB2-28A3-48A0-8D27-E2EF6CBB1C3A}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{994B3964-0476-4A9A-9711-DAC5A3BD686F}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{18A9C170-840D-4FC9-9886-8A91FAE60863}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director’s Cut\Dragonfall.exe
FirewallRules: [{FEC087F1-9094-41A1-ADE6-EE409D832DA5}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director’s Cut\Dragonfall.exe
FirewallRules: [{9136D434-E9D0-4684-9209-D4F6A85DF931}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{6785A6B5-EBA1-4530-93B4-6EEE7B13F893}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{3F20995C-CCAD-4E25-A72D-E916A289D7D6}] => C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{EA59C345-E6EC-4028-B81C-9BA47240188A}] => C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{11939EDC-08DD-4734-94D4-DED455054EB0}] => C:\Program Files (x86)\Steam\steamapps\common\tribes\Binaries\Win32 \HirezBridge.exe
FirewallRules: [{618FD6B9-4479-433E-9384-80E4D89C2AC5}] => C:\Program Files (x86)\Steam\steamapps\common\tribes\Binaries\Win32 \HirezBridge.exe
FirewallRules: [UDP Query User{798962EE-15E4-4868-BF1C-CC79057E5349}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{CD1F5F34-98AF-463D-99F5-50EB51B22B2D}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{E1D6D9F5-2595-4018-B364-82332D89D9AB}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9BDE7E94-0018-4014-80CC-028622CC8AD9}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B9C2ADD9-66E5-420C-A910-904787DFB8BA}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher .exe
FirewallRules: [{2DC518D2-61EE-49DB-90A8-9AAD437CADBB}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher .exe
FirewallRules: [{C8ECC68D-4C22-4B3A-998B-0C8F854490C7}] => C:\Program Files (x86)\Steam\steamapps\common\Terrorhedron\terrorhe dron.exe
FirewallRules: [{802D1EF5-5AAD-4DD0-9FC4-18FE8043E11B}] => C:\Program Files (x86)\Steam\steamapps\common\Terrorhedron\terrorhe dron.exe
FirewallRules: [UDP Query User{D59F117C-178A-4060-B743-0A74FF5A09A1}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9B338196-9173-4F65-992F-6AFA22B47DED}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EFCBB1A7-70FA-47A1-A58B-FDBDC2475DE8}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{666411AE-82A2-4924-933B-EB20CF38E43B}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7E1D0833-1F1F-48C7-8EE8-1F776959F6F3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{A14A18D7-CF4F-4E96-B093-B592F1FBA43A}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{03C67C2D-7B87-4767-8433-7BE61A6FC990}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6B543A5F-822E-4C69-B9FA-9F4E1EB48F92}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{35E8104A-80E1-43EE-B0E0-59A5352D0583}] => C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.e xe
FirewallRules: [{5BDEDC1A-AD9B-44E9-B403-2A3A012D7EF2}] => C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.e xe
FirewallRules: [UDP Query User{39CD56F9-DABA-4034-92D9-7AD4004AD623}C:\users\bryan\desktop\buddha\brutall egend_nosteam.exe] => C:\users\bryan\desktop\buddha\brutallegend_nosteam .exe
FirewallRules: [TCP Query User{88368CA8-32EE-42D5-8AB7-82CE6365F40A}C:\users\bryan\desktop\buddha\brutall egend_nosteam.exe] => C:\users\bryan\desktop\buddha\brutallegend_nosteam .exe
FirewallRules: [UDP Query User{7A1F51D1-3632-4B11-8BA9-E54517261E83}C:\users\bryan\desktop\games\lol\leag ue of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcherux.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{2A05E62B-8C98-4A33-95BD-7EAC3B7746CD}C:\users\bryan\desktop\games\lol\leag ue of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcherux.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{77A268AF-91CB-4A92-92A3-2B07659CA7A6}C:\users\bryan\desktop\games\lol\leag ue of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcher.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{A67342FB-DA71-4F53-AE7D-937A95E92E3A}C:\users\bryan\desktop\games\lol\leag ue of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcher.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0. 0.14\deploy\lolpatcher.exe
FirewallRules: [{A16F141D-8DE7-4BF7-8A02-9100A8EBEBF4}] => C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.e xe
FirewallRules: [{20124EDE-FF02-4FD3-A19A-20ADDAE3A2E2}] => C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.e xe
FirewallRules: [{716DB04A-DEDF-44B3-9C3F-384A49A65425}] => C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe
FirewallRules: [{BA61FB2E-14B2-489F-B947-3C16C5E62F10}] => C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe
FirewallRules: [{E6F110BD-B933-44ED-BFAC-A48FC1813A1E}] => C:\Program Files (x86)\Steam\steamapps\common\Gauntlet\binaries\gau ntlet.exe
FirewallRules: [{611E2ED2-EF41-41E1-B1B9-1FE7C30BD7F1}] => C:\Program Files (x86)\Steam\steamapps\common\Gauntlet\binaries\gau ntlet.exe
FirewallRules: [{D462D622-7424-420F-A6E9-A0A1DBACEA4C}] => C:\Program Files (x86)\Steam\steamapps\common\Minimum\Binaries\Win3 2\MinGame-Win32-F.exe
FirewallRules: [{25AF45A0-96B8-4A0A-B7F2-9947F121120F}] => C:\Program Files (x86)\Steam\steamapps\common\Minimum\Binaries\Win3 2\MinGame-Win32-F.exe
FirewallRules: [{1EF8459F-BE85-45B7-A773-DC07F3C873CA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E11CC037-C9FE-4719-B2F9-63C7FF5F499D}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{6EB512C9-5C4E-456F-A6B7-0A6EDBFFC86D}C:\program files (x86)\raidcall\raidcall.exe] => C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [TCP Query User{E638A225-13E3-4173-9451-95498EFB8561}C:\program files (x86)\raidcall\raidcall.exe] => C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{6AE8C68A-AB1A-4BD5-981F-44EF23D7C884}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8DD07586-7E40-40A3-B01B-9DCB27C4C8AF}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{96C60E76-977E-4AE0-8D2F-5AF68AFD7377}] => C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.e xe
FirewallRules: [{6CAA783B-C9A8-43CB-904C-78C5D90A427E}] => C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.e xe
FirewallRules: [{8364C997-6A39-429B-8D11-8C64060CD09B}] => C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transi stor.exe
FirewallRules: [{9286ADB7-4398-4D92-9D87-8F209D8C306E}] => C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transi stor.exe
FirewallRules: [UDP Query User{21413504-E150-4082-A1A0-23A4321C976D}C:\users\bryan\appdata\roaming\spotif y\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{06F3700B-0D12-41AB-A7E0-0CB0B94CCB21}C:\users\bryan\appdata\roaming\spotif y\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0FD9C62D-42DA-48A5-8CB8-CF056E4717DB}] => C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{35911189-710F-446D-940E-CA9B9EC83D70}] => C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{84ACEAEE-87FA-4A15-907B-0854AF5D0FCD}] => C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle .exe
FirewallRules: [{3F04CBFF-5728-409B-B456-1CF036D0748A}] => C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle .exe
FirewallRules: [UDP Query User{334B2E83-981B-408E-BE92-6153DD276216}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe] => C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [TCP Query User{F8D22EF4-9B63-4E94-B274-AEF53FE20BBF}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe] => C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{D6DF2DB6-AFEA-4CFF-B7E7-6727AF1D9E43}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5D31DE24-EC07-42C2-B583-53C456DF82B7}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{FDA33696-0734-40EC-A931-B83F5AD12256}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{8DF8A7FE-02C3-4181-977E-54D62D4C5EE0}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{124566D7-35DC-4FE6-842A-3CDB8B2512A9}] => C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{BD77128A-B577-498D-92E6-067C42553BB1}] => C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{7EC214F6-A630-4976-8C83-5E008D6F2F6E}] => C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{5AD689C0-664F-4C9F-B42D-F0351B628B8E}] => C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{97933098-53FC-4DD8-B205-B8FE0EB81EC6}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{2300E685-86C6-4D19-A4DD-F7175327EBF0}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{E2D06D7E-A938-419B-B85A-F70958E04043}] => C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{89998022-A5F1-4FAC-A1D3-A0263985ECC8}] => C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D4F8B765-715A-4640-A0DE-8A86AF3F86EE}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{F691A4D9-AF39-4103-B745-DB9F36224E20}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{B0F88646-504A-4A7B-950B-EED785C77567}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{E9E3196C-B6EB-4C9E-8184-871CE0F7CFB5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{96F0F257-96E1-40E4-A5B2-3CBD029F8551}] => C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe
FirewallRules: [{070EB91E-B6F5-4F71-A4F3-BCED83654097}] => C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe
FirewallRules: [UDP Query User{2689827B-6FD0-4E75-A9F7-EC2772A80490}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [TCP Query User{C894BC77-3E49-454C-96ED-564F863561FB}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [{E1A4B4AE-A9BC-4673-88BE-61AD1DC46434}] => LPort=41780
FirewallRules: [{70B70EBF-2AD4-40E7-A949-5E410787BCB6}] => C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.e xe
FirewallRules: [{5B4AE735-AFF4-402D-8BD9-B7E07D2B300A}] => C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.e xe
FirewallRules: [{70501A5B-8B45-4E34-8F7B-21F1518837ED}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
FirewallRules: [{C63F34E1-AA47-4A77-A50E-635C0491336B}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
FirewallRules: [{E6630FA5-217D-46F4-AD75-784B70D21ABC}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{EAC9FDCC-C217-444E-B908-E270D9E590BB}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{2A18F852-EF79-4D6E-9BE0-5354918596F2}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
FirewallRules: [{FEB8D9CC-C745-4850-AD00-3F484A472535}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Ag ent.exe
FirewallRules: [{E27A4E54-8D39-4982-AB7C-D71D6299D76F}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe
FirewallRules: [{EEFD95FC-19C9-4EE2-A821-B12A9B8C9119}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Ag ent.exe
FirewallRules: [{B814655E-1174-49A3-8618-005535F2DEA3}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{6F18D558-5250-4213-813C-A6C06F98ACD0}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.e xe
FirewallRules: [{645FFBE9-A7F4-4493-8E53-F0D4ACC7A5F0}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe
FirewallRules: [{919D23F6-8514-4938-ABF3-E0F1CE985C86}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe
FirewallRules: [{8B89B26B-FF90-4BDD-984F-A000BBF5BEC4}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe
FirewallRules: [{8759C267-DC07-4A16-A8AB-F848A7F43101}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.e xe
FirewallRules: [{0AA93C04-A152-45B5-8713-71C19F4B9E3A}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Ag ent.exe
FirewallRules: [{08DA9E08-A80E-487D-9CC7-6192A82389F7}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Ag ent.exe
FirewallRules: [{9D4734CE-041B-4E9D-9282-ABD99D0797EF}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Ag ent.exe
FirewallRules: [{CFF74111-C8BB-4448-86C6-8D96DFB3147F}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Ag ent.exe
FirewallRules: [UDP Query User{D9F66DB9-9EBB-42A8-B468-A7E56EE5C3A0}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{B4386D80-A2C8-4AE0-ABAA-20E224DB2E7B}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{28871463-7E43-45FA-91D1-3949EF48D281}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Ag ent.exe
FirewallRules: [{048BD6AE-726E-4AAD-AE50-1243BDE9079A}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Ag ent.exe
FirewallRules: [{EC73E2A6-6B64-4AB6-98DA-3B6D3C44D596}] => C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CAA59CA1-AA5C-4D2D-A4E4-43C1020CDC86}] => C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{06F3B6F4-2E84-4E08-9FB9-5BFA59F0BDDE}] => C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{92AC38A5-CF73-4179-BDB1-769786FEB5B1}] => C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{48B63789-5FDA-4D5D-A07D-7679D783757E}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{3DCB33F0-B43D-4602-A894-E687017FA893}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{CF75BE7F-FB53-44AF-A6EE-D9F9CE595C17}] => C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{5A1070D0-F30F-4F7D-B199-2E1FB58082D8}] => C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{F66A788D-3577-429F-A45A-37D330F2DA39}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{A2AE031C-73A8-4DC9-A27D-947EECD51269}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [UDP Query User{260E5D78-F85D-4F3C-8B37-6399A2B663EE}C:\users\bryan\desktop\games\diablo iii\diablo iii.exe] => C:\users\bryan\desktop\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{3C2CA2C5-9307-4BE7-99CC-57CF34F9FF62}C:\users\bryan\desktop\games\diablo iii\diablo iii.exe] => C:\users\bryan\desktop\games\diablo iii\diablo iii.exe
FirewallRules: [{9A8AC6FF-764B-4471-A796-D1AC04B4F5D5}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe
FirewallRules: [{55108AEA-6854-4010-BF99-F48FF6FEA8A7}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe
FirewallRules: [{E5AC228F-12E9-486B-A9C8-4BF8EB0B7493}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.e xe
FirewallRules: [{E498D5AE-C2E8-488D-B53B-DD19F778EDD3}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.e xe
FirewallRules: [{C541E6F5-4458-4EB1-8873-043C981F5F8A}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{801E951F-C6A6-4D6E-AB44-4A3522356E3E}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{B37A1EF8-0339-45CF-B210-91E75A8A694A}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{437E4EEE-FE64-4EFB-95FD-5E49546F66DB}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{2B5F5E03-461F-4BA8-8196-774A5B462C88}] => C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win3 2\SanctumGame-Win32-Shipping.exe
FirewallRules: [{AD1D22C6-0DAA-4857-AE3B-90FF94CFF789}] => C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win3 2\SanctumGame-Win32-Shipping.exe
FirewallRules: [{35C5E7AC-795D-4611-94BB-06B4348CF27B}] => C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
FirewallRules: [{F6E11555-3E12-4D1A-9CC1-FED91097527B}] => C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
FirewallRules: [{51FDD51D-3095-4A3D-B056-85625FF29DC1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DA487981-E544-4C29-B76B-B785F3AE4871}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{72448827-E1A9-4A13-8C8D-D40E64F13BFA}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{5F1AFCE7-A31F-42E7-B40B-366B1016159F}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{ACD6E62D-2B07-4FDB-BEC5-5E02BA2F7A4D}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{91950408-1004-4109-9756-2FD110451641}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{70D1B7C8-BD96-4E8F-812B-CDED40263C6C}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{18DE0414-E8EC-46E0-9ED7-EE9F8A5A9DA4}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{84CBBD64-E939-4684-8614-37D7DDC4ED61}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.e xe
FirewallRules: [{EAF912D8-C026-41B0-A7D0-16600352FC54}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.e xe
FirewallRules: [{33226855-E53D-4AAC-949E-C52A8894A609}] => C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{997DC675-2DB0-4954-A1A1-984EAF29BDD8}] => C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [UDP Query User{174FD12E-025A-417F-A984-5E1EE1956381}C:\users\bryan\desktop\games\xcom\bin aries\win32\xcomgame.exe] => C:\users\bryan\desktop\games\xcom\binaries\win32\x comgame.exe
FirewallRules: [TCP Query User{52479641-5794-424C-AFE6-04C703A47952}C:\users\bryan\desktop\games\xcom\bin aries\win32\xcomgame.exe] => C:\users\bryan\desktop\games\xcom\binaries\win32\x comgame.exe
FirewallRules: [UDP Query User{CF87F131-ECFE-4380-91C8-EAE38CB63CDB}C:\users\bryan\desktop\games\shadowru n returns\shadowrun.exe] => C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{5620B819-E770-492D-9C9C-B89F2DFDCDBC}C:\users\bryan\desktop\games\shadowru n returns\shadowrun.exe] => C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe
FirewallRules: [{B310331A-050E-4B39-B7F2-BFFA462A84C1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E398740C-904E-462B-9FE4-06728285BDE1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{92B937C8-88F3-4B60-A6C8-471453F1F619}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{D9C56EDF-A784-45D7-9E06-C1CEAAEEB8F3}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{F05130D0-45A0-47B9-BE53-D57522F07E73}] => C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{E374A6AC-CA32-4DA3-AB40-6656E8AE7260}] => C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{D0F767E3-2937-4831-9697-00B91662FDEB}] => C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{89C14663-C5CD-475F-9396-ABF33C8C5505}] => C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{6CFA0D4F-5FDC-471F-B010-2B78EBFB905F}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{627A87B1-7DC2-49D0-9236-479D62177775}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [UDP Query User{416DADD7-B24C-4598-BDB6-EDA1189C7DFE}C:\users\bryan\desktop\games\borderla nds 2\binaries\win32\borderlands2.exe] => C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{16D04A8E-E273-41A7-800A-CAA529AF3463}C:\users\bryan\desktop\games\borderla nds 2\binaries\win32\borderlands2.exe] => C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{EC4EC9E3-73F6-49D2-8D72-95003B4ADF51}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{7F428D11-6572-4077-BC26-641528542151}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{00F4757D-10EF-4BE5-A34B-780A60F7BA18}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [TCP Query User{4129A878-90F3-4695-B5C7-0C1F91A2A5FB}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{9A5E8F79-E8AF-4C9A-B01D-676D4F0016D1}C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe] => C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{615BD100-37E7-4F79-81CB-94729B68A651}C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe] => C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{35AD4802-8C83-4B07-B452-A0B7356B0BC9}] => C:\Users\Bryan\Desktop\Games\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [UDP Query User{A171F493-7C7F-4E48-AC37-77501E87558E}C:\users\bryan\desktop\games\starcraf t ii\versions\base24944\sc2.exe] => C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{C14C52DF-3EF8-44C1-AA02-4C2261D3EC25}C:\users\bryan\desktop\games\starcraf t ii\versions\base24944\sc2.exe] => C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{C0DD6ECA-BEE9-4716-A20A-280A79DB58CB}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0F6B0BAC-BDA8-46C4-9316-E9C67CA3AD6B}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{9EA21BE7-1646-4C18-910F-4832F6CAA166}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{18AC3981-DBB5-4850-B541-846F6951F757}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{0266900B-959B-4023-8B24-47B19D00864D}] => C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.e xe
FirewallRules: [{9D2D0D67-000C-46B6-9243-FFF2FFCCDFFB}] => C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.e xe
FirewallRules: [UDP Query User{4308CA1B-9504-46D7-855D-AF6F4618BF9A}C:\users\bryan\desktop\games\american mcgee’s alice\alice.exe] => C:\users\bryan\desktop\games\american mcgee’s alice\alice.exe
FirewallRules: [TCP Query User{20705DE3-DB4D-4867-9C8F-8C011B163C3C}C:\users\bryan\desktop\games\american mcgee’s alice\alice.exe] => C:\users\bryan\desktop\games\american mcgee’s alice\alice.exe
FirewallRules: [UDP Query User{EFEDF1EE-E3A3-4AA7-8482-5C5DAC107923}C:\games\dragon age origins\bin_ship\daorigins.exe] => C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{7D43BB66-71AA-49EF-89E9-61C603B8E4A0}C:\games\dragon age origins\bin_ship\daorigins.exe] => C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{3B537105-2EB1-433D-BAE1-E6C372315CE0}] => C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{30BC539D-A754-4FA3-8CCC-AE711406FF75}] => C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{8FC3D814-3A30-406F-94F7-FF52E711E4B0}] => C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{651F1A35-0995-4DED-A109-62F9E1E777EA}] => C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{2466B98D-7BC7-4033-9DFF-FE778BAE340E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97F8D1AD-CE0B-4603-AC5B-C237A16334B8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{E112F174-7F42-491C-80E5-6FD1A1323EAE}C:\users\bryan\appdata\roaming\spotif y\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F2F35F4F-F4CD-4AAE-9548-6F4C1D897993}C:\users\bryan\appdata\roaming\spotif y\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0DEC6317-9CAB-4859-997F-8DB11F32458D}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.e xe
FirewallRules: [{95B3D747-1FB0-41ED-AB31-DA75B8618BD6}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.e xe
FirewallRules: [{FBC3B58E-1941-467B-9F52-B6C104ACC713}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.e xe
FirewallRules: [{B6734C83-96F8-4B63-A8DE-23D143C78CAC}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.e xe
FirewallRules: [UDP Query User{0513B191-C2A8-4796-8CAF-18242FD96C54}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{354218D4-6588-40B9-AA97-0FC2DCC35D58}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{A22C708E-4CD8-4EFD-96BC-54F2D5BD95BF}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{81FC9BE9-98EF-4AE1-B437-756945BBB513}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{A3595B56-8A14-4415-9EC6-7EBCDC6B25FE}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfi les\binaries\win32\hawkengame-win32-shipping.exe] => C:\program files (x86)\meteorentertainment\hawken\installedhawkenfi les\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [TCP Query User{65B1A8B1-9B6C-4668-9263-D5E243C0F260}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfi les\binaries\win32\hawkengame-win32-shipping.exe] => C:\program files (x86)\meteorentertainment\hawken\installedhawkenfi les\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [{8428D6A3-A4F7-4C1B-90E9-09E80BAC6D37}] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [{AD5A956B-A58C-4138-9BDE-BA123FAC8FB8}] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [UDP Query User{A68FB468-CD63-40D4-9B92-75F1FFA0653B}C:\users\bryan\desktop\games\zsnes\zs nesw.exe] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [TCP Query User{1A7BD4A1-12A5-411C-A26A-085A905D8011}C:\users\bryan\desktop\games\zsnes\zs nesw.exe] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [{2659B2B8-0350-4B81-AB60-41541535F513}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.e xe
FirewallRules: [{E9E9FA3F-DCEC-4CCC-8AAD-863F9A9BBE68}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.e xe
FirewallRules: [UDP Query User{D618277B-A9BB-41EB-9222-56361FB67BA4}C:\programdata\battle.net\agent\agent .1363\agent.exe] => C:\programdata\battle.net\agent\agent.1363\agent.e xe
FirewallRules: [TCP Query User{E9CB6109-006B-4E82-859D-1160A63436A7}C:\programdata\battle.net\agent\agent .1363\agent.exe] => C:\programdata\battle.net\agent\agent.1363\agent.e xe
FirewallRules: [{B2E534E0-7029-46DD-BC64-3898FD902DED}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6D75354D-26C5-418A-8FE8-75838164F075}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32 \tribesascend.exe] => C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32 \tribesascend.exe
FirewallRules: [TCP Query User{6A67094C-9BF4-4978-9642-1F6EE9F2FCC0}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32 \tribesascend.exe] => C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32 \tribesascend.exe
FirewallRules: [{EEFD4C0F-4AA6-4526-AE77-C5FC519AF44D}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.e xe
FirewallRules: [{10D848E5-57C3-4AE9-8FCA-6B0CD147603B}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.e xe
FirewallRules: [{B1B5E204-C7BB-4547-983A-B19168CBDEC8}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.e xe
FirewallRules: [{06B3132D-E85F-4D49-A717-F2D52D6E9861}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.e xe
FirewallRules: [{7EFCD947-AC8F-4F67-8BE4-5CD96FA9FA55}] => C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.e xe
FirewallRules: [{75441330-B6EA-45CB-BB98-81FEF7452CA7}] => C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.e xe
FirewallRules: [UDP Query User{68367603-BE2E-4A8B-ADF2-0921BCC1B4E7}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{90382EC0-F081-48D2-8AFD-52CF157E3156}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7EE6CD41-AC92-48A9-9822-AC8A5802BF0E}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{9D3E8C14-AA59-4F4F-97AE-D6DE695D8F85}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{82700A77-55EA-4C0C-87CF-8024BA919DD2}] => C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [{163A5991-5D3A-45BF-A442-4281BCD095DD}] => C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [UDP Query User{5462DBCB-F5C2-4B45-97D0-D5C9A5440F07}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{F5C989F3-9B7A-4626-AF53-11E0511E0C50}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{B4C99863-FA53-464A-AD21-E78E5FF147F3}] => C:\Program Files (x86)\Steam\steamapps\common\risen\bin\Risen.exe
FirewallRules: [{D5F3B9F3-56E8-4774-8B8F-C853FCC80192}] => C:\Program Files (x86)\Steam\steamapps\common\risen\bin\Risen.exe
FirewallRules: [{8914ED7E-89F7-4DD9-A9E0-D96CB9A5DF43}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{41697514-D0B0-4D50-BB64-EAFE281EC0C2}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{D6B98206-8C83-4B84-AAA5-78816B229B1D}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [TCP Query User{F41E1B22-104B-46A9-88C5-9DC319AE78FA}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [UDP Query User{3503C39D-0C50-47D0-B06A-FAA56160FDD0}C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe] => C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe
FirewallRules: [TCP Query User{E85F5DE2-2B33-42BC-B6A8-D2679A2BE6AE}C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe] => C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe
FirewallRules: [UDP Query User{0757A4C3-FE4E-498B-A7C9-E6D1A97AB1D9}C:\program files (x86)\java\jre6\bin\javaw.exe] => C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{9F2EC895-A678-4E41-920B-79793C880048}C:\program files (x86)\java\jre6\bin\javaw.exe] => C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{F3B4B097-4B46-4B60-AC29-D9691F0643F5}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{B0755C08-56DF-4608-872F-60BE4972B9D6}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [{C6D8F762-861C-41FA-8252-87F2907D919F}] => C:\programdata\battle.net\agent\agent.1040\agent.e xe
FirewallRules: [{58A28F31-46EB-43B7-AE7F-3965E84ABC67}] => C:\programdata\battle.net\agent\agent.1040\agent.e xe
FirewallRules: [UDP Query User{2E88636A-1A25-459E-8F0A-EC19AF2D4B93}C:\programdata\battle.net\agent\agent .1040\agent.exe] => C:\programdata\battle.net\agent\agent.1040\agent.e xe
FirewallRules: [TCP Query User{89B3696F-A2F7-4061-A3EE-5EC67E479E74}C:\programdata\battle.net\agent\agent .1040\agent.exe] => C:\programdata\battle.net\agent\agent.1040\agent.e xe
FirewallRules: [{63E5A8C8-C2F6-400A-BEE9-204F842D8CC8}] => C:\ProgramData\Battle.net\Agent\Agent.998\Agent.ex e
FirewallRules: [{98247830-E9D1-441A-B6CC-D9C33D9E40CF}] => C:\ProgramData\Battle.net\Agent\Agent.998\Agent.ex e
FirewallRules: [{A9770BBD-BC42-4AAF-98E7-B4400C865B8A}] => C:\ProgramData\Battle.net\Agent\Agent.976\Agent.ex e
FirewallRules: [{F4B92E5E-AA68-42B8-8150-1372E20B9CD9}] => C:\ProgramData\Battle.net\Agent\Agent.976\Agent.ex e
FirewallRules: [{F8805339-783C-4B89-825D-E8DF4339423E}] => C:\Users\Bryan\Desktop\Games\Diablo III\Diablo III.exe
FirewallRules: [{AF4C7476-1286-40E0-8AB0-0F53ED8C604F}] => C:\Users\Bryan\Desktop\Games\Diablo III\Diablo III.exe
FirewallRules: [{DE2FE3BB-375A-4866-93C0-121066431C92}] => C:\ProgramData\Battle.net\Agent\Agent.954\Agent.ex e
FirewallRules: [{884454D1-84EF-4D26-B98A-8E2C7376F6AD}] => C:\ProgramData\Battle.net\Agent\Agent.954\Agent.ex e
FirewallRules: [{18AABB47-D377-4CA2-93A4-A3537F2F405A}] => C:\programdata\battle.net\agent\agent.913\agent.ex e
FirewallRules: [{90E2EDCE-64A4-43A1-86F9-5245B9FB1E45}] => C:\programdata\battle.net\agent\agent.913\agent.ex e
FirewallRules: [UDP Query User{2529E915-527D-4CF4-B2F4-EB0CC8004049}C:\programdata\battle.net\agent\agent .913\agent.exe] => C:\programdata\battle.net\agent\agent.913\agent.ex e
FirewallRules: [TCP Query User{207E5950-6A72-4C06-BDFB-AF546AC269A8}C:\programdata\battle.net\agent\agent .913\agent.exe] => C:\programdata\battle.net\agent\agent.913\agent.ex e
FirewallRules: [{768848AE-4700-4AFB-94F7-AEB441F121A0}] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{45DC97A7-AD93-4260-8709-B8BB5CBD4509}] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [UDP Query User{2189E65C-56E9-4E22-9921-D14332D39425}C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [TCP Query User{C7D28AB0-2C1D-4B45-9AE6-BE4A22CF4A67}C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{F284799B-10D7-412A-9AEA-26B09B7C49D6}] => C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{4CB8DA33-87F8-4D25-83C7-D643D7C27B4B}] => C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{255120CD-3A79-43B8-9C21-CAD1B19BBD47}] => C:\ProgramData\Battle.net\Agent\Agent.868\Agent.ex e
FirewallRules: [{DA89BB9F-F039-4A84-BFCE-BEFB395E4468}] => C:\ProgramData\Battle.net\Agent\Agent.868\Agent.ex e
FirewallRules: [{1246314F-5CC7-4758-A6C8-C9FC08116073}] => C:\programdata\battle.net\agent\agent.515\agent.ex e
FirewallRules: [{7EBF384C-5F80-49D7-A165-C7AD2AD1FB0D}] => C:\programdata\battle.net\agent\agent.515\agent.ex e
FirewallRules: [{4C53DA91-F98C-47F4-B922-B49F1AF971A7}] => C:\ProgramData\Battle.net\Agent\Agent.515\Agent.ex e
FirewallRules: [{3B5A8567-00A0-4F8F-B085-7B3AD33B1B75}] => C:\ProgramData\Battle.net\Agent\Agent.515\Agent.ex e
FirewallRules: [UDP Query User{36666E71-C065-45AD-B4C0-F7C0374E82FC}C:\programdata\battle.net\agent\agent .515\agent.exe] => C:\programdata\battle.net\agent\agent.515\agent.ex e
FirewallRules: [TCP Query User{FE28B2CD-FB48-48FC-8320-A262B85E32E1}C:\programdata\battle.net\agent\agent .515\agent.exe] => C:\programdata\battle.net\agent\agent.515\agent.ex e
FirewallRules: [{AC5DF75C-0AD3-447F-8A56-6EBCD8727BD8}] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [{B36332A3-4F65-4FFA-887B-DAD99CAF1103}] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [UDP Query User{009306FF-7EE3-4AD3-8B65-56BED9E611C9}C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [TCP Query User{6847E9B4-8AD7-480A-8448-29D5B63595DD}C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [{A4CC5867-F34A-4B34-902A-453B749FEE15}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.b at
FirewallRules: [{366E23FC-1E66-42F2-B58D-CF5F86CBDEC5}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.b at
FirewallRules: [{A96D9A3A-D008-4237-9015-43864FD98FDB}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win3 2\BatmanAC.exe
FirewallRules: [{7CF2AF8E-3DA5-449B-AE04-97A2042866BE}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win3 2\BatmanAC.exe
FirewallRules: [{5CEDDA55-2EA9-40EF-A024-2DADA8675E69}] => C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{0D674119-30CC-4250-B662-F8467CCE6AAD}] => C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{449D4B69-4C02-4FF5-8FB5-AE9A04206655}] => C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{1EBD32CC-5EBD-41DE-837D-6BFC0FEA31D9}] => C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{A32BDF1F-763C-4BE3-9480-C37C168070A0}] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{F88706F4-235A-4856-B7DA-AEC16EB1AFFF}] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{F2F9F55C-6D6E-45D3-8D72-C070554E05C0}C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{26157C2B-1A6C-41B6-BABF-2EE54BCBC033}C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{D6927868-52E2-4059-AAE0-E10A3C59CAA8}] => C:\Program Files (x86)\Steam\steamapps\common\guardians of graxia\GuardiansOfGraxia.exe
FirewallRules: [{2E602496-B0C3-4D20-B008-03DAF022C5EB}] => C:\Program Files (x86)\Steam\steamapps\common\guardians of graxia\GuardiansOfGraxia.exe
FirewallRules: [{B5EFE865-6B44-40D9-95E0-A18B07CC5C92}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{D20BD56D-1BED-4709-A8C5-1E2E1D37A414}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{F802BB65-396C-4A88-B4CB-BFFEF98ADC97}] => C:\Program Files (x86)\Steam\steamapps\common\psychonauts demo\Psychonauts.exe
FirewallRules: [{B7DDA240-63B4-4806-8904-376AAB97BF34}] => C:\Program Files (x86)\Steam\steamapps\common\psychonauts demo\Psychonauts.exe
FirewallRules: [{151E2DD4-6B4C-4CEF-AA58-17E034D2F71E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F42D31B7-369A-4DFB-B083-7F4674740D0A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E1DCA0E-C85D-45CC-9884-4BF37979548F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DDFD0C7-9357-4597-AE8F-C59A304B0CAE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{9FE96430-F155-4931-A31F-AF41EA54514C}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [TCP Query User{599E4734-CD50-46A3-8302-05EF59547B1B}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [{0B4E5B3C-9A46-4151-8FDD-B3021A9ABE34}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4539A85C-B17F-46EC-81F6-95BF25E05716}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm-dedicated.exe
FirewallRules: [{15848BC7-86E8-4CB1-884E-BE1DEEFF953D}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm-dedicated.exe
FirewallRules: [{C0A8CFDB-B338-492D-9203-C4091D0D1EA9}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm.exe
FirewallRules: [{F4940868-C249-4852-8230-72E1D47BC7EB}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm.exe
FirewallRules: [UDP Query User{6875B0B9-3605-43F0-AC83-9B877341B4E0}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{53DA6FA3-3D5A-44E9-B025-2E8D5C5CFA2F}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C3FB04EE-B3DC-4A48-AE31-5CE92F405C8D}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{C0604AE2-3ED0-4552-9F78-8D25E7D58CD1}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [{72EF7842-CF32-495F-AF2A-71C00DB07E23}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{543D9BAC-C7C6-448D-8BEB-E332F7F4F240}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{D20D28CA-2EB0-4AE8-ACE2-C6D20DE9D1FE}C:\program files (x86)\lolreplay\lolreplay.exe] => C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{C52E4426-80FC-4871-BAA5-013742B4AF9F}C:\program files (x86)\lolreplay\lolreplay.exe] => C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{8B9E0157-E3F0-4606-AA65-F788D1E1F82A}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{CF039847-DB87-46B5-9A53-A604DC7C90B7}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{E9653953-C315-4712-B914-C42ABA00756C}] => LPort=8383
FirewallRules: [{ACD8D107-4348-4AEC-BFAA-3A56534E535A}] => LPort=8383
FirewallRules: [{5B81A9D6-54AB-4696-85AF-E5A784BB2927}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F756527B-9EAF-4044-B6B3-535C3BBD72B0}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe
FirewallRules: [{0B90D9FE-1C01-4289-8E07-4C643F56680C}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe
FirewallRules: [{96BA3B5E-CA15-467F-8369-A8259D6F6AA8}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\Prince of Persia.exe
FirewallRules: [{8E88D8B6-7BFB-482B-953B-82A7BC581C3A}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\Prince of Persia.exe
FirewallRules: [{1CA334E8-9353-4BB0-91BD-8F48CFD2A86A}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{39F95B8E-E46F-44C9-9A90-FC694C90CFD7}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{3B2964A7-ADBD-4653-B0B3-68AC51DDD4FB}] => C:\Program Files (x86)\Steam\steamapps\common\darksiders\Darksiders PC.exe
FirewallRules: [{9398F45B-5441-4011-8FBB-0550526C4571}] => C:\Program Files (x86)\Steam\steamapps\common\darksiders\Darksiders PC.exe
FirewallRules: [UDP Query User{CD7170F6-8A88-48D8-B1F9-BE53DE7851BD}C:\users\bryan\downloads\championsonl inef2p.exe] => C:\users\bryan\downloads\championsonlinef2p.exe
FirewallRules: [TCP Query User{6D8CE278-BFE4-4A12-A5D5-866DBA8F00A2}C:\users\bryan\downloads\championsonl inef2p.exe] => C:\users\bryan\downloads\championsonlinef2p.exe
FirewallRules: [{0140B2EB-D980-46BD-81B3-8EE79941CAEA}] => C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{0A5618E9-77F5-4880-9917-B50E87C05082}] => C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{5C79E22C-82AE-48A0-AEE4-87BD7B11F19C}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{C375E066-EC2C-48A1-9B8C-8FE047F856CC}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{3D7993DC-1496-4878-B2DD-C8C5C6F1238D}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{34359F0E-B7A4-4962-B7FC-DF25DB2FFE1C}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{6C19D0A3-E0F6-4269-846B-7ED014CB6C2D}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [TCP Query User{CC0D6DE2-F2F9-4AC6-9959-D605B88F5457}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [UDP Query User{51BC7F9A-8C95-4EDF-91ED-0F811122A674}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [TCP Query User{9F38B8B0-8032-4D2B-8D1D-E3D830D83904}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [UDP Query User{B74FE95C-57BA-4BD5-8106-8EB58B68B404}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [TCP Query User{94A85E3D-0DEA-4E6D-A972-058A73C971E8}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [UDP Query User{F955361F-A67F-4EA6-8664-74AE43DB315E}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{B4CEBC1A-9900-4134-8656-3D0F6C05163C}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{E88B36AF-1F7E-4315-8B5F-CCF03F536F08}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [TCP Query User{4F9354B6-88C2-4889-9794-FF4A0F9C2084}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [UDP Query User{827E3673-C2AF-407F-9D62-D7A70724FC01}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe
FirewallRules: [TCP Query User{74AB80CF-7147-4CAA-9424-6A57A44A41DA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe
FirewallRules: [UDP Query User{0A0C2F18-2CB6-40F7-A095-988D847C9838}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe
FirewallRules: [TCP Query User{E392E762-BD09-4EC2-9C3C-1EC9762ECDCD}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe
FirewallRules: [UDP Query User{FD0F35E9-85AF-4AB8-9E4C-244F0329134B}C:\users\public\games\world of warcraft\blizzard downloader.exe] => C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [TCP Query User{05D6BFB5-4C5C-4902-B745-67E43033FF64}C:\users\public\games\world of warcraft\blizzard downloader.exe] => C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [{B7DE2249-6B5F-4406-A7BB-7472821C6B25}] => C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{E293AB2A-8D18-4A0D-945D-B13488428CA1}] => C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [UDP Query User{BACFB1E7-E372-4C35-AA3F-B65895DC3E79}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [TCP Query User{A3B061EA-A8DA-425A-9474-E4E79C2EF0E4}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [UDP Query User{E3B3D654-EEFC-43BC-AE12-77E70A08F584}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{ADEB8810-459F-4BD2-BD9D-C087943086E1}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{EE853FC0-1489-42E7-9B9D-FF94F3578FEB}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [TCP Query User{C3CFD481-B654-4B64-AE09-6432FD464B8B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [UDP Query User{DF5497B2-79D5-43D1-8611-9C561DF4237B}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe
FirewallRules: [TCP Query User{16E22943-C391-4884-8520-C57A99422AFE}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe
FirewallRules: [UDP Query User{94A9A63A-D082-410F-BAD1-446C7885EBE0}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [TCP Query User{EC44B5A2-3A6C-48E6-86A5-5CABF70D243B}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [UDP Query User{90B53262-472F-41F6-BE6F-C6F5D0ABE2C7}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe
FirewallRules: [TCP Query User{E86AE798-0E65-4CC4-9DE7-9F1DFE754516}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe
FirewallRules: [UDP Query User{B67DB5B2-E7AA-49BB-A686-C1D0A284270B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe
FirewallRules: [TCP Query User{51A78AFF-E26B-443D-ABE1-9C3C04109B56}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9125917A-5A06-4FBC-838D-22EB39F6B303}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B5BC8789-B8BA-4D7D-8AD3-780D695D9157}] => C:\Program Files (x86)\Steam\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{AACF6567-1A60-4F52-B3C0-BF111EDCAC08}] => C:\Program Files (x86)\Steam\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{29DA3996-E52B-40B7-90BD-28C14235EB3A}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{98D6F387-3346-4B98-A7B1-19BF9675D2A4}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{8E485EFE-3384-420F-9573-02C9C6F7EB6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1AA41C26-7197-4DFF-A7EC-AB6EFDC0E9A7}C:\users\bryan\appdata\roaming\utorre nt\updates\3.4.9_43085.exe] => C:\users\bryan\appdata\roaming\utorrent\updates\3. 4.9_43085.exe
FirewallRules: [UDP Query User{D89BAED2-9F25-4D98-AF26-AA6F807052DA}C:\users\bryan\appdata\roaming\utorre nt\updates\3.4.9_43085.exe] => C:\users\bryan\appdata\roaming\utorrent\updates\3. 4.9_43085.exe
FirewallRules: [{92E5E071-15F4-4B3E-8668-26942C2C9065}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3C4D9925-55F6-4EEC-B384-C96A11A5845A}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

13-12-2016 17:59:23 Windows Update
21-12-2016 10:46:30 Scheduled Checkpoint
30-12-2016 08:56:12 Scheduled Checkpoint
04-01-2017 08:04:52 Removed Java 8 Update 101

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (01/04/2017 11:28:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bryan-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe! ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 11:28:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bryan-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 08:04:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/04/2017 08:03:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/04/2017 08:02:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/04/2017 07:30:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/30/2016 08:56:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2016 08:54:48 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/28/2016 09:52:59 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service “BITS” in DLL “C:\Windows\System32\bitsperf.dll” failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/27/2016 09:07:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bryan-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyew y!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
[HEADING=1]System errors:[/HEADING]
Error: (01/05/2017 05:53:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/05/2017 05:53:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/05/2017 05:52:01 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/04/2017 11:28:57 PM) (Source: DCOM) (EventID: 10010) (User: Bryan-PC)
Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt4 9k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (01/04/2017 11:28:57 PM) (Source: DCOM) (EventID: 10010) (User: Bryan-PC)
Description: The server App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca did not register with DCOM within the required timeout.

Error: (01/04/2017 01:38:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/04/2017 01:38:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/04/2017 01:38:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/04/2017 11:44:17 AM) (Source: DCOM) (EventID: 10000) (User: Bryan-PC)
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
“5”
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/27/2016 09:18:59 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

==================== Memory info ===========================

Processor: Intel(R) Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8125.07 MB
Available physical RAM: 5675.03 MB
Total Virtual: 8637.07 MB
Available Virtual: 6359.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.63 GB) (Free:90.62 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:111.79 GB) (Free:111.68 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A81E88F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

================================================== ======
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A650D531)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

**Malnutrition** · 01-05-2017, 11:29 PM

Alright, while I look over these last logs; lets check your machine with a couple of other scanners while a make a new Fix for you. Since it has been such a long time.

Step 1: Clean up temp files and reduce startup load with CCleaner.

[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

Step 2: ESET Online Scanner

[ul]
[li]Click here to download the installer for ESET Online Scanner and save it to your Desktop.[/li][li]Disable all your antivirus and antimalware software [/li]
[li]Right click on esetsmartinstaller_enu.exe and select Run as Administrator.[/li][li]Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.[/li][li]Select Enable detection of potentially unwanted applications.[/li][li]Click Advanced Settings, then place a checkmark in the following:[/li]

[li]Remove found threats[/li][li]Scan archives[/li][li]Scan for potentially unsafe applications[/li][li]Enable Anti-Stealth technology[/li][/ul]
[li]Click Start to begin scanning.[/li][li]ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.[/li][li]When the scan is done, click List threats (only available if ESET Online Scanner found something).[/li][li]Click Export, then save the file to your desktop.[/li][li]Click Back, then Finish to exit ESET Online Scanner.[/li]

Step 3: 9-Lab Scan.

[ul]
[li]Download 9-Lab Removal Tool. [/li][li]CLICK HERE to determine whether you’re running 32-bit or 64-bit for Windows.[/li][li]Install the program onto your computer, then right click the icon run as administrator.[/li][li]Update the program and then run a full scan![/li][li]Make sure the program updates, might be better to install it update reboot and check for updates again.[/li][li]You need to make sure the database updates!!![/li][li]Upon Scan Completion Click on Show Results.[/li][li]Then Click On Clean[/li][li]Then Click on Save Log.[/li][li]Save it to your desktop, copy and paste the contents of the log here in your next reply.[/li][/ul]

Setp 4: Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

**Malnutrition** · 01-06-2017, 12:38 AM

Once you have completed the above steps and posted the logs. It is very important that you go ahead and run a checkdisk on this machine.

[ICODE]Error: (01/04/2017 01:38:26 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block.[/ICODE]

Run a check Disk On the machine.

Run chkdsk /f /r from elevated command prompt.

[MEDIA=youtube]4feZG3LebOg[/MEDIA]

**Lardalish** · 01-06-2017, 01:53 AM

The ESET scanner is running, looks like it might not be finished till after Im asleep.

And yes, I know my main drive is beginning to fail. I have a new HDD ready to install but I want to finish the virus clean before I transfer. Ill probably make a hardware post about doing that the smoothest, that and finally transferring Windows to the SSD I got several months back.

**Malnutrition** · 01-06-2017, 01:56 AM

Ok, lets get your machine cleaned up first then.

You will not want windows to go to sleep while you are running the Eset scan.

Make sure it is disabled!!

**Lardalish** · 01-06-2017, 02:07 AM

Sounds good, I have sleep disabled, just the monitors go to sleep. Ill report after I finish the other steps!

**Malnutrition** · 01-06-2017, 02:10 AM

Ok, then we will get to your last fix with FRST, when the other logs are posted..

Fixing my malware Round 2

Fixing my malware Round 2

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment