• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Fixing my malware Round 2

Status
Not open for further replies.
L

Lardalish

PCHF Member
Dec 5, 2016
20
3
38
#1
So I recently got assistance from you guys for a HDD problem, but then you said I might have malware, so here I am!

I think I did all the steps, I went to that prework thread and got all three text files, uninstalled the two P2P programs I knew I had (if theres any others I dont remember getting them), and now Im posting! Let me know if theres anything else you need, thanks guys!

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by Bryan (administrator) on BRYAN-PC (06-12-2016 22:08:03)
Running from C:\Users\Bryan\Downloads
Loaded Profiles: Bryan (Available Profiles: Bryan & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.41.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung) C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Run: [Spotify Web Helper] => C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-28] (Spotify Ltd)
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\RunOnce: [Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\D-Link AirPlus G Wireless Utility.lnk [2010-04-04]
ShortcutTarget: D-Link AirPlus G Wireless Utility.lnk -> C:\Program Files (x86)\D-Link\AirPlus G Wireless Adapter Utility\AIRPLUS.exe (D-Link)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk [2010-03-30]
ShortcutTarget: NCProTray.lnk -> C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)
Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk [2015-09-24]
ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (GameVox LLC)
InternetURL: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\https---www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url -> URL: hxxps://www.youtube.com/v/W-IL4tSg1x8&feature=youtu.be&autoplay=1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3534269808-1485983137-1280583553-1000] => http=127.0.0.1:60190;https=127.0.0.1:60190
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{244551fa-f4f7-4d10-b506-eb7f183024c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{85e448af-b9ba-4d26-b108-bc168d199adc}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a07d11a2-db66-4097-b889-d94922c1d720}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> DefaultScope {99653235-66E7-4294-A58A-C006B3CE06AB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DCF1DF&PC=DCF1&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {0CAF6133-B363-4737-8A62-F8CE22CA518A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {3E762472-5EC9-4cc1-9400-8372E2898368} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {4565BD94-6AA8-4B61-A848-A9323292E492} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {99653235-66E7-4294-A58A-C006B3CE06AB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Vuze Remote Toolbar -> {05478A66-EDB6-4A22-A870-A5987F80A7DA} -> C:\Program Files (x86)\Vuze Remote Toolbar\IE\9.9\vuzeToolbarIE.dll [2014-10-10] (Spigot, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-10] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-10] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\9.9\vuzeToolbarIE.dll [2014-10-10] (Spigot, Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default [2016-07-12]
FF user.js: detected! => C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\user.js [2013-08-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\thahfu1s.default -> Yahoo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\thahfu1s.default -> NCH EN Customized Web Search
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\thahfu1s.default -> NCH EN Customized Web Search
FF Homepage: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
FF Keyword.URL: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=
FF Extension: (NCH EN Community Toolbar) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2012-06-18] [not signed]
FF Extension: (Address Bar Search) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-16] [not signed]
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-01]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\avg-secure-search.xml [2014-11-06]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\conduit.xml [2012-06-14]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\Dregol.xml [2015-06-22]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-22] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.1.0\FF => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wtu-secure-search.xml [2014-11-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-08-26] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Bryan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3534269808-1485983137-1280583553-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-06-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-03-11] (Citrix Systems, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=
CHR StartupUrls: Default -> "hxxp://www.dregol.com/?f=7&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=",""
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Slides) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Duolingo on the Web) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Stylish) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-23]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-27]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx <not found>
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Bryan\AppData\Local\Temp\tbch.crx <not found>
StartMenuInternet: Google Chrome.IUQXFHMJJWWHTVALRXCKWCOXHM - C:\Users\Bryan\AppData\Local\Google\Chrome\Application\old_chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-08-21] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [160768 2016-08-01] (360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2016-08-01] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2016-11-25] (360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2016-11-25] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57856 2016-08-01] (360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [400384 2016-08-01] (360.cn)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2012-07-20] ()
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [197632 2016-09-09] (360.cn)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2012-07-20] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 22:08 - 2016-12-06 22:08 - 00032948 _____ C:\Users\Bryan\Downloads\FRST.txt
2016-12-06 22:07 - 2016-12-06 22:08 - 00000000 ____D C:\FRST
2016-12-06 17:43 - 2016-12-06 17:43 - 02419712 _____ (Farbar) C:\Users\Bryan\Downloads\FRST64.exe
2016-12-05 15:34 - 2016-12-05 15:34 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-12-05 15:27 - 2016-12-05 15:27 - 00038804 _____ C:\Users\Bryan\Downloads\drivecleanup.zip
2016-12-05 14:16 - 2016-12-05 14:16 - 00038637 _____ C:\Users\Bryan\Downloads\MTB (1).txt
2016-12-05 14:11 - 2016-12-05 14:15 - 00038637 _____ C:\Users\Bryan\Downloads\MTB.txt
2016-12-05 14:10 - 2016-12-05 14:10 - 00892416 _____ (Farbar) C:\Users\Bryan\Downloads\MiniToolBox.exe
2016-12-04 09:53 - 2016-12-04 10:20 - 00000000 ____D C:\Users\Bryan\Downloads\[Furi] Avatar - The Last Airbender [720p] (Full 3 Seasons + Extras)
2016-11-30 09:57 - 2016-11-30 10:46 - 00018437 _____ C:\Users\Bryan\Desktop\christmas.odt
2016-11-26 22:17 - 2016-11-26 22:34 - 890868411 ____R C:\Users\Bryan\Downloads\Trading.Places.1983.720p.BluRay.850MB.ShAaNiG.com.mkv
2016-11-26 22:16 - 2016-11-26 22:21 - 00000000 ____D C:\Users\Bryan\Downloads\Life (1999) [1080p]
2016-11-26 22:16 - 2016-11-26 22:20 - 00000000 ____D C:\Users\Bryan\Downloads\Coming to America
2016-11-26 22:15 - 2016-11-26 22:28 - 00000000 ____D C:\Users\Bryan\Downloads\Police Academy (1984)
2016-11-18 22:37 - 2016-11-18 22:43 - 00000000 ____D C:\Users\Bryan\Downloads\Pacific Rim (2013) [1080p]
2016-11-16 10:29 - 2016-11-16 10:29 - 00000000 ____D C:\Users\Bryan\Downloads\Cloverfield (2008) [1080p]
2016-11-16 10:29 - 2016-11-16 10:29 - 00000000 ____D C:\Users\Bryan\Downloads\10 Cloverfield Lane 2016 1080p HDRip x264 AAC-JYK
2016-11-16 10:28 - 2016-11-16 10:41 - 00000000 ____D C:\Users\Bryan\Downloads\Ant-Man 2015 1080p BluRay x264 DTS-JYK
2016-11-10 22:55 - 2016-11-10 22:59 - 00000000 ____D C:\Users\Bryan\Downloads\[ www.Torrenting.com ] - Sweeny Todd The Demon Barber Of Fleet Street 2007 DVDRIP Xvid AC3-BHRG
2016-11-10 09:12 - 2016-11-10 09:34 - 00000000 ____D C:\Users\Bryan\Downloads\Guardians of the Galaxy (2014) [1080p]
2016-11-10 09:11 - 2016-11-10 09:14 - 00000000 ____D C:\Users\Bryan\Downloads\Star.Wars.Episode.VII.The.Force.Awakens.2015.1080p.BluRay.x264.DTS-JYK
2016-11-10 00:33 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 00:33 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 00:33 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 00:33 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 00:33 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 00:33 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 00:33 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 00:33 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 00:33 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 00:33 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 00:33 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 00:33 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 00:33 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 00:33 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 00:33 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 00:33 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 00:33 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 00:33 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 00:33 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 00:33 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 00:33 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 00:33 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 00:33 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 00:33 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 00:33 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 00:33 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 00:33 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 00:33 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 00:33 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 00:33 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 00:33 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 00:33 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 00:33 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 00:33 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 00:33 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 00:33 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 00:33 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 00:33 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 00:33 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 00:33 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 00:33 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 00:33 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 00:33 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 00:33 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 00:33 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 00:33 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 00:33 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 00:33 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 00:33 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 00:33 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 00:33 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 00:33 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 00:33 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 00:33 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 00:33 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 00:33 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 00:33 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 00:33 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 00:33 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 00:33 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 00:33 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 00:33 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 00:33 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 00:33 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 00:33 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 00:33 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 00:33 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 00:33 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 00:33 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 00:33 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 00:33 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 00:33 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 00:33 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 00:33 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 00:33 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 00:33 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 00:33 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 00:33 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 00:33 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 00:33 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 00:33 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 00:33 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 00:33 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 00:33 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 00:33 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 00:33 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 00:33 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 00:33 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 00:33 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 00:33 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 00:33 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 00:33 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 00:33 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 00:33 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 00:33 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 00:33 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 00:33 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 00:33 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 00:33 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 00:33 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 00:33 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 00:33 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 00:33 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 00:33 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 00:33 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 00:33 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 00:33 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 00:33 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 00:33 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 00:32 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 00:32 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 00:32 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 00:32 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 00:32 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 00:32 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 00:32 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 00:32 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 00:32 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 00:32 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 00:32 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 00:32 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 00:32 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 00:32 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 00:32 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 00:32 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 00:32 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 00:32 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 00:32 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 00:32 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 00:32 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 00:32 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 00:32 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 00:32 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 00:32 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 00:32 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 00:32 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 00:32 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 00:32 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 00:32 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 00:32 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 00:32 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 00:32 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 00:32 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 00:32 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 00:32 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 00:32 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 00:32 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 00:32 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 00:32 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 00:32 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 00:32 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 00:32 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 00:32 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 00:32 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 00:32 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 00:32 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 00:32 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 00:32 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 00:32 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 00:32 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 00:32 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 00:32 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 00:32 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 00:32 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 00:32 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 00:32 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 00:32 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 00:32 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 00:32 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 00:32 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 00:32 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-07 10:01 - 2016-11-07 10:01 - 00002087 _____ C:\Users\Bryan\.recently-used.xbel
2016-11-07 09:40 - 2016-11-07 09:40 - 00176394 _____ C:\Users\Bryan\Downloads\jellyka_le_grand_saut.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 22:08 - 2016-02-14 19:02 - 00002185 _____ C:\WINDOWS\BRRBCOM.INI
2016-12-06 22:04 - 2016-08-09 07:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-06 17:45 - 2016-03-09 09:17 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\360WD
2016-12-06 17:37 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-06 17:37 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-06 17:33 - 2016-08-09 07:32 - 00000000 ____D C:\Users\Bryan
2016-12-06 08:13 - 2012-07-05 10:25 - 00000000 ____D C:\Users\Bryan\Desktop\Important stuff
2016-12-06 08:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-05 21:58 - 2016-06-05 23:35 - 00001226 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-12-05 21:58 - 2016-03-09 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-12-05 19:45 - 2010-04-01 12:17 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Skype
2016-12-05 15:34 - 2016-08-09 07:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-05 15:34 - 2016-08-09 07:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-05 15:33 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-05 15:32 - 2013-10-14 20:15 - 00000000 ____D C:\Users\Bryan\Desktop\Jennifer
2016-12-05 15:32 - 2011-07-22 10:13 - 00000000 ____D C:\Users\Bryan\Desktop\Games
2016-12-05 11:05 - 2010-03-31 11:03 - 00000000 ____D C:\Users\Bryan\.gimp-2.6
2016-12-05 09:01 - 2010-04-01 12:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-05 09:01 - 2010-04-01 12:17 - 00000000 ____D C:\ProgramData\Skype
2016-12-05 00:16 - 2014-01-21 17:47 - 00000000 ____D C:\Users\Bryan\AppData\Local\Battle.net
2016-12-04 19:09 - 2014-01-21 17:47 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-04 13:05 - 2010-04-14 22:00 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Azureus
2016-12-04 13:05 - 2010-03-31 10:57 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\uTorrent
2016-12-03 15:05 - 2010-05-01 19:04 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\vlc
2016-12-03 07:52 - 2015-11-09 10:21 - 00000000 ____D C:\Users\Bryan\Desktop\Pics
2016-12-01 00:47 - 2014-01-21 17:49 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-12-01 00:40 - 2016-04-17 22:04 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-11-26 18:01 - 2016-07-16 20:51 - 00044552 _____ C:\Users\Bryan\Desktop\Budget.ods
2016-11-25 16:41 - 2015-09-10 20:19 - 00039044 _____ C:\Users\Bryan\Desktop\2016 Ledger.ods
2016-11-25 07:35 - 2016-03-09 09:17 - 00339456 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2016-11-25 07:35 - 2016-03-09 09:17 - 00095232 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2016-11-21 15:59 - 2015-09-24 11:39 - 00000000 ____D C:\Users\Bryan\AppData\Local\Packages
2016-11-15 21:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-15 20:48 - 2013-09-23 13:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 09:55 - 2016-08-09 07:31 - 01283468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-11 09:17 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-10 22:52 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 22:50 - 2016-08-09 07:24 - 00243520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 22:50 - 2013-05-16 09:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-10 12:48 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 12:48 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 12:48 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 12:48 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 12:48 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 12:48 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 12:18 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 12:07 - 2013-07-18 12:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 12:04 - 2010-04-03 22:30 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 00:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-09 00:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-08 00:30 - 2016-10-24 22:02 - 00000232 _____ C:\Users\Bryan\Desktop\STUFF.txt
2016-11-07 10:01 - 2010-03-31 11:04 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\gtk-2.0

==================== Files in the root of some directories =======

2010-04-13 11:01 - 2010-05-29 18:01 - 0000004 _____ () C:\Users\Bryan\AppData\Roaming\FC0951
2010-04-13 11:01 - 2010-05-29 18:01 - 0870128 _____ () C:\Users\Bryan\AppData\Roaming\mcs.rma
2014-12-13 23:46 - 2014-12-13 23:46 - 0000064 _____ () C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad3b802ffd897
2010-05-22 21:20 - 2010-05-22 21:20 - 0000600 _____ () C:\Users\Bryan\AppData\Local\PUTTY.RND
2012-08-15 21:59 - 2012-09-22 02:21 - 0000044 ___SH () C:\ProgramData\.zreglib
2010-04-01 12:18 - 2010-04-01 12:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Bryan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Bryan\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-30 21:21

==================== End of FRST.txt ============================


ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by Bryan (06-12-2016 22:09:15)
Running from C:\Users\Bryan\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-09 13:01:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3534269808-1485983137-1280583553-500 - Administrator - Disabled)
Bryan (S-1-5-21-3534269808-1485983137-1280583553-1000 - Administrator - Enabled) => C:\Users\Bryan
DefaultAccount (S-1-5-21-3534269808-1485983137-1280583553-503 - Limited - Disabled)
Guest (S-1-5-21-3534269808-1485983137-1280583553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3534269808-1485983137-1280583553-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 9.0.0.1069 - 360 Security Center)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
And Yet It Moves 1.2.0 (HKLM-x32\...\{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1) (Version: - Broken Rules)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
AppLogLibSetup (x32 Version: 1.0.2.0 - Brother Industries Ltd.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
AutoREALM Version 2.2.1 (HKLM-x32\...\AutoREALM_is1) (Version: - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bastion (HKLM-x32\...\Bastion_is1) (Version: - )
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Inc/Warner Brothers)
Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version: - Rocksteady)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Braid (Version 1.015) (HKLM-x32\...\Braid_is1) (Version: - )
BrLauncher (x32 Version: 1.1.6.0 - Brother Industries Ltd.) Hidden
BrLogRx (x32 Version: 1.0.1.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (x32 Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (x32 Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (x32 Version: 1.0.5.2 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Browser Extensions (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION
BrSupportTools (x32 Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Character Builder (HKLM-x32\...\{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Cockatrice (HKLM-x32\...\Cockatrice) (Version: - )
Cogs (HKLM-x32\...\Cogs) (Version: - )
ControlCenter4 (x32 Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (x32 Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crayon Physics Deluxe version 55 (HKLM-x32\...\{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version: - Brace Yourself Games)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DeviceDetect (x32 Version: 1.0.3.4 - Brother Industries Ltd.) Hidden
DFOLauncher (HKLM-x32\...\DFO) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: 0.11.0.9359 - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
D-Link AirPlus G Wireless LAN Adapter (HKLM-x32\...\{111B8587-C888-4B7B-A20D-8CC767437A90}) (Version: - )
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FocalBlade 2.0 Demo Plugin (HKLM-x32\...\FocalBlade 2.0 Demo Plugin_is1) (Version: - The Plugin Site)
Gameforge Live 2.0.11 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.11 - Gameforge)
GameVox 0.18.4.56 (HKLM-x32\...\{d1b6d93c-44b5-4130-bff4-95c9b6d141d3}) (Version: 0.18.4.56 - GameVox LLC)
GameVox 0.18.4.56 (x32 Version: 0.18.4.56 - GameVox LLC) Hidden
Gauntlet™ (HKLM-x32\...\Steam App 258970) (Version: - Arrowhead Game Studios)
Gigantic Installer (HKLM-x32\...\{fb714f96-ecf3-484b-b780-edbd9e241da7}) (Version: 1.0.0.2 - Motiga Inc.)
Gigantic Launcher (64-bit) (Version: 1.3.0.1 - Motiga Inc.) Hidden
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM-x32\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
Grey Cubes (HKLM-x32\...\Steam App 371500) (Version: - Deion Mobile)
GTK+ Runtime 2.14.7 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version: - )
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Guardians of Graxia (HKLM-x32\...\Steam App 90500) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HEX 1.0 (HKLM-x32\...\{6EDED3CB-CAC5-4200-A534-CCA1732EAF23}_is1) (Version: 1.0 - Gameforge4d)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HowToGuide (x32 Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HP Button Manager (HKLM-x32\...\{7390FC95-D842-448A-A3A2-C8DC89AEB83A}) (Version: 1.6.0.0 - Hewlett-Packard)
HP Webcam User's Guide (HKLM-x32\...\{D31612BB-C6D7-4142-96AE-16DB062354CF}) (Version: - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
InFlac 1.1.1 (HKLM-x32\...\InFlac) (Version: 1.1.1 - Michael Facquet)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jamestown: Legend of the Lost Colony (HKLM-x32\...\{DC76D52B-1266-4A73-9020-02694193B907}) (Version: 1.0.1 - Final Form Games)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Landmark Beta (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 1.0020 - Riot Games) Hidden
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.0 - LOOT Development Team)
Magic Duels (HKLM-x32\...\Steam App 316010) (Version: - Stainless Games Ltd.)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
MechWarrior Online (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Minimum (HKLM-x32\...\Steam App 214190) (Version: - Human Head Studios)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
MTX (HKLM-x32\...\{6583D00E-0924-4950-8BE9-5D09FE70B333}) (Version: 1.0.0 - mektek.net)
Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
Natural Color Pro (HKLM-x32\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0005 - )
NetworkRepairTool (x32 Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29375 - Grinding Gear Games)
PC-FAXReceive (x32 Version: 1.3.8.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (x32 Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PicPick (HKLM-x32\...\PicPick) (Version: 2.3.0 - Wiziple)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.6.6 - )
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts Demo (HKLM-x32\...\Steam App 3840) (Version: - Double Fine)
Puzzle Bots v1.0 (HKLM-x32\...\{12B839E5-8271-4888-B19F-4811A8D8770F}_is1) (Version: - Wadjet Eye Games)
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
RemoteSetup (x32 Version: 3.8.0.0 - Brother Industries Ltd.) Hidden
Reus (HKLM-x32\...\{D991ED13-3BDE-40B9-9C7D-C459E342C0D5}_is1) (Version: 1.3.1.0 - Abbey Games)
Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version: - Crystal Dynamics)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Sanctum (HKLM-x32\...\Steam App 91600) (Version: - Coffee Stain Studios)
ScannerUtilityInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Shadowgrounds 1.05b (HKLM-x32\...\Shadowgrounds_is1) (Version: - Frozenbyte, Inc.)
Shadowrun Returns (HKLM-x32\...\Shadowrun Returns_is1) (Version: - Harebrained Holdings)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version: - Harebrained Schemes)
Shadowrun: Hong Kong - Extended Edition (HKLM-x32\...\Steam App 346940) (Version: - Harebrained Schemes)
Shatter (HKLM-x32\...\{84D008A6-8159-442E-8FD8-0148EF42F3E0}) (Version: 1.0.5 - Sidhe Interactive)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.46 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.12.2920.4 - Hi-Rez Studios)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
StatusMonitor (x32 Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
Tales of Zestiria (HKLM\...\Steam App 351970) (Version: - BANDAI NAMCO Studio Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
Terrorhedron (HKLM-x32\...\Steam App 299720) (Version: - Dan Walters)
The Darkness II (HKLM-x32\...\The Darkness II_is1) (Version: - )
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1) (Version: 1 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - )
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
Trine 1.09 (HKLM-x32\...\Trine_is1) (Version: - Frozenbyte, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
UsbRepairTool (x32 Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.2.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.9 (HKLM-x32\...\{4B969F2F-E383-4EBD-8B34-EDA2D737D096}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION
VVVVVV version 2.0 (HKLM-x32\...\{C39601A7-9FF4-4148-A41B-93181E35D122}_is1) (Version: 2.0 - Terry Cavanagh)
WinDirStat 1.1.2 (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\WinDirStat) (Version: - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
wolfman-x (HKLM-x32\...\wolfman-x) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C6896E-B9B8-41AE-A29A-21736796C03D} - System32\Tasks\{C5EF7A5E-A71D-4612-B1EF-EF01324E83B7} => pcalua.exe -a C:\Users\Bryan\Downloads\XBOX360Eng.exe -d C:\Users\Bryan\Downloads
Task: {05B1E339-F4C9-4517-B722-89D06C5F9283} - System32\Tasks\{45B9A611-6A72-478B-8D97-9CA8C093E8C9} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {0CB7E6D1-1090-416D-B413-5ABAA6A9A786} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {122B7A12-C9DB-4645-A1D8-1EED56795338} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {157B46F2-A7BC-4E9B-8A8B-DCF1469CB341} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {17FF28B4-01CF-48DF-9FD3-9D44C98FAE58} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {186653D0-2616-474D-822A-BA7717C06468} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1BD4D10D-0E13-4A44-B061-7748355BA825} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {265F771F-4B79-4DA7-AC8C-4FD4EBBB4C26} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {27FF1ACE-77AE-4DD2-ABC4-63AC7824A216} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {29F34EC9-1504-43B5-A7E5-3992EB83042E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2C94A6AC-4E94-49AA-BFEC-CA6715D5838F} - System32\Tasks\{1346A54B-F643-49CA-A380-C2712D7819C1} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\07 CB_Oct_2009.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {34DFE721-5B05-4151-8B49-2B15AD35F39D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {37723692-5D04-4540-97C0-78E7E80FFEAE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {39776033-3639-4CFF-B3F0-D3E166186F2A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4852CF62-AECB-4107-8218-CD5AFF616C58} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49D19FFA-B5B7-4AD1-A9B7-7DD463033CE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A55BBC8-0419-4456-872E-360B9BC11EEE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {4C3086EE-8C38-4F1C-BB8C-8BEEEF8B855C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {571FE537-F861-4706-AE97-CC121265D995} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5A67B648-E6F4-40D6-918D-FCEEB121DD4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5BFCE883-EF1C-4824-A392-6D09E5F54BBF} - System32\Tasks\{AA7EEC8E-BF7E-4C73-8E64-90A32D5C2A1A} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\09 CB_Jan_2010.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {624DB11D-9A48-4054-A438-E538962C7346} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {62CE3F92-9560-4354-9AAC-B4E1766A97E5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6848E300-9948-42C2-8B0A-C438060CC47A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6F2B85AE-85DB-46A2-B01E-15610C28006E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7B9891DA-A55C-4A43-80FB-2313C0F228A5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7D7CA63D-FABA-4AF6-B2E7-218561B58CFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8290ABE3-4049-4AF7-AE71-A90F12CB7647} - System32\Tasks\{D7800F6C-F764-4C79-B124-9E3AA70471DC} => pcalua.exe -a "C:\Users\Bryan\Desktop\New Folder\crack\UPDATE\assassins_creed_2_1.01_us.exe" -d "C:\Users\Bryan\Desktop\New Folder\crack\UPDATE"
Task: {83A238BD-45C6-41D0-9C4A-BDC07A1CC9E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {848C5324-075C-467C-A726-19657AE71E55} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C645592-6934-4799-87D2-75E17790E39C} - System32\Tasks\{852D79DA-9E6D-43AE-BA09-691A1176B8FA} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\08 CB_Nov_2009.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {8F019CD9-7319-4344-A511-3923CE659744} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {9084C9CB-5B7F-4B64-B362-5ED7C9DCD0FA} - System32\Tasks\{48F2B6BC-1E5A-4182-AE0E-81B6E1EEF2D7} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Mass Effect 2 Full DLC Pack 2011 -illiria\DP_Setup.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Mass Effect 2 Full DLC Pack 2011 -illiria"
Task: {950C771E-8461-4B25-B839-3BE725D37F29} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {9931FF85-3351-42DE-8F34-B03F5B1AF536} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9C7B6025-EAE0-4D78-A7DC-A49F25504B4A} - System32\Tasks\{4E8710E2-664D-498F-90C0-4B8CEBC28AF6} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/12910
Task: {AD4D3F7F-1D77-425D-B26C-3B782769013F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {AECB5684-4A48-4980-B887-555DB5406C67} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AF650805-499B-4717-817B-54ED677A76A0} - System32\Tasks\{B9E7CB81-77BB-4FDA-9A2C-ED13CC009FBE} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\alien swarm\bin\addoninstaller.exe" -d "c:\program files (x86)\steam\steamapps\common\alien swarm" -c /register
Task: {B77FA3C9-F4A0-4C8B-992B-7BD7062C91AA} - System32\Tasks\{EA03FC6D-E036-49A6-BDF4-640D8C123B6F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {B9300E86-CD64-48F7-94DD-A456DD72D7C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {B9C2E9A6-1EB9-49B3-A703-1402FCAC6EA9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {BBD59593-6DE4-4CC2-AB20-F3553D295A31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BF1174BF-859A-4DF8-8CA8-7C7042882E67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5759DD7-35B7-4664-A8FD-289C8435B7A3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {D4CC058D-6E8A-423C-92E2-75CAACBD282E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {D7999EBD-BC8F-45D5-8664-AB3408E8385A} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {DB399A18-9BFA-4FC3-905E-155F9BB8F6EA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E13EA930-A87B-4819-9872-458FE8488AB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E46180A8-9666-4547-AE86-3E99A18B8A88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5250716-C46E-42C2-8A19-99388F88F6A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFF7FA9B-71DC-4715-8BA8-16EDA373369A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F054FE4E-AC9F-4FC6-8C79-9581E0D91325} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {F1DD8418-E09C-468F-8D34-004E1185B32A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F86A213F-DE25-47C3-BA16-D5DF653C4E0F} - System32\Tasks\{E2321764-CBCB-4E30-8CD4-553A205566D2} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\01 CB_Apr_2009.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {FB4D4D83-6484-4BE4-A897-CF12E8EC8E84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-03-02 10:20 - 2011-03-02 10:20 - 00224256 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2016-04-25 10:16 - 2016-03-24 00:35 - 00368184 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-14 19:02 - 2005-04-22 13:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 21:33 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-09 07:27 - 2016-03-21 21:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 21:33 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-29 21:33 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-09 08:18 - 2016-08-09 08:18 - 00959168 _____ () C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-05-02 09:08 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2016-08-31 10:09 - 2016-08-31 10:09 - 01573584 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.41.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-10-19 09:11 - 2016-10-19 09:11 - 00366080 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.41.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-09-20 22:20 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 00:33 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 00:33 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 00:33 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-11-16 20:03 - 2016-11-16 20:03 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-16 20:03 - 2016-11-16 20:03 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-16 20:03 - 2016-11-16 20:03 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-22 19:05 - 2016-11-22 19:06 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-22 19:05 - 2016-11-22 19:06 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-02 19:05 - 2016-06-02 19:05 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-22 19:05 - 2016-11-22 19:06 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-22 19:05 - 2016-11-22 19:06 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-02 10:11 - 2011-03-02 10:11 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00073216 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00208384 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2011-03-02 10:17 - 2011-03-02 10:17 - 00603136 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-03-02 10:13 - 2011-03-02 10:13 - 00048640 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00584616 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2016-11-15 20:48 - 2016-11-08 15:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 20:48 - 2016-11-08 15:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123simsen.com -> www.123simsen.com

There are 7545 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2010-12-29 17:20 - 00428463 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 14741 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bryan\Desktop\Pics\Keepers\New Orleans 10-2015\IMAG0147.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: C3 => C:\Program Files (x86)\Vivox\C3\c3.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Bryan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "BCU"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\StartupApproved\StartupFolder: => "GameVox.lnk"
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{9E566EC4-B07A-48A8-9591-95E69F7E1266}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{9092EA15-0FFB-445C-B7DE-47685B75F530}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{08122964-936D-4D84-AAA4-BA6ACFC45B21}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E8D03A6D-82F1-46BE-8AE2-4BD4D8FF82DA}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{76E601CD-1552-4750-82FC-F5C5A5BE78A4}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{762E0C23-15C1-4124-A575-51D98A9E11A0}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{8DDA7BAD-C1DF-4523-B664-B7FC527E08B1}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B5790F62-6704-4FBE-B077-CE0C7F98C4FE}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{18CEBEEE-6437-46CF-A519-8D66B90851CC}] => C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ED650210-475C-44B3-A183-02F40D3BE1F0}] => C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{603D3FDF-2DF2-40E4-8220-DB4BCCFC83E2}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{E72591A9-DDF4-4D89-ABB0-D83349FB27D1}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{BF504995-1C75-4C86-9FB6-34463C5295AD}] => C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{70FCDB59-3668-4EED-9B55-A5301FBE73EE}] => C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{D9D1185D-506D-4EB1-942D-B212A093A4D1}] => C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{35DE6871-869C-49EE-AF15-2FEA0A854B4D}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{55E6FC19-C522-4B85-8D81-C73467A316D1}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{D0E9B37C-DEE1-4D03-98B1-51EACB25A7DF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{B5293982-D661-4FE9-B0A8-3A641A5CA624}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{39664CC1-4E67-443D-9FFD-7CB38679E3C0}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4C48D48E-9211-4F9A-96DD-BBA4EF92B26F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{6D2EB750-6B33-4FEA-88B7-1A7C7E28BF90}] => C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{05AE6CB3-349C-41C5-8584-34EF5EFD3418}] => C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{075FEC8B-6E4D-4CBF-8320-ADDF2DBF4053}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC178713-DFF0-4770-89B1-D50080EF2AEF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66E2E888-0495-467B-8F0A-382773990B87}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B026A64-46AD-4150-BE1E-C4B7A0F96C0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{503F90E6-E5B0-4AD3-BE36-41D7F19B3AB3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9B8276F7-808C-4D3D-A4D7-59E184DED9B4}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3F51B2E5-E86F-4BA7-B1E3-B8DAB090993E}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{02F80957-5EB0-436E-87D6-4227168645F4}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{9ADE4919-4BB0-44EC-B2E3-FDED38404505}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{A4F588E9-B2C9-46B2-A6BE-C562107AEEAF}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{3B001959-5CFF-47AD-9C72-38F5625BF88A}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{A247CA7F-B597-4C9C-9836-204094337673}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71A64160-579C-449C-BB0D-E4EEC2C6600D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{1F57335E-3E17-4A7E-AED9-26A8178385FD}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{EFDD72A9-D6BE-4145-A654-1DBD9FCBA791}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{DD6A64A1-0883-417E-9389-E42CF77AD2F7}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{B4DA0C7E-4768-47C0-BF75-63804B8F1177}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D466861B-7FFD-4A16-B2DC-786708773A73}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6F626A2B-EF2D-43C4-AFF0-1D25E33B6F2A}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{434756D2-F79C-4E2C-B81C-FFCF1C0E45BD}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2D082E90-5A70-4D10-BFB9-161917D73D4B}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [{3CAE2205-90F6-4721-8F4B-B8A46720B421}] => C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D7863F6D-2937-4ABF-A9C7-762D4089D18B}] => C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [UDP Query User{89DC9B87-EE47-4115-A2F0-1325A1409CCA}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{55661E35-A578-47C2-A96B-6145CF5808C9}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [{6550343A-62BB-44A0-8DC6-9E607D0C811E}] => C:\Program Files (x86)\Steam\steamapps\common\GreyCubes\GreyCubes.exe
FirewallRules: [{471E32BC-2906-4CFC-B180-95077AB38F43}] => C:\Program Files (x86)\Steam\steamapps\common\GreyCubes\GreyCubes.exe
FirewallRules: [{BC821BCA-E3A7-49BD-B04B-E136B84E2DED}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BED30BB2-EBB3-41E1-93B6-599CD8AEB783}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{4147B5C8-E5B0-45A1-B9D8-902D0CC33FE7}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{44AD2575-DA35-4BF9-8AB0-11D879605CF4}] => LPort=54925
FirewallRules: [{41D64912-84F6-4E80-A17F-76AC40AF2F9E}] => H:\Install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{DFF42BB2-28A3-48A0-8D27-E2EF6CBB1C3A}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{994B3964-0476-4A9A-9711-DAC5A3BD686F}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{18A9C170-840D-4FC9-9886-8A91FAE60863}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{FEC087F1-9094-41A1-ADE6-EE409D832DA5}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{9136D434-E9D0-4684-9209-D4F6A85DF931}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{6785A6B5-EBA1-4530-93B4-6EEE7B13F893}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{3F20995C-CCAD-4E25-A72D-E916A289D7D6}] => C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{EA59C345-E6EC-4028-B81C-9BA47240188A}] => C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{11939EDC-08DD-4734-94D4-DED455054EB0}] => C:\Program Files (x86)\Steam\steamapps\common\tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{618FD6B9-4479-433E-9384-80E4D89C2AC5}] => C:\Program Files (x86)\Steam\steamapps\common\tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [UDP Query User{798962EE-15E4-4868-BF1C-CC79057E5349}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{CD1F5F34-98AF-463D-99F5-50EB51B22B2D}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{E1D6D9F5-2595-4018-B364-82332D89D9AB}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9BDE7E94-0018-4014-80CC-028622CC8AD9}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B9C2ADD9-66E5-420C-A910-904787DFB8BA}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2DC518D2-61EE-49DB-90A8-9AAD437CADBB}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C8ECC68D-4C22-4B3A-998B-0C8F854490C7}] => C:\Program Files (x86)\Steam\steamapps\common\Terrorhedron\terrorhedron.exe
FirewallRules: [{802D1EF5-5AAD-4DD0-9FC4-18FE8043E11B}] => C:\Program Files (x86)\Steam\steamapps\common\Terrorhedron\terrorhedron.exe
FirewallRules: [UDP Query User{D59F117C-178A-4060-B743-0A74FF5A09A1}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9B338196-9173-4F65-992F-6AFA22B47DED}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EFCBB1A7-70FA-47A1-A58B-FDBDC2475DE8}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{666411AE-82A2-4924-933B-EB20CF38E43B}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7E1D0833-1F1F-48C7-8EE8-1F776959F6F3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{A14A18D7-CF4F-4E96-B093-B592F1FBA43A}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{03C67C2D-7B87-4767-8433-7BE61A6FC990}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6B543A5F-822E-4C69-B9FA-9F4E1EB48F92}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{35E8104A-80E1-43EE-B0E0-59A5352D0583}] => C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5BDEDC1A-AD9B-44E9-B403-2A3A012D7EF2}] => C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [UDP Query User{39CD56F9-DABA-4034-92D9-7AD4004AD623}C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe] => C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe
FirewallRules: [TCP Query User{88368CA8-32EE-42D5-8AB7-82CE6365F40A}C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe] => C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe
FirewallRules: [UDP Query User{7A1F51D1-3632-4B11-8BA9-E54517261E83}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{2A05E62B-8C98-4A33-95BD-7EAC3B7746CD}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{77A268AF-91CB-4A92-92A3-2B07659CA7A6}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{A67342FB-DA71-4F53-AE7D-937A95E92E3A}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [{A16F141D-8DE7-4BF7-8A02-9100A8EBEBF4}] => C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{20124EDE-FF02-4FD3-A19A-20ADDAE3A2E2}] => C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{716DB04A-DEDF-44B3-9C3F-384A49A65425}] => C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{BA61FB2E-14B2-489F-B947-3C16C5E62F10}] => C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{E6F110BD-B933-44ED-BFAC-A48FC1813A1E}] => C:\Program Files (x86)\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{611E2ED2-EF41-41E1-B1B9-1FE7C30BD7F1}] => C:\Program Files (x86)\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{D462D622-7424-420F-A6E9-A0A1DBACEA4C}] => C:\Program Files (x86)\Steam\steamapps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{25AF45A0-96B8-4A0A-B7F2-9947F121120F}] => C:\Program Files (x86)\Steam\steamapps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{1EF8459F-BE85-45B7-A773-DC07F3C873CA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E11CC037-C9FE-4719-B2F9-63C7FF5F499D}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{6EB512C9-5C4E-456F-A6B7-0A6EDBFFC86D}C:\program files (x86)\raidcall\raidcall.exe] => C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [TCP Query User{E638A225-13E3-4173-9451-95498EFB8561}C:\program files (x86)\raidcall\raidcall.exe] => C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{6AE8C68A-AB1A-4BD5-981F-44EF23D7C884}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8DD07586-7E40-40A3-B01B-9DCB27C4C8AF}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{96C60E76-977E-4AE0-8D2F-5AF68AFD7377}] => C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6CAA783B-C9A8-43CB-904C-78C5D90A427E}] => C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{8364C997-6A39-429B-8D11-8C64060CD09B}] => C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{9286ADB7-4398-4D92-9D87-8F209D8C306E}] => C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [UDP Query User{21413504-E150-4082-A1A0-23A4321C976D}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{06F3700B-0D12-41AB-A7E0-0CB0B94CCB21}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0FD9C62D-42DA-48A5-8CB8-CF056E4717DB}] => C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{35911189-710F-446D-940E-CA9B9EC83D70}] => C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{84ACEAEE-87FA-4A15-907B-0854AF5D0FCD}] => C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{3F04CBFF-5728-409B-B456-1CF036D0748A}] => C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [UDP Query User{334B2E83-981B-408E-BE92-6153DD276216}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe] => C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [TCP Query User{F8D22EF4-9B63-4E94-B274-AEF53FE20BBF}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe] => C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{D6DF2DB6-AFEA-4CFF-B7E7-6727AF1D9E43}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5D31DE24-EC07-42C2-B583-53C456DF82B7}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{FDA33696-0734-40EC-A931-B83F5AD12256}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{8DF8A7FE-02C3-4181-977E-54D62D4C5EE0}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{124566D7-35DC-4FE6-842A-3CDB8B2512A9}] => C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{BD77128A-B577-498D-92E6-067C42553BB1}] => C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{7EC214F6-A630-4976-8C83-5E008D6F2F6E}] => C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{5AD689C0-664F-4C9F-B42D-F0351B628B8E}] => C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{97933098-53FC-4DD8-B205-B8FE0EB81EC6}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{2300E685-86C6-4D19-A4DD-F7175327EBF0}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{E2D06D7E-A938-419B-B85A-F70958E04043}] => C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{89998022-A5F1-4FAC-A1D3-A0263985ECC8}] => C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D4F8B765-715A-4640-A0DE-8A86AF3F86EE}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{F691A4D9-AF39-4103-B745-DB9F36224E20}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{B0F88646-504A-4A7B-950B-EED785C77567}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{E9E3196C-B6EB-4C9E-8184-871CE0F7CFB5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{96F0F257-96E1-40E4-A5B2-3CBD029F8551}] => C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{070EB91E-B6F5-4F71-A4F3-BCED83654097}] => C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [UDP Query User{2689827B-6FD0-4E75-A9F7-EC2772A80490}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [TCP Query User{C894BC77-3E49-454C-96ED-564F863561FB}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [{E1A4B4AE-A9BC-4673-88BE-61AD1DC46434}] => LPort=41780
FirewallRules: [{70B70EBF-2AD4-40E7-A949-5E410787BCB6}] => C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5B4AE735-AFF4-402D-8BD9-B7E07D2B300A}] => C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{70501A5B-8B45-4E34-8F7B-21F1518837ED}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C63F34E1-AA47-4A77-A50E-635C0491336B}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E6630FA5-217D-46F4-AD75-784B70D21ABC}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{EAC9FDCC-C217-444E-B908-E270D9E590BB}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{2A18F852-EF79-4D6E-9BE0-5354918596F2}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FEB8D9CC-C745-4850-AD00-3F484A472535}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E27A4E54-8D39-4982-AB7C-D71D6299D76F}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{EEFD95FC-19C9-4EE2-A821-B12A9B8C9119}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{B814655E-1174-49A3-8618-005535F2DEA3}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{6F18D558-5250-4213-813C-A6C06F98ACD0}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{645FFBE9-A7F4-4493-8E53-F0D4ACC7A5F0}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{919D23F6-8514-4938-ABF3-E0F1CE985C86}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{8B89B26B-FF90-4BDD-984F-A000BBF5BEC4}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{8759C267-DC07-4A16-A8AB-F848A7F43101}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0AA93C04-A152-45B5-8713-71C19F4B9E3A}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{08DA9E08-A80E-487D-9CC7-6192A82389F7}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{9D4734CE-041B-4E9D-9282-ABD99D0797EF}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CFF74111-C8BB-4448-86C6-8D96DFB3147F}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [UDP Query User{D9F66DB9-9EBB-42A8-B468-A7E56EE5C3A0}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{B4386D80-A2C8-4AE0-ABAA-20E224DB2E7B}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{28871463-7E43-45FA-91D1-3949EF48D281}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{048BD6AE-726E-4AAD-AE50-1243BDE9079A}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{EC73E2A6-6B64-4AB6-98DA-3B6D3C44D596}] => C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CAA59CA1-AA5C-4D2D-A4E4-43C1020CDC86}] => C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{06F3B6F4-2E84-4E08-9FB9-5BFA59F0BDDE}] => C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{92AC38A5-CF73-4179-BDB1-769786FEB5B1}] => C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{48B63789-5FDA-4D5D-A07D-7679D783757E}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{3DCB33F0-B43D-4602-A894-E687017FA893}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{CF75BE7F-FB53-44AF-A6EE-D9F9CE595C17}] => C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{5A1070D0-F30F-4F7D-B199-2E1FB58082D8}] => C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{F66A788D-3577-429F-A45A-37D330F2DA39}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{A2AE031C-73A8-4DC9-A27D-947EECD51269}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [UDP Query User{260E5D78-F85D-4F3C-8B37-6399A2B663EE}C:\users\bryan\desktop\games\diablo iii\diablo iii.exe] => C:\users\bryan\desktop\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{3C2CA2C5-9307-4BE7-99CC-57CF34F9FF62}C:\users\bryan\desktop\games\diablo iii\diablo iii.exe] => C:\users\bryan\desktop\games\diablo iii\diablo iii.exe
FirewallRules: [{9A8AC6FF-764B-4471-A796-D1AC04B4F5D5}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{55108AEA-6854-4010-BF99-F48FF6FEA8A7}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E5AC228F-12E9-486B-A9C8-4BF8EB0B7493}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{E498D5AE-C2E8-488D-B53B-DD19F778EDD3}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{C541E6F5-4458-4EB1-8873-043C981F5F8A}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{801E951F-C6A6-4D6E-AB44-4A3522356E3E}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{B37A1EF8-0339-45CF-B210-91E75A8A694A}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{437E4EEE-FE64-4EFB-95FD-5E49546F66DB}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{2B5F5E03-461F-4BA8-8196-774A5B462C88}] => C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{AD1D22C6-0DAA-4857-AE3B-90FF94CFF789}] => C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{35C5E7AC-795D-4611-94BB-06B4348CF27B}] => C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
FirewallRules: [{F6E11555-3E12-4D1A-9CC1-FED91097527B}] => C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
FirewallRules: [{51FDD51D-3095-4A3D-B056-85625FF29DC1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DA487981-E544-4C29-B76B-B785F3AE4871}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{72448827-E1A9-4A13-8C8D-D40E64F13BFA}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{5F1AFCE7-A31F-42E7-B40B-366B1016159F}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{ACD6E62D-2B07-4FDB-BEC5-5E02BA2F7A4D}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{91950408-1004-4109-9756-2FD110451641}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{70D1B7C8-BD96-4E8F-812B-CDED40263C6C}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{18DE0414-E8EC-46E0-9ED7-EE9F8A5A9DA4}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{84CBBD64-E939-4684-8614-37D7DDC4ED61}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{EAF912D8-C026-41B0-A7D0-16600352FC54}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{33226855-E53D-4AAC-949E-C52A8894A609}] => C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{997DC675-2DB0-4954-A1A1-984EAF29BDD8}] => C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{174FD12E-025A-417F-A984-5E1EE1956381}C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe] => C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{52479641-5794-424C-AFE6-04C703A47952}C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe] => C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{CF87F131-ECFE-4380-91C8-EAE38CB63CDB}C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe] => C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{5620B819-E770-492D-9C9C-B89F2DFDCDBC}C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe] => C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe
FirewallRules: [{B310331A-050E-4B39-B7F2-BFFA462A84C1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E398740C-904E-462B-9FE4-06728285BDE1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{92B937C8-88F3-4B60-A6C8-471453F1F619}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{D9C56EDF-A784-45D7-9E06-C1CEAAEEB8F3}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{F05130D0-45A0-47B9-BE53-D57522F07E73}] => C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{E374A6AC-CA32-4DA3-AB40-6656E8AE7260}] => C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{D0F767E3-2937-4831-9697-00B91662FDEB}] => C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{89C14663-C5CD-475F-9396-ABF33C8C5505}] => C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{6CFA0D4F-5FDC-471F-B010-2B78EBFB905F}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{627A87B1-7DC2-49D0-9236-479D62177775}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [UDP Query User{416DADD7-B24C-4598-BDB6-EDA1189C7DFE}C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe] => C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{16D04A8E-E273-41A7-800A-CAA529AF3463}C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe] => C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{EC4EC9E3-73F6-49D2-8D72-95003B4ADF51}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{7F428D11-6572-4077-BC26-641528542151}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{00F4757D-10EF-4BE5-A34B-780A60F7BA18}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [TCP Query User{4129A878-90F3-4695-B5C7-0C1F91A2A5FB}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{9A5E8F79-E8AF-4C9A-B01D-676D4F0016D1}C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe] => C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{615BD100-37E7-4F79-81CB-94729B68A651}C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe] => C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{35AD4802-8C83-4B07-B452-A0B7356B0BC9}] => C:\Users\Bryan\Desktop\Games\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [UDP Query User{A171F493-7C7F-4E48-AC37-77501E87558E}C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe] => C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{C14C52DF-3EF8-44C1-AA02-4C2261D3EC25}C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe] => C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{C0DD6ECA-BEE9-4716-A20A-280A79DB58CB}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0F6B0BAC-BDA8-46C4-9316-E9C67CA3AD6B}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{9EA21BE7-1646-4C18-910F-4832F6CAA166}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{18AC3981-DBB5-4850-B541-846F6951F757}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{0266900B-959B-4023-8B24-47B19D00864D}] => C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{9D2D0D67-000C-46B6-9243-FFF2FFCCDFFB}] => C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [UDP Query User{4308CA1B-9504-46D7-855D-AF6F4618BF9A}C:\users\bryan\desktop\games\american mcgee's alice\alice.exe] => C:\users\bryan\desktop\games\american mcgee's alice\alice.exe
FirewallRules: [TCP Query User{20705DE3-DB4D-4867-9C8F-8C011B163C3C}C:\users\bryan\desktop\games\american mcgee's alice\alice.exe] => C:\users\bryan\desktop\games\american mcgee's alice\alice.exe
FirewallRules: [UDP Query User{EFEDF1EE-E3A3-4AA7-8482-5C5DAC107923}C:\games\dragon age origins\bin_ship\daorigins.exe] => C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{7D43BB66-71AA-49EF-89E9-61C603B8E4A0}C:\games\dragon age origins\bin_ship\daorigins.exe] => C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{3B537105-2EB1-433D-BAE1-E6C372315CE0}] => C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{30BC539D-A754-4FA3-8CCC-AE711406FF75}] => C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{8FC3D814-3A30-406F-94F7-FF52E711E4B0}] => C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{651F1A35-0995-4DED-A109-62F9E1E777EA}] => C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{2466B98D-7BC7-4033-9DFF-FE778BAE340E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97F8D1AD-CE0B-4603-AC5B-C237A16334B8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{E112F174-7F42-491C-80E5-6FD1A1323EAE}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F2F35F4F-F4CD-4AAE-9548-6F4C1D897993}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0DEC6317-9CAB-4859-997F-8DB11F32458D}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{95B3D747-1FB0-41ED-AB31-DA75B8618BD6}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{FBC3B58E-1941-467B-9F52-B6C104ACC713}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{B6734C83-96F8-4B63-A8DE-23D143C78CAC}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [UDP Query User{0513B191-C2A8-4796-8CAF-18242FD96C54}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{354218D4-6588-40B9-AA97-0FC2DCC35D58}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{A22C708E-4CD8-4EFD-96BC-54F2D5BD95BF}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{81FC9BE9-98EF-4AE1-B437-756945BBB513}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{A3595B56-8A14-4415-9EC6-7EBCDC6B25FE}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [TCP Query User{65B1A8B1-9B6C-4668-9263-D5E243C0F260}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [{8428D6A3-A4F7-4C1B-90E9-09E80BAC6D37}] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [{AD5A956B-A58C-4138-9BDE-BA123FAC8FB8}] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [UDP Query User{A68FB468-CD63-40D4-9B92-75F1FFA0653B}C:\users\bryan\desktop\games\zsnes\zsnesw.exe] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [TCP Query User{1A7BD4A1-12A5-411C-A26A-085A905D8011}C:\users\bryan\desktop\games\zsnes\zsnesw.exe] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [{2659B2B8-0350-4B81-AB60-41541535F513}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E9E9FA3F-DCEC-4CCC-8AAD-863F9A9BBE68}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [UDP Query User{D618277B-A9BB-41EB-9222-56361FB67BA4}C:\programdata\battle.net\agent\agent.1363\agent.exe] => C:\programdata\battle.net\agent\agent.1363\agent.exe
FirewallRules: [TCP Query User{E9CB6109-006B-4E82-859D-1160A63436A7}C:\programdata\battle.net\agent\agent.1363\agent.exe] => C:\programdata\battle.net\agent\agent.1363\agent.exe
FirewallRules: [{B2E534E0-7029-46DD-BC64-3898FD902DED}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6D75354D-26C5-418A-8FE8-75838164F075}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [TCP Query User{6A67094C-9BF4-4978-9642-1F6EE9F2FCC0}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{EEFD4C0F-4AA6-4526-AE77-C5FC519AF44D}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{10D848E5-57C3-4AE9-8FCA-6B0CD147603B}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{B1B5E204-C7BB-4547-983A-B19168CBDEC8}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{06B3132D-E85F-4D49-A717-F2D52D6E9861}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{7EFCD947-AC8F-4F67-8BE4-5CD96FA9FA55}] => C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{75441330-B6EA-45CB-BB98-81FEF7452CA7}] => C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [UDP Query User{68367603-BE2E-4A8B-ADF2-0921BCC1B4E7}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{90382EC0-F081-48D2-8AFD-52CF157E3156}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7EE6CD41-AC92-48A9-9822-AC8A5802BF0E}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{9D3E8C14-AA59-4F4F-97AE-D6DE695D8F85}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{82700A77-55EA-4C0C-87CF-8024BA919DD2}] => C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [{163A5991-5D3A-45BF-A442-4281BCD095DD}] => C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [UDP Query User{5462DBCB-F5C2-4B45-97D0-D5C9A5440F07}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{F5C989F3-9B7A-4626-AF53-11E0511E0C50}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{B4C99863-FA53-464A-AD21-E78E5FF147F3}] => C:\Program Files (x86)\Steam\steamapps\common\risen\bin\Risen.exe
FirewallRules: [{D5F3B9F3-56E8-4774-8B8F-C853FCC80192}] => C:\Program Files (x86)\Steam\steamapps\common\risen\bin\Risen.exe
FirewallRules: [{8914ED7E-89F7-4DD9-A9E0-D96CB9A5DF43}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{41697514-D0B0-4D50-BB64-EAFE281EC0C2}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{D6B98206-8C83-4B84-AAA5-78816B229B1D}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [TCP Query User{F41E1B22-104B-46A9-88C5-9DC319AE78FA}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [UDP Query User{3503C39D-0C50-47D0-B06A-FAA56160FDD0}C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe] => C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe
FirewallRules: [TCP Query User{E85F5DE2-2B33-42BC-B6A8-D2679A2BE6AE}C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe] => C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe
FirewallRules: [UDP Query User{0757A4C3-FE4E-498B-A7C9-E6D1A97AB1D9}C:\program files (x86)\java\jre6\bin\javaw.exe] => C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{9F2EC895-A678-4E41-920B-79793C880048}C:\program files (x86)\java\jre6\bin\javaw.exe] => C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{F3B4B097-4B46-4B60-AC29-D9691F0643F5}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{B0755C08-56DF-4608-872F-60BE4972B9D6}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [{C6D8F762-861C-41FA-8252-87F2907D919F}] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{58A28F31-46EB-43B7-AE7F-3965E84ABC67}] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{2E88636A-1A25-459E-8F0A-EC19AF2D4B93}C:\programdata\battle.net\agent\agent.1040\agent.exe] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [TCP Query User{89B3696F-A2F7-4061-A3EE-5EC67E479E74}C:\programdata\battle.net\agent\agent.1040\agent.exe] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{63E5A8C8-C2F6-400A-BEE9-204F842D8CC8}] => C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe
FirewallRules: [{98247830-E9D1-441A-B6CC-D9C33D9E40CF}] => C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe
FirewallRules: [{A9770BBD-BC42-4AAF-98E7-B4400C865B8A}] => C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{F4B92E5E-AA68-42B8-8150-1372E20B9CD9}] => C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{F8805339-783C-4B89-825D-E8DF4339423E}] => C:\Users\Bryan\Desktop\Games\Diablo III\Diablo III.exe
FirewallRules: [{AF4C7476-1286-40E0-8AB0-0F53ED8C604F}] => C:\Users\Bryan\Desktop\Games\Diablo III\Diablo III.exe
FirewallRules: [{DE2FE3BB-375A-4866-93C0-121066431C92}] => C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{884454D1-84EF-4D26-B98A-8E2C7376F6AD}] => C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{18AABB47-D377-4CA2-93A4-A3537F2F405A}] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [{90E2EDCE-64A4-43A1-86F9-5245B9FB1E45}] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [UDP Query User{2529E915-527D-4CF4-B2F4-EB0CC8004049}C:\programdata\battle.net\agent\agent.913\agent.exe] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [TCP Query User{207E5950-6A72-4C06-BDFB-AF546AC269A8}C:\programdata\battle.net\agent\agent.913\agent.exe] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [{768848AE-4700-4AFB-94F7-AEB441F121A0}] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{45DC97A7-AD93-4260-8709-B8BB5CBD4509}] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [UDP Query User{2189E65C-56E9-4E22-9921-D14332D39425}C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [TCP Query User{C7D28AB0-2C1D-4B45-9AE6-BE4A22CF4A67}C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{F284799B-10D7-412A-9AEA-26B09B7C49D6}] => C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{4CB8DA33-87F8-4D25-83C7-D643D7C27B4B}] => C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{255120CD-3A79-43B8-9C21-CAD1B19BBD47}] => C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{DA89BB9F-F039-4A84-BFCE-BEFB395E4468}] => C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{1246314F-5CC7-4758-A6C8-C9FC08116073}] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [{7EBF384C-5F80-49D7-A165-C7AD2AD1FB0D}] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [{4C53DA91-F98C-47F4-B922-B49F1AF971A7}] => C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{3B5A8567-00A0-4F8F-B085-7B3AD33B1B75}] => C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [UDP Query User{36666E71-C065-45AD-B4C0-F7C0374E82FC}C:\programdata\battle.net\agent\agent.515\agent.exe] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [TCP Query User{FE28B2CD-FB48-48FC-8320-A262B85E32E1}C:\programdata\battle.net\agent\agent.515\agent.exe] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [{AC5DF75C-0AD3-447F-8A56-6EBCD8727BD8}] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [{B36332A3-4F65-4FFA-887B-DAD99CAF1103}] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [UDP Query User{009306FF-7EE3-4AD3-8B65-56BED9E611C9}C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [TCP Query User{6847E9B4-8AD7-480A-8448-29D5B63595DD}C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [{A4CC5867-F34A-4B34-902A-453B749FEE15}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat
FirewallRules: [{366E23FC-1E66-42F2-B58D-CF5F86CBDEC5}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat
FirewallRules: [{A96D9A3A-D008-4237-9015-43864FD98FDB}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe
FirewallRules: [{7CF2AF8E-3DA5-449B-AE04-97A2042866BE}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe
FirewallRules: [{5CEDDA55-2EA9-40EF-A024-2DADA8675E69}] => C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{0D674119-30CC-4250-B662-F8467CCE6AAD}] => C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{449D4B69-4C02-4FF5-8FB5-AE9A04206655}] => C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{1EBD32CC-5EBD-41DE-837D-6BFC0FEA31D9}] => C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{A32BDF1F-763C-4BE3-9480-C37C168070A0}] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{F88706F4-235A-4856-B7DA-AEC16EB1AFFF}] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{F2F9F55C-6D6E-45D3-8D72-C070554E05C0}C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{26157C2B-1A6C-41B6-BABF-2EE54BCBC033}C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{D6927868-52E2-4059-AAE0-E10A3C59CAA8}] => C:\Program Files (x86)\Steam\steamapps\common\guardians of graxia\GuardiansOfGraxia.exe
FirewallRules: [{2E602496-B0C3-4D20-B008-03DAF022C5EB}] => C:\Program Files (x86)\Steam\steamapps\common\guardians of graxia\GuardiansOfGraxia.exe
FirewallRules: [{B5EFE865-6B44-40D9-95E0-A18B07CC5C92}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{D20BD56D-1BED-4709-A8C5-1E2E1D37A414}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{F802BB65-396C-4A88-B4CB-BFFEF98ADC97}] => C:\Program Files (x86)\Steam\steamapps\common\psychonauts demo\Psychonauts.exe
FirewallRules: [{B7DDA240-63B4-4806-8904-376AAB97BF34}] => C:\Program Files (x86)\Steam\steamapps\common\psychonauts demo\Psychonauts.exe
FirewallRules: [{151E2DD4-6B4C-4CEF-AA58-17E034D2F71E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F42D31B7-369A-4DFB-B083-7F4674740D0A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E1DCA0E-C85D-45CC-9884-4BF37979548F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DDFD0C7-9357-4597-AE8F-C59A304B0CAE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{9FE96430-F155-4931-A31F-AF41EA54514C}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [TCP Query User{599E4734-CD50-46A3-8302-05EF59547B1B}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [{0B4E5B3C-9A46-4151-8FDD-B3021A9ABE34}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4539A85C-B17F-46EC-81F6-95BF25E05716}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm-dedicated.exe
FirewallRules: [{15848BC7-86E8-4CB1-884E-BE1DEEFF953D}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm-dedicated.exe
FirewallRules: [{C0A8CFDB-B338-492D-9203-C4091D0D1EA9}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm.exe
FirewallRules: [{F4940868-C249-4852-8230-72E1D47BC7EB}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm.exe
FirewallRules: [UDP Query User{6875B0B9-3605-43F0-AC83-9B877341B4E0}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{53DA6FA3-3D5A-44E9-B025-2E8D5C5CFA2F}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C3FB04EE-B3DC-4A48-AE31-5CE92F405C8D}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{C0604AE2-3ED0-4552-9F78-8D25E7D58CD1}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [{72EF7842-CF32-495F-AF2A-71C00DB07E23}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{543D9BAC-C7C6-448D-8BEB-E332F7F4F240}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{D20D28CA-2EB0-4AE8-ACE2-C6D20DE9D1FE}C:\program files (x86)\lolreplay\lolreplay.exe] => C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{C52E4426-80FC-4871-BAA5-013742B4AF9F}C:\program files (x86)\lolreplay\lolreplay.exe] => C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{8B9E0157-E3F0-4606-AA65-F788D1E1F82A}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{CF039847-DB87-46B5-9A53-A604DC7C90B7}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{E9653953-C315-4712-B914-C42ABA00756C}] => LPort=8383
FirewallRules: [{ACD8D107-4348-4AEC-BFAA-3A56534E535A}] => LPort=8383
FirewallRules: [{5B81A9D6-54AB-4696-85AF-E5A784BB2927}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F756527B-9EAF-4044-B6B3-535C3BBD72B0}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe
FirewallRules: [{0B90D9FE-1C01-4289-8E07-4C643F56680C}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe
FirewallRules: [{96BA3B5E-CA15-467F-8369-A8259D6F6AA8}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\Prince of Persia.exe
FirewallRules: [{8E88D8B6-7BFB-482B-953B-82A7BC581C3A}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\Prince of Persia.exe
FirewallRules: [{1CA334E8-9353-4BB0-91BD-8F48CFD2A86A}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{39F95B8E-E46F-44C9-9A90-FC694C90CFD7}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{3B2964A7-ADBD-4653-B0B3-68AC51DDD4FB}] => C:\Program Files (x86)\Steam\steamapps\common\darksiders\DarksidersPC.exe
FirewallRules: [{9398F45B-5441-4011-8FBB-0550526C4571}] => C:\Program Files (x86)\Steam\steamapps\common\darksiders\DarksidersPC.exe
FirewallRules: [UDP Query User{CD7170F6-8A88-48D8-B1F9-BE53DE7851BD}C:\users\bryan\downloads\championsonlinef2p.exe] => C:\users\bryan\downloads\championsonlinef2p.exe
FirewallRules: [TCP Query User{6D8CE278-BFE4-4A12-A5D5-866DBA8F00A2}C:\users\bryan\downloads\championsonlinef2p.exe] => C:\users\bryan\downloads\championsonlinef2p.exe
FirewallRules: [{0140B2EB-D980-46BD-81B3-8EE79941CAEA}] => C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{0A5618E9-77F5-4880-9917-B50E87C05082}] => C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{5C79E22C-82AE-48A0-AEE4-87BD7B11F19C}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{C375E066-EC2C-48A1-9B8C-8FE047F856CC}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{3D7993DC-1496-4878-B2DD-C8C5C6F1238D}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{34359F0E-B7A4-4962-B7FC-DF25DB2FFE1C}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{6C19D0A3-E0F6-4269-846B-7ED014CB6C2D}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [TCP Query User{CC0D6DE2-F2F9-4AC6-9959-D605B88F5457}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [UDP Query User{51BC7F9A-8C95-4EDF-91ED-0F811122A674}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [TCP Query User{9F38B8B0-8032-4D2B-8D1D-E3D830D83904}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [UDP Query User{B74FE95C-57BA-4BD5-8106-8EB58B68B404}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [TCP Query User{94A85E3D-0DEA-4E6D-A972-058A73C971E8}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [UDP Query User{F955361F-A67F-4EA6-8664-74AE43DB315E}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{B4CEBC1A-9900-4134-8656-3D0F6C05163C}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{E88B36AF-1F7E-4315-8B5F-CCF03F536F08}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [TCP Query User{4F9354B6-88C2-4889-9794-FF4A0F9C2084}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [UDP Query User{827E3673-C2AF-407F-9D62-D7A70724FC01}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe
FirewallRules: [TCP Query User{74AB80CF-7147-4CAA-9424-6A57A44A41DA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe
FirewallRules: [UDP Query User{0A0C2F18-2CB6-40F7-A095-988D847C9838}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe
FirewallRules: [TCP Query User{E392E762-BD09-4EC2-9C3C-1EC9762ECDCD}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe
FirewallRules: [UDP Query User{FD0F35E9-85AF-4AB8-9E4C-244F0329134B}C:\users\public\games\world of warcraft\blizzard downloader.exe] => C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [TCP Query User{05D6BFB5-4C5C-4902-B745-67E43033FF64}C:\users\public\games\world of warcraft\blizzard downloader.exe] => C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [{B7DE2249-6B5F-4406-A7BB-7472821C6B25}] => C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{E293AB2A-8D18-4A0D-945D-B13488428CA1}] => C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [UDP Query User{BACFB1E7-E372-4C35-AA3F-B65895DC3E79}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [TCP Query User{A3B061EA-A8DA-425A-9474-E4E79C2EF0E4}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [UDP Query User{E3B3D654-EEFC-43BC-AE12-77E70A08F584}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{ADEB8810-459F-4BD2-BD9D-C087943086E1}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{EE853FC0-1489-42E7-9B9D-FF94F3578FEB}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [TCP Query User{C3CFD481-B654-4B64-AE09-6432FD464B8B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [UDP Query User{DF5497B2-79D5-43D1-8611-9C561DF4237B}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe
FirewallRules: [TCP Query User{16E22943-C391-4884-8520-C57A99422AFE}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe
FirewallRules: [UDP Query User{94A9A63A-D082-410F-BAD1-446C7885EBE0}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [TCP Query User{EC44B5A2-3A6C-48E6-86A5-5CABF70D243B}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [UDP Query User{90B53262-472F-41F6-BE6F-C6F5D0ABE2C7}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe
FirewallRules: [TCP Query User{E86AE798-0E65-4CC4-9DE7-9F1DFE754516}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe
FirewallRules: [UDP Query User{B67DB5B2-E7AA-49BB-A686-C1D0A284270B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe
FirewallRules: [TCP Query User{51A78AFF-E26B-443D-ABE1-9C3C04109B56}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9125917A-5A06-4FBC-838D-22EB39F6B303}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B5BC8789-B8BA-4D7D-8AD3-780D695D9157}] => C:\Program Files (x86)\Steam\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{AACF6567-1A60-4F52-B3C0-BF111EDCAC08}] => C:\Program Files (x86)\Steam\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{29DA3996-E52B-40B7-90BD-28C14235EB3A}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{98D6F387-3346-4B98-A7B1-19BF9675D2A4}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{1DB16166-FB6F-4958-A6B7-AD9A0BDA4E03}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EC1D1A12-40C0-4D9F-B7A9-56C5F1DE8986}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{F4C094DE-406E-4A4D-A31F-768506BF5CF4}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-11-2016 16:10:45 Scheduled Checkpoint
27-11-2016 12:55:19 Scheduled Checkpoint
06-12-2016 17:50:59 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2016 05:51:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/06/2016 05:49:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/04/2016 01:05:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (12/04/2016 01:05:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609

Error: (12/04/2016 01:05:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2016 01:38:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15562

Error: (12/04/2016 01:38:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15562

Error: (12/04/2016 01:38:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/03/2016 08:43:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1611.18000, time stamp: 0x582f93e9
Faulting module name: dcomp.dll, version: 10.0.14393.0, time stamp: 0x5789983d
Exception code: 0xc00001ad
Fault offset: 0x000000000005ed14
Faulting process id: 0x254c
Faulting application start time: 0x01d24d64a141a7f3
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\dcomp.dll
Report Id: 8f3c8c96-ed47-473e-8c13-169aab866a3a
Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (12/03/2016 07:31:10 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2116-11-09T12:31:08Z. Error Code: 0x8007071A.


System errors:
=============
Error: (12/06/2016 05:36:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (12/06/2016 05:33:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/06/2016 08:13:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (12/06/2016 08:10:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/05/2016 03:38:56 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (12/05/2016 03:38:56 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (12/05/2016 03:38:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (12/05/2016 03:38:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (12/05/2016 03:38:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".

Error: (12/05/2016 03:38:37 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x5000000000005. The name of the file is "<unable to determine file name>".


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 47%
Total physical RAM: 8125.07 MB
Available physical RAM: 4299.5 MB
Total Virtual: 16317.07 MB
Available Virtual: 11888.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.63 GB) (Free:119.42 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:111.79 GB) (Free:111.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A81E88F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A650D531)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


aswMBR.txt

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-12-06 22:23:43
-----------------------------
22:23:43.778 OS Version: Windows x64 6.2.9200
22:23:43.778 Number of processors: 4 586 0x5E03
22:23:43.779 ComputerName: BRYAN-PC UserName: Bryan
22:23:51.611 Initialize success
22:23:51.799 VM: initialized successfully
22:23:51.799 VM: Intel CPU supported
22:23:54.516 VM: not used
22:24:10.573 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000035
22:24:10.573 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 11
22:24:10.573 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000037
22:24:10.573 Disk 1 Vendor: SanDisk_SDSSDA120G Z22000RL Size: 114473MB BusType: 11
22:24:10.972 Disk 0 MBR read successfully
22:24:10.972 Disk 0 MBR scan
22:24:10.972 Disk 0 Windows 7 default MBR code
22:24:11.019 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:24:11.050 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 609928 MB offset 206848
22:24:11.108 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 450 MB offset 1249339392
22:24:11.406 Disk 0 scanning C:\WINDOWS\system32\drivers
22:24:26.898 Service scanning
22:24:35.916 Modules scanning
22:24:35.919 Disk 0 trace - called modules:
22:24:35.934 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
22:24:35.934 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffd781a8f8e060]
22:24:35.934 3 CLASSPNP.SYS[fffff80150395efb] -> nt!IofCallDriver -> [0xffffd781a8d7c040]
22:24:35.934 5 ACPI.sys[fffff8014f264571] -> nt!IofCallDriver -> [0xffffd781a8d7de40]
22:24:35.950 7 ACPI.sys[fffff8014f264571] -> nt!IofCallDriver -> \Device\00000035[0xffffd781a8d85060]
22:24:35.950 Disk 0 statistics 16783/0/0 @ 0.67 MB/s
22:24:35.950 Scan finished successfully
22:24:49.740 Disk 0 MBR has been saved successfully to "C:\Users\Bryan\Desktop\MBR.dat"
22:24:49.740 The log file has been saved successfully to "C:\Users\Bryan\Desktop\aswMBR.txt"
 
#2
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png


Hit Ok.

sYFsqHx.png


Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
#3
Alrighty, heres a text dump of each of those!

# AdwCleaner v6.040 - Logfile created 07/12/2016 at 00:22:41
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-06.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Bryan - BRYAN-PC
# Running from : C:\Users\Bryan\Downloads\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: BCUService


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0814av
[-] Folder deleted: C:\ProgramData\Avg_Update_1214tb
[-] Folder deleted: C:\Users\Bryan\AppData\Local\GeniusBox
[-] Folder deleted: C:\Users\Bryan\AppData\Local\MalwareProtectionLive
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Mindspark
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\PriceGong
[-] Folder deleted: C:\Users\Bryan\AppData\LocalLow\Search Settings
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\BrowserExtensions
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\Search Protection
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\SimpleFiles
[-] Folder deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\ConduitCommon
[#] Folder deleted on reboot: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\conduitcommon
[-] Folder deleted: C:\Program Files\Enigma Software Group
[-] Folder deleted: C:\sh4ldr
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[-] Folder deleted: C:\Program Files (x86)\Conduit
[-] Folder deleted: C:\Program Files (x86)\DeviceVM
[-] Folder deleted: C:\Program Files (x86)\Vuze Remote toolbar
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Geckofx
[-] Folder deleted: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk


***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\Conduit.xml
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml
[-] File deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\dregol.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\searchplugins\wtu-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.mindspark.snapmyscreen_bf
[-] Key deleted: HKLM\SOFTWARE\5928ddfb16ebd46
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT1460988
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2504091
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2801948
[-] Key deleted: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[-] Key deleted: HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[-] Key deleted: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\DataMngr
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\DataMngr_Toolbar
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Search Settings
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\SimpleFiles
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Datamngr
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\Browser Extensions
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\PriceGong
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\Search Settings
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\SweetIM
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\DataMngr
[#] Key deleted on reboot: HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\Search Settings
[#] Key deleted on reboot: HKCU\Software\SimpleFiles
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Datamngr
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Browser Extensions
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Search Settings
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\Search Settings
[-] Key deleted: HKLM\SOFTWARE\SimpleFiles
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\Search Settings
[#] Key deleted on reboot: [x64] HKCU\Software\SimpleFiles
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Datamngr
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Browser Extensions
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Search Settings
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0CAF6133-B363-4737-8A62-F8CE22CA518A}
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4565BD94-6AA8-4B61-A848-A9323292E492}
[-] Key deleted: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CAF6133-B363-4737-8A62-F8CE22CA518A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4565BD94-6AA8-4B61-A848-A9323292E492}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CAF6133-B363-4737-8A62-F8CE22CA518A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4565BD94-6AA8-4B61-A848-A9323292E492}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [BCU]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchSettings
[-] Value deleted: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[#] Value deleted on reboot: [x64] HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "CT2801948..clientLogIsEnabled" - false
[-] Chrome preferences cleaned: "CT2801948..clientLogServiceUrl" - "hxxp://clientlog.users.tbccint.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[-] Chrome preferences cleaned: "CT2801948..uninstallLogServiceUrl" - "hxxp://uninstall.users.tbccint.com/Uninstall.asmx/RegisterToolbarUninstallation"
[-] Chrome preferences cleaned: "CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR" - false
[-] Chrome preferences cleaned: "CT2801948.AboutPrivacyUrl" - "hxxp://www.conduit.com/privacy/default.aspx"
[-] Chrome preferences cleaned: "CT2801948.BrowserCompStateIsOpen_129799503686523541" - true
[-] Chrome preferences cleaned: "CT2801948.BrowserCompStateIsOpen_1359634298000" - true
[-] Chrome preferences cleaned: "CT2801948.CTID" - "CT2801948"
[-] Chrome preferences cleaned: "CT2801948.CurrentServerDate" - "23-6-2015"
[-] Chrome preferences cleaned: "CT2801948.DSInstall" - true
[-] Chrome preferences cleaned: "CT2801948.DialogsAlignMode" - "LTR"
[-] Chrome preferences cleaned: "CT2801948.DialogsGetterLastCheckTime" - "Mon Jun 22 2015 22:08:05 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.DownloadReferralCookieData" - ""
[-] Chrome preferences cleaned: "CT2801948.EMailNotifierPollDate" - "Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.FirstServerDate" - "23-6-2015"
[-] Chrome preferences cleaned: "CT2801948.FirstTime" - true
[-] Chrome preferences cleaned: "CT2801948.FirstTimeFF3" - true
[-] Chrome preferences cleaned: "CT2801948.FirstTimeHiddenVer" - true
[-] Chrome preferences cleaned: "CT2801948.FixPageNotFoundErrors" - true
[-] Chrome preferences cleaned: "CT2801948.GroupingServerCheckInterval" - 1440
[-] Chrome preferences cleaned: "CT2801948.GroupingServiceUrl" - "hxxp://grouping.tbccint.com/"
[-] Chrome preferences cleaned: "CT2801948.HPInstall" - true
[-] Chrome preferences cleaned: "CT2801948.HasUserGlobalKeys" - true
[-] Chrome preferences cleaned: "CT2801948.HomePageProtectorEnabled" - true
[-] Chrome preferences cleaned: "CT2801948.HomepageBeforeUnload" - "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"
[-] Chrome preferences cleaned: "CT2801948.Initialize" - true
[-] Chrome preferences cleaned: "CT2801948.InitializeCommonPrefs" - true
[-] Chrome preferences cleaned: "CT2801948.InstallationAndCookieDataSentCount" - 2
[-] Chrome preferences cleaned: "CT2801948.InstallationId" - "ConduitInstaller.exe"
[-] Chrome preferences cleaned: "CT2801948.InstallationType" - "ConduitNSISIntegration"
[-] Chrome preferences cleaned: "CT2801948.InstalledDate" - "Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.InvalidateCache" - false
[-] Chrome preferences cleaned: "CT2801948.IsAlertDBUpdated" - true
[-] Chrome preferences cleaned: "CT2801948.IsGrouping" - false
[-] Chrome preferences cleaned: "CT2801948.IsInitSetupIni" - true
[-] Chrome preferences cleaned: "CT2801948.IsMulticommunity" - false
[-] Chrome preferences cleaned: "CT2801948.IsOpenThankYouPage" - false
[-] Chrome preferences cleaned: "CT2801948.IsOpenUninstallPage" - true
[-] Chrome preferences cleaned: "CT2801948.IsProtectorsInit" - true
[-] Chrome preferences cleaned: "CT2801948.LanguagePackLastCheckTime" - "Mon Jun 22 2015 22:08:04 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.LanguagePackReloadIntervalMM" - 1440
[-] Chrome preferences cleaned: "CT2801948.LanguagePackServiceUrl" - "hxxp://translation.users.tbccint.com/Translation.ashx"
[-] Chrome preferences cleaned: "CT2801948.LastLogin_3.13.0.6" - "Mon Jun 22 2015 22:08:03 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.LatestVersion" - "3.20.0.4"
[-] Chrome preferences cleaned: "CT2801948.Locale" - "en-us"
[-] Chrome preferences cleaned: "CT2801948.MCDetectTooltipHeight" - "83"
[-] Chrome preferences cleaned: "CT2801948.MCDetectTooltipUrl" - "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"
[-] Chrome preferences cleaned: "CT2801948.MCDetectTooltipWidth" - "295"
[-] Chrome preferences cleaned: "CT2801948.MyStuffEnabledAtInstallation" - false
[-] Chrome preferences cleaned: "CT2801948.OriginalFirstVersion" - "3.13.0.6"
[-] Chrome preferences cleaned: "CT2801948.RadioIsPodcast" - false
[-] Chrome preferences cleaned: "CT2801948.RadioLastCheckTime" - "Mon Jun 22 2015 22:08:03 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.RadioLastUpdateIPServer" - "3"
[-] Chrome preferences cleaned: "CT2801948.RadioLastUpdateServer" - "129307496595170000"
[-] Chrome preferences cleaned: "CT2801948.RadioMediaID" - "21435220"
[-] Chrome preferences cleaned: "CT2801948.RadioMediaType" - "Media Player"
[-] Chrome preferences cleaned: "CT2801948.RadioMenuSelectedID" - "EBRadioMenu_CT280194821435220"
[-] Chrome preferences cleaned: "CT2801948.RadioShrinkedFromSetup" - false
[-] Chrome preferences cleaned: "CT2801948.RadioStationName" - "Virgin%20Radio%20Classic%20Rock"
[-] Chrome preferences cleaned: "CT2801948.RadioStationURL" - "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb"
[-] Chrome preferences cleaned: "CT2801948.SavedHomepage" - "hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir="
[-] Chrome preferences cleaned: "CT2801948.SearchCaption" - "NCH EN Customized Web Search"
[-] Chrome preferences cleaned: "CT2801948.SearchEngineBeforeUnload" - "NCH EN Customized Web Search"
[-] Chrome preferences cleaned: "CT2801948.SearchFromAddressBarIsInit" - true
[-] Chrome preferences cleaned: "CT2801948.SearchFromAddressBarUrl" - "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q="
[-] Chrome preferences cleaned: "CT2801948.SearchInNewTabEnabled" - true
[-] Chrome preferences cleaned: "CT2801948.SearchInNewTabIntervalMM" - 1440
[-] Chrome preferences cleaned: "CT2801948.SearchInNewTabLastCheckTime" - "Mon Jun 22 2015 22:08:02 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.SearchInNewTabServiceUrl" - "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"
[-] Chrome preferences cleaned: "CT2801948.SearchProtectorEnabled" - false
[-] Chrome preferences cleaned: "CT2801948.SearchProtectorToolbarDisabled" - false
[-] Chrome preferences cleaned: "CT2801948.SendProtectorDataViaLogin" - true
[-] Chrome preferences cleaned: "CT2801948.ServiceMapLastCheckTime" - "Mon Jun 22 2015 22:08:01 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.SettingsLastCheckTime" - "Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.SettingsLastUpdate" - "1434831031"
[-] Chrome preferences cleaned: "CT2801948.TBHomePageUrl" - "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"
[-] Chrome preferences cleaned: "CT2801948.ThirdPartyComponentsInterval" - 504
[-] Chrome preferences cleaned: "CT2801948.ThirdPartyComponentsLastCheck" - "Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.ThirdPartyComponentsLastUpdate" - "1331805997"
[-] Chrome preferences cleaned: "CT2801948.ToolbarShrinkedFromSetup" - false
[-] Chrome preferences cleaned: "CT2801948.TrusteLinkUrl" - "hxxp://trust.cpccint.com"
[-] Chrome preferences cleaned: "CT2801948.TrustedApiDomains" - "conduit.com,conduit-hosting.com,conduit-services.com,tbclient.tbccint.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[-] Chrome preferences cleaned: "CT2801948.UserID" - "UN43114603891290484"
[-] Chrome preferences cleaned: "CT2801948.WeatherNetwork" - ""
[-] Chrome preferences cleaned: "CT2801948.WeatherPollDate" - "Mon Jun 22 2015 22:08:00 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.WeatherUnit" - "C"
[-] Chrome preferences cleaned: "CT2801948.alertChannelId" - "1194029"
[-] Chrome preferences cleaned: "CT2801948.backendstorage.searchappstate" - "32"
[-] Chrome preferences cleaned: "CT2801948.backendstorage.searchapptracking" - "31"
[-] Chrome preferences cleaned: "CT2801948.generalConfigFromLogin" - "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.apps.tbccint.com;apps.cpccint.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\",\"RevertSettingsEnabled\":\"true\",\"WorkingAppsWhenHiddenList\":\"[\\\"6cfe5439-68c4-4541-859e-cf72ae454b3e\\\",\\\"2d2f2f16-9432-4890-9f93-624a84cf6261\\\"]\",\"ChInterval\":\"1\"}"
[-] Chrome preferences cleaned: "CT2801948.globalFirstTimeInfoLastCheckTime" - "Mon Jun 22 2015 22:08:01 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.homepageProtectorEnableByLogin" - true
[-] Chrome preferences cleaned: "CT2801948.initDone" - true
[-] Chrome preferences cleaned: "CT2801948.isAppTrackingManagerOn" - false
[-] Chrome preferences cleaned: "CT2801948.isFirstRadioInstallation" - false
[-] Chrome preferences cleaned: "CT2801948.myStuffEnabled" - true
[-] Chrome preferences cleaned: "CT2801948.myStuffPublihserMinWidth" - 400
[-] Chrome preferences cleaned: "CT2801948.myStuffSearchUrl" - "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[-] Chrome preferences cleaned: "CT2801948.myStuffServiceIntervalMM" - 1440
[-] Chrome preferences cleaned: "CT2801948.myStuffServiceUrl" - "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"
[-] Chrome preferences cleaned: "CT2801948.navigateToUrlOnSearch" - false
[-] Chrome preferences cleaned: "CT2801948.revertSettingsEnabled" - true
[-] Chrome preferences cleaned: "CT2801948.searchProtectorDialogDelayInSec" - 10
[-] Chrome preferences cleaned: "CT2801948.searchProtectorEnableByLogin" - true
[-] Chrome preferences cleaned: "CT2801948.testingCtid" - ""
[-] Chrome preferences cleaned: "CT2801948.toolbarAppMetaDataLastCheckTime" - "Mon Jun 22 2015 22:08:03 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CT2801948.toolbarContextMenuLastCheckTime" - "Mon Jun 22 2015 22:08:05 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CommunityToolbar.ConduitHomepagesList" - "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"
[-] Chrome preferences cleaned: "CommunityToolbar.ConduitSearchList" - "NCH EN Customized Web Search"
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948" - "\"3e0da5be33ce296700ead6967f52b0be3\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/US" - "\"9e9bc8fd2fa54ed040204b5d8b03201f\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://alerts.tbccint.com/root/1194029/1189706/US" - "\"9e9bc8fd2fa54ed040204b5d8b03201f\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948" - "\"1335304596\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=CT2801948" - "wXadKzlxrTPi94Uh0RyfYA=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT2801948" - "wXadKzlxrTPi94Uh0RyfYA=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=CT2801948" - "4mR7UAmaE577t0ehc6wMRQ=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT2801948" - "4mR7UAmaE577t0ehc6wMRQ=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=CT2801948" - "9gZwAmVbKXLKgoQfYaFHDw=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT2801948" - "9gZwAmVbKXLKgoQfYaFHDw=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=CT2801948" - "/Tci0o49cXaopKSi//woyw=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT2801948" - "/Tci0o49cXaopKSi//woyw=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT2801948&UM=UM_UNINSTALL_ID" - "/Tci0o49cXaopKSi//woyw=="
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg" - "\"f4cb1557a8bece1:4d2\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6" - "\"f414eeaa6bece1:4d2\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948" - "\"a238378f7d0708034a0defa297cb8b8b\""
[-] Chrome preferences cleaned: "CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us" - "\"eaf73610e336ff8f64237fc73930dfe4\""
[-] Chrome preferences cleaned: "CommunityToolbar.LatestLibsPath" - "file:///C:\\Users\\Bryan\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\thahfu1s.default\\conduitCommon\\modules\\3.13.0.6"
[-] Chrome preferences cleaned: "CommunityToolbar.LatestToolbarVersionInstalled" - "3.13.0.6"
[-] Chrome preferences cleaned: "CommunityToolbar.SearchFromAddressBarSavedUrl" - ""
[-] Chrome preferences cleaned: "CommunityToolbar.ToolbarsList" - "CT2801948"
[-] Chrome preferences cleaned: "CommunityToolbar.ToolbarsList2" - "CT2801948"
[-] Chrome preferences cleaned: "CommunityToolbar.ToolbarsList4" - "CT2801948"
[-] Chrome preferences cleaned: "CommunityToolbar.globalUserId" - "6038bd9c-bfd1-40dd-9cb5-d23d60482669"
[-] Chrome preferences cleaned: "CommunityToolbar.isAlertUrlAddedToFeedItemTable" - true
[-] Chrome preferences cleaned: "CommunityToolbar.isClickActionAddedToFeedItemTable" - true
[-] Chrome preferences cleaned: "CommunityToolbar.keywordURLSelectedCTID" - "CT2801948"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.alertDialogsGetterLastCheckTime" - "Mon Jun 22 2015 22:08:05 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.alertInfoInterval" - 60
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.alertInfoLastCheckTime" - "Mon Jun 22 2015 22:08:12 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.clientsServerUrl" - "hxxp://alertsnotifications.ourtoolbar.com"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.locale" - "en"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.loginIntervalMin" - 1440
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.loginLastCheckTime" - "Mon Jun 22 2015 22:08:04 GMT-0400 (Eastern Daylight Time)"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.loginLastUpdateTime" - "1401369664"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.messageShowTimeSec" - 20
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.servicesServerUrl" - "hxxp://alert.services.tbccint.com"
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.showTrayIcon" - false
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.userCloseIntervalMin" - 300
[-] Chrome preferences cleaned: "CommunityToolbar.notifications.userId" - "d02c081d-9702-4d18-b214-6cc918573afa"
[-] Chrome preferences cleaned: "CommunityToolbar.originalHomepage" - "hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir="
[-] Chrome preferences cleaned: "CommunityToolbar.originalSearchEngine" - "Dregol"
[-] Chrome preferences cleaned: "browser.search.defaultenginename.US" - "NCH EN Customized Web Search"
[-] Chrome preferences cleaned: "browser.search.defaultthis.engineName" - "NCH EN Customized Web Search"
[-] Chrome preferences cleaned: "browser.search.defaulturl" - "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" - "NCH EN Customized Web Search"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"
[-] Chrome preferences cleaned: "keyword.URL" - "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q="
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: dregol
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=&uref=chmm
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [extension] Deleted: gclijllifhfpomppedeljakfegbcpojn
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [extension] Deleted: ihokndmjeombjojnfkmapfnjeghjohim
[-] [C:\Users\Bryan\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=&uref=chmm
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: dregol.com
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.dregol.com/?f=7&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gclijllifhfpomppedeljakfegbcpojn
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ihokndmjeombjojnfkmapfnjeghjohim
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [39216 Bytes] - [07/12/2016 00:22:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [46827 Bytes] - [07/12/2016 00:20:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [39364 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Bryan (Administrator) on Wed 12/07/2016 at 0:30:18.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad3b802ffd897 (File)
Successfully deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\searchplugin\conduit.xml (File)
Successfully deleted: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\user.js (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\0814avUpdateInfo (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/07/2016 at 0:35:11.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


[-] Deleted ->> File ->> C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Chromium\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localstorage
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Chromium\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localstorage-journal
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localstorage
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_snapmyscreen.dl.tb.ask.com_0.localstorage-journal
[-] Deleted ->> File ->> C:\Users\Bryan\Appdata\LocalLow\Microsoft\Internet Explorer\Services\Run_Dregol.ico
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ <RegValue:> AppPath <RegData:> C:\Program Files (x86)\Run_Dregol\\ : C:\Program Files (x86)\Run_Dregol\\
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ <RegValue:> AppPath <RegData:> C:\Program Files (x86)\Run_Dregol\\ : C:\Program Files (x86)\Run_Dregol\\
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ <RegValue:> AppPath <RegData:> C:\Program Files (x86)\Run_Dregol\\ : C:\Program Files (x86)\Run_Dregol\\
[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ <RegValue:> AppPath <RegData:> C:\Program Files (x86)\Run_Dregol\\ : C:\Program Files (x86)\Run_Dregol\\
[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\Software\AppDataLow\Software\Smartbar


~ ZHPCleaner v2016.12.6.210 by Nicolas Coolman (2016/12/04)
~ Run by Bryan (Administrator) (07/12/2016 00:55:00)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Bryan\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bryan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (7)
REPLACED Google Chrome Preferences: "https://d31qbv1cthcecs.cloudfront.net/" =>.Superfluous.CloudfrontNet
REPLACED Google Chrome Preferences: "https://d5nxst8fruw4z.cloudfront.net/" =>.Superfluous.CloudfrontNet
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <-loopback>] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad : http=127.0.0.1:60190;https=127.0.0.1:60190] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 0] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy


---\\ Hosts file (1)
~ The hosts file is legitimate (14796)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (90)
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules\SearchProtector.jsm =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\bubble.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\bubble.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\information.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\images\ok-button.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\images\separation-line.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\images\warning.png =>PUP.Optional.SearchProtect
MOVED file: C:\Windows\Installer\wix{328CC232-CFDC-468B-A214-2E21300E4CB5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{404BB1FF-A84F-432F-B77B-301E88E8D1C7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9C98CA38-4C1A-4AC8-B55C-169497C8826B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9EFC40E3-5F31-4F75-8445-286273F74D8E}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\Bryan\Downloads\CR_Downloader_for_dolphin.exe [Program - Application Internet Web Setup] =>Adware.Amonetize
MOVED file: C:\Users\Bryan\Downloads\How to Have a Frugally Fabulous Wedding.pdf =>PUP.Optional.CrossRider
MOVED file: C:\Users\Bryan\Downloads\SnapMyScreenSetup.SnapMyScreen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe [Mindspark Interactive Network - SnapMyScreen Setup] =>.Superfluous.MindSpark
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage-journal =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstorage =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstorage-journal =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorage =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorage-journal =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage-journal =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED folder: C:\Users\Bryan\AppData\Roaming\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Users\Bryan\AppData\Local\CrashReportClient =>.Superfluous.CrashReports
MOVED folder: C:\Users\Bryan\AppData\Local\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI5B93.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7E5F.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI812E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC276.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC4F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID350.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID356.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID71A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIE3F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIEE68.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF501.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF7E4.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (10)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\weatherbug.com [] =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\WeatherBugStub.exe [] =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4B969F2F-E383-4EBD-8B34-EDA2D737D096} [Spigot, Inc.] =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions


---\\ Summary of the elements found (23)
https://www.anti-malware.top/2016/08/31/cloudfront-net/ =>.Superfluous.CloudfrontNet
https://www.anti-malware.top/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/ =>Hijacker.Proxy
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BDYahoo
https://www.nicolascoolman.com/fr/pup-searchprotect/ =>PUP.Optional.SearchProtect
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/05/24/adware-amonetize/ =>Adware.Amonetize
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://www.anti-malware.top/2016/05/29/superfluous-mindspark/ =>.Superfluous.MindSpark
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.AkamaiHD
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Softonic
https://www.anti-malware.top/2016/05/02/superfluous-ironsourceltd/ =>.Superfluous.IronSourceLtd
https://www.nicolascoolman.com/fr/spyware-putlocker/ =>PUP.Optional.PutLocker
https://www.nicolascoolman.com/fr/adware-addlyrics/ =>PUP.Optional.AddLyrics
https://www.anti-malware.top/2016/07/12/superfluous-fastweb/ =>.Superfluous.FastWeb
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.WeatherBug
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.CrashReports
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BrowserExtensions
https://www.nicolascoolman.com/fr/pup-dealio/ =>PUP.Optional.Dealio
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (12)
~ Registry Keys Tracing deleted (12)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 30192
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 107


~ End of clean in 00h00mn30s
~====================
ZHPCleaner-[R]-07122016-00_55_30.txt
ZHPCleaner--07122016-00_54_19.txt


~ ZHPCleaner v2016.12.6.210 by Nicolas Coolman (2016/12/04)
~ Run by Bryan (Administrator) (07/12/2016 00:55:00)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Bryan\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Bryan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (7)
REPLACED Google Chrome Preferences: "https://d31qbv1cthcecs.cloudfront.net/" =>.Superfluous.CloudfrontNet
REPLACED Google Chrome Preferences: "https://d5nxst8fruw4z.cloudfront.net/" =>.Superfluous.CloudfrontNet
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <-loopback>] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad : http=127.0.0.1:60190;https=127.0.0.1:60190] =>Hijacker.Proxy
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 0] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=60190 <-Loopback>] =>Hijacker.Proxy


---\\ Hosts file (1)
~ The hosts file is legitimate (14796)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (90)
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\yahoo.xml =>PUP.Optional.BDYahoo
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules\SearchProtector.jsm =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\Images\info.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\Images\ok-on.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorDialog\Images\ok.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\bubble.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\bubble.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\information.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\main.html =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\SearchProtector.css =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\SearchProtector.js =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\images\ok-button.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\images\separation-line.png =>PUP.Optional.SearchProtect
MOVED file: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\CT2801948\Dialogs\NewSearchProtectorDialog\images\warning.png =>PUP.Optional.SearchProtect
MOVED file: C:\Windows\Installer\wix{328CC232-CFDC-468B-A214-2E21300E4CB5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{404BB1FF-A84F-432F-B77B-301E88E8D1C7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9C98CA38-4C1A-4AC8-B55C-169497C8826B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{9EFC40E3-5F31-4F75-8445-286273F74D8E}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\Bryan\Downloads\CR_Downloader_for_dolphin.exe [Program - Application Internet Web Setup] =>Adware.Amonetize
MOVED file: C:\Users\Bryan\Downloads\How to Have a Frugally Fabulous Wedding.pdf =>PUP.Optional.CrossRider
MOVED file: C:\Users\Bryan\Downloads\SnapMyScreenSetup.SnapMyScreen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe [Mindspark Interactive Network - SnapMyScreen Setup] =>.Superfluous.MindSpark
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_stags.bluekai.com_0.localstorage-journal =>Hijacker.Browser
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstorage =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_features.en.softonic.com_0.localstorage-journal =>.Superfluous.Softonic
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorage =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameofthrones.wikia.com_0.localstorage-journal =>.Superfluous.IronSourceLtd
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker9.com_0.localstorage-journal =>PUP.Optional.PutLocker
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fastweb.com_0.localstorage-journal =>.Superfluous.FastWeb
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage =>PUP.Optional.AddLyrics
MOVED file: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics
MOVED folder: C:\Users\Bryan\AppData\Roaming\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Users\Bryan\AppData\Local\CrashReportClient =>.Superfluous.CrashReports
MOVED folder: C:\Users\Bryan\AppData\Local\WeatherBug =>PUP.Optional.WeatherBug
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI5B93.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7E5F.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI812E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC276.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC4F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID350.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID356.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSID71A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIE3F7.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIEE68.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF501.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF7E4.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (10)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\weatherbug.com [] =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Applications\WeatherBugStub.exe [] =>PUP.Optional.WeatherBug
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4B969F2F-E383-4EBD-8B34-EDA2D737D096} [Spigot, Inc.] =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} [C:\Users\Bryan\AppData\Roaming\BrowserExtensions (Not File)] =>PUP.Optional.BrowserExtensions


---\\ Summary of the elements found (23)
https://www.anti-malware.top/2016/08/31/cloudfront-net/ =>.Superfluous.CloudfrontNet
https://www.anti-malware.top/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/ =>Hijacker.Proxy
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BDYahoo
https://www.nicolascoolman.com/fr/pup-searchprotect/ =>PUP.Optional.SearchProtect
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/05/24/adware-amonetize/ =>Adware.Amonetize
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://www.anti-malware.top/2016/05/29/superfluous-mindspark/ =>.Superfluous.MindSpark
https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.AkamaiHD
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Softonic
https://www.anti-malware.top/2016/05/02/superfluous-ironsourceltd/ =>.Superfluous.IronSourceLtd
https://www.nicolascoolman.com/fr/spyware-putlocker/ =>PUP.Optional.PutLocker
https://www.nicolascoolman.com/fr/adware-addlyrics/ =>PUP.Optional.AddLyrics
https://www.anti-malware.top/2016/07/12/superfluous-fastweb/ =>.Superfluous.FastWeb
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.WeatherBug
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.CrashReports
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.com/fr/adware-domaiq/ =>PUP.Optional.DomaIQ
https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.BrowserExtensions
https://www.nicolascoolman.com/fr/pup-dealio/ =>PUP.Optional.Dealio
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (12)
~ Registry Keys Tracing deleted (12)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 30192
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 107


~ End of clean in 00h00mn30s
~====================
ZHPCleaner-[R]-07122016-00_55_30.txt
ZHPCleaner--07122016-00_54_19.txt
 
Last edited by a moderator:
#4
Step 1: Remove Useless Programs.
µTorrent (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Browser Extensions (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION
HP Webcam User's Guide (HKLM-x32\...\{D31612BB-C6D7-4142-96AE-16DB062354CF}) (Version: - Hewlett-Packard)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.2.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.9 (HKLM-x32\...\{4B969F2F-E383-4EBD-8B34-EDA2D737D096}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION


Step 2: Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

Step3: FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Step 5: Emsisoft Scan

We will need a Log from Emsisoft Emergency Kit.

Please go HERE and download Emsisoft Emergency Kit, save it to somewhere you can find it, the desktop will be the best place. Once downloaded Double left click on the desktop icon






The installer will open and display the license agreement and the proposed default program folder location, accept this and then click the install button.





It will take a minute or two to extract all the files into the destination folder and when complete the folder should open in an explorer window. If by chance it does not, open Windows Explorer and navigate to C:\EEK and the folder contents should appear similar to that below.

Right click the "Start Emergency Kit Scanner.exe" file and select Run as Administrator from the drop down menu.





The malware signatures will load and a prompt will appear to update online. Click "Yes" to update.





The update will take a few minutes and the Update now box for step one will turn green. In the second box labelled "2. Scan" click on the "Custom Scan" label as per picture below.





The custom scan options box will open and by default will have selected the default operating system drive by default. Accept the "Scan Object" and "Scan Settings" options already checked, and click the next button.




The scan will begin which may take some time to complete. If any suspicious files are found they will be listed and automatically selected for quarantine.

  1. Select "Quarantine Selected"
  2. Then select "View Report"



A notepad file will open with the results of the scan.
A copy of the report can also be found by clicking the logs "Logs" box on the program main opening screen.
Please copy and paste the contents of the report in your next reply.

Step 4: HijackThis.



1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 5: Autoruns Log.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
 

Attachments

  • fixlist.txt
    13.4 KB · Views: 15
#7
Ok, so I had made a thread before and got through a lot of programs and then life got in the way. I got back to it and followed the last instructions I was given. Anyway, heres the old thread:
https://pchelpforum.net/threads/the-staff-here-said-i-might-have-malware.14557/

I removed those files listed with Geek Uninstaller except for
"Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Browser Extensions (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.8.8.11 - Spigot, Inc.) <==== ATTENTION"
I could not find those in the list.
And here are the log files from that last post.



Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bryan (04-01-2017 11:42:00) Run:1
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: Bryan & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
Task: {FB4D4D83-6484-4BE4-A897-CF12E8EC8E84} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EFF7FA9B-71DC-4715-8BA8-16EDA373369A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIO
Task: {E13EA930-A87B-4819-9872-458FE8488AB4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BBD59593-6DE4-4CC2-AB20-F3553D295A31} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BF1174BF-859A-4DF8-8CA8-7C7042882E67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5759DD7-35B7-4664-A8FD-289C8435B7A3} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {D4CC058D-6E8A-423C-92E2-75CAACBD282E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {D7999EBD-BC8F-45D5-8664-AB3408E8385A} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {B9300E86-CD64-48F7-94DD-A456DD72D7C2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {AECB5684-4A48-4980-B887-555DB5406C67} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {950C771E-8461-4B25-B839-3BE725D37F29} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {9931FF85-3351-42DE-8F34-B03F5B1AF536} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8290ABE3-4049-4AF7-AE71-A90F12CB7647} - System32\Tasks\{D7800F6C-F764-4C79-B124-9E3AA70471DC} => pcalua.exe -a "C:\Users\Bryan\Desktop\New Folder\crack\UPDATE\assassins_creed_2_1.01_us.exe" -d "C:\Users\Bryan\Desktop\New Folder\crack\UPDATE"
Task: {6F2B85AE-85DB-46A2-B01E-15610C28006E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5A67B648-E6F4-40D6-918D-FCEEB121DD4C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C3086EE-8C38-4F1C-BB8C-8BEEEF8B855C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {29F34EC9-1504-43B5-A7E5-3992EB83042E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {27FF1ACE-77AE-4DD2-ABC4-63AC7824A216} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1BD4D10D-0E13-4A44-B061-7748355BA825} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {157B46F2-A7BC-4E9B-8A8B-DCF1469CB341} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
C:\Users\Bryan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Bryan\AppData\Local\Temp\SkypeSetup.exe
2010-04-13 11:01 - 2010-05-29 18:01 - 0000004 _____ () C:\Users\Bryan\AppData\Roaming\FC0951
2010-04-13 11:01 - 2010-05-29 18:01 - 0870128 _____ () C:\Users\Bryan\AppData\Roaming\mcs.rma
2014-12-13 23:46 - 2014-12-13 23:46 - 0000064 _____ () C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad3b802ffd897
2010-05-22 21:20 - 2010-05-22 21:20 - 0000600 _____ () C:\Users\Bryan\AppData\Local\PUTTY.RND
2012-08-15 21:59 - 2012-09-22 02:21 - 0000044 ___SH () C:\ProgramData\.zreglib
2010-04-01 12:18 - 2010-04-01 12:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad3b802ffd897
C:\Users\Bryan\AppData\Roaming\uTorrent
C:\Users\Bryan\AppData\Roaming\Azureus
C:\Users\Bryan\Downloads\[ www.Torrenting.com ] - Sweeny Todd The Demon Barber Of Fleet Street 2007 DVDRIP Xvid AC3-BHRG
U3 idsvc; no ImagePath
DisableService: DirMngr
DisableService: GfExperienceService
DisableService: WdNisSvc
DisableService: WinDefend
DisableService: IDriverT
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Bryan\AppData\Local\Temp\tbch.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx <not found>
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx <not found>
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx <not found>
CHR HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Bryan\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
CHR HomePage: Default -> hxxp://www.dregol.com/?f=1&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=
CHR StartupUrls: Default -> "hxxp://www.dregol.com/?f=7&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=",""
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.1.0\FF => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wtu-secure-search.xml [2014-11-06]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\avg-secure-search.xml [2014-11-06]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\conduit.xml [2012-06-14]
FF SearchPlugin: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\Dregol.xml [2015-06-22]
FF Extension: (Address Bar Search) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-16] [not signed]
FF Homepage: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13
FF Keyword.URL: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q=
FF user.js: detected! => C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\user.js [2013-08-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\thahfu1s.default -> Yahoo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\thahfu1s.default -> NCH EN Customized Web Search
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\9.9\vuzeToolbarIE.dll [2014-10-10] (Spigot, Inc.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Vuze Remote Toolbar -> {05478A66-EDB6-4A22-A870-A5987F80A7DA} -> C:\Program Files (x86)\Vuze Remote Toolbar\IE\9.9\vuzeToolbarIE.dll [2014-10-10] (Spigot, Inc.)
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> DefaultScope {99653235-66E7-4294-A58A-C006B3CE06AB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DCF1DF&PC=DCF1&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {0CAF6133-B363-4737-8A62-F8CE22CA518A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_15&cd=2XzuyEtN2Y1L1QzuyC0C0FtDyEzytD0E0CyE0EtByD0B0AyBtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyDtD0ByBtCyD0FtAtGzy0DtCtBtGyEzyzytAtG0CtC0DyCtGtAtC0ByD0E0EtA0AtC0AyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Czy0FtByB0ByByBtGzyyC0B0CtGyEzyyEyEtG0BtA0D0DtGzz0F0E0E0CzzyEyBtDtDtAzy2QtN0A0LzutB&cr=943314530&ir=
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {3E762472-5EC9-4cc1-9400-8372E2898368} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {4565BD94-6AA8-4B61-A848-A9323292E492} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {99653235-66E7-4294-A58A-C006B3CE06AB} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
ProxyServer: [S-1-5-21-3534269808-1485983137-1280583553-1000] => http=127.0.0.1:60190;https=127.0.0.1:60190
Hosts:
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{244551fa-f4f7-4d10-b506-eb7f183024c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{85e448af-b9ba-4d26-b108-bc168d199adc}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a07d11a2-db66-4097-b889-d94922c1d720}: [DhcpNameServer] 192.168.1.1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk [2010-03-30]
ShortcutTarget: NCProTray.lnk -> C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)
Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk [2015-09-24]
ShortcutTarget: GameVox.lnk -> C:\Program Files (x86)\GameVox\GameVox.exe (GameVox LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM-x32\...\Run: [] => [X]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


*****************

Restore point was successfully created.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB4D4D83-6484-4BE4-A897-CF12E8EC8E84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4D4D83-6484-4BE4-A897-CF12E8EC8E84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFF7FA9B-71DC-4715-8BA8-16EDA373369A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFF7FA9B-71DC-4715-8BA8-16EDA373369A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E13EA930-A87B-4819-9872-458FE8488AB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E13EA930-A87B-4819-9872-458FE8488AB4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBD59593-6DE4-4CC2-AB20-F3553D295A31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBD59593-6DE4-4CC2-AB20-F3553D295A31} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF1174BF-859A-4DF8-8CA8-7C7042882E67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF1174BF-859A-4DF8-8CA8-7C7042882E67} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5759DD7-35B7-4664-A8FD-289C8435B7A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5759DD7-35B7-4664-A8FD-289C8435B7A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4CC058D-6E8A-423C-92E2-75CAACBD282E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4CC058D-6E8A-423C-92E2-75CAACBD282E} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7999EBD-BC8F-45D5-8664-AB3408E8385A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7999EBD-BC8F-45D5-8664-AB3408E8385A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9300E86-CD64-48F7-94DD-A456DD72D7C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9300E86-CD64-48F7-94DD-A456DD72D7C2} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AECB5684-4A48-4980-B887-555DB5406C67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AECB5684-4A48-4980-B887-555DB5406C67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{950C771E-8461-4B25-B839-3BE725D37F29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{950C771E-8461-4B25-B839-3BE725D37F29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9931FF85-3351-42DE-8F34-B03F5B1AF536} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9931FF85-3351-42DE-8F34-B03F5B1AF536} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8290ABE3-4049-4AF7-AE71-A90F12CB7647} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8290ABE3-4049-4AF7-AE71-A90F12CB7647} => key removed successfully
C:\WINDOWS\System32\Tasks\{D7800F6C-F764-4C79-B124-9E3AA70471DC} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D7800F6C-F764-4C79-B124-9E3AA70471DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F2B85AE-85DB-46A2-B01E-15610C28006E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F2B85AE-85DB-46A2-B01E-15610C28006E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A67B648-E6F4-40D6-918D-FCEEB121DD4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A67B648-E6F4-40D6-918D-FCEEB121DD4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C3086EE-8C38-4F1C-BB8C-8BEEEF8B855C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C3086EE-8C38-4F1C-BB8C-8BEEEF8B855C} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29F34EC9-1504-43B5-A7E5-3992EB83042E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F34EC9-1504-43B5-A7E5-3992EB83042E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27FF1ACE-77AE-4DD2-ABC4-63AC7824A216} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27FF1ACE-77AE-4DD2-ABC4-63AC7824A216} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BD4D10D-0E13-4A44-B061-7748355BA825} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BD4D10D-0E13-4A44-B061-7748355BA825} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{157B46F2-A7BC-4E9B-8A8B-DCF1469CB341} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{157B46F2-A7BC-4E9B-8A8B-DCF1469CB341} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
C:\Users\Bryan\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Bryan\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Bryan\AppData\Roaming\FC0951 => moved successfully
C:\Users\Bryan\AppData\Roaming\mcs.rma => moved successfully
"C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad3b802ffd897" => not found.
C:\Users\Bryan\AppData\Local\PUTTY.RND => moved successfully
C:\ProgramData\.zreglib => moved successfully
C:\ProgramData\ezsidmv.dat => moved successfully
"C:\Users\Bryan\AppData\Local\96c19848fb4b5725e3dad3b802ffd897" => not found.
C:\Users\Bryan\AppData\Roaming\uTorrent => moved successfully
C:\Users\Bryan\AppData\Roaming\Azureus => moved successfully
C:\Users\Bryan\Downloads\[ www.Torrenting.com ] - Sweeny Todd The Demon Barber Of Fleet Street 2007 DVDRIP Xvid AC3-BHRG => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
DirMngr => Unable to disable service
GfExperienceService => Unable to disable service
WdNisSvc => Unable to disable service
WinDefend => Unable to disable service
IDriverT => Unable to disable service
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => key not found.
Chrome HomePage => not found.
Chrome StartupUrls => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} => value not found.
"C:\Program Files (x86)\mozilla firefox\searchplugins\wtu-secure-search.xml" => not found.
"C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\avg-secure-search.xml" => not found.
"C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\conduit.xml" => not found.
"C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\searchplugins\Dregol.xml" => not found.

"C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}" folder move:

Could not move "C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}" => Scheduled to move on reboot.

Firefox "homepage" removed successfully
FF Keyword.URL: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=2&q= => not found
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\user.js => not found.
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\user.js => not found.
Firefox DefaultSearchEngine removed successfully
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\thahfu1s.default -> NCH EN Customized Web Search => not found
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\thahfu1s.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value could not remove.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => value not found.
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => could not remove key. Access Denied.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => could not remove key. Access Denied.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => could not remove key. Access Denied.
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key removed successfully
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CAF6133-B363-4737-8A62-F8CE22CA518A} => key not found.
HKCR\CLSID\{0CAF6133-B363-4737-8A62-F8CE22CA518A} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E762472-5EC9-4cc1-9400-8372E2898368} => key removed successfully
HKCR\CLSID\{3E762472-5EC9-4cc1-9400-8372E2898368} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4565BD94-6AA8-4B61-A848-A9323292E492} => key not found.
HKCR\CLSID\{4565BD94-6AA8-4B61-A848-A9323292E492} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99653235-66E7-4294-A58A-C006B3CE06AB} => key removed successfully
HKCR\CLSID\{99653235-66E7-4294-A58A-C006B3CE06AB} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value could not remove.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value could not remove.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{244551fa-f4f7-4d10-b506-eb7f183024c0}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85e448af-b9ba-4d26-b108-bc168d199adc}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a07d11a2-db66-4097-b889-d94922c1d720}\\DhcpNameServer => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCProTray.lnk => moved successfully
C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe => moved successfully
C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk => moved successfully
C:\Program Files (x86)\GameVox\GameVox.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key could not remove, key could be protected
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value could not remove.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


========= End of CMD: =========


========= ipconfig /flushdns =========


========= End of CMD: =========


========= netsh winsock reset catalog =========


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========


========= End of CMD: =========


========= ipconfig /release =========


========= End of CMD: =========


========= ipconfig /renew =========


========= End of CMD: =========


========= netsh int ipv4 reset =========


========= End of CMD: =========


========= netsh int ipv6 reset =========


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1134528 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 380953044 B
Java, Flash, Steam htmlcache => 566945269 B
Windows/system/drivers => 1221076 B
Edge => 561192 B
Chrome => 737516311 B
Firefox => 21405846 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 30498 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 100500 B
NetworkService => 2247546 B
Bryan => 426865780 B
DefaultAppPool => 22818 B


Zemana AntiMalware 2.70.2.262 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/1/4
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 12664A99569BA5006DAFB7
Scan Type : Custom Scan
Duration : 157m 38s
Scanned Objects : 640658
Detected Objects : 17
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

openofficeussuite-setup.exe
Status : Scanned
Object : %userprofile%\downloads\openofficeussuite-setup.exe
MD5 : B7948B3574C89862A962C317E8220178
Publisher : Download Admin
Size : 476528
Version : -
Detection : Win32/Adware.Downloader!Ep
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\openofficeussuite-setup.exe

braid_full_1015.exe
Status : Scanned
Object : %userprofile%\downloads\braid_full_1015.exe
MD5 : 2F14B93A901C16B2ADBADB0430AB383D
Publisher : -
Size : 53248
Version : 0.0.0.0
Detection : Malware:Win32/Tazzi.A!Emka
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\braid_full_1015.exe

switch.exe
Status : Scanned
Object : %programfiles%\nch software\switch\switch.exe
MD5 : D5ECD86F070A257EDD9BC6D904A397FC
Publisher : -
Size : 1295876
Version : 0.0.0.0
Detection : Adware:Win32/Conduit!Sig
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\nch software\switch\switch.exe
Reference - C:\Users\Bryan\Desktop\Stuff\Switch Sound File Converter.lnk

CR_Downloader_for_dolphin.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\cr_downloader_for_dolphin.exe
MD5 : FCA2C2DE4F913B0DAFF09CD6D8B3E1DB
Publisher : eCHANG Net Inc.
Size : 747288
Version : 0.0.0.0
Detection : Adware:Win32/eCHANG!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\cr_downloader_for_dolphin.exe

SnapMyScreenSetup.SnapMyScreen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe
Status : Scanned
Object : %appdata%\zhp\quarantine\snapmyscreensetup.snapmyscreen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe
MD5 : 50583DB4761FCAD44673F668AF2A3D6A
Publisher : Mindspark Interactive Network
Size : 3336576
Version : 1.0.7907.151
Detection : Adware:Win32/Mindspark!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\zhp\quarantine\snapmyscreensetup.snapmyscreen_bf.jhimebnnaphjchlhcdgdlbfmlbbbaank.ch.exe

Tales of Zestiria.exe
Status : Scanned
Object : %programfiles%\steam\steamapps\common\tales of zestiria\tales of zestiria.exe
MD5 : 09BD1B01547FF11D3B47FCFF2E5C06AB
Publisher : -
Size : 30426624
Version : -
Detection : Heur.Malicious!Pc
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\steam\steamapps\common\tales of zestiria\tales of zestiria.exe

uninst.exe
Status : Scanned
Object : %programfiles%\nch software\switch\uninst.exe
MD5 : E0FC8363DC75DE27D1FDDBD50008AC8B
Publisher : -
Size : 1295876
Version : 0.0.0.0
Detection : Adware:Win32/Conduit!Sig
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\nch software\switch\uninst.exe

ConduitInstaller.exe
Status : Scanned
Object : %programfiles%\nch software\components\nchtoolbars\conduit\conduitinstaller.exe
MD5 : 710626F0C8B94C9CF89458409E3EE12E
Publisher : Conduit Ltd.
Size : 211792
Version : 5.5.0.10
Detection : Win32/Adware.Conduit!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\nch software\components\nchtoolbars\conduit\conduitinstaller.exe

Uninstall.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\uninstall.exe
MD5 : 52FF6E9F2F601BA0FF9400C15558893D
Publisher : -
Size : 592895
Version : 2.8.8.11
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\uninstall.exe

ButtonWrap64.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\buttonwrap64.dll
MD5 : 3D5D360F7445A73CAE300B83B9A2846E
Publisher : Spigot, Inc.
Size : 86512
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\buttonwrap64.dll

ButtonWrap.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\buttonwrap.dll
MD5 : FA669DE8C72194087FCBED3EC7AD7227
Publisher : Spigot, Inc.
Size : 79344
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\buttonwrap.dll

Button64.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\button64.exe
MD5 : 385F1ADA432EE82FFBFE03B009FCE751
Publisher : Spigot, Inc.
Size : 28656
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\button64.exe

Button.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\button.exe
MD5 : 8B82563C680BCA3549A6D3B869DE7DE6
Publisher : Spigot, Inc.
Size : 29168
Version : 1.8.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\button.exe

BEHelper.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\behelper.exe
MD5 : 3B22DC547A12AEC14A650805258FC444
Publisher : Spigot, Inc.
Size : 553968
Version : 2.8.8.11
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\behelper.exe

WidgiHelper.exe
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\avmcxqdjnkakxxzybvfnetvsybfhutcm\widgihelper.exe
MD5 : 66E5737A7B68D3DCD78C9AE923345548
Publisher : Spigot, Inc.
Size : 112448
Version : 9.9.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\avmcxqdjnkakxxzybvfnetvsybfhutcm\widgihelper.exe

vuzeToolbarIE.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\avmcxqdjnkakxxzybvfnetvsybfhutcm\ie\9.9\vuzetoolbarie.dll
MD5 : 5BBD7FFDFED00D2B9D0F091825CCAE06
Publisher : Spigot, Inc.
Size : 1574208
Version : 9.9.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\avmcxqdjnkakxxzybvfnetvsybfhutcm\ie\9.9\vuzetoolbarie.dll

vuzeToolbarFF.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\avmcxqdjnkakxxzybvfnetvsybfhutcm\ff\components\vuzetoolbarff.dll
MD5 : B172D7E7E8684BF18C20F9F69E3DC82D
Publisher : Spigot, Inc.
Size : 1385280
Version : 9.9.0.1
Detection : Adware:Win32/Spigot!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\avmcxqdjnkakxxzybvfnetvsybfhutcm\ff\components\vuzetoolbarff.dll


Cleaning Result
-------------------------------------------------------
Cleaned : 17
Reported as safe : 0
Failed : 0




Emsisoft Emergency Kit - Version 12.0
Last update: 1/4/2017 12:27:53 PM
User account: Bryan-PC\Bryan
Computer name: BRYAN-PC
OS version: Windows 10x64

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, F:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 1/4/2017 12:41:53 PM
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpD1D5.xpi -> chrome/content/saebay.js detected: Application.Spigot.BrowExt.V (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpCC45.xpi -> chrome/content/startpage.js detected: Application.MAC.Spigot.AK (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpD138.xpi -> chrome/content/savingsslider.xul detected: Application.Spigot.BrowExt.A (B) [krnl.xmd]
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpD1D5.xpi -> chrome/content/ebay.xul detected: Application.Spigot.BrowExt.A (B) [krnl.xmd]

Scanned 572054
Found 4

Scan end: 1/4/2017 3:42:15 PM
Scan time: 3:00:22

C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpD1D5.xpi Application.Spigot.BrowExt.A (B)
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpD138.xpi Application.Spigot.BrowExt.A (B)
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpCC45.xpi Application.MAC.Spigot.AK (B)
C:\AdwCleaner\quarantine\files\ezvwiptmsedgfjlgmdcamregwnqmpecj\~xpD1D5.xpi Application.Spigot.BrowExt.V (B)

Quarantined 4


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:38 PM, on 1/4/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bryan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
O4 - Startup: https---www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 12173 bytes


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/4/2017 8:12 AM" ""
+ "HotKeysCmds" "" "" "File not found: C:\WINDOWS\system32\hkcmd.exe.exe" "" ""
+ "IgfxTray" "" "" "File not found: C:\WINDOWS\system32\igfxtray.exe.exe" "" ""
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe" "7/28/2011 8:24 PM" ""
+ "NvBackend" "NVIDIA Backend" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\update core\nvbackend.exe" "3/23/2016 6:49 PM" ""
+ "Persistence" "" "" "File not found: C:\WINDOWS\system32\igfxpers.exe.exe" "" ""
+ "ShadowPlay" "NVIDIA Capture Server Proxy" "NVIDIA Corporation" "c:\windows\system32\nvspcap64.dll" "3/23/2016 5:57 AM" ""
+ "ZAM" "ZAM" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zam.exe" "12/30/2016 9:47 AM" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "1/4/2017 8:05 AM" ""
+ "amd_dc_opt" "AMD Dual-Core Optimizer" "AMD" "c:\program files (x86)\amd\dual-core optimizer\amd_dc_opt.exe" "7/22/2008 1:53 PM" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "8/16/2012 9:59 PM" ""
+ "BrHelp" "Brother Help Application" "Brother Industries, Ltd." "c:\program files (x86)\brother\brother help\brotherhelp.exe" "10/21/2014 9:04 PM" ""
+ "BrStsMon00" "Status Monitor Application" "Brother Industries, Ltd." "c:\program files (x86)\browny02\brother\brstmonw.exe" "11/11/2014 3:24 AM" ""
+ "ConnectionCenter" "Citrix online plug-in Connection Center" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\concentr.exe" "3/11/2010 12:21 AM" ""
+ "ControlCenter4" "ControlCenter Launcher" "Brother Industries, Ltd." "c:\program files (x86)\controlcenter4\brccboot.exe" "1/29/2015 3:04 AM" ""
+ "Dropbox" "Dropbox" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropbox.exe" "1/12/2016 1:33 PM" ""
+ "QHSafeTray" "360 Total Security" "QIHU 360 SOFTWARE CO. LIMITED" "c:\program files (x86)\360\total security\safemon\360tray.exe" "7/4/2016 9:47 PM" ""
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" "11/4/2015 4:40 PM" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "8/9/2016 8:18 AM" ""
+ "OneDrive" "Microsoft OneDrive" "Microsoft Corporation" "c:\users\bryan\appdata\local\microsoft\onedrive\onedrive.exe" "5/9/2016 2:31 PM" ""
+ "RESTART_STICKY_NOTES" "" "" "File not found: C:\Windows\System32\StikyNot.exe.exe" "" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "11/15/2016 11:28 AM" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\bryan\appdata\roaming\spotify\data\spotifywebhelper.exe" "6/25/2014 11:19 AM" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "12/7/2016 12:26 AM" ""
+ "Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" "" "" "File not found: rmdir" "" ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "1/4/2017 11:44 AM" ""
+ "D-Link AirPlus G Wireless Utility.lnk" "WLAN Adapter Utility" "D-Link" "c:\program files (x86)\d-link\airplus g wireless adapter utility\airplus.exe" "4/6/2004 3:40 AM" ""
"C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "1/4/2017 11:44 AM" ""
+ "https---www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url" "" "" "c:\users\bryan\appdata\roaming\microsoft\windows\start menu\programs\startup\https---www.youtube.com-v-w-il4tsg1x8&feature=youtu.be&autoplay=1.url" "12/20/2014 10:10 AM" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "8/9/2016 7:25 AM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/15/2016 9:25 PM" ""
+ "Microsoft Windows Media Player" "" "" "File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "9/16/2016 9:47 PM" ""
+ "Google Chrome" "Google Chrome Installer" "Google Inc." "c:\program files (x86)\google\chrome\application\55.0.2883.87\installer\chrmstp.exe" "12/8/2016 1:25 AM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/15/2016 8:41 PM" ""
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "8/9/2016 7:38 AM" ""
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll" "5/14/2013 8:18 AM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/4/2017 8:12 AM" ""
+ "2.0 Zemana AntiMalware" "Zemana AntiMalware" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zamshellext64.dll" "9/29/2016 6:41 AM" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files\poweriso\pwrisosh.dll" "2/3/2014 1:34 AM" ""
+ "SD360" "360 Total Security" "" "c:\program files (x86)\360\total security\menuex64.dll" "8/12/2016 7:14 AM" ""
+ "VirtualCloneDrive" "CloseTray" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell1.dll" "12/14/2009 12:16 PM" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/15/2010 1:28 AM" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "9/21/2016 12:33 AM" ""
+ "VirtualCloneDrive" "CloseTray" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell1.dll" "12/14/2009 12:16 PM" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "9/21/2016 12:33 AM" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files\poweriso\pwrisosh.dll" "2/3/2014 1:34 AM" ""
+ "SD360" "360 Total Security" "" "c:\program files (x86)\360\total security\menuex64.dll" "8/12/2016 7:14 AM" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/15/2010 1:28 AM" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "8/9/2016 7:37 AM" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/15/2010 1:28 AM" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "8/9/2016 7:37 AM" ""
+ "DropboxCopyHook" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "8/9/2016 7:37 AM" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" "11/4/2015 4:40 PM" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ "NvCplDesktopContext" "NVIDIA Display Shell Extension" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll" "3/21/2016 9:28 PM" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "8/9/2016 7:37 AM" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "" "File not found: C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "8/9/2016 7:37 AM" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll" "8/10/2012 9:51 AM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "1/4/2017 8:12 AM" ""
+ "2.0 Zemana AntiMalware" "Zemana AntiMalware" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zamshellext64.dll" "9/29/2016 6:41 AM" ""
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files\poweriso\pwrisosh.dll" "2/3/2014 1:34 AM" ""
+ "SD360" "360 Total Security" "" "c:\program files (x86)\360\total security\menuex64.dll" "8/12/2016 7:14 AM" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/15/2010 1:28 AM" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "8/9/2016 7:37 AM" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "3/15/2010 1:28 AM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "8/9/2016 7:38 AM" ""
+ " DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt5" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt6" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt7" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
+ " DropboxExt8" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext64.33.dll" "2/16/2016 1:37 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "8/9/2016 7:41 AM" ""
+ " DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt5" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt6" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt7" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
+ " DropboxExt8" "Dropbox Shell Extension" "Dropbox, Inc." "c:\program files (x86)\dropbox\client\dropboxext.33.dll" "2/16/2016 1:36 PM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "8/9/2016 7:38 AM" ""
+ "Skype add-on for Internet Explorer" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll" "5/14/2013 8:18 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "1/4/2017 8:05 AM" ""
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll" "5/14/2013 8:25 AM" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "8/9/2016 7:38 AM" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll" "5/14/2013 8:18 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "8/9/2016 7:41 AM" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll" "5/14/2013 8:25 AM" ""
"Task Scheduler" "" "" "" "" ""
+ "\Microsoft\Windows\Media Center\ActivateWindowsSearch" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\ConfigureInternetTimeService" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\DispatchRecoveryTasks" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\ehDRMInit" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\InstallPlayReady" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\mcupdate" "" "" "File not found: C:\WINDOWS\ehome\mcupdate" "" ""
+ "\Microsoft\Windows\Media Center\mcupdate_scheduled" "" "" "File not found: C:\WINDOWS\ehome\mcupdate" "" ""
+ "\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\OCURActivate" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\OCURDiscovery" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PBDADiscovery" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PBDADiscoveryW1" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PBDADiscoveryW2" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
X "\Microsoft\Windows\Media Center\PeriodicScanRetry" "" "" "File not found: C:\WINDOWS\ehome\MCUpdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\PvrRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\PvrScheduleTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
X "\Microsoft\Windows\Media Center\RecordingRestart" "" "" "File not found: C:\WINDOWS\ehome\ehrec" "" ""
+ "\Microsoft\Windows\Media Center\RegisterSearch" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\ReindexSearchRoot" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\StartRecording" "" "" "File not found: C:\WINDOWS\ehome\ehrec" "" ""
+ "\Microsoft\Windows\Media Center\UpdateRecordPath" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 6:42 AM" ""
X "\Microsoft\Windows\Shell\WindowsParentalControls" "" "" "File not found: C:\Windows\SysWOW64\wpcumi.dll" "" ""
X "\Microsoft\Windows\Shell\WindowsParentalControlsMigration" "" "" "File not found: C:\Windows\SysWOW64\wpcmig.dll" "" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/15/2016 9:25 PM" ""
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe" "7/28/2011 8:24 PM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/4/2017 12:26 PM" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "9/16/2016 1:18 PM" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "12/10/2016 6:16 PM" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe" "5/17/2012 10:06 PM" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "8/31/2011 12:52 AM" ""
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files (x86)\browny02\brynsvc.exe" "10/23/2014 12:21 AM" ""
+ "dbupdate" "Keeps your Dropbox software up to date. If this service is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Dropbox software using it." "Dropbox, Inc." "c:\program files (x86)\dropbox\update\dropboxupdate.exe" "6/16/2015 6:40 PM" ""
+ "dbupdatem" "Keeps your Dropbox software up to date. If this service is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Dropbox software using it." "Dropbox, Inc." "c:\program files (x86)\dropbox\update\dropboxupdate.exe" "6/16/2015 6:40 PM" ""
+ "DirMngr" "" "" "c:\program files (x86)\gnu\gnupg\dirmngr.exe" "3/2/2011 10:20 AM" ""
+ "GfExperienceService" "NVIDIA GeForce Experience Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe" "3/23/2016 5:48 AM" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "8/21/2015 9:13 PM" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "8/21/2015 9:13 PM" ""
+ "HiPatchService" "HiPatchService" "Hi-Rez Studios" "c:\program files (x86)\hi-rez studios\hipatchservice.exe" "8/21/2015 10:11 AM" ""
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe" "4/4/2005 12:41 AM" ""
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "9/10/2012 12:31 AM" ""
+ "LMS" "Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe" "9/30/2009 9:33 PM" ""
+ "NvNetworkService" "NVIDIA Network Service" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe" "12/22/2015 4:46 PM" ""
+ "NvStreamNetworkSvc" "Network Service for SHIELD Streaming" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe" "3/23/2016 11:56 PM" ""
+ "NvStreamSvc" "Service for SHIELD Streaming" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe" "3/23/2016 11:55 PM" ""
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe" "3/21/2016 9:28 PM" ""
+ "QHActiveDefense" "360 Total Security" "QIHU 360 SOFTWARE CO. LIMITED" "c:\program files (x86)\360\total security\safemon\qhactivedefense.exe" "11/2/2016 5:12 AM" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "9/20/2016 7:51 AM" ""
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "9/20/2016 1:20 PM" ""
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe" "3/21/2016 8:54 PM" ""
+ "UNS" "Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe" "9/30/2009 9:34 PM" ""
+ "WdNisSvc" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\windows defender\nissrv.exe" "7/15/2016 9:24 PM" ""
+ "WinDefend" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe" "7/15/2016 9:27 PM" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "9/6/2016 11:41 PM" ""
+ "ZAMSvc" "ZAM" "Zemana Ltd." "c:\program files (x86)\zemana antimalware\zam.exe" "12/30/2016 9:47 AM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "1/4/2017 12:26 PM" ""
+ "360AntiHacker" "360安全卫士 网络防黑模块" "360.cn" "c:\windows\system32\drivers\360antihacker64.sys" "7/25/2016 9:04 PM" ""
+ "360AvFlt" "360杀毒 文件监控驱动" "360.cn" "c:\windows\system32\drivers\360avflt.sys" "7/19/2016 3:45 AM" ""
+ "360Box64" "360Box64" "360.cn" "c:\windows\system32\drivers\360box64.sys" "6/27/2016 5:31 AM" ""
+ "360Camera" "360安全卫士 木马防火墙模块" "360.cn" "c:\windows\system32\drivers\360camera64.sys" "6/26/2016 10:47 PM" ""
+ "360FsFlt" "360 Total Security" "360.cn" "c:\windows\system32\drivers\360fsflt.sys" "7/22/2016 3:30 AM" ""
+ "3ware" "LSI 3ware SCSI Storport Driver" "LSI" "c:\windows\system32\drivers\3ware.sys" "5/18/2015 5:28 PM" ""
+ "ADP80XX" "PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller" "PMC-Sierra" "c:\windows\system32\drivers\adp80xx.sys" "4/9/2015 3:49 PM" ""
+ "amdsata" "AHCI 1.3 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "5/14/2015 7:14 AM" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "12/11/2012 4:21 PM" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "4/30/2015 7:55 PM" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "PMC-Sierra, Inc." "c:\windows\system32\drivers\arcsas.sys" "4/9/2015 2:12 PM" ""
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys" "8/23/2009 7:35 AM" ""
+ "atksgt" "" "" "c:\windows\system32\drivers\atksgt.sys" "10/20/2008 2:50 AM" ""
+ "b06bdrv" "QLogic Gigabit Ethernet VBD" "QLogic Corporation" "c:\windows\system32\drivers\bxvbda.sys" "5/25/2016 2:03 AM" ""
+ "BAPIDRV" "BAPIDRV" "360.cn" "c:\windows\system32\drivers\bapidrv64.sys" "9/1/2016 4:46 AM" ""
+ "bcmfn" "BCM Function 2 Device Driver" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn.sys" "6/8/2015 3:32 AM" ""
+ "bcmfn2" "BCM Function 2 Device Driver" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\bcmfn2.sys" "3/16/2014 5:07 AM" ""
+ "cht4iscsi" "Chelsio iSCSI VMiniport Driver" "Chelsio Communications" "c:\windows\system32\drivers\cht4sx64.sys" "4/20/2016 4:54 AM" ""
+ "cht4vbd" "Virtual Bus Driver for Chelsio ® T4 Chipset" "Chelsio Communications" "c:\windows\system32\drivers\cht4vx64.sys" "4/15/2016 2:32 AM" ""
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys" "9/7/2009 1:09 PM" ""
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver" "Samsung Electronics Co., Ltd." "c:\windows\system32\drivers\ssudbus.sys" "8/24/2016 3:00 AM" ""
+ "ebdrv" "QLogic 10 GigE VBD" "QLogic Corporation" "c:\windows\system32\drivers\evbda.sys" "5/25/2016 2:01 AM" ""
+ "ElbyCDIO" "ElbyCD Windows x64 I/O driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\elbycdio.sys" "12/16/2010 5:58 PM" ""
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "5/3/2012 2:56 PM" ""
+ "hamachi" "Hamachi Virtual Network Interface Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\hamachi.sys" "2/19/2009 5:36 AM" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "3/26/2013 4:36 PM" ""
+ "iagpio" "Intel(R) Serial IO GPIO Controller Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\iagpio.sys" "2/18/2016 2:35 AM" ""
+ "iai2c" "Intel(R) Serial IO I2C Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\iai2c.sys" "9/22/2015 1:53 AM" ""
+ "iaLPSS2i_GPIO2" "Intel(R) Serial IO GPIO Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_gpio2.sys" "3/2/2016 9:06 PM" ""
+ "iaLPSS2i_I2C" "Intel(R) Serial IO I2C Driver v2" "Intel Corporation" "c:\windows\system32\drivers\ialpss2i_i2c.sys" "3/2/2016 9:06 PM" ""
+ "iaLPSSi_GPIO" "Intel(R) Serial IO GPIO Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_gpio.sys" "2/2/2015 4:00 AM" ""
+ "iaLPSSi_I2C" "Intel(R) Serial IO I2C Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\ialpssi_i2c.sys" "2/24/2015 10:52 AM" ""
+ "iaStorAV" "Intel(R) Rapid Storage Technology driver (inbox) - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorav.sys" "2/19/2015 7:08 AM" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "4/11/2011 1:48 PM" ""
+ "ibbus" "InfiniBand Fabric Bus Driver" "Mellanox" "c:\windows\system32\drivers\ibbus.sys" "4/10/2016 8:46 AM" ""
+ "IntcAzAudAddService" "Realtek(r) High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys" "11/3/2009 6:39 AM" ""
+ "lirsgt" "" "" "c:\windows\system32\drivers\lirsgt.sys" "3/6/2004 2:53 PM" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "3/25/2015 2:36 PM" ""
+ "LSI_SAS2i" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2i.sys" "3/28/2016 1:49 PM" ""
+ "LSI_SAS3i" "Avago SAS Gen3 Driver (StorPort)" "Avago Technologies" "c:\windows\system32\drivers\lsi_sas3i.sys" "3/28/2016 1:49 PM" ""
+ "LSI_SSS" "LSI SSS PCIe/Flash Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sss.sys" "3/15/2013 6:39 PM" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas.sys" "3/4/2015 9:36 PM" ""
+ "megasas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\megasas2i.sys" "7/22/2016 4:36 PM" ""
+ "megasr" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "6/3/2013 5:02 PM" ""
+ "MEIx64" "Intel(R) Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverw8x64.sys" "8/31/2015 2:49 PM" ""
+ "mlx4_bus" "MLX4 Bus Driver" "Mellanox" "c:\windows\system32\drivers\mlx4_bus.sys" "4/10/2016 8:49 AM" ""
+ "mvumis" "Marvell Flash Controller Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvumis.sys" "5/23/2014 3:39 PM" ""
+ "ndfltr" "NetworkDirect Support Filter Driver" "Mellanox" "c:\windows\system32\drivers\ndfltr.sys" "4/10/2016 8:46 AM" ""
+ "NetAdapterCx" "" "" "c:\windows\system32\drivers\netadaptercx.sys" "7/15/2016 9:28 PM" ""
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys" "9/21/2015 4:44 AM" ""
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 364.72 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys" "3/21/2016 8:44 PM" ""
+ "nvraid" "NVIDIA® nForce(TM) RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "4/21/2014 1:28 PM" ""
+ "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "4/21/2014 1:34 PM" ""
+ "NvStreamKms" "Nvidia Streaming Kernel Service" "NVIDIA Corporation" "c:\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys" "3/18/2016 4:26 PM" ""
+ "nvvad_WaveExtensible" "NVIDIA Virtual Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvvad64v.sys" "3/14/2016 1:27 AM" ""
+ "percsas2i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas2i.sys" "3/14/2016 7:50 PM" ""
+ "percsas3i" "MEGASAS RAID Controller Driver for Windows" "Avago Technologies" "c:\windows\system32\drivers\percsas3i.sys" "3/4/2016 4:22 PM" ""
+ "rt640x64" "Realtek 8136/8168/8169 NDIS 6.40 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt640x64.sys" "1/21/2016 3:17 AM" ""
+ "SCDEmu" "PowerISO Virtual Drive" "Power Software Ltd" "c:\windows\system32\drivers\scdemu.sys" "2/3/2014 1:36 AM" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 1:28 PM" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 4:56 PM" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows x64" "Promise Technology, Inc." "c:\windows\system32\drivers\stexstor.sys" "11/26/2012 7:02 PM" ""
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys" "1/15/2011 11:21 AM" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "4/22/2014 2:21 PM" ""
+ "VSTXRAID" "VIA StorX RAID Controller Driver" "VIA Corporation" "c:\windows\system32\drivers\vstxraid.sys" "1/21/2013 2:00 PM" ""
+ "WinMad" "Kernel WinMad" "Mellanox" "c:\windows\system32\drivers\winmad.sys" "4/10/2016 8:46 AM" ""
+ "WinVerbs" "Kernel WinVerbs" "Mellanox" "c:\windows\system32\drivers\winverbs.sys" "4/10/2016 8:46 AM" ""
+ "ZAM" "ZAM" "Zemana Ltd." "c:\windows\system32\drivers\zam64.sys" "8/17/2016 12:06 PM" ""
+ "ZAM_Guard" "ZAM" "Zemana Ltd." "c:\windows\system32\drivers\zamguard64.sys" "8/17/2016 12:06 PM" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" "" "" "" "8/9/2016 7:25 AM" ""
+ "Adobe Type Manager" "Windows NT OpenType/Type 1 Font Driver" "Adobe Systems Incorporated" "c:\windows\system32\atmfd.dll" "11/2/2016 5:31 AM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "8/9/2016 7:28 AM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/15/2016 9:26 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "8/9/2016 7:28 AM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/15/2016 8:41 PM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "7/15/2016 8:42 PM" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "8/9/2016 7:37 AM" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll" "3/28/2013 9:28 PM" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "8/19/2016 5:48 PM" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll" "3/28/2013 9:23 PM" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\plugin\wavdest.ax" "5/20/2015 6:07 PM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "8/9/2016 7:54 AM" ""
+ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "7/15/2016 9:17 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "8/9/2016 7:43 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "8/31/2011 12:44 AM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "8/9/2016 7:43 AM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "8/31/2011 12:53 AM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "8/9/2016 7:48 AM" ""
+ "BJ Language Monitor3_2" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm3_2.dll" "7/13/2009 8:27 PM" ""
+ "LIDIL hpzllw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpzllw71.dll" "7/13/2009 8:28 PM" ""
+ "LIDIL hpzllwn7" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzllwn7.dll" "7/13/2009 8:28 PM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" "" "12/14/2016 9:31 AM" ""
+ "livessp" "" "" "File not found: livessp" "" ""
"HKLM\Software\Microsoft\Office\Outlook\Addins" "" "" "" "8/9/2016 7:38 AM" ""
+ "Connect Class" "OutlookChangeNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\outlookchangenotifieraddin.dll" "7/2/2012 8:08 PM" ""
"HKCU\Software\Microsoft\Office\Outlook\Addins" "" "" "" "8/9/2016 7:35 AM" ""
X "CalendarHelper Class" "iTunes Outlook Add-in" "Apple Inc." "c:\program files\itunes\itunesoutlookaddin.dll" "9/10/2012 1:17 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Office\Outlook\Addins" "" "" "" "8/9/2016 7:41 AM" ""
X "Connect Class" "OutlookChangeNotifier" "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\outlookchangenotifieraddin.dll" "7/2/2012 8:13 PM" ""
 
#8
Step 1: Fix with HijackThis!

Close all other programs!

Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
O4 - Startup: https---www.youtube.com-v-W-IL4tSg1x8&feature=youtu.be&autoplay=1.url
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?


Click fix checked.
Accept the prompt.
Reboot the machine after.

Step 2: Fix with Autoruns.


Open Autoruns as administrator and under the "Task Scheduler" tab and uncheck these items.


+ "\Microsoft\Windows\Media Center\ActivateWindowsSearch" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\ConfigureInternetTimeService" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\DispatchRecoveryTasks" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\ehDRMInit" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\InstallPlayReady" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\mcupdate" "" "" "File not found: C:\WINDOWS\ehome\mcupdate" "" ""
+ "\Microsoft\Windows\Media Center\mcupdate_scheduled" "" "" "File not found: C:\WINDOWS\ehome\mcupdate" "" ""
+ "\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\OCURActivate" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\OCURDiscovery" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PBDADiscovery" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PBDADiscoveryW1" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PBDADiscoveryW2" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\PvrRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\PvrScheduleTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\RegisterSearch" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\ReindexSearchRoot" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" "" "" "File not found: C:\WINDOWS\ehome\mcupdate.exe" "" ""
+ "\Microsoft\Windows\Media Center\StartRecording" "" "" "File not found: C:\WINDOWS\ehome\ehrec" "" ""
+ "\Microsoft\Windows\Media Center\UpdateRecordPath" "" "" "File not found: C:\WINDOWS\ehome\ehPrivJob.exe" "" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "7/16/2016 6:42 AM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/15/2016 9:25 PM" ""
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe" "7/28/2011 8:24 PM" ""

Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 
#9
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Bryan (administrator) on BRYAN-PC (05-01-2017 18:00:21)
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: Bryan & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe\HxTsr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14073072 2016-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2015-01-29] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\MountPoints2: {19db19ec-bf22-11e6-8dbb-305a3a4632db} - "G:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3534269808-1485983137-1280583553-1000] => 127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{85e448af-b9ba-4d26-b108-bc168d199adc}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> DefaultScope {99653235-66E7-4294-A58A-C006B3CE06AB} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default [2017-01-04]
FF Extension: (NCH EN Community Toolbar) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2012-06-18] [not signed]
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-01]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-22] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-08-26] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Bryan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3534269808-1485983137-1280583553-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-06-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-03-11] (Citrix Systems, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default [2017-01-05]
CHR Extension: (Google Docs Offline) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-15]
CHR Extension: (AdBlock) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome.IUQXFHMJJWWHTVALRXCKWCOXHM - C:\Users\Bryan\AppData\Local\Google\Chrome\Application\old_chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [224256 2011-03-02] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-08-21] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2016-11-25] (QIHU 360 SOFTWARE CO. LIMITED)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14073072 2016-12-30] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [160768 2016-08-01] (360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2016-08-01] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2016-11-25] (360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2016-11-25] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57856 2016-08-01] (360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [400384 2016-08-01] (360.cn)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2012-07-20] ()
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [197632 2016-09-09] (360.cn)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2012-07-20] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-04] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 17:53 - 2017-01-05 17:53 - 00000022 _____ C:\WINDOWS\S.dirmngr
2017-01-05 17:51 - 2017-01-05 17:51 - 00000000 ____D C:\Users\Bryan\Downloads\backups
2017-01-04 23:06 - 2017-01-04 23:06 - 00074908 _____ C:\Users\Bryan\Desktop\BRYAN-PC.txt
2017-01-04 23:04 - 2017-01-04 23:04 - 00000000 ____D C:\Users\Bryan\Desktop\Autoruns
2017-01-04 23:03 - 2017-01-04 23:03 - 01304400 _____ C:\Users\Bryan\Downloads\Autoruns.zip
2017-01-04 23:02 - 2017-01-04 23:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bryan\Downloads\HijackThis.exe
2017-01-04 23:01 - 2017-01-04 23:01 - 00003150 _____ C:\Users\Bryan\Desktop\scan_170104-124153.txt
2017-01-04 12:25 - 2017-01-04 23:03 - 00000000 ____D C:\EEK
2017-01-04 12:09 - 2017-01-04 12:23 - 279605344 _____ C:\Users\Bryan\Downloads\EmsisoftEmergencyKit.exe
2017-01-04 12:09 - 2017-01-04 12:09 - 00009576 _____ C:\Users\Bryan\Desktop\2017.01.04-08.14.43-i3-t2-d17.txt
2017-01-04 11:42 - 2017-01-05 17:59 - 00036158 _____ C:\Users\Bryan\Desktop\Fixlog.txt
2017-01-04 11:41 - 2017-01-04 11:41 - 00000000 ____D C:\Users\Bryan\Desktop\FRST-OlderVersion
2017-01-04 11:37 - 2017-01-04 11:37 - 00013758 _____ C:\Users\Bryan\Desktop\fixlist.txt
2017-01-04 08:12 - 2017-01-05 18:02 - 00126719 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-04 08:12 - 2017-01-05 18:02 - 00021875 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-04 08:12 - 2017-01-04 08:12 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-04 08:12 - 2017-01-04 08:12 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-04 08:12 - 2017-01-04 08:12 - 00001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-01-04 08:12 - 2017-01-04 08:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-01-04 08:12 - 2017-01-04 08:12 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-04 08:11 - 2017-01-04 08:11 - 00000000 ____D C:\Users\Bryan\AppData\Local\Zemana
2017-01-04 08:10 - 2017-01-04 08:10 - 05463976 _____ ( ) C:\Users\Bryan\Downloads\Zemana.AntiMalware.Setup.exe
2017-01-04 08:09 - 2017-01-04 11:56 - 00000066 _____ C:\Users\Bryan\Desktop\Virus Stuff.txt
2017-01-04 07:56 - 2017-01-04 09:05 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Geek Uninstaller
2017-01-04 07:56 - 2017-01-04 07:56 - 02796364 _____ C:\Users\Bryan\Downloads\geek.zip
2016-12-30 20:56 - 2016-12-30 21:30 - 00017026 _____ C:\Users\Bryan\Desktop\2017 Ledger.ods
2016-12-29 18:22 - 2016-12-29 18:22 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\uTorrent
2016-12-26 17:54 - 2016-12-26 17:54 - 02306202 _____ C:\Users\Bryan\Downloads\MIM_1934.jpg
2016-12-22 22:44 - 2016-12-22 22:44 - 00000000 ____D C:\Users\Bryan\Downloads\Captain America Civil War (2016) [1080p] [YTS.AG]
2016-12-19 20:01 - 2016-12-19 20:01 - 00938948 _____ C:\Users\Bryan\Downloads\Copy of Map.jpg
2016-12-19 18:33 - 2016-12-19 18:33 - 00002224 _____ C:\Users\Bryan\.recently-used.xbel
2016-12-18 23:01 - 2016-12-18 23:14 - 00000000 ____D C:\Users\Bryan\Downloads\Avengers Age of Ultron (2015) [1080p]
2016-12-16 23:46 - 2016-12-16 23:49 - 00000000 ____D C:\Users\Bryan\Downloads\Avatar - The Legend of Korra
2016-12-15 16:01 - 2016-12-15 16:01 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Trion Worlds
2016-12-15 01:39 - 2016-12-15 01:39 - 00000000 ____D C:\ProgramData\.mono
2016-12-15 00:38 - 2016-12-15 00:38 - 00001991 _____ C:\Users\Bryan\Desktop\Atlas Reactor Live.lnk
2016-12-15 00:33 - 2016-12-15 00:34 - 72849888 _____ (Trion Worlds Inc.) C:\Users\Bryan\Downloads\GlyphInstall-1-150.exe
2016-12-13 17:56 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 17:56 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 17:56 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 17:56 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 17:56 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 17:56 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 17:56 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 17:56 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 17:56 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 17:56 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 17:56 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 17:56 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 17:56 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 17:56 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 17:56 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 17:56 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 17:56 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 17:56 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 17:56 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 17:56 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 17:56 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 17:56 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 17:56 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 17:56 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 17:56 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 17:56 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 17:56 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 17:56 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 17:56 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 17:56 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 17:56 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 17:56 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 17:56 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 17:56 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 17:56 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 17:56 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 17:56 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 17:56 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 17:56 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 17:56 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 17:56 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 17:56 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 17:56 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 17:56 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 17:56 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 17:56 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 17:56 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 17:56 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 17:56 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 17:56 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 17:56 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 17:56 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 17:56 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 17:56 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 17:56 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 17:56 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 17:56 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 17:56 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 17:56 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 17:56 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 17:56 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 17:56 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 17:56 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 17:56 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 17:56 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 17:56 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 17:56 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 17:56 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 17:56 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 17:56 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 17:56 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 17:56 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 17:56 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 17:56 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 17:56 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 17:56 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 17:56 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 17:56 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 17:56 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 17:56 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 17:56 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 17:56 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 17:56 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 17:56 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 17:56 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 17:56 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 17:56 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 17:56 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 17:56 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 17:56 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 17:56 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 17:56 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 17:56 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 17:56 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 17:56 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 17:56 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 17:56 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 17:56 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 17:56 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 17:56 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 17:56 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 17:56 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 17:51 - 2016-12-13 17:52 - 00000000 ____D C:\Users\Bryan\Downloads\Robin.Hood.Men.In.Tights.1993.1080p.BluRay.x264.anoXmous
2016-12-12 09:57 - 2016-12-12 09:57 - 00002331 _____ C:\Users\Bryan\Desktop\Citra Edge.lnk
2016-12-12 09:57 - 2016-12-12 09:57 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra Development Team
2016-12-12 09:57 - 2016-12-12 09:57 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Citra
2016-12-12 09:57 - 2016-12-12 09:57 - 00000000 ____D C:\Users\Bryan\AppData\Local\citra
2016-12-12 09:56 - 2016-12-12 09:56 - 25552896 _____ (Citra Development Team) C:\Users\Bryan\Downloads\CitraSetup.exe
2016-12-10 17:59 - 2016-12-10 18:00 - 05563530 _____ C:\Users\Bryan\Downloads\1D3A4871.JPG
2016-12-10 17:59 - 2016-12-10 17:59 - 05838112 _____ C:\Users\Bryan\Downloads\1D3A4867.JPG
2016-12-10 17:59 - 2016-12-10 17:59 - 04904545 _____ C:\Users\Bryan\Downloads\1D3A4857.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 05241136 _____ C:\Users\Bryan\Downloads\1D3A4840.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04934602 _____ C:\Users\Bryan\Downloads\1D3A4843.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04934602 _____ C:\Users\Bryan\Downloads\1D3A4843 (1).JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04504973 _____ C:\Users\Bryan\Downloads\1D3A4847.JPG
2016-12-10 17:58 - 2016-12-10 17:58 - 04440778 _____ C:\Users\Bryan\Downloads\1D3A4850.JPG
2016-12-10 17:57 - 2016-12-10 17:57 - 05175409 _____ C:\Users\Bryan\Downloads\1D3A4836.JPG
2016-12-10 17:57 - 2016-12-10 17:57 - 05045241 _____ C:\Users\Bryan\Downloads\1D3A4837.JPG
2016-12-10 17:56 - 2016-12-10 17:56 - 06814167 _____ C:\Users\Bryan\Downloads\1D3A4825.JPG
2016-12-10 17:56 - 2016-12-10 17:56 - 05204228 _____ C:\Users\Bryan\Downloads\1D3A4824.JPG
2016-12-10 17:55 - 2016-12-10 17:55 - 05022657 _____ C:\Users\Bryan\Downloads\1D3A4796.JPG
2016-12-10 17:55 - 2016-12-10 17:55 - 04809263 _____ C:\Users\Bryan\Downloads\1D3A4798.JPG
2016-12-10 17:54 - 2016-12-10 17:54 - 05227058 _____ C:\Users\Bryan\Downloads\1D3A4756.JPG
2016-12-10 17:54 - 2016-12-10 17:54 - 04982945 _____ C:\Users\Bryan\Downloads\1D3A4783.JPG
2016-12-10 17:53 - 2016-12-10 17:53 - 05116066 _____ C:\Users\Bryan\Downloads\1D3A4752.JPG
2016-12-10 17:53 - 2016-12-10 17:53 - 04886740 _____ C:\Users\Bryan\Downloads\1D3A4745.JPG
2016-12-10 17:53 - 2016-12-10 17:53 - 04822507 _____ C:\Users\Bryan\Downloads\1D3A4749.JPG
2016-12-10 17:52 - 2016-12-10 17:52 - 04844773 _____ C:\Users\Bryan\Downloads\1D3A4743.JPG
2016-12-10 17:51 - 2016-12-10 17:51 - 04150667 _____ C:\Users\Bryan\Downloads\20160925_115923.jpg
2016-12-10 17:50 - 2016-12-10 17:50 - 04815239 _____ C:\Users\Bryan\Downloads\20160924_190228.jpg
2016-12-10 17:50 - 2016-12-10 17:50 - 04183543 _____ C:\Users\Bryan\Downloads\20160924_190226.jpg
2016-12-10 17:50 - 2016-12-10 17:50 - 03801046 _____ C:\Users\Bryan\Downloads\20160924_193110.jpg
2016-12-10 17:49 - 2016-12-10 17:49 - 04446095 _____ C:\Users\Bryan\Downloads\20160924_190158.jpg
2016-12-10 17:49 - 2016-12-10 17:49 - 04295929 _____ C:\Users\Bryan\Downloads\20160924_185159.jpg
2016-12-10 17:49 - 2016-12-10 17:49 - 04118702 _____ C:\Users\Bryan\Downloads\20160924_185151.jpg
2016-12-10 17:48 - 2016-12-10 17:48 - 04804068 _____ C:\Users\Bryan\Downloads\20160924_180905.jpg
2016-12-10 17:48 - 2016-12-10 17:48 - 04783990 _____ C:\Users\Bryan\Downloads\20160924_180939.jpg
2016-12-10 17:47 - 2016-12-10 17:48 - 03867864 _____ C:\Users\Bryan\Downloads\20160924_180902.jpg
2016-12-10 17:47 - 2016-12-10 17:47 - 07389552 _____ C:\Users\Bryan\Downloads\20160924_180813.jpg
2016-12-10 17:47 - 2016-12-10 17:47 - 06653304 _____ C:\Users\Bryan\Downloads\20160924_180809.jpg
2016-12-10 17:46 - 2016-12-10 17:46 - 05380442 _____ C:\Users\Bryan\Downloads\20160924_173913.jpg
2016-12-10 17:46 - 2016-12-10 17:46 - 04786114 _____ C:\Users\Bryan\Downloads\20160924_173918.jpg
2016-12-10 17:45 - 2016-12-10 17:45 - 03670002 _____ C:\Users\Bryan\Downloads\20160924_164215.jpg
2016-12-10 17:45 - 2016-12-10 17:45 - 03637101 _____ C:\Users\Bryan\Downloads\20160924_164242.jpg
2016-12-10 17:44 - 2016-12-10 17:44 - 07679060 _____ C:\Users\Bryan\Downloads\20160924_151325.jpg
2016-12-10 17:44 - 2016-12-10 17:44 - 05781742 _____ C:\Users\Bryan\Downloads\20160924_151402.jpg
2016-12-10 17:44 - 2016-12-10 17:44 - 03563382 _____ C:\Users\Bryan\Downloads\20160924_164211.jpg
2016-12-10 17:43 - 2016-12-10 17:43 - 07561362 _____ C:\Users\Bryan\Downloads\20160924_151319.jpg
2016-12-10 17:43 - 2016-12-10 17:43 - 01933259 _____ C:\Users\Bryan\Downloads\20160924_151037.jpg
2016-12-10 17:43 - 2016-12-10 17:43 - 01926437 _____ C:\Users\Bryan\Downloads\20160924_151034.jpg
2016-12-10 17:42 - 2016-12-10 17:42 - 04758725 _____ C:\Users\Bryan\Downloads\20160924_150920.jpg
2016-12-10 17:42 - 2016-12-10 17:42 - 03476946 _____ C:\Users\Bryan\Downloads\20160924_150847.jpg
2016-12-10 17:41 - 2016-12-10 17:41 - 07676167 _____ C:\Users\Bryan\Downloads\20160924_150545.jpg
2016-12-10 17:41 - 2016-12-10 17:41 - 03386182 _____ C:\Users\Bryan\Downloads\20160924_150505.jpg
2016-12-10 17:40 - 2016-12-10 17:40 - 03477200 _____ C:\Users\Bryan\Downloads\20160924_150451.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 07716820 _____ C:\Users\Bryan\Downloads\20160924_150334.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 03472587 _____ C:\Users\Bryan\Downloads\20160924_150445.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 03420053 _____ C:\Users\Bryan\Downloads\20160924_150435.jpg
2016-12-10 17:39 - 2016-12-10 17:39 - 03392038 _____ C:\Users\Bryan\Downloads\20160924_150440.jpg
2016-12-10 17:38 - 2016-12-10 17:38 - 07396725 _____ C:\Users\Bryan\Downloads\20160924_150330.jpg
2016-12-10 17:38 - 2016-12-10 17:38 - 07145869 _____ C:\Users\Bryan\Downloads\20160924_150253.jpg
2016-12-10 17:38 - 2016-12-10 17:38 - 06858457 _____ C:\Users\Bryan\Downloads\20160924_150325.jpg
2016-12-10 17:37 - 2016-12-10 17:37 - 06041811 _____ C:\Users\Bryan\Downloads\20160924_150215.jpg
2016-12-10 17:37 - 2016-12-10 17:37 - 03708124 _____ C:\Users\Bryan\Downloads\20160924_145632.jpg
2016-12-10 17:36 - 2016-12-10 17:36 - 04883318 _____ C:\Users\Bryan\Downloads\20160924_132806.jpg
2016-12-10 17:36 - 2016-12-10 17:36 - 04668613 _____ C:\Users\Bryan\Downloads\20160924_140311.jpg
2016-12-10 17:35 - 2016-12-10 17:35 - 03761030 _____ C:\Users\Bryan\Downloads\20160924_131637.jpg
2016-12-10 17:35 - 2016-12-10 17:35 - 03728759 _____ C:\Users\Bryan\Downloads\20160924_131616.jpg
2016-12-10 17:34 - 2016-12-10 17:34 - 04428671 _____ C:\Users\Bryan\Downloads\20160924_121128.jpg
2016-12-10 17:34 - 2016-12-10 17:34 - 03612593 _____ C:\Users\Bryan\Downloads\20160924_112507.jpg
2016-12-10 17:34 - 2016-12-10 17:34 - 03185032 _____ C:\Users\Bryan\Downloads\20160924_131244.jpg
2016-12-10 17:33 - 2016-12-10 17:33 - 04202071 _____ C:\Users\Bryan\Downloads\20160924_110441.jpg
2016-12-10 17:33 - 2016-12-10 17:33 - 03761700 _____ C:\Users\Bryan\Downloads\20160924_103511.jpg
2016-12-10 17:32 - 2016-12-10 17:32 - 04835008 _____ C:\Users\Bryan\Downloads\20160924_103459.jpg
2016-12-10 17:32 - 2016-12-10 17:32 - 04772917 _____ C:\Users\Bryan\Downloads\20160924_103435.jpg
2016-12-10 17:32 - 2016-12-10 17:32 - 04641885 _____ C:\Users\Bryan\Downloads\20160924_103419.jpg
2016-12-10 17:31 - 2016-12-10 17:31 - 04261432 _____ C:\Users\Bryan\Downloads\20160924_102244.jpg
2016-12-10 17:31 - 2016-12-10 17:31 - 03383683 _____ C:\Users\Bryan\Downloads\20160924_102314.jpg
2016-12-10 17:30 - 2016-12-10 17:30 - 03694139 _____ C:\Users\Bryan\Downloads\20160924_102001.jpg
2016-12-10 17:30 - 2016-12-10 17:30 - 03541692 _____ C:\Users\Bryan\Downloads\20160924_101804.jpg
2016-12-10 17:28 - 2016-12-10 17:28 - 04259996 _____ C:\Users\Bryan\Downloads\DSC_0582.jpg
2016-12-10 17:28 - 2016-12-10 17:28 - 04113393 _____ C:\Users\Bryan\Downloads\DSC_0580 (1).jpg
2016-12-10 17:27 - 2016-12-10 17:27 - 04240841 _____ C:\Users\Bryan\Downloads\DSC_0578 (1).jpg
2016-12-10 17:27 - 2016-12-10 17:27 - 03590851 _____ C:\Users\Bryan\Downloads\DSC_0576 (1).jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 04293853 _____ C:\Users\Bryan\Downloads\DSC_0564 (1).jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 03853193 _____ C:\Users\Bryan\Downloads\DSC_0559 (1).jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 03718723 _____ C:\Users\Bryan\Downloads\DSC_0560.jpg
2016-12-10 17:26 - 2016-12-10 17:26 - 03387851 _____ C:\Users\Bryan\Downloads\DSC_0571.jpg
2016-12-10 17:25 - 2016-12-10 17:25 - 04116133 _____ C:\Users\Bryan\Downloads\DSC_0557 (1).jpg
2016-12-10 17:25 - 2016-12-10 17:25 - 03777487 _____ C:\Users\Bryan\Downloads\DSC_0558.jpg
2016-12-10 17:24 - 2016-12-10 17:24 - 04684307 _____ C:\Users\Bryan\Downloads\DSC_0544 (1).jpg
2016-12-10 17:24 - 2016-12-10 17:24 - 04188860 _____ C:\Users\Bryan\Downloads\DSC_0554 (1).jpg
2016-12-10 17:23 - 2016-12-10 17:23 - 04295543 _____ C:\Users\Bryan\Downloads\DSC_0537 (1).jpg
2016-12-10 17:23 - 2016-12-10 17:23 - 04101185 _____ C:\Users\Bryan\Downloads\DSC_0536.jpg
2016-12-10 17:22 - 2016-12-10 17:22 - 04881046 _____ C:\Users\Bryan\Downloads\DSC_0528.jpg
2016-12-10 17:21 - 2016-12-10 17:21 - 04979431 _____ C:\Users\Bryan\Downloads\DSC_0521.jpg
2016-12-10 17:21 - 2016-12-10 17:21 - 04979431 _____ C:\Users\Bryan\Downloads\DSC_0521 (1).jpg
2016-12-10 17:21 - 2016-12-10 17:21 - 04932866 _____ C:\Users\Bryan\Downloads\DSC_0525.jpg
2016-12-10 17:20 - 2016-12-10 17:20 - 04850541 _____ C:\Users\Bryan\Downloads\DSC_0519 (1).jpg
2016-12-10 17:20 - 2016-12-10 17:20 - 04741647 _____ C:\Users\Bryan\Downloads\DSC_0515 (1).jpg
2016-12-10 17:20 - 2016-12-10 17:20 - 04634466 _____ C:\Users\Bryan\Downloads\DSC_0513 (1).jpg
2016-12-10 17:19 - 2016-12-10 17:19 - 04943012 _____ C:\Users\Bryan\Downloads\DSC_0510.jpg
2016-12-10 17:19 - 2016-12-10 17:19 - 04883375 _____ C:\Users\Bryan\Downloads\DSC_0512.jpg
2016-12-10 17:17 - 2016-12-10 17:17 - 04757003 _____ C:\Users\Bryan\Downloads\DSC_0508.jpg
2016-12-10 17:17 - 2016-12-10 17:17 - 04716294 _____ C:\Users\Bryan\Downloads\DSC_0507.jpg
2016-12-10 17:17 - 2016-12-10 17:17 - 04691463 _____ C:\Users\Bryan\Downloads\DSC_0506.jpg
2016-12-10 17:16 - 2016-12-10 17:16 - 04430140 _____ C:\Users\Bryan\Downloads\DSC_0493.jpg
2016-12-10 17:16 - 2016-12-10 17:16 - 04047766 _____ C:\Users\Bryan\Downloads\DSC_0498 (1).jpg
2016-12-10 17:15 - 2016-12-10 17:15 - 04667420 _____ C:\Users\Bryan\Downloads\DSC_0497.jpg
2016-12-10 17:14 - 2016-12-10 17:14 - 04430718 _____ C:\Users\Bryan\Downloads\DSC_0492.jpg
2016-12-10 17:12 - 2016-12-10 17:12 - 05409689 _____ C:\Users\Bryan\Downloads\20160827_181811.jpg
2016-12-10 17:03 - 2016-12-10 17:03 - 04842176 _____ C:\Users\Bryan\Downloads\20160827_181735.jpg
2016-12-09 09:40 - 2016-11-11 05:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 09:40 - 2016-11-11 05:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 09:40 - 2016-11-11 05:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 09:40 - 2016-11-11 05:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 09:40 - 2016-11-11 05:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 09:40 - 2016-11-11 05:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 09:40 - 2016-11-11 05:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 09:40 - 2016-11-11 05:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 09:40 - 2016-11-11 05:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 09:40 - 2016-11-11 05:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 09:40 - 2016-11-11 05:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 09:40 - 2016-11-11 05:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 09:40 - 2016-11-11 05:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 09:40 - 2016-11-11 05:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 09:40 - 2016-11-11 05:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 09:40 - 2016-11-11 05:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 09:40 - 2016-11-11 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 09:40 - 2016-11-11 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 09:40 - 2016-11-11 05:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 09:40 - 2016-11-11 05:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 09:40 - 2016-11-11 05:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 09:40 - 2016-11-11 04:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 09:40 - 2016-11-11 04:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 09:40 - 2016-11-11 04:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 09:40 - 2016-11-11 04:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 09:40 - 2016-11-11 04:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 09:40 - 2016-11-11 04:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 09:40 - 2016-11-11 04:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 09:40 - 2016-11-11 04:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 09:40 - 2016-11-11 04:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 09:40 - 2016-11-11 04:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 09:40 - 2016-11-11 04:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 09:40 - 2016-11-11 04:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 09:40 - 2016-11-11 04:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 09:40 - 2016-11-11 04:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 09:40 - 2016-11-11 04:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 09:40 - 2016-11-11 04:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 09:40 - 2016-11-11 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 09:40 - 2016-11-11 04:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 09:40 - 2016-11-11 04:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 09:40 - 2016-11-11 04:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 09:40 - 2016-11-11 04:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 09:40 - 2016-11-11 04:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 09:40 - 2016-11-11 04:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 09:40 - 2016-11-11 04:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 09:40 - 2016-11-11 04:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 09:40 - 2016-11-11 04:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 09:40 - 2016-11-11 04:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 09:40 - 2016-11-11 04:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 09:40 - 2016-11-11 04:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 09:40 - 2016-11-11 04:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 09:40 - 2016-11-11 04:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 09:40 - 2016-11-11 04:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 09:40 - 2016-11-11 04:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 09:40 - 2016-11-11 04:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 09:40 - 2016-11-11 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 09:40 - 2016-11-11 04:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 09:40 - 2016-11-11 04:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 09:40 - 2016-11-11 04:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 09:40 - 2016-11-11 04:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 09:40 - 2016-11-11 04:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 09:40 - 2016-11-11 04:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 09:40 - 2016-11-11 04:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 09:40 - 2016-11-11 04:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 09:40 - 2016-11-11 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 09:40 - 2016-11-11 04:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 09:40 - 2016-11-11 04:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 09:40 - 2016-11-11 04:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 09:40 - 2016-11-11 04:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 09:40 - 2016-11-11 04:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 09:40 - 2016-11-11 04:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 09:40 - 2016-11-11 04:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 09:40 - 2016-11-11 04:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 09:40 - 2016-11-11 04:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 09:40 - 2016-11-11 04:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 09:40 - 2016-11-11 04:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 09:40 - 2016-11-11 04:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 09:40 - 2016-11-11 04:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 09:40 - 2016-11-11 04:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 09:40 - 2016-11-11 04:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 09:40 - 2016-11-11 04:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 09:40 - 2016-11-11 04:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 09:40 - 2016-11-11 04:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 09:40 - 2016-11-11 04:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 09:40 - 2016-11-11 04:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 09:40 - 2016-11-11 04:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 09:40 - 2016-11-11 04:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 09:40 - 2016-11-11 04:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 09:40 - 2016-11-11 04:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 09:40 - 2016-11-11 03:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 09:40 - 2016-11-11 03:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 09:40 - 2016-11-11 02:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 09:40 - 2016-11-11 02:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 09:40 - 2016-11-11 02:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 09:40 - 2016-11-11 02:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 09:40 - 2016-11-11 02:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 09:40 - 2016-11-11 02:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 09:40 - 2016-11-11 02:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 09:40 - 2016-11-11 02:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 09:40 - 2016-11-11 02:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 09:40 - 2016-11-11 02:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 09:40 - 2016-11-11 02:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 09:40 - 2016-11-11 02:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 09:40 - 2016-11-11 02:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 09:40 - 2016-11-11 02:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 09:40 - 2016-11-11 02:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 09:40 - 2016-11-11 02:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 09:40 - 2016-11-11 02:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 09:40 - 2016-11-11 02:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 09:40 - 2016-11-11 02:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 09:40 - 2016-11-11 02:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 09:40 - 2016-11-11 02:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 09:40 - 2016-11-11 02:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 09:40 - 2016-11-11 02:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 09:40 - 2016-11-11 02:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 09:40 - 2016-11-11 02:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 09:40 - 2016-11-11 02:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 09:40 - 2016-11-11 02:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 09:40 - 2016-11-11 02:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 09:40 - 2016-11-11 02:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 09:40 - 2016-11-11 02:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 09:40 - 2016-11-11 02:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 09:40 - 2016-11-11 02:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 09:40 - 2016-11-11 02:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 09:40 - 2016-11-11 02:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 09:40 - 2016-11-11 02:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 09:40 - 2016-11-11 02:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 09:40 - 2016-11-11 02:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 09:40 - 2016-11-11 02:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 09:40 - 2016-11-11 02:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 09:40 - 2016-11-11 02:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 09:40 - 2016-11-11 02:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 09:40 - 2016-11-11 02:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 09:40 - 2016-11-11 02:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 09:39 - 2016-11-11 05:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 09:39 - 2016-11-11 04:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 09:39 - 2016-11-11 04:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 09:39 - 2016-11-11 04:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 09:39 - 2016-11-11 04:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 09:39 - 2016-11-11 04:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 09:39 - 2016-11-11 04:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 09:39 - 2016-11-11 04:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 09:39 - 2016-11-11 04:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 09:39 - 2016-11-11 04:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 09:39 - 2016-11-11 04:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 09:39 - 2016-11-11 04:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 09:39 - 2016-11-11 04:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 09:39 - 2016-11-11 04:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 09:39 - 2016-11-11 04:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 09:39 - 2016-11-11 04:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 09:39 - 2016-11-11 04:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 09:39 - 2016-11-11 04:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 09:39 - 2016-11-11 04:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 09:39 - 2016-11-11 04:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 09:39 - 2016-11-11 04:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 09:39 - 2016-11-11 04:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 09:39 - 2016-11-11 04:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 09:39 - 2016-11-11 04:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 09:39 - 2016-11-11 04:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 09:39 - 2016-11-11 04:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 09:39 - 2016-11-11 04:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 09:39 - 2016-11-11 04:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 09:39 - 2016-11-11 04:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 09:39 - 2016-11-11 04:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 09:39 - 2016-11-11 04:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 09:39 - 2016-11-11 04:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 09:39 - 2016-11-11 04:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 09:39 - 2016-11-11 04:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 09:39 - 2016-11-11 04:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 09:39 - 2016-11-11 04:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 09:39 - 2016-11-11 04:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 09:39 - 2016-11-11 04:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 09:39 - 2016-11-11 04:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 09:39 - 2016-11-11 04:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 09:39 - 2016-11-11 03:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 09:39 - 2016-11-11 03:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 09:39 - 2016-11-11 03:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 09:39 - 2016-11-11 02:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 09:39 - 2016-11-11 02:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 09:39 - 2016-11-11 02:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 09:39 - 2016-11-11 02:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 09:39 - 2016-11-11 02:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 09:39 - 2016-11-11 02:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 09:39 - 2016-11-11 02:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 09:39 - 2016-11-11 02:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 09:39 - 2016-11-11 02:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 09:39 - 2016-11-11 02:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 09:39 - 2016-11-11 02:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 09:39 - 2016-11-11 02:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 09:39 - 2016-11-11 02:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 09:39 - 2016-11-11 02:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 09:39 - 2016-11-11 02:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-07 01:01 - 2016-12-07 01:01 - 00011090 _____ C:\Users\Bryan\Desktop\SecurityCheck.txt
2016-12-07 01:00 - 2016-12-07 01:00 - 00000000 ____D C:\SecurityCheck
2016-12-07 00:58 - 2016-12-07 00:58 - 00511034 _____ (glax24 (safezone.cc)) C:\Users\Bryan\Downloads\SecurityCheck.exe
2016-12-07 00:54 - 2016-12-07 00:55 - 00019209 _____ C:\Users\Bryan\Desktop\ZHPCleaner.txt
2016-12-07 00:48 - 2016-12-07 00:55 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\ZHP
2016-12-07 00:48 - 2016-12-07 00:48 - 02591744 _____ C:\Users\Bryan\Downloads\ZHPCleaner.exe
2016-12-07 00:48 - 2016-12-07 00:48 - 00000913 _____ C:\Users\Bryan\Desktop\ZHPCleaner.lnk
2016-12-07 00:47 - 2016-12-07 00:47 - 00001821 _____ C:\Users\Bryan\Desktop\Adware Removal Tool.txt
2016-12-07 00:36 - 2016-12-07 00:36 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-12-07 00:36 - 2016-12-07 00:36 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-12-07 00:35 - 2016-12-07 00:36 - 00752296 _____ C:\Users\Bryan\Downloads\Adware Removal Tool by TSA.exe
2016-12-07 00:35 - 2016-12-07 00:35 - 00001066 _____ C:\Users\Bryan\Desktop\JRT.txt
2016-12-07 00:28 - 2016-12-07 00:28 - 01631928 _____ (Malwarebytes) C:\Users\Bryan\Downloads\JRT.exe
2016-12-07 00:27 - 2016-12-07 00:27 - 00039656 _____ C:\Users\Bryan\Desktop\AdwCleaner[C0].txt
2016-12-07 00:17 - 2016-12-07 00:22 - 00000000 ____D C:\AdwCleaner
2016-12-07 00:16 - 2016-12-07 00:16 - 03956368 _____ (Crystal Dew World ) C:\Users\Bryan\Downloads\Unconfirmed 64682.crdownload
2016-12-07 00:16 - 2016-12-07 00:16 - 02554274 _____ C:\Users\Bryan\Downloads\Unconfirmed 855627.crdownload
2016-12-06 22:58 - 2016-12-06 22:58 - 03968464 _____ C:\Users\Bryan\Downloads\adwcleaner_6.040.exe
2016-12-06 22:32 - 2016-12-06 22:32 - 00001273 _____ C:\Users\Bryan\Desktop\CrystalDiskInfo.lnk
2016-12-06 22:32 - 2016-12-06 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2016-12-06 22:32 - 2016-12-06 22:32 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-12-06 22:31 - 2016-12-06 22:31 - 03956368 _____ (Crystal Dew World ) C:\Users\Bryan\Downloads\CrystalDiskInfo7_0_4-en.exe
2016-12-06 22:24 - 2016-12-06 22:24 - 00002113 _____ C:\Users\Bryan\Desktop\aswMBR.txt
2016-12-06 22:24 - 2016-12-06 22:24 - 00000512 _____ C:\Users\Bryan\Desktop\MBR.dat
2016-12-06 22:20 - 2016-12-06 22:20 - 00530188 _____ C:\WINDOWS\Minidump\120616-38609-01.dmp
2016-12-06 22:20 - 2016-12-06 22:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-06 22:19 - 2016-12-06 22:19 - 883275267 _____ C:\WINDOWS\MEMORY.DMP
2016-12-06 22:18 - 2016-12-06 22:18 - 05200384 _____ (AVAST Software) C:\Users\Bryan\Downloads\aswmbr.exe
2016-12-06 22:09 - 2016-12-06 22:10 - 00123827 _____ C:\Users\Bryan\Desktop\Addition.txt
2016-12-06 22:08 - 2017-01-05 18:00 - 00020291 _____ C:\Users\Bryan\Desktop\FRST.txt
2016-12-06 22:07 - 2017-01-05 18:00 - 00000000 ____D C:\FRST
2016-12-06 17:43 - 2017-01-04 11:41 - 02418176 _____ (Farbar) C:\Users\Bryan\Desktop\FRST64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 17:59 - 2016-08-09 07:54 - 00002346 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
2017-01-05 17:53 - 2016-08-09 07:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-05 17:53 - 2016-08-09 07:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-05 17:51 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-05 17:31 - 2016-03-09 09:17 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\360WD
2017-01-05 17:22 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-05 17:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-04 22:57 - 2016-08-09 07:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-04 11:56 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-04 11:44 - 2015-09-24 12:44 - 00000000 ____D C:\Program Files (x86)\GameVox
2017-01-04 11:44 - 2012-06-18 22:06 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Temp
2017-01-04 11:31 - 2010-03-31 13:59 - 00000000 ____D C:\Users\Bryan\Desktop\Stuff
2017-01-04 08:05 - 2010-05-26 14:00 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-04 08:03 - 2011-03-22 23:25 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-04 08:03 - 2010-03-30 10:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-30 22:14 - 2015-09-10 20:19 - 00042869 _____ C:\Users\Bryan\Desktop\2016 Ledger.ods
2016-12-30 20:56 - 2016-07-16 20:51 - 00044859 _____ C:\Users\Bryan\Desktop\Budget.ods
2016-12-30 20:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-30 20:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\System32
2016-12-30 08:53 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-29 18:33 - 2016-11-16 10:29 - 00000000 ____D C:\Users\Bryan\Downloads\Cloverfield (2008) [1080p]
2016-12-29 18:22 - 2010-03-30 10:11 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow
2016-12-24 09:22 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-24 01:30 - 2010-05-01 19:04 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\vlc
2016-12-23 12:56 - 2016-08-09 07:32 - 00000000 ____D C:\Users\Bryan
2016-12-23 12:48 - 2010-04-01 12:17 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\Skype
2016-12-19 18:34 - 2010-03-31 11:03 - 00000000 ____D C:\Users\Bryan\.gimp-2.6
2016-12-19 18:33 - 2010-03-31 11:04 - 00000000 ____D C:\Users\Bryan\AppData\Roaming\gtk-2.0
2016-12-18 02:18 - 2014-09-05 00:05 - 00000000 ____D C:\Program Files (x86)\Glyph
2016-12-18 01:35 - 2014-09-05 00:05 - 00000000 ____D C:\Users\Bryan\AppData\Local\Glyph
2016-12-17 09:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 09:15 - 2016-08-09 07:31 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 09:15 - 2016-08-09 07:31 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-17 09:15 - 2016-07-16 01:04 - 45875200 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-15 18:23 - 2012-07-05 10:25 - 00000000 ____D C:\Users\Bryan\Desktop\Important stuff
2016-12-15 00:38 - 2014-09-05 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-12-15 00:38 - 2014-09-05 00:05 - 00000000 ____D C:\ProgramData\Glyph
2016-12-14 21:28 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-14 20:47 - 2013-09-23 13:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 19:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 18:40 - 2016-08-09 07:31 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-14 12:53 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-14 09:31 - 2016-08-09 07:24 - 00243520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 00:28 - 2016-08-09 07:24 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 00:28 - 2016-08-09 07:24 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-14 00:28 - 2016-02-14 19:02 - 00002185 _____ C:\WINDOWS\BRRBCOM.INI
2016-12-14 00:27 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 00:27 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 00:27 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-13 18:10 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 18:05 - 2013-07-18 12:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 18:02 - 2010-04-03 22:30 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 10:40 - 2016-10-26 09:25 - 00008264 _____ C:\WINDOWS\setupact.log
2016-12-12 09:57 - 2016-08-09 07:32 - 00000000 ___RD C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-12 09:57 - 2015-11-11 23:27 - 00000000 ____D C:\Users\Bryan\AppData\Local\SquirrelTemp
2016-12-11 18:56 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:56 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 02:41 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-10 22:08 - 2016-08-09 07:32 - 00524288 ___SH C:\Users\Bryan\NTUSER.DAT{8939d2a3-5e34-11e6-b4ac-cc86332f2e5a}.TMContainer00000000000000000001.regtrans-ms
2016-12-10 22:08 - 2016-08-09 07:32 - 00065536 ___SH C:\Users\Bryan\NTUSER.DAT{8939d2a3-5e34-11e6-b4ac-cc86332f2e5a}.TM.blf
2016-12-10 18:16 - 2010-03-30 10:18 - 00000000 ____D C:\Users\Bryan\AppData\LocalLow\Microsoft
2016-12-10 17:08 - 2015-11-09 10:21 - 00000000 ____D C:\Users\Bryan\Desktop\Pics
2016-12-10 16:53 - 2016-08-09 07:31 - 01301518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-10 16:53 - 2016-07-16 06:49 - 01055170 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-10 16:53 - 2016-07-16 06:49 - 00240778 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-10 16:49 - 2016-08-09 08:14 - 00000174 ___SH C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-10 16:49 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 16:49 - 2010-03-30 10:11 - 00000282 ___SH C:\Users\Bryan\Downloads\desktop.ini
2016-12-10 16:49 - 2010-03-30 10:11 - 00000282 ___SH C:\Users\Bryan\Desktop\desktop.ini
2016-12-10 16:49 - 2010-03-30 10:11 - 00000174 ___SH C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Searches
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Saved Games
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Links
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Favorites
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\Contacts
2016-12-10 16:49 - 2010-03-30 10:11 - 00000000 ___RD C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-10 16:48 - 2016-07-16 01:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-10 13:01 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 13:01 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 09:21 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-07 01:50 - 2016-06-05 00:54 - 00000000 __SHD C:\$360Section
2016-12-07 01:50 - 2016-03-09 09:31 - 00000000 ____D C:\ProgramData\360Quarant
2016-12-07 00:23 - 2016-03-09 09:17 - 00000000 _RSHD C:\360SANDBOX
2016-12-07 00:21 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files
2016-12-06 22:17 - 2010-04-14 22:00 - 00000000 ____D C:\Program Files (x86)\Vuze

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-30 08:53

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bryan (05-01-2017 18:04:52)
Running from C:\Users\Bryan\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-09 13:01:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3534269808-1485983137-1280583553-500 - Administrator - Disabled)
Bryan (S-1-5-21-3534269808-1485983137-1280583553-1000 - Administrator - Enabled) => C:\Users\Bryan
DefaultAccount (S-1-5-21-3534269808-1485983137-1280583553-503 - Limited - Disabled)
Guest (S-1-5-21-3534269808-1485983137-1280583553-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3534269808-1485983137-1280583553-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 9.0.0.1069 - 360 Security Center)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
And Yet It Moves 1.2.0 (HKLM-x32\...\{0CA6F2DA-0DCB-4627-8A0C-858E3833769F}_is1) (Version: - Broken Rules)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
AppLogLibSetup (x32 Version: 1.0.2.0 - Brother Industries Ltd.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Atlas Reactor Live (HKLM-x32\...\Glyph Atlas Reactor Live) (Version: - Trion Worlds, Inc.)
AutoREALM Version 2.2.1 (HKLM-x32\...\AutoREALM_is1) (Version: - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bastion (HKLM-x32\...\Bastion_is1) (Version: - )
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Inc/Warner Brothers)
Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version: - Rocksteady)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Braid (Version 1.015) (HKLM-x32\...\Braid_is1) (Version: - )
BrLauncher (x32 Version: 1.1.6.0 - Brother Industries Ltd.) Hidden
BrLogRx (x32 Version: 1.0.1.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (x32 Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (x32 Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (x32 Version: 1.0.5.2 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (x32 Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Character Builder (HKLM-x32\...\{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}) (Version: 1.10.0000 - Wizards of the Coast)
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)
Citra Edge (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\citra) (Version: 0.1.83 - Citra Development Team)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Cockatrice (HKLM-x32\...\Cockatrice) (Version: - )
Cogs (HKLM-x32\...\Cogs) (Version: - )
ControlCenter4 (x32 Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (x32 Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crayon Physics Deluxe version 55 (HKLM-x32\...\{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
Crypt of the NecroDancer (HKLM-x32\...\Steam App 247080) (Version: - Brace Yourself Games)
CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DeviceDetect (x32 Version: 1.0.3.4 - Brother Industries Ltd.) Hidden
DFOLauncher (HKLM-x32\...\DFO) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: 0.11.0.9359 - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
D-Link AirPlus G Wireless LAN Adapter (HKLM-x32\...\{111B8587-C888-4B7B-A20D-8CC767437A90}) (Version: - )
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FocalBlade 2.0 Demo Plugin (HKLM-x32\...\FocalBlade 2.0 Demo Plugin_is1) (Version: - The Plugin Site)
Gameforge Live 2.0.11 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.11 - Gameforge)
GameVox 0.18.4.56 (HKLM-x32\...\{d1b6d93c-44b5-4130-bff4-95c9b6d141d3}) (Version: 0.18.4.56 - GameVox LLC)
GameVox 0.18.4.56 (x32 Version: 0.18.4.56 - GameVox LLC) Hidden
Gauntlet™ (HKLM-x32\...\Steam App 258970) (Version: - Arrowhead Game Studios)
Gigantic Installer (HKLM-x32\...\{fb714f96-ecf3-484b-b780-edbd9e241da7}) (Version: 1.0.0.2 - Motiga Inc.)
Gigantic Launcher (64-bit) (Version: 1.3.0.1 - Motiga Inc.) Hidden
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gpg4win (2.1.0) (HKLM-x32\...\GPG4Win) (Version: 2.1.0 - The Gpg4win Project)
Grey Cubes (HKLM-x32\...\Steam App 371500) (Version: - Deion Mobile)
GTK+ Runtime 2.14.7 rev a (remove only) (HKLM-x32\...\GTK 2.0) (Version: - )
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Guardians of Graxia (HKLM-x32\...\Steam App 90500) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HEX 1.0 (HKLM-x32\...\{6EDED3CB-CAC5-4200-A534-CCA1732EAF23}_is1) (Version: 1.0 - Gameforge4d)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HowToGuide (x32 Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HP Button Manager (HKLM-x32\...\{7390FC95-D842-448A-A3A2-C8DC89AEB83A}) (Version: 1.6.0.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
InFlac 1.1.1 (HKLM-x32\...\InFlac) (Version: 1.1.1 - Michael Facquet)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jamestown: Legend of the Lost Colony (HKLM-x32\...\{DC76D52B-1266-4A73-9020-02694193B907}) (Version: 1.0.1 - Final Form Games)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Landmark Beta (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 1.0020 - Riot Games) Hidden
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.0 - LOOT Development Team)
Magic Duels (HKLM-x32\...\Steam App 316010) (Version: - Stainless Games Ltd.)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
MechWarrior Online (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Minimum (HKLM-x32\...\Steam App 214190) (Version: - Human Head Studios)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
MTX (HKLM-x32\...\{6583D00E-0924-4950-8BE9-5D09FE70B333}) (Version: 1.0.0 - mektek.net)
Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
Natural Color Pro (HKLM-x32\...\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}) (Version: 1.00.0005 - )
NetworkRepairTool (x32 Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29375 - Grinding Gear Games)
PC-FAXReceive (x32 Version: 1.3.8.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (x32 Version: 1.0.4.5 - Brother Industries Ltd.) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PicPick (HKLM-x32\...\PicPick) (Version: 2.3.0 - Wiziple)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.6.6 - )
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts Demo (HKLM-x32\...\Steam App 3840) (Version: - Double Fine)
Puzzle Bots v1.0 (HKLM-x32\...\{12B839E5-8271-4888-B19F-4811A8D8770F}_is1) (Version: - Wadjet Eye Games)
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
RemoteSetup (x32 Version: 3.8.0.0 - Brother Industries Ltd.) Hidden
Reus (HKLM-x32\...\{D991ED13-3BDE-40B9-9C7D-C459E342C0D5}_is1) (Version: 1.3.1.0 - Abbey Games)
Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version: - Crystal Dynamics)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Sanctum (HKLM-x32\...\Steam App 91600) (Version: - Coffee Stain Studios)
ScannerUtilityInstaller (x32 Version: 1.0.0.0 - Brother) Hidden
Shadowgrounds 1.05b (HKLM-x32\...\Shadowgrounds_is1) (Version: - Frozenbyte, Inc.)
Shadowrun Returns (HKLM-x32\...\Shadowrun Returns_is1) (Version: - Harebrained Holdings)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version: - Harebrained Schemes)
Shadowrun: Hong Kong - Extended Edition (HKLM-x32\...\Steam App 346940) (Version: - Harebrained Schemes)
Shatter (HKLM-x32\...\{84D008A6-8159-442E-8FD8-0148EF42F3E0}) (Version: 1.0.5 - Sidhe Interactive)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.46 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.12.2920.4 - Hi-Rez Studios)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
StatusMonitor (x32 Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
Tales of Zestiria (HKLM\...\Steam App 351970) (Version: - BANDAI NAMCO Studio Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
Terrorhedron (HKLM-x32\...\Steam App 299720) (Version: - Dan Walters)
The Darkness II (HKLM-x32\...\The Darkness II_is1) (Version: - )
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1) (Version: 1 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - )
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
Trine 1.09 (HKLM-x32\...\Trine_is1) (Version: - Frozenbyte, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
UsbRepairTool (x32 Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
VVVVVV version 2.0 (HKLM-x32\...\{C39601A7-9FF4-4148-A41B-93181E35D122}_is1) (Version: 2.0 - Terry Cavanagh)
WinDirStat 1.1.2 (HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\WinDirStat) (Version: - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
wolfman-x (HKLM-x32\...\wolfman-x) (Version: - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.262 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C6896E-B9B8-41AE-A29A-21736796C03D} - System32\Tasks\{C5EF7A5E-A71D-4612-B1EF-EF01324E83B7} => pcalua.exe -a C:\Users\Bryan\Downloads\XBOX360Eng.exe -d C:\Users\Bryan\Downloads
Task: {05B1E339-F4C9-4517-B722-89D06C5F9283} - System32\Tasks\{45B9A611-6A72-478B-8D97-9CA8C093E8C9} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {0CB7E6D1-1090-416D-B413-5ABAA6A9A786} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {122B7A12-C9DB-4645-A1D8-1EED56795338} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17FF28B4-01CF-48DF-9FD3-9D44C98FAE58} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {186653D0-2616-474D-822A-BA7717C06468} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {265F771F-4B79-4DA7-AC8C-4FD4EBBB4C26} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {2C94A6AC-4E94-49AA-BFEC-CA6715D5838F} - System32\Tasks\{1346A54B-F643-49CA-A380-C2712D7819C1} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\07 CB_Oct_2009.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {34DFE721-5B05-4151-8B49-2B15AD35F39D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {37723692-5D04-4540-97C0-78E7E80FFEAE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {39776033-3639-4CFF-B3F0-D3E166186F2A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4852CF62-AECB-4107-8218-CD5AFF616C58} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49D19FFA-B5B7-4AD1-A9B7-7DD463033CE5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A55BBC8-0419-4456-872E-360B9BC11EEE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {571FE537-F861-4706-AE97-CC121265D995} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5BFCE883-EF1C-4824-A392-6D09E5F54BBF} - System32\Tasks\{AA7EEC8E-BF7E-4C73-8E64-90A32D5C2A1A} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\09 CB_Jan_2010.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {624DB11D-9A48-4054-A438-E538962C7346} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {62CE3F92-9560-4354-9AAC-B4E1766A97E5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6848E300-9948-42C2-8B0A-C438060CC47A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B9891DA-A55C-4A43-80FB-2313C0F228A5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7D7CA63D-FABA-4AF6-B2E7-218561B58CFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83A238BD-45C6-41D0-9C4A-BDC07A1CC9E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {848C5324-075C-467C-A726-19657AE71E55} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8C645592-6934-4799-87D2-75E17790E39C} - System32\Tasks\{852D79DA-9E6D-43AE-BA09-691A1176B8FA} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\08 CB_Nov_2009.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"
Task: {8F019CD9-7319-4344-A511-3923CE659744} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {9084C9CB-5B7F-4B64-B362-5ED7C9DCD0FA} - System32\Tasks\{48F2B6BC-1E5A-4182-AE0E-81B6E1EEF2D7} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Mass Effect 2 Full DLC Pack 2011 -illiria\DP_Setup.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Mass Effect 2 Full DLC Pack 2011 -illiria"
Task: {9C7B6025-EAE0-4D78-A7DC-A49F25504B4A} - System32\Tasks\{4E8710E2-664D-498F-90C0-4B8CEBC28AF6} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/12910
Task: {AD4D3F7F-1D77-425D-B26C-3B782769013F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {AF650805-499B-4717-817B-54ED677A76A0} - System32\Tasks\{B9E7CB81-77BB-4FDA-9A2C-ED13CC009FBE} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\alien swarm\bin\addoninstaller.exe" -d "c:\program files (x86)\steam\steamapps\common\alien swarm" -c /register
Task: {B77FA3C9-F4A0-4C8B-992B-7BD7062C91AA} - System32\Tasks\{EA03FC6D-E036-49A6-BDF4-640D8C123B6F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {B9C2E9A6-1EB9-49B3-A703-1402FCAC6EA9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {DB399A18-9BFA-4FC3-905E-155F9BB8F6EA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E46180A8-9666-4547-AE86-3E99A18B8A88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5250716-C46E-42C2-8A19-99388F88F6A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1DD8418-E09C-468F-8D34-004E1185B32A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F86A213F-DE25-47C3-BA16-D5DF653C4E0F} - System32\Tasks\{E2321764-CBCB-4E30-8CD4-553A205566D2} => pcalua.exe -a "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder\01 CB_Apr_2009.exe" -d "C:\Users\Bryan\Documents\Vuze Downloads\Dungeons &amp; Dragons - Character Builder"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 17:56 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-09 07:27 - 2016-03-21 21:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-02 10:20 - 2011-03-02 10:20 - 00224256 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2016-04-25 10:16 - 2016-03-24 00:35 - 00368184 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-14 19:02 - 2005-04-22 13:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-12-13 17:56 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-09 08:18 - 2016-08-09 08:18 - 00959168 _____ () C:\Users\Bryan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-05-02 09:08 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2017-01-04 08:12 - 2017-01-04 08:12 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-09-20 22:20 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 17:56 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-11-10 00:33 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 00:33 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 00:33 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 00:33 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 00:33 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-10 00:33 - 2016-11-02 05:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-11-10 00:33 - 2016-11-02 05:13 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-09-29 21:34 - 2016-09-15 12:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-20 22:20 - 2016-09-07 00:36 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-12-13 17:47 - 2016-12-13 17:47 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-12-14 18:24 - 2016-12-14 18:25 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 18:24 - 2016-12-14 18:25 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-03-09 09:17 - 2016-11-25 07:35 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00208384 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2011-03-02 10:11 - 2011-03-02 10:11 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2011-03-02 10:16 - 2011-03-02 10:16 - 00073216 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2011-03-02 10:17 - 2011-03-02 10:17 - 00603136 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-03-02 10:13 - 2011-03-02 10:13 - 00048640 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-04-25 10:16 - 2016-03-24 00:35 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\123simsen.com -> www.123simsen.com

There are 7545 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2010-12-29 17:20 - 00428463 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com

There are 14741 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bryan\Desktop\Pics\Keepers\New Orleans 10-2015\IMAG0147.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bryan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: C3 => C:\Program Files (x86)\Vivox\C3\c3.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\Bryan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\StartupApproved\StartupFolder: => "GameVox.lnk"
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{9E566EC4-B07A-48A8-9591-95E69F7E1266}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{9092EA15-0FFB-445C-B7DE-47685B75F530}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{08122964-936D-4D84-AAA4-BA6ACFC45B21}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{E8D03A6D-82F1-46BE-8AE2-4BD4D8FF82DA}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{76E601CD-1552-4750-82FC-F5C5A5BE78A4}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{762E0C23-15C1-4124-A575-51D98A9E11A0}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{8DDA7BAD-C1DF-4523-B664-B7FC527E08B1}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B5790F62-6704-4FBE-B077-CE0C7F98C4FE}] => C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{18CEBEEE-6437-46CF-A519-8D66B90851CC}] => C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{ED650210-475C-44B3-A183-02F40D3BE1F0}] => C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{603D3FDF-2DF2-40E4-8220-DB4BCCFC83E2}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{E72591A9-DDF4-4D89-ABB0-D83349FB27D1}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{BF504995-1C75-4C86-9FB6-34463C5295AD}] => C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{70FCDB59-3668-4EED-9B55-A5301FBE73EE}] => C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{D9D1185D-506D-4EB1-942D-B212A093A4D1}] => C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{35DE6871-869C-49EE-AF15-2FEA0A854B4D}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{55E6FC19-C522-4B85-8D81-C73467A316D1}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{D0E9B37C-DEE1-4D03-98B1-51EACB25A7DF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{B5293982-D661-4FE9-B0A8-3A641A5CA624}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{39664CC1-4E67-443D-9FFD-7CB38679E3C0}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{4C48D48E-9211-4F9A-96DD-BBA4EF92B26F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{6D2EB750-6B33-4FEA-88B7-1A7C7E28BF90}] => C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{05AE6CB3-349C-41C5-8584-34EF5EFD3418}] => C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{075FEC8B-6E4D-4CBF-8320-ADDF2DBF4053}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC178713-DFF0-4770-89B1-D50080EF2AEF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66E2E888-0495-467B-8F0A-382773990B87}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{0B026A64-46AD-4150-BE1E-C4B7A0F96C0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{503F90E6-E5B0-4AD3-BE36-41D7F19B3AB3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9B8276F7-808C-4D3D-A4D7-59E184DED9B4}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3F51B2E5-E86F-4BA7-B1E3-B8DAB090993E}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{02F80957-5EB0-436E-87D6-4227168645F4}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [TCP Query User{9ADE4919-4BB0-44EC-B2E3-FDED38404505}C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_91\bin\jp2launcher.exe
FirewallRules: [UDP Query User{A4F588E9-B2C9-46B2-A6BE-C562107AEEAF}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{3B001959-5CFF-47AD-9C72-38F5625BF88A}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [{A247CA7F-B597-4C9C-9836-204094337673}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71A64160-579C-449C-BB0D-E4EEC2C6600D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{1F57335E-3E17-4A7E-AED9-26A8178385FD}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{EFDD72A9-D6BE-4145-A654-1DBD9FCBA791}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{DD6A64A1-0883-417E-9389-E42CF77AD2F7}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{B4DA0C7E-4768-47C0-BF75-63804B8F1177}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{D466861B-7FFD-4A16-B2DC-786708773A73}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6F626A2B-EF2D-43C4-AFF0-1D25E33B6F2A}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{434756D2-F79C-4E2C-B81C-FFCF1C0E45BD}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2D082E90-5A70-4D10-BFB9-161917D73D4B}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [{3CAE2205-90F6-4721-8F4B-B8A46720B421}] => C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D7863F6D-2937-4ABF-A9C7-762D4089D18B}] => C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [UDP Query User{89DC9B87-EE47-4115-A2F0-1325A1409CCA}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{55661E35-A578-47C2-A96B-6145CF5808C9}C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [{6550343A-62BB-44A0-8DC6-9E607D0C811E}] => C:\Program Files (x86)\Steam\steamapps\common\GreyCubes\GreyCubes.exe
FirewallRules: [{471E32BC-2906-4CFC-B180-95077AB38F43}] => C:\Program Files (x86)\Steam\steamapps\common\GreyCubes\GreyCubes.exe
FirewallRules: [{BC821BCA-E3A7-49BD-B04B-E136B84E2DED}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BED30BB2-EBB3-41E1-93B6-599CD8AEB783}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{4147B5C8-E5B0-45A1-B9D8-902D0CC33FE7}] => c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{44AD2575-DA35-4BF9-8AB0-11D879605CF4}] => LPort=54925
FirewallRules: [{41D64912-84F6-4E80-A17F-76AC40AF2F9E}] => H:\Install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{DFF42BB2-28A3-48A0-8D27-E2EF6CBB1C3A}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{994B3964-0476-4A9A-9711-DAC5A3BD686F}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Hong Kong\SRHK.exe
FirewallRules: [{18A9C170-840D-4FC9-9886-8A91FAE60863}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{FEC087F1-9094-41A1-ADE6-EE409D832DA5}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{9136D434-E9D0-4684-9209-D4F6A85DF931}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{6785A6B5-EBA1-4530-93B4-6EEE7B13F893}] => C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{3F20995C-CCAD-4E25-A72D-E916A289D7D6}] => C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{EA59C345-E6EC-4028-B81C-9BA47240188A}] => C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{11939EDC-08DD-4734-94D4-DED455054EB0}] => C:\Program Files (x86)\Steam\steamapps\common\tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{618FD6B9-4479-433E-9384-80E4D89C2AC5}] => C:\Program Files (x86)\Steam\steamapps\common\tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [UDP Query User{798962EE-15E4-4868-BF1C-CC79057E5349}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{CD1F5F34-98AF-463D-99F5-50EB51B22B2D}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{E1D6D9F5-2595-4018-B364-82332D89D9AB}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9BDE7E94-0018-4014-80CC-028622CC8AD9}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B9C2ADD9-66E5-420C-A910-904787DFB8BA}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2DC518D2-61EE-49DB-90A8-9AAD437CADBB}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C8ECC68D-4C22-4B3A-998B-0C8F854490C7}] => C:\Program Files (x86)\Steam\steamapps\common\Terrorhedron\terrorhedron.exe
FirewallRules: [{802D1EF5-5AAD-4DD0-9FC4-18FE8043E11B}] => C:\Program Files (x86)\Steam\steamapps\common\Terrorhedron\terrorhedron.exe
FirewallRules: [UDP Query User{D59F117C-178A-4060-B743-0A74FF5A09A1}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{9B338196-9173-4F65-992F-6AFA22B47DED}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EFCBB1A7-70FA-47A1-A58B-FDBDC2475DE8}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{666411AE-82A2-4924-933B-EB20CF38E43B}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7E1D0833-1F1F-48C7-8EE8-1F776959F6F3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{A14A18D7-CF4F-4E96-B093-B592F1FBA43A}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{03C67C2D-7B87-4767-8433-7BE61A6FC990}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6B543A5F-822E-4C69-B9FA-9F4E1EB48F92}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{35E8104A-80E1-43EE-B0E0-59A5352D0583}] => C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5BDEDC1A-AD9B-44E9-B403-2A3A012D7EF2}] => C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [UDP Query User{39CD56F9-DABA-4034-92D9-7AD4004AD623}C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe] => C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe
FirewallRules: [TCP Query User{88368CA8-32EE-42D5-8AB7-82CE6365F40A}C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe] => C:\users\bryan\desktop\buddha\brutallegend_nosteam.exe
FirewallRules: [UDP Query User{7A1F51D1-3632-4B11-8BA9-E54517261E83}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [TCP Query User{2A05E62B-8C98-4A33-95BD-7EAC3B7746CD}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{77A268AF-91CB-4A92-92A3-2B07659CA7A6}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{A67342FB-DA71-4F53-AE7D-937A95E92E3A}C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => C:\users\bryan\desktop\games\lol\league of legends rads.clean\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [{A16F141D-8DE7-4BF7-8A02-9100A8EBEBF4}] => C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{20124EDE-FF02-4FD3-A19A-20ADDAE3A2E2}] => C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{716DB04A-DEDF-44B3-9C3F-384A49A65425}] => C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{BA61FB2E-14B2-489F-B947-3C16C5E62F10}] => C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{E6F110BD-B933-44ED-BFAC-A48FC1813A1E}] => C:\Program Files (x86)\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{611E2ED2-EF41-41E1-B1B9-1FE7C30BD7F1}] => C:\Program Files (x86)\Steam\steamapps\common\Gauntlet\binaries\gauntlet.exe
FirewallRules: [{D462D622-7424-420F-A6E9-A0A1DBACEA4C}] => C:\Program Files (x86)\Steam\steamapps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{25AF45A0-96B8-4A0A-B7F2-9947F121120F}] => C:\Program Files (x86)\Steam\steamapps\common\Minimum\Binaries\Win32\MinGame-Win32-F.exe
FirewallRules: [{1EF8459F-BE85-45B7-A773-DC07F3C873CA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E11CC037-C9FE-4719-B2F9-63C7FF5F499D}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{6EB512C9-5C4E-456F-A6B7-0A6EDBFFC86D}C:\program files (x86)\raidcall\raidcall.exe] => C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [TCP Query User{E638A225-13E3-4173-9451-95498EFB8561}C:\program files (x86)\raidcall\raidcall.exe] => C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{6AE8C68A-AB1A-4BD5-981F-44EF23D7C884}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8DD07586-7E40-40A3-B01B-9DCB27C4C8AF}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{96C60E76-977E-4AE0-8D2F-5AF68AFD7377}] => C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{6CAA783B-C9A8-43CB-904C-78C5D90A427E}] => C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{8364C997-6A39-429B-8D11-8C64060CD09B}] => C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{9286ADB7-4398-4D92-9D87-8F209D8C306E}] => C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [UDP Query User{21413504-E150-4082-A1A0-23A4321C976D}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{06F3700B-0D12-41AB-A7E0-0CB0B94CCB21}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0FD9C62D-42DA-48A5-8CB8-CF056E4717DB}] => C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{35911189-710F-446D-940E-CA9B9EC83D70}] => C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{84ACEAEE-87FA-4A15-907B-0854AF5D0FCD}] => C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{3F04CBFF-5728-409B-B456-1CF036D0748A}] => C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [UDP Query User{334B2E83-981B-408E-BE92-6153DD276216}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe] => C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [TCP Query User{F8D22EF4-9B63-4E94-B274-AEF53FE20BBF}C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe] => C:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{D6DF2DB6-AFEA-4CFF-B7E7-6727AF1D9E43}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{5D31DE24-EC07-42C2-B583-53C456DF82B7}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{FDA33696-0734-40EC-A931-B83F5AD12256}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{8DF8A7FE-02C3-4181-977E-54D62D4C5EE0}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{124566D7-35DC-4FE6-842A-3CDB8B2512A9}] => C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{BD77128A-B577-498D-92E6-067C42553BB1}] => C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{7EC214F6-A630-4976-8C83-5E008D6F2F6E}] => C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{5AD689C0-664F-4C9F-B42D-F0351B628B8E}] => C:\Program Files (x86)\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{97933098-53FC-4DD8-B205-B8FE0EB81EC6}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{2300E685-86C6-4D19-A4DD-F7175327EBF0}] => C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3 Blood Dragon\bin\FC3BDUpdaterSteam.exe
FirewallRules: [{E2D06D7E-A938-419B-B85A-F70958E04043}] => C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{89998022-A5F1-4FAC-A1D3-A0263985ECC8}] => C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{D4F8B765-715A-4640-A0DE-8A86AF3F86EE}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{F691A4D9-AF39-4103-B745-DB9F36224E20}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{B0F88646-504A-4A7B-950B-EED785C77567}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{E9E3196C-B6EB-4C9E-8184-871CE0F7CFB5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{96F0F257-96E1-40E4-A5B2-3CBD029F8551}] => C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{070EB91E-B6F5-4F71-A4F3-BCED83654097}] => C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [UDP Query User{2689827B-6FD0-4E75-A9F7-EC2772A80490}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [TCP Query User{C894BC77-3E49-454C-96ED-564F863561FB}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe] => C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe
FirewallRules: [{E1A4B4AE-A9BC-4673-88BE-61AD1DC46434}] => LPort=41780
FirewallRules: [{70B70EBF-2AD4-40E7-A949-5E410787BCB6}] => C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{5B4AE735-AFF4-402D-8BD9-B7E07D2B300A}] => C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{70501A5B-8B45-4E34-8F7B-21F1518837ED}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{C63F34E1-AA47-4A77-A50E-635C0491336B}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E6630FA5-217D-46F4-AD75-784B70D21ABC}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{EAC9FDCC-C217-444E-B908-E270D9E590BB}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{2A18F852-EF79-4D6E-9BE0-5354918596F2}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{FEB8D9CC-C745-4850-AD00-3F484A472535}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{E27A4E54-8D39-4982-AB7C-D71D6299D76F}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{EEFD95FC-19C9-4EE2-A821-B12A9B8C9119}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{B814655E-1174-49A3-8618-005535F2DEA3}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{6F18D558-5250-4213-813C-A6C06F98ACD0}] => C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{645FFBE9-A7F4-4493-8E53-F0D4ACC7A5F0}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{919D23F6-8514-4938-ABF3-E0F1CE985C86}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{8B89B26B-FF90-4BDD-984F-A000BBF5BEC4}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{8759C267-DC07-4A16-A8AB-F848A7F43101}] => C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0AA93C04-A152-45B5-8713-71C19F4B9E3A}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{08DA9E08-A80E-487D-9CC7-6192A82389F7}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{9D4734CE-041B-4E9D-9282-ABD99D0797EF}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{CFF74111-C8BB-4448-86C6-8D96DFB3147F}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [UDP Query User{D9F66DB9-9EBB-42A8-B468-A7E56EE5C3A0}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{B4386D80-A2C8-4AE0-ABAA-20E224DB2E7B}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{28871463-7E43-45FA-91D1-3949EF48D281}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{048BD6AE-726E-4AAD-AE50-1243BDE9079A}] => C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{EC73E2A6-6B64-4AB6-98DA-3B6D3C44D596}] => C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{CAA59CA1-AA5C-4D2D-A4E4-43C1020CDC86}] => C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{06F3B6F4-2E84-4E08-9FB9-5BFA59F0BDDE}] => C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{92AC38A5-CF73-4179-BDB1-769786FEB5B1}] => C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{48B63789-5FDA-4D5D-A07D-7679D783757E}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{3DCB33F0-B43D-4602-A894-E687017FA893}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{CF75BE7F-FB53-44AF-A6EE-D9F9CE595C17}] => C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{5A1070D0-F30F-4F7D-B199-2E1FB58082D8}] => C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{F66A788D-3577-429F-A45A-37D330F2DA39}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{A2AE031C-73A8-4DC9-A27D-947EECD51269}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [UDP Query User{260E5D78-F85D-4F3C-8B37-6399A2B663EE}C:\users\bryan\desktop\games\diablo iii\diablo iii.exe] => C:\users\bryan\desktop\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{3C2CA2C5-9307-4BE7-99CC-57CF34F9FF62}C:\users\bryan\desktop\games\diablo iii\diablo iii.exe] => C:\users\bryan\desktop\games\diablo iii\diablo iii.exe
FirewallRules: [{9A8AC6FF-764B-4471-A796-D1AC04B4F5D5}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{55108AEA-6854-4010-BF99-F48FF6FEA8A7}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{E5AC228F-12E9-486B-A9C8-4BF8EB0B7493}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{E498D5AE-C2E8-488D-B53B-DD19F778EDD3}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{C541E6F5-4458-4EB1-8873-043C981F5F8A}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{801E951F-C6A6-4D6E-AB44-4A3522356E3E}] => C:\Program Files (x86)\Steam\steamapps\common\Cities in Motion 2\CIM2.exe
FirewallRules: [{B37A1EF8-0339-45CF-B210-91E75A8A694A}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{437E4EEE-FE64-4EFB-95FD-5E49546F66DB}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{2B5F5E03-461F-4BA8-8196-774A5B462C88}] => C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{AD1D22C6-0DAA-4857-AE3B-90FF94CFF789}] => C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{35C5E7AC-795D-4611-94BB-06B4348CF27B}] => C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
FirewallRules: [{F6E11555-3E12-4D1A-9CC1-FED91097527B}] => C:\Program Files (x86)\Steam\steamapps\common\Orcs Must Die!\Build\release\OrcsMustDie.exe
FirewallRules: [{51FDD51D-3095-4A3D-B056-85625FF29DC1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DA487981-E544-4C29-B76B-B785F3AE4871}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{72448827-E1A9-4A13-8C8D-D40E64F13BFA}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{5F1AFCE7-A31F-42E7-B40B-366B1016159F}] => C:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{ACD6E62D-2B07-4FDB-BEC5-5E02BA2F7A4D}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{91950408-1004-4109-9756-2FD110451641}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{70D1B7C8-BD96-4E8F-812B-CDED40263C6C}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{18DE0414-E8EC-46E0-9ED7-EE9F8A5A9DA4}] => C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{84CBBD64-E939-4684-8614-37D7DDC4ED61}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{EAF912D8-C026-41B0-A7D0-16600352FC54}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{33226855-E53D-4AAC-949E-C52A8894A609}] => C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{997DC675-2DB0-4954-A1A1-984EAF29BDD8}] => C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{174FD12E-025A-417F-A984-5E1EE1956381}C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe] => C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{52479641-5794-424C-AFE6-04C703A47952}C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe] => C:\users\bryan\desktop\games\xcom\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{CF87F131-ECFE-4380-91C8-EAE38CB63CDB}C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe] => C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{5620B819-E770-492D-9C9C-B89F2DFDCDBC}C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe] => C:\users\bryan\desktop\games\shadowrun returns\shadowrun.exe
FirewallRules: [{B310331A-050E-4B39-B7F2-BFFA462A84C1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E398740C-904E-462B-9FE4-06728285BDE1}] => C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{92B937C8-88F3-4B60-A6C8-471453F1F619}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{D9C56EDF-A784-45D7-9E06-C1CEAAEEB8F3}] => C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{F05130D0-45A0-47B9-BE53-D57522F07E73}] => C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{E374A6AC-CA32-4DA3-AB40-6656E8AE7260}] => C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{D0F767E3-2937-4831-9697-00B91662FDEB}] => C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{89C14663-C5CD-475F-9396-ABF33C8C5505}] => C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{6CFA0D4F-5FDC-471F-B010-2B78EBFB905F}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{627A87B1-7DC2-49D0-9236-479D62177775}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [UDP Query User{416DADD7-B24C-4598-BDB6-EDA1189C7DFE}C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe] => C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [TCP Query User{16D04A8E-E273-41A7-800A-CAA529AF3463}C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe] => C:\users\bryan\desktop\games\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{EC4EC9E3-73F6-49D2-8D72-95003B4ADF51}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{7F428D11-6572-4077-BC26-641528542151}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{00F4757D-10EF-4BE5-A34B-780A60F7BA18}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [TCP Query User{4129A878-90F3-4695-B5C7-0C1F91A2A5FB}C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe] => C:\program files (x86)\gazillion entertainment\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe
FirewallRules: [UDP Query User{9A5E8F79-E8AF-4C9A-B01D-676D4F0016D1}C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe] => C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{615BD100-37E7-4F79-81CB-94729B68A651}C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe] => C:\users\bryan\desktop\games\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{35AD4802-8C83-4B07-B452-A0B7356B0BC9}] => C:\Users\Bryan\Desktop\Games\StarCraft II\Versions\Base24944\SC2.exe
FirewallRules: [UDP Query User{A171F493-7C7F-4E48-AC37-77501E87558E}C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe] => C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [TCP Query User{C14C52DF-3EF8-44C1-AA02-4C2261D3EC25}C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe] => C:\users\bryan\desktop\games\starcraft ii\versions\base24944\sc2.exe
FirewallRules: [{C0DD6ECA-BEE9-4716-A20A-280A79DB58CB}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{0F6B0BAC-BDA8-46C4-9316-E9C67CA3AD6B}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{9EA21BE7-1646-4C18-910F-4832F6CAA166}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{18AC3981-DBB5-4850-B541-846F6951F757}] => C:\Users\Bryan\Desktop\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{0266900B-959B-4023-8B24-47B19D00864D}] => C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{9D2D0D67-000C-46B6-9243-FFF2FFCCDFFB}] => C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [UDP Query User{4308CA1B-9504-46D7-855D-AF6F4618BF9A}C:\users\bryan\desktop\games\american mcgee's alice\alice.exe] => C:\users\bryan\desktop\games\american mcgee's alice\alice.exe
FirewallRules: [TCP Query User{20705DE3-DB4D-4867-9C8F-8C011B163C3C}C:\users\bryan\desktop\games\american mcgee's alice\alice.exe] => C:\users\bryan\desktop\games\american mcgee's alice\alice.exe
FirewallRules: [UDP Query User{EFEDF1EE-E3A3-4AA7-8482-5C5DAC107923}C:\games\dragon age origins\bin_ship\daorigins.exe] => C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{7D43BB66-71AA-49EF-89E9-61C603B8E4A0}C:\games\dragon age origins\bin_ship\daorigins.exe] => C:\games\dragon age origins\bin_ship\daorigins.exe
FirewallRules: [{3B537105-2EB1-433D-BAE1-E6C372315CE0}] => C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{30BC539D-A754-4FA3-8CCC-AE711406FF75}] => C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{8FC3D814-3A30-406F-94F7-FF52E711E4B0}] => C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{651F1A35-0995-4DED-A109-62F9E1E777EA}] => C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{2466B98D-7BC7-4033-9DFF-FE778BAE340E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97F8D1AD-CE0B-4603-AC5B-C237A16334B8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{E112F174-7F42-491C-80E5-6FD1A1323EAE}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F2F35F4F-F4CD-4AAE-9548-6F4C1D897993}C:\users\bryan\appdata\roaming\spotify\spotify.exe] => C:\users\bryan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0DEC6317-9CAB-4859-997F-8DB11F32458D}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{95B3D747-1FB0-41ED-AB31-DA75B8618BD6}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{FBC3B58E-1941-467B-9F52-B6C104ACC713}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{B6734C83-96F8-4B63-A8DE-23D143C78CAC}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [UDP Query User{0513B191-C2A8-4796-8CAF-18242FD96C54}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe
FirewallRules: [TCP Query User{354218D4-6588-40B9-AA97-0FC2DCC35D58}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{A22C708E-4CD8-4EFD-96BC-54F2D5BD95BF}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{81FC9BE9-98EF-4AE1-B437-756945BBB513}C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\revolt-srttc3\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{A3595B56-8A14-4415-9EC6-7EBCDC6B25FE}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [TCP Query User{65B1A8B1-9B6C-4668-9263-D5E243C0F260}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe] => C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe
FirewallRules: [{8428D6A3-A4F7-4C1B-90E9-09E80BAC6D37}] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [{AD5A956B-A58C-4138-9BDE-BA123FAC8FB8}] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [UDP Query User{A68FB468-CD63-40D4-9B92-75F1FFA0653B}C:\users\bryan\desktop\games\zsnes\zsnesw.exe] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [TCP Query User{1A7BD4A1-12A5-411C-A26A-085A905D8011}C:\users\bryan\desktop\games\zsnes\zsnesw.exe] => C:\users\bryan\desktop\games\zsnes\zsnesw.exe
FirewallRules: [{2659B2B8-0350-4B81-AB60-41541535F513}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{E9E9FA3F-DCEC-4CCC-8AAD-863F9A9BBE68}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [UDP Query User{D618277B-A9BB-41EB-9222-56361FB67BA4}C:\programdata\battle.net\agent\agent.1363\agent.exe] => C:\programdata\battle.net\agent\agent.1363\agent.exe
FirewallRules: [TCP Query User{E9CB6109-006B-4E82-859D-1160A63436A7}C:\programdata\battle.net\agent\agent.1363\agent.exe] => C:\programdata\battle.net\agent\agent.1363\agent.exe
FirewallRules: [{B2E534E0-7029-46DD-BC64-3898FD902DED}] => C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6D75354D-26C5-418A-8FE8-75838164F075}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [TCP Query User{6A67094C-9BF4-4978-9642-1F6EE9F2FCC0}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{EEFD4C0F-4AA6-4526-AE77-C5FC519AF44D}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{10D848E5-57C3-4AE9-8FCA-6B0CD147603B}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{B1B5E204-C7BB-4547-983A-B19168CBDEC8}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{06B3132D-E85F-4D49-A717-F2D52D6E9861}] => C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{7EFCD947-AC8F-4F67-8BE4-5CD96FA9FA55}] => C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [{75441330-B6EA-45CB-BB98-81FEF7452CA7}] => C:\ProgramData\Battle.net\Agent\Agent.1225\Agent.exe
FirewallRules: [UDP Query User{68367603-BE2E-4A8B-ADF2-0921BCC1B4E7}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{90382EC0-F081-48D2-8AFD-52CF157E3156}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7EE6CD41-AC92-48A9-9822-AC8A5802BF0E}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{9D3E8C14-AA59-4F4F-97AE-D6DE695D8F85}] => C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe
FirewallRules: [{82700A77-55EA-4C0C-87CF-8024BA919DD2}] => C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [{163A5991-5D3A-45BF-A442-4281BCD095DD}] => C:\Program Files (x86)\Steam\steamapps\common\Quantum Conundrum\Binaries\Win32\TryGame-Win32-Shipping.exe
FirewallRules: [UDP Query User{5462DBCB-F5C2-4B45-97D0-D5C9A5440F07}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{F5C989F3-9B7A-4626-AF53-11E0511E0C50}C:\program files (x86)\java\jre7\bin\java.exe] => C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{B4C99863-FA53-464A-AD21-E78E5FF147F3}] => C:\Program Files (x86)\Steam\steamapps\common\risen\bin\Risen.exe
FirewallRules: [{D5F3B9F3-56E8-4774-8B8F-C853FCC80192}] => C:\Program Files (x86)\Steam\steamapps\common\risen\bin\Risen.exe
FirewallRules: [{8914ED7E-89F7-4DD9-A9E0-D96CB9A5DF43}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{41697514-D0B0-4D50-BB64-EAFE281EC0C2}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{D6B98206-8C83-4B84-AAA5-78816B229B1D}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [TCP Query User{F41E1B22-104B-46A9-88C5-9DC319AE78FA}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [UDP Query User{3503C39D-0C50-47D0-B06A-FAA56160FDD0}C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe] => C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe
FirewallRules: [TCP Query User{E85F5DE2-2B33-42BC-B6A8-D2679A2BE6AE}C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe] => C:\users\bryan\desktop\old computer stuff\program files\utorrent.exe
FirewallRules: [UDP Query User{0757A4C3-FE4E-498B-A7C9-E6D1A97AB1D9}C:\program files (x86)\java\jre6\bin\javaw.exe] => C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{9F2EC895-A678-4E41-920B-79793C880048}C:\program files (x86)\java\jre6\bin\javaw.exe] => C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{F3B4B097-4B46-4B60-AC29-D9691F0643F5}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{B0755C08-56DF-4608-872F-60BE4972B9D6}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [{C6D8F762-861C-41FA-8252-87F2907D919F}] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{58A28F31-46EB-43B7-AE7F-3965E84ABC67}] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [UDP Query User{2E88636A-1A25-459E-8F0A-EC19AF2D4B93}C:\programdata\battle.net\agent\agent.1040\agent.exe] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [TCP Query User{89B3696F-A2F7-4061-A3EE-5EC67E479E74}C:\programdata\battle.net\agent\agent.1040\agent.exe] => C:\programdata\battle.net\agent\agent.1040\agent.exe
FirewallRules: [{63E5A8C8-C2F6-400A-BEE9-204F842D8CC8}] => C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe
FirewallRules: [{98247830-E9D1-441A-B6CC-D9C33D9E40CF}] => C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe
FirewallRules: [{A9770BBD-BC42-4AAF-98E7-B4400C865B8A}] => C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{F4B92E5E-AA68-42B8-8150-1372E20B9CD9}] => C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{F8805339-783C-4B89-825D-E8DF4339423E}] => C:\Users\Bryan\Desktop\Games\Diablo III\Diablo III.exe
FirewallRules: [{AF4C7476-1286-40E0-8AB0-0F53ED8C604F}] => C:\Users\Bryan\Desktop\Games\Diablo III\Diablo III.exe
FirewallRules: [{DE2FE3BB-375A-4866-93C0-121066431C92}] => C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{884454D1-84EF-4D26-B98A-8E2C7376F6AD}] => C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{18AABB47-D377-4CA2-93A4-A3537F2F405A}] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [{90E2EDCE-64A4-43A1-86F9-5245B9FB1E45}] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [UDP Query User{2529E915-527D-4CF4-B2F4-EB0CC8004049}C:\programdata\battle.net\agent\agent.913\agent.exe] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [TCP Query User{207E5950-6A72-4C06-BDFB-AF546AC269A8}C:\programdata\battle.net\agent\agent.913\agent.exe] => C:\programdata\battle.net\agent\agent.913\agent.exe
FirewallRules: [{768848AE-4700-4AFB-94F7-AEB441F121A0}] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{45DC97A7-AD93-4260-8709-B8BB5CBD4509}] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [UDP Query User{2189E65C-56E9-4E22-9921-D14332D39425}C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [TCP Query User{C7D28AB0-2C1D-4B45-9AE6-BE4A22CF4A67}C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe] => C:\users\bryan\downloads\diablo-iii-8370-enus-installer-downloader.exe
FirewallRules: [{F284799B-10D7-412A-9AEA-26B09B7C49D6}] => C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{4CB8DA33-87F8-4D25-83C7-D643D7C27B4B}] => C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{255120CD-3A79-43B8-9C21-CAD1B19BBD47}] => C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{DA89BB9F-F039-4A84-BFCE-BEFB395E4468}] => C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{1246314F-5CC7-4758-A6C8-C9FC08116073}] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [{7EBF384C-5F80-49D7-A165-C7AD2AD1FB0D}] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [{4C53DA91-F98C-47F4-B922-B49F1AF971A7}] => C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{3B5A8567-00A0-4F8F-B085-7B3AD33B1B75}] => C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [UDP Query User{36666E71-C065-45AD-B4C0-F7C0374E82FC}C:\programdata\battle.net\agent\agent.515\agent.exe] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [TCP Query User{FE28B2CD-FB48-48FC-8320-A262B85E32E1}C:\programdata\battle.net\agent\agent.515\agent.exe] => C:\programdata\battle.net\agent\agent.515\agent.exe
FirewallRules: [{AC5DF75C-0AD3-447F-8A56-6EBCD8727BD8}] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [{B36332A3-4F65-4FFA-887B-DAD99CAF1103}] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [UDP Query User{009306FF-7EE3-4AD3-8B65-56BED9E611C9}C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [TCP Query User{6847E9B4-8AD7-480A-8448-29D5B63595DD}C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe] => C:\users\bryan\desktop\games\rock of ages\binaries\win32\roa.exe
FirewallRules: [{A4CC5867-F34A-4B34-902A-453B749FEE15}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat
FirewallRules: [{366E23FC-1E66-42F2-B58D-CF5F86CBDEC5}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat
FirewallRules: [{A96D9A3A-D008-4237-9015-43864FD98FDB}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe
FirewallRules: [{7CF2AF8E-3DA5-449B-AE04-97A2042866BE}] => C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe
FirewallRules: [{5CEDDA55-2EA9-40EF-A024-2DADA8675E69}] => C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{0D674119-30CC-4250-B662-F8467CCE6AAD}] => C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{449D4B69-4C02-4FF5-8FB5-AE9A04206655}] => C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{1EBD32CC-5EBD-41DE-837D-6BFC0FEA31D9}] => C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{A32BDF1F-763C-4BE3-9480-C37C168070A0}] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{F88706F4-235A-4856-B7DA-AEC16EB1AFFF}] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{F2F9F55C-6D6E-45D3-8D72-C070554E05C0}C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{26157C2B-1A6C-41B6-BABF-2EE54BCBC033}C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe] => C:\users\bryan\desktop\games\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [{D6927868-52E2-4059-AAE0-E10A3C59CAA8}] => C:\Program Files (x86)\Steam\steamapps\common\guardians of graxia\GuardiansOfGraxia.exe
FirewallRules: [{2E602496-B0C3-4D20-B008-03DAF022C5EB}] => C:\Program Files (x86)\Steam\steamapps\common\guardians of graxia\GuardiansOfGraxia.exe
FirewallRules: [{B5EFE865-6B44-40D9-95E0-A18B07CC5C92}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{D20BD56D-1BED-4709-A8C5-1E2E1D37A414}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{F802BB65-396C-4A88-B4CB-BFFEF98ADC97}] => C:\Program Files (x86)\Steam\steamapps\common\psychonauts demo\Psychonauts.exe
FirewallRules: [{B7DDA240-63B4-4806-8904-376AAB97BF34}] => C:\Program Files (x86)\Steam\steamapps\common\psychonauts demo\Psychonauts.exe
FirewallRules: [{151E2DD4-6B4C-4CEF-AA58-17E034D2F71E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F42D31B7-369A-4DFB-B083-7F4674740D0A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E1DCA0E-C85D-45CC-9884-4BF37979548F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1DDFD0C7-9357-4597-AE8F-C59A304B0CAE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{9FE96430-F155-4931-A31F-AF41EA54514C}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [TCP Query User{599E4734-CD50-46A3-8302-05EF59547B1B}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe] => C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe
FirewallRules: [{0B4E5B3C-9A46-4151-8FDD-B3021A9ABE34}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4539A85C-B17F-46EC-81F6-95BF25E05716}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm-dedicated.exe
FirewallRules: [{15848BC7-86E8-4CB1-884E-BE1DEEFF953D}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm-dedicated.exe
FirewallRules: [{C0A8CFDB-B338-492D-9203-C4091D0D1EA9}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm.exe
FirewallRules: [{F4940868-C249-4852-8230-72E1D47BC7EB}] => C:\Users\Bryan\Desktop\Games\Humble Bundle\Steel Storm\SteelStorm\steelstorm.exe
FirewallRules: [UDP Query User{6875B0B9-3605-43F0-AC83-9B877341B4E0}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{53DA6FA3-3D5A-44E9-B025-2E8D5C5CFA2F}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C3FB04EE-B3DC-4A48-AE31-5CE92F405C8D}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{C0604AE2-3ED0-4552-9F78-8D25E7D58CD1}C:\windows\syswow64\javaw.exe] => C:\windows\syswow64\javaw.exe
FirewallRules: [{72EF7842-CF32-495F-AF2A-71C00DB07E23}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{543D9BAC-C7C6-448D-8BEB-E332F7F4F240}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{D20D28CA-2EB0-4AE8-ACE2-C6D20DE9D1FE}C:\program files (x86)\lolreplay\lolreplay.exe] => C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{C52E4426-80FC-4871-BAA5-013742B4AF9F}C:\program files (x86)\lolreplay\lolreplay.exe] => C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{8B9E0157-E3F0-4606-AA65-F788D1E1F82A}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{CF039847-DB87-46B5-9A53-A604DC7C90B7}] => C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{E9653953-C315-4712-B914-C42ABA00756C}] => LPort=8383
FirewallRules: [{ACD8D107-4348-4AEC-BFAA-3A56534E535A}] => LPort=8383
FirewallRules: [{5B81A9D6-54AB-4696-85AF-E5A784BB2927}] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F756527B-9EAF-4044-B6B3-535C3BBD72B0}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe
FirewallRules: [{0B90D9FE-1C01-4289-8E07-4C643F56680C}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe
FirewallRules: [{96BA3B5E-CA15-467F-8369-A8259D6F6AA8}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\Prince of Persia.exe
FirewallRules: [{8E88D8B6-7BFB-482B-953B-82A7BC581C3A}] => C:\Program Files (x86)\Ubisoft\Prince of Persia\Prince of Persia.exe
FirewallRules: [{1CA334E8-9353-4BB0-91BD-8F48CFD2A86A}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{39F95B8E-E46F-44C9-9A90-FC694C90CFD7}] => C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe
FirewallRules: [{3B2964A7-ADBD-4653-B0B3-68AC51DDD4FB}] => C:\Program Files (x86)\Steam\steamapps\common\darksiders\DarksidersPC.exe
FirewallRules: [{9398F45B-5441-4011-8FBB-0550526C4571}] => C:\Program Files (x86)\Steam\steamapps\common\darksiders\DarksidersPC.exe
FirewallRules: [UDP Query User{CD7170F6-8A88-48D8-B1F9-BE53DE7851BD}C:\users\bryan\downloads\championsonlinef2p.exe] => C:\users\bryan\downloads\championsonlinef2p.exe
FirewallRules: [TCP Query User{6D8CE278-BFE4-4A12-A5D5-866DBA8F00A2}C:\users\bryan\downloads\championsonlinef2p.exe] => C:\users\bryan\downloads\championsonlinef2p.exe
FirewallRules: [{0140B2EB-D980-46BD-81B3-8EE79941CAEA}] => C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{0A5618E9-77F5-4880-9917-B50E87C05082}] => C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{5C79E22C-82AE-48A0-AEE4-87BD7B11F19C}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{C375E066-EC2C-48A1-9B8C-8FE047F856CC}] => C:\Program Files (x86)\Steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{3D7993DC-1496-4878-B2DD-C8C5C6F1238D}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{34359F0E-B7A4-4962-B7FC-DF25DB2FFE1C}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{6C19D0A3-E0F6-4269-846B-7ED014CB6C2D}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [TCP Query User{CC0D6DE2-F2F9-4AC6-9959-D605B88F5457}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe
FirewallRules: [UDP Query User{51BC7F9A-8C95-4EDF-91ED-0F811122A674}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [TCP Query User{9F38B8B0-8032-4D2B-8D1D-E3D830D83904}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [UDP Query User{B74FE95C-57BA-4BD5-8106-8EB58B68B404}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [TCP Query User{94A85E3D-0DEA-4E6D-A972-058A73C971E8}C:\program files (x86)\digsby\lib\digsby-app.exe] => C:\program files (x86)\digsby\lib\digsby-app.exe
FirewallRules: [UDP Query User{F955361F-A67F-4EA6-8664-74AE43DB315E}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{B4CEBC1A-9900-4134-8656-3D0F6C05163C}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{E88B36AF-1F7E-4315-8B5F-CCF03F536F08}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [TCP Query User{4F9354B6-88C2-4889-9794-FF4A0F9C2084}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe
FirewallRules: [UDP Query User{827E3673-C2AF-407F-9D62-D7A70724FC01}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe
FirewallRules: [TCP Query User{74AB80CF-7147-4CAA-9424-6A57A44A41DA}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe
FirewallRules: [UDP Query User{0A0C2F18-2CB6-40F7-A095-988D847C9838}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe
FirewallRules: [TCP Query User{E392E762-BD09-4EC2-9C3C-1EC9762ECDCD}C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe] => C:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe
FirewallRules: [UDP Query User{FD0F35E9-85AF-4AB8-9E4C-244F0329134B}C:\users\public\games\world of warcraft\blizzard downloader.exe] => C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [TCP Query User{05D6BFB5-4C5C-4902-B745-67E43033FF64}C:\users\public\games\world of warcraft\blizzard downloader.exe] => C:\users\public\games\world of warcraft\blizzard downloader.exe
FirewallRules: [{B7DE2249-6B5F-4406-A7BB-7472821C6B25}] => C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{E293AB2A-8D18-4A0D-945D-B13488428CA1}] => C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [UDP Query User{BACFB1E7-E372-4C35-AA3F-B65895DC3E79}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [TCP Query User{A3B061EA-A8DA-425A-9474-E4E79C2EF0E4}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe
FirewallRules: [UDP Query User{E3B3D654-EEFC-43BC-AE12-77E70A08F584}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{ADEB8810-459F-4BD2-BD9D-C087943086E1}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{EE853FC0-1489-42E7-9B9D-FF94F3578FEB}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [TCP Query User{C3CFD481-B654-4B64-AE09-6432FD464B8B}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe
FirewallRules: [UDP Query User{DF5497B2-79D5-43D1-8611-9C561DF4237B}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe
FirewallRules: [TCP Query User{16E22943-C391-4884-8520-C57A99422AFE}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe
FirewallRules: [UDP Query User{94A9A63A-D082-410F-BAD1-446C7885EBE0}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [TCP Query User{EC44B5A2-3A6C-48E6-86A5-5CABF70D243B}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe
FirewallRules: [UDP Query User{90B53262-472F-41F6-BE6F-C6F5D0ABE2C7}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe
FirewallRules: [TCP Query User{E86AE798-0E65-4CC4-9DE7-9F1DFE754516}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe
FirewallRules: [UDP Query User{B67DB5B2-E7AA-49BB-A686-C1D0A284270B}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe] => C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe
FirewallRules: [TCP Query User{51A78AFF-E26B-443D-ABE1-9C3C04109B56}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9125917A-5A06-4FBC-838D-22EB39F6B303}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B5BC8789-B8BA-4D7D-8AD3-780D695D9157}] => C:\Program Files (x86)\Steam\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{AACF6567-1A60-4F52-B3C0-BF111EDCAC08}] => C:\Program Files (x86)\Steam\steamapps\common\Tales of Zestiria\Tales of Zestiria.exe
FirewallRules: [{29DA3996-E52B-40B7-90BD-28C14235EB3A}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{98D6F387-3346-4B98-A7B1-19BF9675D2A4}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{8E485EFE-3384-420F-9573-02C9C6F7EB6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1AA41C26-7197-4DFF-A7EC-AB6EFDC0E9A7}C:\users\bryan\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => C:\users\bryan\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [UDP Query User{D89BAED2-9F25-4D98-AF26-AA6F807052DA}C:\users\bryan\appdata\roaming\utorrent\updates\3.4.9_43085.exe] => C:\users\bryan\appdata\roaming\utorrent\updates\3.4.9_43085.exe
FirewallRules: [{92E5E071-15F4-4B3E-8668-26942C2C9065}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{3C4D9925-55F6-4EEC-B384-C96A11A5845A}] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

13-12-2016 17:59:23 Windows Update
21-12-2016 10:46:30 Scheduled Checkpoint
30-12-2016 08:56:12 Scheduled Checkpoint
04-01-2017 08:04:52 Removed Java 8 Update 101

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2017 11:28:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bryan-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 11:28:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bryan-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 08:04:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/04/2017 08:03:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (01/04/2017 08:02:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/04/2017 07:30:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/30/2016 08:56:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2016 08:54:48 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/28/2016 09:52:59 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/27/2016 09:07:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bryan-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/05/2017 05:53:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/05/2017 05:53:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/05/2017 05:52:01 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/04/2017 11:28:57 PM) (Source: DCOM) (EventID: 10010) (User: Bryan-PC)
Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (01/04/2017 11:28:57 PM) (Source: DCOM) (EventID: 10010) (User: Bryan-PC)
Description: The server App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca did not register with DCOM within the required timeout.

Error: (01/04/2017 01:38:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/04/2017 01:38:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/04/2017 01:38:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/04/2017 11:44:17 AM) (Source: DCOM) (EventID: 10000) (User: Bryan-PC)
Description: Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/27/2016 09:18:59 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8125.07 MB
Available physical RAM: 5675.03 MB
Total Virtual: 8637.07 MB
Available Virtual: 6359.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.63 GB) (Free:90.62 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:111.79 GB) (Free:111.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A81E88F8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: A650D531)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#10
Alright, while I look over these last logs; lets check your machine with a couple of other scanners while a make a new Fix for you. Since it has been such a long time.


Step 1: Clean up temp files and reduce startup load with CCleaner.


  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.


Step 2: ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Step 3: 9-Lab Scan.


  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

Setp 4: Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
Last edited:
#11
Once you have completed the above steps and posted the logs. It is very important that you go ahead and run a checkdisk on this machine.

Code: 
Error: (01/04/2017 01:38:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Run a check Disk On the machine.


Run chkdsk /f /r from elevated command prompt.

 
#12
The ESET scanner is running, looks like it might not be finished till after Im asleep.

And yes, I know my main drive is beginning to fail. I have a new HDD ready to install but I want to finish the virus clean before I transfer. Ill probably make a hardware post about doing that the smoothest, that and finally transferring Windows to the SSD I got several months back.
 
#16
Ok, heres the logs that you asked for.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 06.01.2017 12:08:39
Path starting: C:\Users\Bryan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Bryan
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 09.08.2016 13:01:39
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [595.6 Gb] Used: [502.4 Gb] Free: [93.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
360 Total Security v.9.0.0.1069
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.262
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR archiver
Microsoft Silverlight v.5.1.50901.0
7-Zip 9.20
VLC media player v.2.2.4
OpenOffice.org 3.4.1 v.3.41.9593 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Pidgin v.2.6.6 Warning! Download Update
Skype™ 7.30 v.7.30.105
-------------------------------- [ Java ] ---------------------------------
JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.10.7.0.21 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.72.80.56 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.23.0.0.257 Warning! Download Update
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Shockwave Player 11.6 v.11.6.8.638 Warning! Download Update
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 45.0.2 (x86 en-US) v.45.0.2 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.9.0.0.1002
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.9.0.0.1002
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.6.9.12585 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------


C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.27.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting
C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0005a4 Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Bryan\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
C:\Users\Bryan\Desktop\Old Computer Stuff\Program Files\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting
C:\Users\Bryan\Desktop\Old Computer Stuff\Program Files\uTorrent.exe.14134.tmp a variant of Win32/Bunndle potentially unsafe application cleaned by deleting
C:\Users\Bryan\Downloads\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Bryan\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\Bryan\Downloads\switchsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
C:\Users\Bryan\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application deleted
C:\Users\Bryan\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application deleted
C:\Users\Bryan\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application deleted
C:\Users\Bryan\Downloads\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy potentially unsafe application deleted
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting


9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 151.45992

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.14393.0
Bryan :: BRYAN-PC

1/6/2017 9:53:19 AM
9lab-log-2017-01-06 (09-53-19).txt

Scan type: Full
Objects scanned: 51833
Time Elapsed: 1 h 36 m

Registry Keys detected: 5
Susp.RPL.Gen.vl [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DeviceVM]
Susp.RPL.Gen.vl [HKEY_CURRENT_USER\SOFTWARE\DeviceVM]
PUP.RPL.Gen.sh [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B9604EE-B104-45C8-8551-5F63BA631E23}]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]


Files detected: 1173
[35A6C3B4FE838413993C88D9DB65C73E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\008\t\.usage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\008\t\Paths\000003.log]
[46295CAC801E5D4857D09837238A6394] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\008\t\Paths\CURRENT]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\008\t\Paths\LOCK]
[2A9C3EC81040700A7EFCE0A795CD1D6E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\008\t\Paths\LOG]
[5AF87DFD673BA2115E2FCF5CFDB727AB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\008\t\Paths\MANIFEST-000001]
[A49BDDB2E8D5D29D0250377CBFEBBEAE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\bubble.css]
[C81AD347AC89DFEDEE80F6DDAF1E5142] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\bubble.js]
[81051BCC2CF1BEDF378224B0A93E2877] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\Compat.ini]
[1E2013E4FFDF122AEDA34356C8C15E5E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\Engine.ini]
[81051BCC2CF1BEDF378224B0A93E2877] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\Game.ini]
[81051BCC2CF1BEDF378224B0A93E2877] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\GameUserSettings.ini]
[81051BCC2CF1BEDF378224B0A93E2877] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\Input.ini]
[81051BCC2CF1BEDF378224B0A93E2877] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\Lightmass.ini]
[81051BCC2CF1BEDF378224B0A93E2877] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Config\Windows\Scalability.ini]
[75BC40FF5BA4F7C4A4AC758B4A82088A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\CrashReportClient\Saved\Logs\CrashReportClient.log]
[846AC6862FFE4E143C737B666345CB5E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\hosts]
[22B69198955669EFC7833120390A1253] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\How to Have a Frugally Fabulous Wedding.pdf]
[679089D3551D4041F5B172CF1D3232C4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal]
[EA83E21B3027A59C3E15F57EF8B681CE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_stags.bluekai.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_stags.bluekai.com_0.localstorage-journal]
[D890DE0AAE544775AE6DC80E9C14CE34] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_static.olark.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_static.olark.com_0.localstorage-journal]
[DD1703360685E5C8D5494366CD77921A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_xoncisfktn-a.akamaihd.net_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\https_xoncisfktn-a.akamaihd.net_0.localstorage-journal]
[E9F4BD542E4ADD8BFCD6A7482D385A28] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_d2m2wsoho8qq12.cloudfront.net_0.localstorage-journal]
[C873EBF2951D7DA68227FD3D48D27A54] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage]
[3B854D7BC0F604FB889CB0BE8221B773] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal]
[07942633A7488596D942439BC0D83D15] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_features.en.softonic.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_features.en.softonic.com_0.localstorage-journal]
[F61FF7B29FF3393C2C4D6F40A82D1CC2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_gameofthrones.wikia.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_gameofthrones.wikia.com_0.localstorage-journal]
[068791809F59DD348CB7B6AF26CB801E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_putlocker.is_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_putlocker.is_0.localstorage-journal]
[96C6860CAC468E6F5DD38DA1D1A15952] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_putlocker9.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_putlocker9.com_0.localstorage-journal]
[DDB5F22409630F057B1E5CCDC651FCDE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_www.azlyrics.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_www.azlyrics.com_0.localstorage-journal]
[20F95DFA4C873D7F90839B73B766D82A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_www.fastweb.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_www.fastweb.com_0.localstorage-journal]
[9B1DB3D8DF206E79395B9C3E2C253452] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_www.metrolyrics.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\http_www.metrolyrics.com_0.localstorage-journal]
[9CC824FE255EE01788FED8AE69D0C2A9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\Icon.png]
[EAB14BDC52F4BBAB6987DF49E5B2AC5F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\info.png]
[37A7AF251C518F6B310B5681B786316B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\information.png]
[D086B40511EB6A167BDE87D61C721225] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\main.html]
[33CC18D8138802FD7D7A259AE439FD96] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\ok-button.png]
[B31A5514F5201CF88D32023B5712C073] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\ok-on.png]
[84F3D235A70703484E9D1ABF722247B5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\ok.png]
[115CAA21C6A8F4DAB011F034887854F5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.exe]
[8FC5BFDCB2A1BF1809645AE994C3E4BB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.dll]
[433BB68255E66E07838124A6C0959C35] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr]
[5B7150DBEC755F525F6383261BB0ED8B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.dll]
[BD72B4A15BA31F975D0EAFC53E7F1B95] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr]
[C013D2737BBD21C073A4D2D9F7C4D7FF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.dll]
[A89808D14C792C0B1A8CC21F3BDD4D43] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr]
[0306E4AEF6C2FED1104AD3FEAB5BC091] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.dll]
[684162D8DA955E8AFFBFB23D8A2760BE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr]
[9B11B756F3588A438B707BBB5A665184] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.dll]
[1DBAD79F104BAE11E5675748AC975DC7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr]
[EA92CA79D345A57054C40C5366EC2C5B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.dll]
[ACA7981792EA65B209997EEFD097427A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr]
[DC216D6B4E373268FAF350CF1206279D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.dll]
[588A422C03C2FFBD1A310A0E6EC2A973] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr]
[C4644F2A75FE3D535728FA84F2DF0952] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.dll]
[6F48905F9E08BEBB4FAB27D7491B3C10] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr]
[98F3075942C2BD8673D4F7930B27CC5C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.dll]
[590D17811BE460C6A0B4EFF89D941DC8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr]
[DA255ACEC0FBE5B0BCC7991A84F27091] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.dll]
[07688749AD87C12D834B299A552A8AA2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr]
[9412FAA62A6D3BF56FCA3B7E5D6083A8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.dll]
[056BB89E756E1DE063612804E4400865] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr]
[DA406CB989B19AAED477E85F0FC846D6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\PictureViewer.dll]
[74895B2F15F482FCA63591D205A29341] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\PictureViewer.qtr]
[4B54644329FF39349EEAD4F8DB82A707] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\pl.lproj\PictureViewerLocalized.dll]
[127BA53F5441B5804EFC2222740BD2D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\pl.lproj\PictureViewerLocalized.qtr]
[DA5E151BB0B556F0EA6A4DF6E427DF93] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\pt.lproj\PictureViewerLocalized.dll]
[5AA67B9A5E59A321F3C235CD7CC3957E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\pt.lproj\PictureViewerLocalized.qtr]
[BEB5EB52A360F7A4BB1418BD7B147386] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.dll]
[62F44FC54601F772EDAC241F7CF3253C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.qtr]
[4CE7F3519967782D4CC5C6907C21BB44] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.dll]
[CCA52701D2446D8106A73B39FEEB3BA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.qtr]
[ED410C535E36B5E6AAAAE389DA446DA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.dll]
[8A5DAAD48BCC55B4E58E7C2A6B99BE53] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr]
[A36A2F6D6F8FF8B39C34E2FA9FB0C1BC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.dll]
[45449C7C09B265D71ED6019FE8129B4C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr]
[FD955EAD63E2341A8E4CFBBF1B163540] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.dll]
[5148D52FC3B50D8DB75798B876292CC1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr]
[2F7480A40151EB2E483CF6524EDBA3F7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin.dll]
[65CE2E25E04D7C750BF8B30B2D34DCD7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin2.dll]
[629F9B5B99B80679520623655E31B5D1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin3.dll]
[CF758AC229C1F082F179B3F7D14EF78B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin4.dll]
[29F9D1A7D3D63FD2D10CE06901475888] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin5.dll]
[6E9CE4DC2EAA92855480C9281D3AFFF5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin6.dll]
[D8EBF6A12964A58C10914DA54E175538] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\npqtplugin7.dll]
[AD709F440EA446CBCF3232B6A56A6569] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\nsIQTScriptablePlugin.xpt]
[16E14FC4A60AFE2828C7E491D788A8D3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Plugins\QuickTimePlugin.class]
[5D20B86806DDA7819991BC2C375EEC51] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\annoanno.pdef]
[97105F395DA4B2A19FC29EFAD5762765] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\moovaudi.pdef]
[A2DC148647FEFA8DD75E84AE3719DA0D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\moovpres.pdef]
[2DD939B4E891EEA28FFA65030A266A65] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.qpa]
[7474FD46B358AB037E2CA3B438795CD2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr]
[4C64504A819BDF91C1F5020C4CE2A772] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr]
[7A50A50F2B938DAB6E692919560166AA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr]
[B9A4D59C0A972230BDE7E15BB21D4BA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr]
[13EBDB80DA2FAB7D2E7A8F04CA2B27F1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr]
[FC96A6A62D344351602E420EB88F5A73] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr]
[18C0A578C3F26999DD6EBAC9D900EC52] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr]
[523985AC18CCA30EBF986606DCBAEBBB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr]
[A6FD26D3D55B4D6A7A9DC2124856318B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr]
[CFE0E4198436C727A6E03BB6128F7036] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr]
[764A7E7B7422972C532050CC7D052791] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr]
[341364A2E33283F05A900CAEABE3063C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr]
[CFAB9B8197185D61E8BD3094E530E82D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj\PanelHelperBaseLocalized.qtr]
[F35C52598EA12B3A8A674A8D19D97201] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt.lproj\PanelHelperBaseLocalized.qtr]
[27C0C0106B9ED958271923795AC7A052] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\PanelHelperBaseLocalized.qtr]
[79557B361A231F5324EEF29DE7A13502] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\ru.lproj\PanelHelperBaseLocalized.qtr]
[45B4FC468A4EECDC06698C98FE7095D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr]
[7154494BCA7AFF15C36348CEB0584CC0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr]
[601CE298F9CE5F0003F52A90018A8E96] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr]
[7A54BF9F1ED68BF544E28006F97CFFF0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropertyPanels.plist]
[1DDA985E36C376E3447C02A262670F4E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.qpa]
[135525BD8EC684287D15CEB2D2FFBC04] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr]
[BE0E0CF49D9EAF93EDC55EDE3B9B8A6C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr]
[CB0CA8A1B8A481A07691E5A8EB300806] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr]
[38F97A3A1E696761379A6748AB33B633] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr]
[E5F2D253ED79D630ADE65787E75E26B2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr]
[E70BAC765DEDF92E66FCF6D65BBF1807] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr]
[8C0BE484FCF6908F658F5F81BB0DC706] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr]
[1B7B5317DD9CC1B7EB4F227751AE27C1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr]
[0A289E100F798C366D3C903DC9E967D2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr]
[1A92DBFC49D732C658A6878973A82228] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr]
[CF5C5827F101F236A7C4FC9E54A15F23] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr]
[DFE114B25250E75DF334A1A28D04ECC8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj\PropPanelHelpersLocalized.qtr]
[7D306D6ACCC955E8F5C3A53566C35855] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr]
[0BF4C4F999D1CA6670B1887D88833C15] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt.lproj\PropPanelHelpersLocalized.qtr]
[12F6B8CAE137118FE209A0F835730B97] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\PropPanelHelpersLocalized.qtr]
[3AEB8927026BC164B9DCF1E10B8CAED6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\PropPanelHelpersLocalized.qtr]
[55406B70105C6DD640A4FC25A75671A6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr]
[6570D3F5B106C251674AF949FEA8FE9A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr]
[6806C15E47195346AF4F41C8BC0857BF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr]
[1D4DE188894FE9BE200958EFE53A2A23] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\rsrcrsrc.pdef]
[70D394931C1A4BB65B4329E9A7D1A50B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakaudi.pdef]
[A181FB9E17534DB9BD9EB86FBCBDBE10] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakhint.pdef]
[6DA83CB93D7C3DB0BD5FC900CD625004] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakothr.pdef]
[03123CEF8DCFD2D3DE0A1A66E1B515C5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakstrm.pdef]
[C438D3C5F145A1AAF7121009AC7E008B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakvisl.pdef]
[31EDB4B607F708C6954D028758A998EB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTOControl.dll]
[DE77D20A123FC2CA2A35325DFFB9EDD7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTOLibrary.dll]
[4A14C0FBEA650E8BEA4F6EF51C2E1F5D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTPlugin.ocx]
[59206F34E214CEC829834F7359F81301] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\AppleProResDecoder.qtx]
[B53A9836BC1B6A735C655F1E4FA7E619] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFCharacterSetBitmaps.bitmap]
[67C18382F63C39B17328ED03F68C35E1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFUniCharPropertyDatabase.data]
[62E265CF156659E305A862EC22C641D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFUnicodeData-B.mapping]
[B10CAB969FB143F20B90AA8988495C03] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFUnicodeData-L.mapping]
[3ECDC01640BA9FE501008C752BE06040] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.qtx]
[0A02CBC532EE54F49A15081118736D3F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\CoreVideo.qtr]
[DF01BB24E18853C6ECBDB099FCA78198] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr]
[5C2079C5D15075884854B84CCA2348DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr]
[76761BB976E618C8553D131893783E63] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr]
[48789796798BB242E2A973249A5A6706] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr]
[7E69E8660EFFDDFF444691F625061BF2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr]
[12BAF5E77992CCB10587A319181116DC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr]
[BF49DDDA9393243DB10D781355DFE338] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr]
[646EE002C4D78899A37B64754202C06C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr]
[F256DE455FC30338752E4A5C4344510D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr]
[A6521BB7C4BE9195C8268B9DDA3CE114] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.qtr]
[6F9D3A3A10358DDC8346124C605A35AC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr]
[E793D90FA66F7F4059A6BA0352F724DA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pl.lproj\CoreVideoLocalized.qtr]
[31EAFF339394BCCB131EA0974D3AD04D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pt.lproj\CoreVideoLocalized.qtr]
[22A4AC430723A695A495DD8F83573AB7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pt_PT.lproj\CoreVideoLocalized.qtr]
[774443A3A42A7991E7A8B0B8F63C39C6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.qtr]
[2AB2942963FEBD632DCFEF74E77E6DDB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr]
[0F97E86B2D2516AA2FEC534CFE70A106] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr]
[BD669B1892906C78A461088ACC432935] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr]
[E610FDEB5BD10F6E625EED2B83692027] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\ExportController.exe]
[C01FD6DB383F64D7DA18DA9DDEDBB82E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\ExportControllerPS.dll]
[F942E3847931C4F215F3102BE34A4F3F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTCF.dll]
[FBF75758DCAC6AA563CBB082F4975517] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTJava.zip]
[533897963DEBA2485A41A371DD415B93] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTJavaNative.dll]
[325FE727FB23AA07E7E3ADF0BC934DC5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTJNative.dll]
[0CD9CDB0CF4EB53F5F56126902AEFFD1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTMLClient.dll]
[178B4263B1ABB62C3FC166D4F8ECE1CE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.cpl]
[068031ECB876D6B0910D0FD088B6525E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.qts]
[A68DDA4E6A2953EC4723E26544538D45] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.dll]
[1C6C04CE1A48A365E640D39110FBD63B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr]
[C04CE7F2A91177340D9E59922996681F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.dll]
[CDD2EB725DBF3DB73829E3B408896617] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr]
[16D7DA237A291670D9DB29D6C15D80AA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll]
[F1FB1856F2E54120290EF353C301DDC5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr]
[CDC457AEADE50E5F8BDFB53AC12131D1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.dll]
[B22D80EDF2F42FE6DFE87B62114E6D65] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr]
[B8A3BAC8788F303E83231B5AE92AF31D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.dll]
[4D0AD8CC1194054595A9BA9AF66402F1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr]
[0D550BA333376AFBC5D0473752230B74] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.dll]
[E89854133D7C5020FD793B4963CB8FA0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr]
[D507C9C749A7934999C3D1965BB2483F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.dll]
[6809E52CB02ECFFEDF2BEAA0D86FEE8C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr]
[81E2D5135BB502819A1A8ECDEB23FD24] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.dll]
[FC48E0D16B7ABB035C23ADB9262F1751] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr]
[857631E1D21D804F009F49732F64B017] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.dll]
[8A0CEE647F32BC0BD0F306FB439E853E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr]
[5539DC58961F1A31938C9088915FAF5E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.dll]
[AA849F910E88ADEEABBA0C46C9260F9C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.qtr]
[A31D87836729C0EAFAD608D719103F30] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.dll]
[D7149111AD2BE81897F6EEC07ACF98E1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr]
[8DFF3494AE57E2EC20195AF860D30883] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeLocalized.dll]
[450ADBAB76D30C6146897C02EEE69861] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeLocalized.qtr]
[FEA67346DE0798E73287C8EB33662A2D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt.lproj\QuickTimeLocalized.dll]
[17CE1DE0A3FF544EA2F2F49E80C4730B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt.lproj\QuickTimeLocalized.qtr]
[40878405F71D14ABB76FF5CC5B85B78E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.dll]
[5CAF24F5ADB21D425110F85C476201D3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.qtr]
[19A408B2A066BAFBBEB148C33DA27178] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll]
[179A6BA7ECFD3CF613ECBE1A23368690] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\QuickTime.qtr]
[FFED16712BC243D06F567049B8C48E24] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\QuickTime.qtxs]
[B9409B1775CB75BB41B7751453CDF675] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.dll]
[E614AF638AD7A689B2094DF77495CED9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.qtr]
[1981387C35EB2725D0270EF0AD5E9AF9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.dll]
[D35C68020B686A5994934A26B2CD5514] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr]
[C2FD1E92A242947DBD9C0859C4B9E097] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.dll]
[FF7608C0F011CEC99FE5AF7CAF354C3A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr]
[379D80F195C9B93AB63900FA18D0B3D0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.dll]
[D39DF50244C15E513E6E97CAB3DF0E9E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr]
[B52B199C1BA9489D35B96B2D51A3D22C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.qtx]
[730175FEB550BB1BB7118E5BD23CDDF2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr]
[00E3B1ECAABB290447C571A3930847C4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr]
[B329695F00E2B77DAA18787A3ADCB793] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr]
[6B525F6BC10A265566D3FD36807B207B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr]
[877B429411DCAEED054B0AAB2586FDDA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr]
[B8F566029BF404372A36A28346CC5D53] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr]
[FD332AD548EF4F6104F883ADDBE21356] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr]
[BBEDC3B8037C39F627E0DD921A8EF27A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr]
[6E64AF710FFC49FF561CFB23FC553EBE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr]
[4D7A4C00131F99382E148E4C2A6BA104] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr]
[56DC240E47F072B7B1BF9616DCD940A3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr]
[907B928B6516F2FB34A58172860F82A7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr]
[A51B4430BE23F6ADF02C47781C14BE36] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\pt.lproj\QuickTime3GPPLocalized.qtr]
[7E3796CB331E60FDE916E970C82907E3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj\QuickTime3GPPLocalized.qtr]
[29509D46C78EF0752E6FB63F270802E4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr]
[505401613F9DCC44F18C4B10ADF9C962] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr]
[C92C5290A3962DD5C93B05E06F9FFD36] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr]
[D6436C881C9E54F9419C97C6F5E0823F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr]
[E01FC63A68BCF201FD16944C9D4E7D0F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr]
[5FAAFEF7AFB42BD4EFACD1759EBBC2D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx]
[C00036481652FBD1FC27DBEFF05ABE5F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[74EF91C003E3D627E41C28CC502B14C8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[6BC956E273C002E01676085958D7F26B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[6B627DA9F82A8C7F6B5B0B09447FB965] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[065E9B5E27D4C88830052CC1E69FD843] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[58126B6AF5AC59FFC17120700AFD0BEA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[A61F0B020AE3AD00EBB9CA0660314C0F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[A5F737C3B38043E2609E01A1363DA17A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[A5C496E06FC0203097BB1231A2B37B2F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[5F28FB2D2240BFDC1D5F4BB01B02DC14] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[CB75F3EF82CC227022E0951E2F90103F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[D50A2BD06011DF2B6978216DEDAC3CD3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pl.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[26B4A3E933F84C1C5388BF2A0BF2516B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[378319F002373FC929BDCD2EF2677E31] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[84BF7A0303FF9F34CC5F83FE5A9746EC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr]
[6B1825479F263D38E82A0330160D6527] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[516CCA4BCD06BE42FA29ACB19CF099B0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[C63DE597B7C40BCBC193FED51DA24967] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[48B4C7108BD1839E892F5C79F82741C8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[E4E17FEEE982813BE19547CB36D6DBC9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.qtx]
[C6EF34CEF8C405A1C065BCB7E8D7C7E5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.dll]
[AF9F8E1B2D16A459C491511B88F4A49D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.qtr]
[0AE63E53BA93B37267B093F562BFF4AE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.dll]
[3A8BD41A95BFF7D479B15BA1547CDCA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.qtr]
[CA7F6FBE40043E10D7471FD443CF558D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll]
[C2628486D224A945AC133E8250CA6D36] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr]
[4BD75045980D6C975BF71848FE3ECA06] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.dll]
[260FEAAF542EBD84BB1DFFA0BC4A4529] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.qtr]
[B85E3DD5CBB72B15660235A9C78458A0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.dll]
[2D3A8D444A5A221D1184B6F01D4BB111] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.qtr]
[B79495A41AA90CD9DB1154F80A7E0893] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.dll]
[EFA04C547FBF85141CD2748CFFBCBDD4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.qtr]
[E07ED0974F810073B50D9AF929D4F4B7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.dll]
[95EDE6541F867C99F030DEC76EE86B8E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.qtr]
[05EE568F522ADF95C3972B95D0F8E5C8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.dll]
[9A7007265B5B93791508A86E1A01EF03] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.qtr]
[4CCBC454263F8328BAE03EC7BDD5856B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.dll]
[8B52C601EDA9A921581B456A78633492] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.qtr]
[6B842EE7DD3E3E84AF2671A5C89FA927] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.dll]
[0F60E3A00D3D7CD4A7B54AC1C3ABDDAE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.qtr]
[3C296519472D34391218C20850E82CB7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.dll]
[449485A15E6EC47DAAA1A824C3D8E529] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.qtr]
[DF9A0666C1ADB67768D27471F4E93697] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj\QuickTimeAudioSupportLocalized.dll]
[2F23640A5389DB7962F4456FBFA28E2B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj\QuickTimeAudioSupportLocalized.qtr]
[869660B6250EE9A0F3E786F7C42C8B80] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt.lproj\QuickTimeAudioSupportLocalized.dll]
[917EA605504B5E1F3DAF6788BAB74C1D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt.lproj\QuickTimeAudioSupportLocalized.qtr]
[9063E8C067572AD9B61AADF3683DFDAC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeAudioSupportLocalized.dll]
[54F532A75898C2AD77B503A8316209DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeAudioSupportLocalized.qtr]
[E8C5C254EDEC55B382DF193917B9AAC9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr]
[FB768526B985B009763B50FFEC74D252] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj\QuickTimeAudioSupportLocalized.dll]
[1551CD794E5988AC92F966CD766501AB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj\QuickTimeAudioSupportLocalized.qtr]
[3A6A525B88A7264289EFA6CFD19406D9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.dll]
[B55E0EA751811EE4EC045450CC059CD6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.qtr]
[45263386B954FC7308489212830A6BB5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.dll]
[73DEA9827CA1FA7C9EA1AF9AB8ECFA5B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr]
[2E96422BE87BDC391512FDCFC21FE021] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.dll]
[78A5A448539AEFE70533EACE6CCA519F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr]
[F88D7D766D9AD0DE73407B7052B0BBBD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.qtx]
[2588CB5EA50FCFA62C8968CEACB4D149] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.dll]
[76B7EA6333C7FB72527F669FD61C24BA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr]
[F60D62A7C0D56F9F4A9B7431C9AA63B4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.dll]
[6D54682AF53C957A4EAE817659EF8321] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr]
[BFECBCAC6B4E14BE3E87E91F652025DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll]
[3069E8B9E49A79C80106CDB3932B3DDE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr]
[14243CCE0396C69851F7507C93E6D9AA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.dll]
[B15895CD4CA727439CAAE1FCC3C1F409] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr]
[11CF8E748DE7F4E783FFAC7D9205146A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.dll]
[1216F7486DBCEBC1986A327E25B09DFE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr]
[2C7DE35E2DE1DE03DECB400310343839] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.dll]
[1B4368195CB278B7D252C16A274445A4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr]
[9CEC144E12A7C748B199AECE8AC92232] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.dll]
[3D4171A81B0C9283A4BF17775E095EA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr]
[3E01A3B74188B42B352D8B0BAB0EE5F1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.dll]
[03BCFD071AABE8188C3412DEEF3BFAB5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr]
[763BF13AA141A1B245AC28B40B1C3C69] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.dll]
[145827BE470C660A45BA1E30DA83A18B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr]
[43B8CB5B996415FC8DC3941E9EB6FFB8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.dll]
[4ECA7A94BA63EB30842879482398EB06] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.qtr]
[89C27DECAF158DAAC80BF38452A7CFD1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.dll]
[37F5792F6A702F82BD7D3E7A3FF0B43C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr]
[F8CA89DD06894C9D583AB968D4BB1FEA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeAuthoringLocalized.dll]
[90B8ADC3A4CC0845DBC8A72F327BD33C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeAuthoringLocalized.qtr]
[963C7929F7729CFC9F3549095A13005F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt.lproj\QuickTimeAuthoringLocalized.dll]
[FC76FDD2D2846763096FEA796D8FBBD5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt.lproj\QuickTimeAuthoringLocalized.qtr]
[685DCB99154EBA7AB493ED6BF255240C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.dll]
[8ED6AC4A0AFAF0AA83F83E91AEA8B63A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.qtr]
[EE2F7794C087EAC73204BBA78AF74AF3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr]
[6306C358F3813782AB22F3EF236A30A0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.dll]
[CC65B15BF063E7E9DC70A34316C90D21] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.qtr]
[3FD4F53CFA9AFCEDF85D245ACEE6CEA6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.dll]
[C35D3EE7D17A269C31F0C953BC7EBC63] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr]
[D1F51B555E631F58DE45221DA2579D9C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.dll]
[AF119DAAB73E22556CBA4C030B113175] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr]
[817184E39120CD131FF1F11D91322CE1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.dll]
[80C19B5864F6AEBBB93ABD21D29AA13E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr]
[56620DDFF8B1277CE12F198637B2AF93] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.qtx]
[C2E0484EF41DA35F90E2C416554B06EB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr]
[287E9EA284B25FCFB2409EE256B857BF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr]
[5C35DAF3B2B79F07FB788806A9B68AEE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr]
[844F14FB788B3F9C33B64F7C5809FD98] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr]
[1DB16987B2C99A7B338EF1DCEDC3A28E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr]
[316429379C4C0FDEFFD9BFFA96880703] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr]
[567F91C82A0086738F04AA8D23A069E0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr]
[75DF27B487C2B3B9F5D32A7D4CA7BF30] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr]
[1A92E1C9136A9867779F8EA69A2A7C8D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr]
[94AC5F2040263A9AFC372D74EEF3A62E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr]
[957AC06C718D8F9062017C04B65332A3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr]
[F97E492174A1E0EEAF9BDC3A5BD3E793] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\pl.lproj\QuickTimeCaptureLocalized.qtr]
[2D8793CB09E6EFD82DCC36C26BF9A766] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\pt.lproj\QuickTimeCaptureLocalized.qtr]
[13B78AF6F89094164256E40F88380855] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj\QuickTimeCaptureLocalized.qtr]
[A9F00DD00B4FE1909BEEEC267A086083] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr]
[5C2D1472F1B1D88CCB967B55142BD604] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeCaptureLocalized.qtr]
[9A9D9810E77817A0F52904E39387E964] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr]
[639E84FCEB30D4A97F6C59791EA7A3A8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr]
[BD61C1BAD6BE56659E46596213DEC729] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr]
[9E23CC4C79925BF9F03EA04BC93EA362] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCheck.ocx]
[82FE1FF2FC6675AE8A307709595679F0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.qtx]
[7352A4302E912F57DCB1BC4970DED046] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr]
[FF63CBBC4780191ADF3743706A44A2A7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr]
[4691D201F634FC2B84D56A28FEE1D6D6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr]
[4E515FECB76F7EC50A862E81634CE0DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr]
[75E68F73D9ACC4EE5E2411110192647A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr]
[A5E3828831B1F857A4F0CE611F8F8B2B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr]
[1672656153D4882D9E265314BEA2223A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr]
[6D57CEF9EF221F00F2D2599F5E9A78CD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr]
[4A1C74922416279179F0C1BC272036B6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr]
[43135704F822EA08B69463691B12023D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeEffectsLocalized.qtr]
[7A896E0DC567E144DBBFCB9FDE286919] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr]
[D623D67ECAE5B48432A44735EFEA3B3B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\pl.lproj\QuickTimeEffectsLocalized.qtr]
[2D8E71B86442062725F7A84218D2ED3C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\pt.lproj\QuickTimeEffectsLocalized.qtr]
[27718C43BCE40899F0AAD768851AF924] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj\QuickTimeEffectsLocalized.qtr]
[C3C7E5134636EB75A131C6E52A03557B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr]
[47E936DD69BA60271479F1BA56E12564] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeEffectsLocalized.qtr]
[D3E38DA29909582E5B21F405A5536CF6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr]
[6E85AB984A31BC84BCBBEC3AEB0574BC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr]
[B9A619A0711CA8DD192E9297D92259EA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr]
[82B5C24861BC388CFECDBD9485C317F9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.qtx]
[B0FB6A4B872A067278F2FC61087E3B94] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr]
[407A47B3A42DB3EB65BC95A23BED210E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr]
[E03ABD6A68038CBDC712A867B92F1D34] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr]
[6526CDE88D2E8746500ACE319C86DA6F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr]
[6831003836FB97D9E920BCFB24E2F526] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr]
[656D122D2037154EFF3E5C8A442056CC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr]
[BEC62558BB72431311DB70B7D95CA7F7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr]
[758EA1A4727F408854D04330136EC70B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr]
[FA22FBD74810DD5F6DEA27859233ACDD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr]
[5237E7DCEFF09D887DD69C5F54E8F01A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr]
[0BBBE445B961458100D65C7B4BB7BBD8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr]
[8093AFEC4E7DAD62CFBFB5D6B53E3878] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\pl.lproj\QuickTimeEssentialsLocalized.qtr]
[77F5C1330ACE303C79E0727BCA30255E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt.lproj\QuickTimeEssentialsLocalized.qtr]
[86BAEFEDC2E91D11F0E82B2B90CDE664] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeEssentialsLocalized.qtr]
[AD9AE115FAA293DF3393EF621783FA81] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr]
[3E21A6E3E599AAB3A26414C93446429F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeEssentialsLocalized.qtr]
[BBC02931E5FCA66356E337B6BAB4251F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr]
[3555BD9D231560F71560AA87722A737F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr]
[012DED8B36EE7470CEC8F31F8D09FA19] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr]
[8283FBFF9B415F707D2F75CA893B7C8C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.qtx]
[3D0BBD7D5EBE834D4305CBA2E37E13FC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr]
[74EC01FC73175D07FC4D7F0ABB6278F7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr]
[09E16164325235621C79B20836570AF7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr]
[09AB4902FDDD1A1809505F6A5B509669] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr]
[AF15F4545A7ED91908DCAB6264292C0D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr]
[EF6CCE46F4843547726A9FB14FBE3E3F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr]
[33195DC396B688288ED59713B550C661] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr]
[C7E3C12E86E53B55AE7759B585FBC22B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr]
[6B00D75EE95C6C7B152D01A13EC950E8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr]
[FE4C5C87E2EE4EAE52A0589398B7BEF7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeH264Localized.qtr]
[EE6D31B172D56747798FB9B28869A2C2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr]
[6174576C71230883F12778977916DC4D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\pl.lproj\QuickTimeH264Localized.qtr]
[CEAEDA846976B4CBCE3657559C5FA316] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\pt.lproj\QuickTimeH264Localized.qtr]
[EB560FF22FF0A639BEDA4A80648887CD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\pt_PT.lproj\QuickTimeH264Localized.qtr]
[A814273985FB022869318666073E4C4A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr]
[9C4DEE91735EFD4693E488E2849FBC61] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\ru.lproj\QuickTimeH264Localized.qtr]
[0782B5BD282C09E6F956E8607006D488] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr]
[961805B3BD0DE6B2F2335CBB0B8C92FD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr]
[A57D741945FA2D4200B90856FAC6CCE6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr]
[DE1E47D7616BC8CD015078969891ECAE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.qtx]
[0A82A07C65D0AB003842375C18283F1A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr]
[895818163E9E54CAAD12B06DB94EDD74] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr]
[0C7D45C53F1424AE13B0B5F4AB9D5827] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeImageLocalized.qtr]
[12A601DCC8E2803FEB846CDC35AFFC94] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr]
[90E5D9789A68EF553D113F8A18C8F660] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocalized.qtr]
[C1A17B2BD6516DDF8F9EE442B45D6F11] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr]
[40A28AF4053389449555F3D174105F9A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr]
[E54414F0D552FD2CAAB64C6EBC970DC0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr]
[474C1C8FB05A10E44C2BF8010BC2A8CF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeImageLocalized.qtr]
[25D73B326024F538914494539B74E05C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeImageLocalized.qtr]
[DB0C39C04144659E168B8E6CA851B409] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeImageLocalized.qtr]
[DA1EE535A2417FCD619043A03C0DC016] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\pl.lproj\QuickTimeImageLocalized.qtr]
[F2358D59A44126F4A96DA271C7D76B60] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\pt.lproj\QuickTimeImageLocalized.qtr]
[11466358D0B27B84750D7C6FF26FE275] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr]
[51BABD49A42D1B863543B5C6B81C4A0C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr]
[0CCE3B1D0018E8A9E60989AF36399950] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\ru.lproj\QuickTimeImageLocalized.qtr]
[F24F4FFFD3D073EB4D4258FA6B3BA556] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeImageLocalized.qtr]
[1D7E3D81241D111B2445A4ABB41501DE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr]
[8B2B84F7DD9A29910386C38C440AD184] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr]
[C1872B4311202BCC6B8F912E1A35894B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.qtx]
[F69BD3F8C1CD077842256B225F772A83] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeInternetExtrasLocalized.qtr]
[433D9AD570756691B3355F6027DA07A1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeInternetExtrasLocalized.qtr]
[48EADF1CEB280F057A3E3D62E6E6C823] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr]
[B869C4406F5C22D1CA10FC450A8FEAC7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr]
[A9A666F68DA6D3CDEB6AE3125D154863] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeInternetExtrasLocalized.qtr]
[5C4F283EFB26E3071BFAD872E12DB57B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr]
[7B08627A0C6D7CC4F8C044A5E4079CCD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr]
[964F8F5D8C372D964A3CDF5CB22011D7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr]
[7512E43ED9F09ACF26F6FA92791A8E9E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr]
[C962D9E9C4F31E598C483CCC025478CC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj\QuickTimeInternetExtrasLocalized.qtr]
[7CFF179EA8C78A0F493FD0F14D43EA56] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeInternetExtrasLocalized.qtr]
[8913B903EF36B2C12E6F69965DD7DE28] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj\QuickTimeInternetExtrasLocalized.qtr]
[3713407D61D1529364A1CA7F3F26AAAF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt.lproj\QuickTimeInternetExtrasLocalized.qtr]
[9F9BF44702736A196C8784DF0CBF7119] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj\QuickTimeInternetExtrasLocalized.qtr]
[E1C3031DAB466BBBE6A6F56FCE0BC159] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr]
[33F0453C64BB266CF7E3B876A87063C4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj\QuickTimeInternetExtrasLocalized.qtr]
[BE51A5D55C97D881EA547B56CBE59A6A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr]
[264228B105E9496E629520A16C4EBC9B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr]
[7515FBB7BBF08F025503F41F2C719125] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr]
[FB59839B786101796AEC944212EABB25] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeJavaExtras.qtx]
[E15F2930FEE9DF369B8E63DF9D778EE1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.qtx]
[7D2BAF4ECCBA21CD5282DCE8CB7992C5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeMPEGLocalized.qtr]
[5ED874E8D1BB9484390EF1CA573BD178] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeMPEGLocalized.qtr]
[A983EE296AD97F5EE8AB1166A52C5A9D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeMPEGLocalized.qtr]
[CACE0F8C854D56FD65B32748DFAA6F05] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr]
[2AC13CB1E220E4F72D43F3DF45D8271E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeMPEGLocalized.qtr]
[3E6ACE790E97DB77CB350DD2EAF6A70F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeMPEGLocalized.qtr]
[AC5254B497972603996BABBBFF486C8C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeMPEGLocalized.qtr]
[CA61B80A40FA11818EEBB624B7B7427A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr]
[FE55E860DF1FE6F941A25F73C87107AC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeMPEGLocalized.qtr]
[FD0E71787C02939F2D3498DD7B414B67] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\nb.lproj\QuickTimeMPEGLocalized.qtr]
[F649004E77F16A324DBA7D36C995ED09] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeMPEGLocalized.qtr]
[49A9D75240BA21747305D5F4CE8CA3B1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\pl.lproj\QuickTimeMPEGLocalized.qtr]
[8E1B2988BCE89D2CCE430123440D2888] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt.lproj\QuickTimeMPEGLocalized.qtr]
[3302AC52615C42EEA7D5FAB158FE65D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj\QuickTimeMPEGLocalized.qtr]
[1AB0879FD28C5BE6CD0D8415C20512F9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr]
[E0A059004969EC367C6BD1D7650F2027] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\ru.lproj\QuickTimeMPEGLocalized.qtr]
[802FDA53EB5D0AB8E4B3A1E6DC47E717] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeMPEGLocalized.qtr]
[71056CE2C1FBEE7C45893632D7313382] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr]
[B036A3B9924171541280DF11FA9DE6C2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr]
[2DE11124B1BF0DDA3E6A186998191788] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.qtx]
[5F40CDD7C33EB40A78829753FEEB6117] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeMPEG4Localized.qtr]
[1BFFDF0BBDCEB6B4D5683C7351AE814B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeMPEG4Localized.qtr]
[203046A5B43CE9E4BF36426B09F020F3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr]
[4BA74A6A9F5C7A631DFE9725CAF2C458] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeMPEG4Localized.qtr]
[D1887141C94088A26834A145C635404A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeMPEG4Localized.qtr]
[AE84FF33C830F5B8C709FB6CAF3B3B79] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeMPEG4Localized.qtr]
[C75BA7D9B8BFE4461C9992C836F246D9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr]
[A6446EAA2AA03AAEE61A29F8EA41ADD7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr]
[2B7D9C7853CBF18B1D5A5383883C8900] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeMPEG4Localized.qtr]
[F8C80E7F8A901A9CD73E2AAA8422F98E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nb.lproj\QuickTimeMPEG4Localized.qtr]
[907DF152C3CFDD6FEFCBAD1048955C77] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeMPEG4Localized.qtr]
[6847760AEF867C2FCFDB1980D597264C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pl.lproj\QuickTimeMPEG4Localized.qtr]
[29334CEB90A16C5940B7DDBD533BA851] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt.lproj\QuickTimeMPEG4Localized.qtr]
[10549FA187E2C8AE7C56646DD45B5B14] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj\QuickTimeMPEG4Localized.qtr]
[3AAD467BCAB95D13FCB1A5CB69034CF0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr]
[C0B005BEC37B11D4F83115DDB0440D17] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ru.lproj\QuickTimeMPEG4Localized.qtr]
[B63621ED79247C5B5C3ED0C1868462D3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr]
[5337FF5F67A06A3B50D4A9E03B3ADF51] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr]
[10A901D91F0C090A996C51C1926DF47E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr]
[69853B6DE4D7F67BA3243DAB49F141DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx]
[C5728777388A3A8430B6BB215FDFB7E8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[6623D6BEEC857F0FD4FAF9F0BAF052E1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[15AFE03531A953A08B6416120BF28A89] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[D089EC0CD9ED99064A2C1AB1CF4D940C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[43308E79187A59CC48599BF929CAEE9E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[23B358BD3043FF35226C430664888B92] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[8A3ECAD6EE2AED1C050FC71955A5B3D0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[584A5EF20CE3C7588706960DA2DC8A4E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[CA0C37023BC9368435E94D973AA0E248] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[620C77787D057A02B693F652F2BB792B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[115D48BD89E770F67F35C5AC62324DA9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[278A1F0025A6B3E982ABD2F44994A99B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[486F45F33C70D4BE530C414CBABFDA45] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[47EA8A8893DB00924DA645ADAFB83436] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[AE7D2F9CEA8684081D4D5D4BD1DC8379] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr]
[C990EB50C4A760E06EC19B900555F302] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[BCCAD3D8D2B3B4E8E84E8CD8558D3942] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[70FFA8A91CD63175AF6D77F85D66CD35] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[1EC28BDE2528B51D36DFEF1D5C7F7D09] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[14D017562E8F6B945157471FD64CCD9B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.qtx]
[C29D54590C0BEC5D1002302F9508EC09] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr]
[B2C24C261EE8DCD660F51AB5C6F0B9A6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeMusicLocalized.qtr]
[41016963FA2B21799A32C918CDDA091A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr]
[F606890BBC1891CFFD92EA0D43C550AB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeMusicLocalized.qtr]
[CF7ABD37B3D290F1A40B5CFE3AF56244] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeMusicLocalized.qtr]
[EFD46A1DB45FAED0C6BF70E46620B158] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeMusicLocalized.qtr]
[BE8FE2C17133C0D4088C1248B643D8D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeMusicLocalized.qtr]
[D5405EF9FD7474BAC797637D92ECE3AA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr]
[7CBFD53893C9F692697F87E63BF2E1E7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr]
[C1C384CFD5B3AB76170268C177F6AA2D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\nb.lproj\QuickTimeMusicLocalized.qtr]
[E61C4FFDF2165F1080C9A1F6C23BEA5E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeMusicLocalized.qtr]
[FDA25F88F4CC9E0BF55E67974BC44A31] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\pl.lproj\QuickTimeMusicLocalized.qtr]
[07DA2BC44E0D7393872548E452DB5093] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\pt.lproj\QuickTimeMusicLocalized.qtr]
[0D983379D4561D007A8E3C499F7A1F02] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj\QuickTimeMusicLocalized.qtr]
[539DFA5C709F93706AFE56814DFB82E6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr]
[600746B466E91CD366542006E4A9C0D6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\ru.lproj\QuickTimeMusicLocalized.qtr]
[10735E337715C6384C3E4AF49E281A1C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr]
[9B330E8DB6C7CB99BD20039BD05FEC7C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr]
[BF4D5852DF024FF4FC796CC0EEE60852] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr]
[BF7AFAEC505BC872F6A0DE131ECEFFEB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusicalInstruments.qtx]
[7156D93D8A38DCCD9CCA090BD7DF931D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.qtx]
[BBF248521BE2480F3E2B0E980B777DEE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.dll]
[CB4603E6769391C831FB35C4AD874B7C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr]
[FF7935A5A326301D61B279EDF9151BDA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.dll]
[5AA2C1627960963885B1E4B5937D096C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.qtr]
[78DA84B813C8C2A2006EE21102932319] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll]
[EC0FA8D0ECF569C9304D1FF1616A4982] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr]
[59C31A1AC25C1F3E0B8DCEFBC2748644] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.dll]
[86C6EF94C670A9CDE12EA33C3047E54B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr]
[350B4865AC6BA6FD2968BD8B1252B691] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.dll]
[270834836979CD3A5CB5AD4BAE9CAB2D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.qtr]
[F98A759017DBCE7710E52924BE3DE4DC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.dll]
[131F2E9CFD7900A98BA981BEFA39538E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr]
[30DC971929D170CC5AC333EEAE47631C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.dll]
[8E07F464054CE2FA611B159D8941DBF4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr]
[830BC1B91E1ABBDBD39EF4D7BFD65F14] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.dll]
[3536BB993FD0A6093348E83C84F27CA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr]
[E1696771EAF417A92601AFEE7DFA3046] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.dll]
[2D0D4C1A8C46C65266B3D27B27D0832B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.qtr]
[3057D0E8A16DDE8E2AAE3443FD9F6F1D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.dll]
[833E71ABAEACF980D07EE51999DD380B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.qtr]
[05F3599A75A200398AB1C8689FA749EA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.dll]
[A55961EABE3F0C86DD14175A91700CA8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.qtr]
[6D8C0ADAE2C0B1FC213A60026A596073] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pl.lproj\QuickTimeStreamingLocalized.dll]
[B6998B104589CFB399F5E353E4F3BB91] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pl.lproj\QuickTimeStreamingLocalized.qtr]
[4763AA3EB5AF2756A0099C6B0DCDA419] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt.lproj\QuickTimeStreamingLocalized.dll]
[2B5B8BA3953BC7E347B4756F967B768B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt.lproj\QuickTimeStreamingLocalized.qtr]
[C64635C10CAEC809A649FC5C0D057D93] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.dll]
[4144A4A6AC568214BA62BBBCAF61B906] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.qtr]
[643CED6BACEAD1395E4C1A152BD99857] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr]
[8E0E42C08EDB1F8C43720B038250EEA9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ru.lproj\QuickTimeStreamingLocalized.dll]
[E5ABF73B95E8911D295103C135675202] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ru.lproj\QuickTimeStreamingLocalized.qtr]
[413E9CF188F6AB5917850FB6E38DFCB1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.dll]
[0857007D73E99751A1F0B586D926927A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.qtr]
[DEDF7EDC2E47A6D044FC6A77A3C223CE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.dll]
[CE7AC5C17F6CC7F48D93993A4631A43E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr]
[D6A917D8525D9457C70B311EF5438683] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.dll]
[6FE6E0CFDECDEBF8B26DC2BAD2027CD7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr]
[C87F4930CE27C044416428C463EBD90A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx]
[9E3D946BBB6F0B4EB28D81C45D9E712A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[94275F31CA6F3B1C418AD53892336933] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[66C8CE6B8F76C6376CD94396AD68BFEA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[A47D49C261C132D760145F324D57CB66] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[C0E894B8ECBCAA97511A99743CA79F65] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[E6C157ED9ECCF66884132A14EACC7B70] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[F7702E3F326411E840F0E38D30B1D724] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[927DB3B1FC05255FB1E3F944B7803868] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[390D0A454927971F27E7C81914B96611] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[678ECEFFAEFE8412993F94A7C0EB8CBB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[0928DA9896C43DF49A889F009EBB814A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[A44AF1CCD99C9DAC17D6E045CAC8CF83] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pl.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[379E935993F2A219299D2800C9440EB4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[9C8DB11A655E7DF12D65187AE6511F66] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[2187B5C808E8024CF4692655924D734B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr]
[DA755FC6F2BF573AD3F4B03FBC7B86F0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[78CC46A3D785110B129F2A897A3AB65F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[CE07655EB1956CA921A898E3F6699C35] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[16CBCF7D077BACCF71CEC4FBA7987F5B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[E2987ADD4FD8CD66A1C21D46770C4B3E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx]
[851A8C6CD89F8F0B73ADD7BC5A6A61A3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[991A4650DA10B3390D47235F3E4E43BD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[12D146FD7D7B8CBF0A5C54ECC66DDC4D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[E5691CAFACDDBF5F2E51871111079875] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[6E93FB60CE92ED63DFF79154913D2DD4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[2B36CBD59C63B49623748A2DCE5E8E73] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[3C279E23B68EF3699BFCDAEA5DBE2328] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[185CED41DB8181779CCA028A17B0047D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[DABA28DAEFF8A1AB8E0D63710872DB92] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[D91D617FC458F31366599C30E284C2BC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[3865095BFABB78FB6A97734C576D369F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[A00DFBC3BB2B271F1E4F353AC0E0D878] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pl.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[46388F2134E92754008C153AB871998A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[ECFCB166DABB914C58CC445757B1D3C8] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[A1CA9A5D8FD558207C8D8A3CD306BB6A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr]
[4C5E2C66923DBB253474FC43BA355DC9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ru.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[08BCC97FE2685B219971EEBAA63E49E9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[945FB17858D05CDB32D7946F8A8D60BC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[1F5E7F773E1C8A8FCB1B320E262DE509] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[8964148056B3848AA2CB587E9D137890] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeUpdateHelper.exe]
[E33106D7FFB0CBE106EED817E9F0AC42] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.qtx]
[F8D47B7B467F61521090E7162716828B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeVRLocalized.qtr]
[71DE34A66A4F9537AAA7EE1D9DF3767D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeVRLocalized.qtr]
[3057C2C33FBB3E0E1483A549891E0FD0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr]
[61A03659A91DC42AC5CF6350457E0918] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeVRLocalized.qtr]
[244ED83F3DDFE5EA384F2F9E7919C3C9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeVRLocalized.qtr]
[D1B0A1ABD8E67CFB05F6CDD9648AD949] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeVRLocalized.qtr]
[B98AFECB835E95B956581D857D3E107C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeVRLocalized.qtr]
[81947816BE3CF213466E8CD718D371B3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeVRLocalized.qtr]
[1FC71F3EB124A32B6A07C7A93CD0C657] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeVRLocalized.qtr]
[D5ED7C383537819934C9FD8964B7C218] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\nb.lproj\QuickTimeVRLocalized.qtr]
[59908E51E14EF062C7362F3D50A3C775] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeVRLocalized.qtr]
[05FA2E310DDDD9CC72A86300C023FCE1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\pl.lproj\QuickTimeVRLocalized.qtr]
[B55E011DB90751B48D7B7B8E89DD767D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\pt.lproj\QuickTimeVRLocalized.qtr]
[647E8FDB3722E93496D3AB81D40CC733] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\pt_PT.lproj\QuickTimeVRLocalized.qtr]
[B38B033841955E72ED2555542C8A9195] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr]
[4D7DA7617B67DF3F8EF18DB93D981754] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\ru.lproj\QuickTimeVRLocalized.qtr]
[77979B384E06EFC74E272119683EB9BD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeVRLocalized.qtr]
[DDFF990F6A2952860657367F1D707F45] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr]
[4B154264D1BF4649F644845B678FEBEF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr]
[93D949127C6FD3FA85B5F7F3F45FBC90] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.qtx]
[9C3A04949BD45F24387BD50C970D6E3F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeVRAuthoringLocalized.qtr]
[CEB4964B370C1219733200C478862DA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeVRAuthoringLocalized.qtr]
[37B19B3F7CBB7A534B5E5B5240B40BCD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeVRAuthoringLocalized.qtr]
[218BF1FEE069E8EAA31B04490E69CE11] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeVRAuthoringLocalized.qtr]
[BD5609682E6E8BFD29508B6D7E88F84E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeVRAuthoringLocalized.qtr]
[548A46A3143322220A81FD53883E19A2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeVRAuthoringLocalized.qtr]
[F4FAE04B37DB0682093DB4F6090E44DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeVRAuthoringLocalized.qtr]
[D283B26FE36500061DB2032886AF69E7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeVRAuthoringLocalized.qtr]
[6FBE4C85C63422DF0CC94A0EA9B01CD1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeVRAuthoringLocalized.qtr]
[FBB41AB5AF9ADE3446D21848C1557A8A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj\QuickTimeVRAuthoringLocalized.qtr]
[0998B12C716B331ED587D854ADFAB3DD] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeVRAuthoringLocalized.qtr]
[6B233F3FE442D4086851DC6882D5C3D5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pl.lproj\QuickTimeVRAuthoringLocalized.qtr]
[E8342D763679B5D4652504A0DE6EE226] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt.lproj\QuickTimeVRAuthoringLocalized.qtr]
[4E2C9EA4362FCC484E964FD911EB38F3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj\QuickTimeVRAuthoringLocalized.qtr]
[3B768AF534A197B8803AEEA75CB76516] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr]
[2E2BDFAB93CBAD494DCDC991CE0F8AB3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ru.lproj\QuickTimeVRAuthoringLocalized.qtr]
[A6804B8F3B067453A381CE218FF0DF0C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeVRAuthoringLocalized.qtr]
[CE2709F7463A06410411F92F1A942EDA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr]
[E6B31F2BED174A4277892B7999D94AD6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr]
[013F3F8408B85B9DE54CCCE8B4A10402] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.qtx]
[C86648329F9606840DD3304CB9B8AAA5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.dll]
[9325FD23D0E9595DE1844F95834B7842] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.qtr]
[254431476F0469B07BBA49E4CE416CA7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.dll]
[7E6FD60FD7E154F05B852DE320CC9ACC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.qtr]
[98F95D6476AEFC08D50661F5613F7679] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.dll]
[2F34A616E576FB76B7D3592E82F51AD9] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.qtr]
[0B7AFA64EBCE4676E77F08C049485729] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.dll]
[F73D2B74ADEFC945B9179291EB451D68] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.qtr]
[C9EDDCC511EF2771906BF2F0D264B69A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.dll]
[D4CEBC2D263936D079F6CF790F6D4D53] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.qtr]
[F53116E8D1A404C53A7930D161903BB5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.dll]
[67A9B23E3354B5AABBFC97D0BA6855B2] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.qtr]
[8A8F9FBCCF3B0E2A4F5DA0AEB20743AE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.dll]
[FA355F665621983C8CAFCA614F1ADE5E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.qtr]
[53818C1CD971676AD4F9CD30F5E7B234] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.dll]
[026CBEAC643261AE98978679D4888864] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.qtr]
[6A2CC639A891E66BE923C89BFE89964A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.dll]
[4E4456845115FDC340A65933AAD7A6DE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.qtr]
[D7600ED2D23601FF8FC15C6F47A7A30A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.dll]
[7955224333E04C05D45099B6A858175E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.qtr]
[77914977DA069D8DD137DE64B49A0A78] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.dll]
[761611A3B96620FE3B0836E411E94B8E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.qtr]
[CAFF6C2E6921AC25C3FC5DD4F69E93C3] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeWebHelperLocalized.dll]
[21C4EC04CD88BEAD7DE58F915FB15623] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeWebHelperLocalized.qtr]
[5EA80AACD544DB9A66FF732BED1F25AF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt.lproj\QuickTimeWebHelperLocalized.dll]
[4D0F1ECD1CAA00DA6613863519DBD646] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt.lproj\QuickTimeWebHelperLocalized.qtr]
[F45F400AB5BD7B639FC28935F8CFDE24] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.dll]
[83F32166EF04510BBDB94EAB4023F2CE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.qtr]
[586B5DBEFDAE3CF1A9D091C031375B8B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll]
[CD426B28923E67FD3E6B879B4A1C3FC0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr]
[0DC76F07A058741DA627A4AE402822E6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperLocalized.dll]
[D4A01CCD0E3FEB6A372B388FE96921A0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperLocalized.qtr]
[7CA4D42DD442116822504201D325588F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.dll]
[75F5E23BCD6EE17D94AC2E3057369598] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.qtr]
[311D3AA117DFF754CB44E56F7117D7D4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.dll]
[4F7F1CEFD70C3ABE1C780EF4C980C5E6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr]
[6CF01EFCC1B687E8E7D5D8C722241F14] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.dll]
[76DD91689B5754A478F5569BF4CFFC4C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr]
[916A2C4EB028604783FD5EA169236C1D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTTask.exe]
[A434F0AB888FFF06C10A7BB806D4BD6B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QTUIPanelControl.dll]
[A5261BBFC7E9E90E94BB0E64521DB2A5] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\About QuickTime.lnk]
[F06E0EF8C6984A96D3BA55D1065A42DB] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\PictureViewer.lnk]
[F5CCE6C0FA12CE06D866B639686118E1] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\QuickTime Player.lnk]
[9123E01EAC5CD24B78BDCC7FC4F10840] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\Uninstall QuickTime.lnk]
[F93698D750674C4DCB2D13C583172EFE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime Read Me.htm]
[BA74D63990D84715C95E5B47918B341D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.dll]
[AB1F1374CE30F0679263A05EF40AFDDC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.exe]
[2581AA55AA17B608292A1938C8D5DF82] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\da.lproj\QuickTimePlayerLocalized.qtr]
[710D32C695F9519073C6F59E572E143C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\de.lproj\QuickTimePlayerLocalized.qtr]
[DF9B99A21BE8D4878AC0EECDD386D822] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\en.lproj\QuickTimePlayerLocalized.qtr]
[77959EF612F8043199950D80FF6CC56D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\es.lproj\QuickTimePlayerLocalized.qtr]
[4DE7BC218263FAA9E1122AABC4797B83] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\fi.lproj\QuickTimePlayerLocalized.qtr]
[4F5AE68A275DF25128A6141A25CC724A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\fr.lproj\QuickTimePlayerLocalized.qtr]
[D0BDA293D218657727CBA10925884BEE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\it.lproj\QuickTimePlayerLocalized.qtr]
[5E51ED0166341B671ED6D876E2FBBD9A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\ja.lproj\QuickTimePlayerLocalized.qtr]
[2303F4D8EBA6BD780E631F3A7998FABF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\ko.lproj\QuickTimePlayerLocalized.qtr]
[F65F8BDC2798294E9C32F7DFFA04838B] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\nb.lproj\QuickTimePlayerLocalized.qtr]
[1256B1596B132AC0BD813C8017519DAC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\nl.lproj\QuickTimePlayerLocalized.qtr]
[206FE717A4B49328EC506F69BE234B38] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\pl.lproj\QuickTimePlayerLocalized.qtr]
[70E1F19D775A44E87F8140EDA4532983] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\pt.lproj\QuickTimePlayerLocalized.qtr]
[B08B6D9898A369717B69F6F8BF228441] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimePlayerLocalized.qtr]
[9F23BDCFAE19FBE5974DA4DE02437C1D] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\QuickTimePlayer.qtr]
[28942CB70F36A31F8A64909B7ED52F65] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\ru.lproj\QuickTimePlayerLocalized.qtr]
[803B0195B2494FB157CB936031FB1B82] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\sv.lproj\QuickTimePlayerLocalized.qtr]
[B24F72A0BCB08BFC4B10056155852242] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimePlayerLocalized.qtr]
[D281F09A29CFA7EEC4DFC79CE1AB89F4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimePlayerLocalized.qtr]
[0E242AB2D25193687BFFDF12813E6E67] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Sample.mov]
[B08CB105ADB1D45AE19FA3E5FE7B60EC] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\QuickTime\Sample.qtif]
[3207F2DDCDC729F05E4095DC9D79497C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\SearchProtector.css]
[C0ECC7B7922AE2D9F8E0160C9152B0DE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\SearchProtector.js]
[FB135153AF695F15629F90C77B5CE07A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\SearchProtector.jsm]
[615784EC0F9F3322A1865ABD3DF0E2AA] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\SearchProtectorRetakeover.css]
[8CF24B278DA351A7D641901D11D37884] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\SearchProtectorRetakeover.js]
[F43B589A96E6AB7B171F8C66989419F4] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\separation-line.png]
[92A7FC466575CFC32532EAE392711035] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\warning.png]
[AFC55265F6087C9A4B0F45F19BABB278] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\102x96_Allergy_Beach_Plus.jpg]
[57380295F744F517BCAD590237BFEAF0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\517.jpg]
[4DC6B0236F1A1E397523D31E74D1B623] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\nav_07182007.jpg]
[1304DDC6D2F70929CA6DB2B37379FE94] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\Summer062510_APPROVED.jpg]
[BEB4D93A50EE7AF501C9CB6D65540CAF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\Summer062510_MASK.bmp]
[1304DDC6D2F70929CA6DB2B37379FE94] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\Summer0710_APPROVED.jpg]
[BEB4D93A50EE7AF501C9CB6D65540CAF] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\Summer0710_MASK.bmp]
[4AFA4B3080B581A6D69F7C7788573B90] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\WeatherBug\WeatherBug\topnav_Business.jpg]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{328CC232-CFDC-468B-A214-2E21300E4CB5}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{404BB1FF-A84F-432F-B77B-301E88E8D1C7}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{9C98CA38-4C1A-4AC8-B55C-169497C8826B}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{9EFC40E3-5F31-4F75-8445-286273F74D8E}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi]
[5B1E5F6468CD5D48B2F8B8738C7B80E0] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\x-default-LTR.png]
[FF4F6B41DFAB60FDE151847AF6AFDB4F] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\x-default-RTL.png]
[45CA78FCDC4FAED43EA9F8536286D017] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\x-mouseover-LTR.png]
[1EB77884D8E761843AC9C2796804021A] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\x-mouseover-RTL.png]
[A11E27AF6612F6B825284901BCFA237E] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Quarantine\yahoo.xml]
[CDBEDC4CC23A5CDDAFF439286ACC9B64] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Tempo.txt]
[1E730EACDFEB1F1AB5834207C8ED8339] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\Trace.txt]
[1C43D89B103EBDF45CD3FE7108FBA3BE] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPCleaner-[R]-07122016-00_55_30.txt]
[313F912CBA95C7CD8E0B6351E8FA5260] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPCleaner--07122016-00_54_19.txt]
[0F3903D137E5CF7312CADB72DB57B852] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPCleaner.exe]
[B36D5B86F2FAC72A154DFD2C8CD1F8A6] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[2EF69210D23B9758D5B4B8FB1391E65C] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[55AA7E96F7EB851AE5B07DA21B6C7AE7] Trojan.FPL.Rotbrow.vl [c:\users\bryan\appdata\roaming\ZHP\ZHPQ_Files.txt]
[01B47F679A880D544292BEAA10165B1D] PUP.FPL.Gen.vl [c:\users\bryan\appdata\roaming\Common\Shared101.ini]
[541DA2186D3A1D47FD9F0022D14EBA55] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\cef.pak]
[51B6D1E6273E7A861786D8FF7BD31B9A] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\cef_100_percent.pak]
[74DA07F05A37C1C83F99D9CD85C1BEB4] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\cef_200_percent.pak]
[4DF5045DE92260CCB13CFC9A11F339F5] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\cef_extensions.pak]
[1C9B45E87528B8BB8CFA884EA0099A85] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\d3dcompiler_43.dll]
[C5B362BCE86BB0AD3149C4540201331D] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\d3dcompiler_47.dll]
[4003E34416EBD25E4C115D49DC15E1A7] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\dbghelp.dll]
[ABBD308C7F9568B0120607683FFF84D0] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\devtools_resources.pak]
[200FE259AB000787134B4C82D6F62A66] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\Hextech Repair Tool.ilk]
[970FE088600931D0507605759C6B3679] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\icudtl.dat]
[BD063A1DFA62F4979C4DF8C19D660413] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\libcef.dll]
[40ECB51F718EE24753A9CD16209EA157] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\libEGL.dll]
[15E4A4DDCB26DD6355961CC3B2C4661A] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\libGLESv2.dll]
[F182EF5736BD314382E9763BCA82B46D] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\am.pak]
[8F6DFDF42CECC992B66963843D7B510C] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ar.pak]
[1BDB93A25C5DFBFCA37FE78FC5D01DE0] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\bg.pak]
[19FEB1E8ED73A931F434E48954173DC2] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\bn.pak]
[FA828D936EDDDD6B1307C2A9CE50B1E3] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ca.pak]
[80C028A48D6C71614EDD2B3732175CF0] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\cs.pak]
[BB16B767F389EBA2FFDAA3937C45E03E] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\da.pak]
[287834EDF79E61D1DE1DA846286704DC] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\de.pak]
[4D132E9FBDA96F2014F569362DF8B917] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\el.pak]
[081C13E292563398511B542F736CD665] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\en-GB.pak]
[951C8E3755C0F0C0BE6DF9681E020BBD] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\en-US.pak]
[09D6117BB43FADC5F9F6C4552E98C403] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\es-419.pak]
[27644CCA573BADD5AF65A68118BE0C44] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\es.pak]
[4AC07B18C258B7BA808BDFCF57DC7956] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\et.pak]
[C41639F140A848239A746DD2AF28B81B] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\fa.pak]
[00E3F87DD7E8B41EF1DFEE6C1EF76997] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\fi.pak]
[C6807A147091F38CAB7673B9CB217F93] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\fil.pak]
[E1D7A454729AC314DD766D7E75134AF8] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\fr.pak]
[8E6FB4C91DCE99B00E8A0ED6282ED524] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\gu.pak]
[E78ECD5822512CC8B1C19A1F47802222] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\he.pak]
[E6108ABF795288C0CCD34E3855AA7F34] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\hi.pak]
[9A8446E22AA3751289A8E5BF8A52A828] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\hr.pak]
[785706F84860034FFDE43D347C88CDCB] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\hu.pak]
[805F7763C6966425D0E0E796F0B89A70] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\id.pak]
[4DCB1364076D3AA72D75BC88225E1209] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\it.pak]
[DFAF526656E2A27406CD8AEA243600A7] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ja.pak]
[1D293A2100BC1BD6D9BB45E5D80ABEC3] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\kn.pak]
[EF253AEF4DA2B010667E4FA15B8AE660] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ko.pak]
[F14F8DECA1954052106681B3224A411F] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\lt.pak]
[53B13781EC6066A3B05F032301E45DE1] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\lv.pak]
[2975AA3C0FA0CC0A999CF6C4B92B2AC9] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ml.pak]
[A00EE6C8DBBB48E726AD70E6FC5A6F98] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\mr.pak]
[97AD568E0439B0CE68615D688406565D] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ms.pak]
[08A1D3FEF403AFD10F6984EA5CA3D120] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\nb.pak]
[380710B7E1EAA7A8B53B2FF459C55620] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\nl.pak]
[8A8C2A1746A7A3FA735FBAA8797C1256] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\pl.pak]
[FF56EA3D2F16114B20D31CBCE3C38975] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\pt-BR.pak]
[99029EA758BCE3F0504FE3C272F67EA4] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\pt-PT.pak]
[0B1A2A902DDC0884132DC9635888314E] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ro.pak]
[2C2CC1FD0E6B3CB531D75A7FD9263821] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ru.pak]
[B6A52AD289D8BA98BCDD5CECEC674166] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\sk.pak]
[33741BEF032B7B82A2AFED867336CD39] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\sl.pak]
[39FACB20B36D9898CE07C5D457CC4F98] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\sr.pak]
[AF4BEDD786F50D3125A82B5F959C89C3] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\sv.pak]
[8ED6C0B72B26F352F2C3423FB9B74A91] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\sw.pak]
[2ECDDDFB5C736CEDDF96D48202514B48] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\ta.pak]
[F32FC0AC5BE622E07811181DAAB8CED9] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\te.pak]
[5CF7296AA0F26294EFB505A010D07489] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\th.pak]
[9980A44D26B5B0673D23F86D10443A0D] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\tr.pak]
[281F66F0ADE4D889FE5D0A4B4E6CCABA] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\uk.pak]
[EBF01E707BD4DAAEA427A568FBF9C8EA] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\vi.pak]
[39D73560DBBB7BB166110768682CA8F4] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\zh-CN.pak]
[E0C97C1D93E9B08ACEA17EDD9C4922B9] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\locales\zh-TW.pak]
[D0645F36F5D0FDF9E8502908CB7096AA] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\natives_blob.bin]
[E777F4529AAB51FED44F28303C04C14E] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\snapshot_blob.bin]
[9F1AE66D7954FE2E0909A5EBC6B94798] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\wow_helper.exe]
[EC79CABD55A14379E4D676BB17D9E3DF] Adware.FPL.Toolbar.tv [C:\Program Files (x86)\Hextech Repair Tool\_7za.exe]
[B4932F76A39E6666755D03A1592B1AF9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\128.png]
[E024188310265464E0675F1D41A5ECA8] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\128x128.png]
[465C5E83214DC6B1CF511BBE4ED87D77] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\19x19.png]
[6764600096745F88DCBBF6C2FDAC2D68] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\48x48.png]
[CF0AF92F100413DC633597C57C36A6FB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Controller.html]
[F4DA35740730E0C41F2BC1EB48DFCDED] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\about.css]
[2E8328A52E181325B29E241ED8ED41D0] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\chromeMain.css]
[571B5EFA1914D7A8E95D778A5D9ABE05] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\ctbMain.css]
[A19843088D63A8E489E0556374960069] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\ddmenu.css]
[F24B555A954A4B07AC5F440CF6543960] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\facebook.css]
[318ACAE6788F31A8D3CE103D7B1CEF6B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\gmail.css]
[E67479ABE1E09E6BAE585ECBB6ADB411] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\logoMenu.css]
[1C2D1E158DB4052A7BF3C64498D92CBE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\options.css]
[ACE37F7E31442177176D0F884E3337CF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\safariMain.css]
[23C8A045910FC197F681C5FAE02EFF50] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\searchEngine.css]
[3B03683E31AC6DA2D8C328D2DF7B182D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Css\searchHistory.css]
[335299B548C29EACEB9D553F24DF8297] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\CT2801948.txt]
[978D0F9DF15FE44A7231B4951522180B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\initData.json]
[F840DB0083270E430EB8C65E5BE79BBF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\404.js]
[42BE1A0DF8563FC1FB76386A098BA39F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Component\BrowserCompApi.js]
[FACEEDB3A199105BC3C40C0E16786898] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Component\controller\BrowserCompApi.js]
[8C374FCCB097A92B885F1BC57EE49E16] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Component\controller\BrowserCompApiUsage.js]
[C0BF139FD7C29F1325C33155F30288B4] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Component\model\BrowserCompApi.js]
[45997061216A29BC128AC1FE0018C015] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Component\view\BrowserCompApi.js]
[D41D8CD98F00B204E9800998ECF8427E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Component\view\searchBarContentChangedListener.js]
[6D918D472547DC465B63A3B3CE0DFA22] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Toolbar\toolbarApi.controller.js]
[BBBE59820C94BF6EBDE329B5B2794D5B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Toolbar\ToolbarApi.js]
[505E2DD028C025C9FED7CEDB12804317] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Toolbar\toolbarApi.model.js]
[66D151EE5944B67D9DFD3C9DEC893487] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\API\Toolbar\toolbarApi.view.js]
[94343FFE72CA184D1AF78AF373C00C29] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\clicksHandler.js]
[48A16B471430E92FE951A9BD704862D1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\compatibility\compatibility.end.js]
[626CDBE64AEBE5A35FE33AA32A7C4482] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\compatibility\compatibility.start.js]
[6CCCF270DBD1224F68AA7327D5CFC16B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\compatibility\compatibility.start.sb.js]
[44A9EF7A32AA4AF7F65C539A8CFB7F47] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\compatibility\Match.sb.js]
[C8F4E736E174931D7E1DB170F720FAE2] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\ContentNamespaces.js]
[9ED3BBA799E2A419DD4BC61CC61BCF62] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\contentScript.js]
[50579D860A04B077A2B353A33C89CCA1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\controller\controller.js]
[38621896AE95E63E365CFF662FDF6D13] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\createChromeWebToolbarDiv.js]
[ACDF533F64CA71EEF08F71DD46FFF205] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\css\ctbmain.css]
[AD4DF84C898FB6600D145C8630560711] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\everypage_early.js]
[1F7155723D8328E44F9D98B41F0B6A6F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\IsUpChecker.js]
[F93016FD5EBE799E99986B1341647888] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\about\about.css]
[5D35CE28BAB30BDB77338E53FDF8422B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\about\about.htm]
[89DE01ACD861A68E56BB1A3D3DD9A672] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\about\about.js]
[6A0257EE12FC7E5B69469904E97FC4B4] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\controller\component.js]
[3CF0E0DF5F942ACC117BBA6CEAD1EDBC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\controller\usageAppStore.js]
[4549B5654776DC98DDEE57531210A728] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\controller\usageLinkButton.js]
[2F15FC4B92C26FC0005216A47E450524] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\controller\usageSearch.js]
[368419BE2A0D639F74284349C6E6C4D8] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\appStore.js]
[F15E8C44D285ECA58945FDDB072AC935] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\buttonBase.js]
[4B5A3F91DD99A59012C13A9028D5B884] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\componentBase.js]
[4C23B519D4DEF6233258A48DA191C512] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\gadgetButton.js]
[DB66A828E79A97BEC18BE46B582FCE75] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\htmlCom.js]
[0EA2B0E508490D521A39073A52E71E27] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\itemBase.js]
[EE7DF8506DAE8451720B6171D7DC93AF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\linkButton.js]
[778C7D2961BEB49240C494660CC17D5C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\logoIcon.js]
[B038BF0825A6A947A30B9D93984F35D0] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\messageTicker.js]
[F06940E36D9540F85B2E549B14302CCC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\newsTicker.js]
[9698F3A70CDD09E7B5F3F71FE58C6894] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\searchBox.js]
[2580E2D1D937E2E3766757BE8944EB19] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\model\separator.js]
[6500A04A2560B5FB4F62834874C71B89] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\appStore.js]
[54489868DCA902774BEEEA33761F72DC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\componentBase.js]
[F6E6DE960214D59759903F1541EA95D1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\gadgetButton.js]
[55DE6910810C079D0DBF9E2CDE810002] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\htmlCom.js]
[F9DE169A4135BFBFFD02EA8F98DF92EF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\InjectScript\ticker.js]
[A24AA5733DDB37C8341A11067EC1456C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\label.js]
[4AEF9C7EC49FDFA8585D48916215C27D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\linkButton.js]
[C8930075E0B5D29AB07278C232F114A8] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\logoIcon.js]
[5A82E0FD2E0B550A4854B14931D41B11] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\messageTicker.js]
[1E9CAD3F41F66A26C6FEA6529D7D0510] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\newsTicker.js]
[6788ED09FF20D7C74638E989FC6D8310] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\searchBox.js]
[275DD5644D9F46304DB73057A721A663] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\components\view\separator.js]
[8BD0F821CEE34593738EFD6D1614288C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\container\container.css]
[B20D494313E03A7D8E5FB8FA36E934C5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\container\container.html]
[55262B277F6318941ED55540266E5FB9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\container\container.js]
[34B3C2D91324A21507DC306A00148A9D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\contextMenu\controller\contextMenu.js]
[B82B190ED1BD21C35BB153E1C1D7C16F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\contextMenu\controller\usageContextMenu.js]
[88F6EF3CD78DA1A19597756FFB2BA383] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\contextMenu\model\contextMenu.js]
[FE40465248A719DB6825E4AD63F448BF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\contextMenu\view\contextMenu.js]
[A3855F7F531BB931C8E34C6B20A3D450] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\consts\dynamicMenu.js]
[D3F411DB7F06D4BC7127A935A774805F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\controller\dynamicMenu.js]
[B4410E91C7B9B2951988DC98FBA3850B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\controller\usageDynamicMenu.js]
[D9BA930422B162C1112530A721DC4E3C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\model\dynamicMenu.js]
[E75188C2C1A4660CFA5E5132012A004E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\model\dynamicMenuButton.js]
[90C444F32D1C9B48DF1531949A6EE6C9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\view\dynamicMenu.css]
[98DD0650CD2538DCD9C80462100EABC3] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\view\dynamicMenu.html]
[74BB33BFE2F4C0A2C46CE67F1E17666B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\view\dynamicMenu.js]
[DFE4BD76A43C152244907EB0E87F2534] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\dynamicMenu\view\dynamicMenuButton.js]
[4A21F64B5C347EBEF75EAB9AE32B1BBE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\factories\model\ComponentFactory.js]
[4970136D0981925542B874897E0E7264] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\factories\model\GadgetFactory.js]
[34DDF69EE92CAD46A7B81768686A1E2A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\factories\view\ComponentFactory.js]
[4B71C982F9A2E068032ED06C3DB6CF01] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\factories\view\GadgetFactory.js]
[B2192AE530C7D42EDBC622F7E00F8BD4] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\gadgets\model\gadgetBase.js]
[1FEA0AB82EC3D60CC07D123F15182F61] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\gadgets\view\gadgetBase.js]
[4E59087720321F3CD7C67D6888416EC1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\menuPanel\controller\usageMenuPanel.js]
[10854DE26DEE78C91CBCF205D931EA2B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\menuPanel\model\menuPanel.js]
[C92AFF3FEEDB5CEF7B3110C6998FFDF9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\menuPanel\view\menuPanel.htm]
[DD3A9414BEAC394AA3F5031589091A22] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\menuPanel\view\menuPanel.js]
[457E7728704F22C7F1D149655E0E6EAB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\controller\multiRssItem.js]
[04BF1890624055E8EAE74C849167E2E0] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\controller\multiUsageRss.js]
[DB054998093776A4169CD5EED9B151C5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\controller\usageRss.js]
[24DF28BC5C3816C2E4EE265F93DD2DA3] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\model\multiRssItem.js]
[9E37709F8DA54198A4DCCE3C33B6F024] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\model\multiRssItemButton.js]
[C7A0BC220F965A41D4DC91DDD7804045] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\view\MultiRssItem.css]
[57D730A0C5D4D568D1A27F89E7820E98] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\view\MultiRssItem.html]
[7BD8F00452D934E0F3C2E35F84833F8A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\view\multiRssItem.js]
[DDEB2E3EC058163D65A7CDC7FA6D6198] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\multiRssItem\view\multiRssItemButton.js]
[8001A9F22F6743AEB76B758CA42350B1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\controller\urlGadget.js]
[0B0F637C0E56CED1CEFB7996DA040682] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\controller\usageUrlGadget.js]
[728CA67D621203CB2A7CE3E0E480E02C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\model\urlGadget.js]
[14937C1F6FC6BFA8E769ABF9A58520F3] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\model\urlGadgetItemButton.js]
[897C18898258CF65EB13E721C8EA268A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\view\urlGadget.css]
[37E2B8C12DA7E23468E02D76149B56D5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\view\urlGadget.html]
[007508AAE78ED02E93FEAC938DEC69F7] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\view\urlGadget.js]
[CF7F1FE8EA6813BF2756562DADD755ED] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\urlGadget\view\urlGadgetItemButton.js]
[1147CFB78E93B3EDFA3051331DCEFFAE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\controller\usageXmlMenu.js]
[9761CE2042DE622E27C5DB939A15CC7C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\controller\xmlMenu.js]
[962470373BBD90665D80B2B48060DE48] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\model\xmlMenu.js]
[AC748BDC7C1BED026CD1D70342F7F021] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\model\xmlMenuButton.js]
[3344ACFD3671F33190B2B8FFD5EA7194] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\view\xmlMenu.css]
[ECAA88F7FA0BF610A5A26CF545DCD3AA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\view\xmlMenu.html]
[4EFA3FB5BCB5AFDA325479C7BE3E29BC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\view\xmlMenu.js]
[81456EF902689E3C7D6B30B169DA8783] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\items\xmlMenu\view\xmlMenuButton.js]
[21ACF418DFD94F5595F4EFCF12D1305E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery-ui-accordion.js]
[E8073B5B6279E2499CB6F13E7474A6D8] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery-ui.custom.js]
[3824F7BE5BCAB42189315E2A114CD16F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery.additions.js]
[C65CFF8B3AF0078C4EB943856E94A657] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery.batchImageLoad.js]
[6D3C9E0A691B084DBD07FDFBF2D4982B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery.bdc.ddmenu.js]
[060C1EF92D955CD9B67B2AF4346D122F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery.js]
[EC36BFF2ABCAC4C2266A6442BF71D3D1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jquery.mousewheel.js]
[4D561FE5179494EA590415872CE913E6] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\jsonStringify.js]
[3E0BC839E58F6078C399224F687C2C6B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\pure.js]
[C456E452FC69163FF43189E49E95A44D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\lib\xml2json.js]
[446E40B3B792247FFD8E95634B05FB8A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\model\model.js]
[0339D2E14217B603240A6E75E1AE13CA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\Namespaces.js]
[DD8A299DA3147B017A2BEAFF45091EEB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\options.js]
[73B05B1DA828E39385D8F5D319100E88] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\popup\controller\usagePopup.js]
[E5FA8A805ACBE95418ADFACE985B6295] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\popup\view\popup.css]
[4EFA7949F17C1BC4E0AF34FFE289AF5B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\popup\view\popup.html]
[3769AD6E3DA78B7CEC6DD50A66E63496] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\popup\view\popup.js]
[26B1DFA462937B0748A07D0557DA5464] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\popup\view\popupShow.html]
[F840DB0083270E430EB8C65E5BE79BBF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\404\404.js]
[6E138F8C302AA1C66169C411250AF018] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\alerts.controller.js]
[4F782FD56DEDC9C3F6CBFCEEEF7672CD] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\alerts.db.js]
[BB1D81DC570834ABC3F504683C5C01B2] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\alerts.model.js]
[69FD585AE6FFF5ED0D637424E8E96FEA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\alerts.view.css]
[32759AE2DF0C673487AD557BA9C9A7B6] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\alerts.view.html]
[DACF167267E8962CD1AFA0C3BE3ED9FE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\alerts.view.js]
[0E09DC035D79DFA53E793CC59420C466] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\alerts\urlAlerts.view.html]
[01E8C7DF36F0269FDFF5EBD620D72648] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\ContextMenuService\ContextMenuService.js]
[E945D7E26FF39ED99B3C79B978A48901] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\cookieMonster\cookieMonster.js]
[FF93944594667C1AFD71214736873CCC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\feed\FeedConsts.js]
[F4DE1125ED566FB6803D31E648D74EAB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\feed\FeedService.js]
[D0FCBD9A5FFA631CAE5AC5E11AE91D05] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\jsonData\jsonData.js]
[6B14137442A70FF179AC3AB6E354B89F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\login\login.js]
[19E2B39543E9EDEFF38ACD0C09353A6C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\login\loginConsts.js]
[0E9E639E90D94D06E993034A3FE7056A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\serviceMap\serviceMap.js]
[4D153D85CEC6008FCFDF3367DFB4C8E5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\settings\Settings.js]
[C4447A4DD905EA8E59952370EA76C0F0] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\settings\SettingsConsts.js]
[D0BE3992C9A6AEC4C24284380DB0081B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\toolbarInfo\toolbarInfo.js]
[2573CD58572617F327D56706050DE011] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\toolbarsManager\toolbarsManager.js]
[3AD2D7EB4FD5654B800CE425D8AAD308] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\translation\Translation.js]
[20DEDE5F8F7F535D756F29EE0E2F6234] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\translation\translation_fallback.json]
[CDCDD4E45BE8EFCD01FADB7D82692F8C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\usage\Usage.js]
[A710D76CA5B28C18B96FC7752B36D5CF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\usage\UsageConst.js]
[279CFE7BDC44922AF9A06F9EBD862CC9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\usage\XmlBuilder.js]
[A79C102971730E5C0E39372D2BA992B5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\services\usage\XmlConst.js]
[B5CD1033E9987001FEC73F69358955CC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\appInfo.js]
[AFCB82C98B09B16CBFF3B53A75A0D5A9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Array.js]
[75FFA332A26A3CE1AA64FB5F1421DBA9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\BrowserEventTypes.js]
[D2E228A6C1184306E4D5158E76C7494F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\ClassTypes.js]
[05CCC733E3CEE9A1E19F2163DDD8D29F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\CommonStringReplacement.js]
[D204004582BCC7E0653CBEC49F80E85C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Communication.js]
[D0320DBCB9B903D6484506B9457C686E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\consts.js]
[F5575A4DAB341670F5BD508B1B5BBDFC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\date.js]
[8FC16EF7E3445289B1F2C0E194B963B6] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Debug.js]
[ECAA88F7FA0BF610A5A26CF545DCD3AA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\DragIframe.js]
[0552A0DB20862E6527AA7C903B3F52DB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\EnvChrome.js]
[01E1F011DCA9FA36BA787D0236677624] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\EnvSafari.js]
[8A147012825105376578459D13BCB1A9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Event.js]
[87D70E51237E7326C5C7CD30C4B820AF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\EventTypes.js]
[E03A332FBA01D2BE5A694E36AC307D3C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\guid.js]
[387E37BA37B42543FB80DEEA738BBF1A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\html.js]
[6CC3516FA34BC806D062EB93767707FE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\interface\Environment.js]
[3C8DF70EE14842079D4638CD866433AF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Logger.js]
[5303AE7E1EA863FD10D121C80AAA30DB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\QueryString.js]
[3A6FF76A547A8F643DF9F1012F734439] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Storage.js]
[C1112906E2BB527B519B05356F683DCB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\strings.js]
[56A4EA99F5F4702422B0C12D89CEC3ED] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Time.js]
[B7C2B8AF9242E6EAEB367B531B019541] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\Unique.js]
[DAB9F0C41C78F31D7766026579CA49CC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\js\utils\ViewPositions.js]
[A76262877216FA67D827FD8BBC185167] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\manifest.json]
[BFCF9DF126131758DB59F32E6C8DFA97] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\128.png]
[5C45B0BE2E3E5BD981C6E5CB30C0EA05] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\128g.png]
[73E57937304D89F251E7E540A24B095A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\ajax-loader.gif]
[D53A37A398B6E0FC63171B2245838B8E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\arrow_down.png]
[6D781A521DBD0ECB29F3B135D5A71664] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\bak.gif]
[DEC9BF8523DA093A794AD2A3DE6A2700] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\dyamincMenu\backstrip.png]
[9BBBF1074FA9D8EB3DE02A84CD7D2B18] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\dyamincMenu\overstrip.png]
[527CD5535DAD9A408536D5FA489C597D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\icons\about_icon.png]
[CFBA72D0EE16D808925B48CE5DB17F02] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\icons\delete_s.png]
[CE0673F440B337CFCBDD93324BEE56F4] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\icons\read_s.png]
[0F7CBBAC6C9077A721A4650C92237175] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\icons\shevronLeft.png]
[0A1CA277A998B43245A2223D410BED47] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\icons\shevronRight.png]
[757305810422DA52207428CBFC212ECF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\icons\unread_s.png]
[8D9099CF065930B3E8BEB99DA6403350] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\ifarme\blackToWhite.png]
[5C5F9845658ED932A5184A9F3C2B2D84] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\ifarme\whiteToBlack.png]
[FC2A1FC72E9A84BDF6D5C9EC4F8A232F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\down_active.png]
[0F4D58FC6C4E9A1331E0A43CEEECEE21] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\down_disable.png]
[A1B6617073A631FBA3CB1C047F81E15A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\down_over_on.png]
[09C6972874E858B6955BD65637DDFBCB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\image_box.png]
[3BBE9FBBCF25AF30CF5F07D992FB7408] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\noimage_box.png]
[35A7C2D917A886552F3847F5587A6BB1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\option_layer.png]
[EC0B1EE3DEC06949B81A478E499BBE5D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\point_select.png]
[AF52BC1F65B91A31E0C7E978823838C5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_back.png]
[1C72578571C87C9F043175E14D038270] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_bar_center.png]
[EFFE215C9068EBEEB60D425073189B1B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_bar_end.png]
[D147F74BD76BF3E4E5DF62E101F55113] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_bar_start.png]
[21F0725DDB2DF81149BB8200FFDC8383] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_down.png]
[BD08AF39AB64FF5B436EA4F62A3B0E12] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_down_on.png]
[25A5307C6A532627D6A050BBC3471BB1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_up.png]
[8272201BA788015C2A11E849799859AE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\scroll_up_on.png]
[D235278FC055277C7ED8AEBBE58AF323] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\shadow_list.png]
[A3E85F31C7F520ECF342FD3611F85925] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\up_active.png]
[A3CCCCC6008B8F03FAC3122060514384] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\up_disable.png]
[DBBFE9B76740C851BC218FB7E5272544] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\rssItem\up_over_on.png]
[51F5F9717873AD259C53FE2BDCE8E0A1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\searchBox\searchMe.png]
[D1AD1853FAE7CBDA18DD5EB8C10984F8] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\searchBox\searchMe_rtl.png]
[97E6BE69817D683A7A8FF097DD6C03ED] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\searchBox\search_center_over.png]
[247236CC3B529C83E868AB8D407EE562] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\searchBox\search_left_over.png]
[247236CC3B529C83E868AB8D407EE562] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\base64\searchBox\search_right_over.png]
[6B5D05F96A7258A0D79B5CF8845229E2] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\colapse.png]
[94DA1F9BB2854AE2B60F4F5BE8D78374] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\Collapse.png]
[0C11DE00C2CA23DDEBE26C48025E6A59] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\endSeperator.gif]
[3A283F95B1FB155A789C03290B168531] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\expend.png]
[B4932F76A39E6666755D03A1592B1AF9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icon.png]
[B6A50D046DAB8723002293FCB616790C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\addApp.png]
[F15A9F649CECDCBADBDCE5F73C88E4E3] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\delete.png]
[0AA0DA09A5E28BB9012C13903B59DDFA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\delete_blue.png]
[6110E18ECE1453887FFE77355162AABD] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\delete_grey.png]
[90926E7AFD27DF3475C04D2DCFA7FA6B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\delete_hover.png]
[32C8DCDD968E0CA37A665017DE16FDBD] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\delete_press.png]
[EC172EFFABFFA76908233A82BBBE55DD] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\read.png]
[2A28E74F5B647B034F2FA3A458B88C6B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\read_hover.png]
[747B60530E0B73F57A0DC847CF0C7BDE] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\read_press.png]
[80B1375C29A7BD59CBAB5DC4CAB2627C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\read_reg.png]
[646A3B09BA01905E8D15FAB9B4184C8C] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\refresh.png]
[2DD48BDB32E5D2B78CEF2EE45D0CC618] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\refresh_hover.png]
[91BD7E80F73031F9B8FD92278FBA769B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\refresh_press.png]
[0E031D56006F2C85EFC1EEB7A3DC2792] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\refresh_reg.png]
[89F6406E503525704331DD170B5F3F7F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\small_arrow.png]
[F73BA6DF18D38DC0FFAE84F7E28B0485] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\small_arrowRTL.png]
[1943B2724D77F8A20272627DE2F7862F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\trans.png]
[4F974BD6985BA06FA468B41A98F3A6D6] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\unread.png]
[180AD7AC25F2F71BE939248B390973BD] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\unread_hover.png]
[6FBC49D701851269181EB0D7CDC82667] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\unread_press.png]
[F4BA6750A8173BFE154CAC28B355A8B2] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\unread_reg.png]
[CA8F65E67F1B905D98F1725ACA40EFF5] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\close_hover.png]
[4910A1665B521C818EF09CE52BD4AC96] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\close_normal.png]
[3AA898511EFE6CAD959B0A44DCD51EF9] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\info_hover.png]
[C30D02C2CC1713FF9EFA31E50C91343D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\info_normal.png]
[B08D40C34964F59C91A44D6A82848874] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\minimize_hover.png]
[0C7C6273D9623727DE0CDDAB77D36D14] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\minimize_normal.png]
[FBF2944BBDA0EA588261B21281396669] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\snap_hover.png]
[0571D5E0992DBE0FF07F01FF1AA9400B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\urlGadget\snap_normal.png]
[6BEBB9CA1AF7DBC870540E6F95FCE0EA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\0.png]
[9B30DC376493278CEE16669A0A713F8F] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\1.png]
[C74B94ED0CA71F9D767C515153F36570] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\10.png]
[96134E5CC0AE678B21EB394E1F9C0B7E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\11.png]
[C3F828996FE5674750898D4AB2EB2349] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\12.png]
[CF8141EFB04DE9E4868AD630F0B1FBCC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\2.png]
[BB4FC95E17495749549DA360D7FE2FF6] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\3.png]
[17C388B7DBCD185086700C9645CD6F22] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\4.png]
[EB18DEB0D4E8C368C6C02AC8A8194052] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\5.png]
[4983487D461A06BCAEDC0443B47C339A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\6.png]
[4EB322F9D8E456805B009623A078019D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\7.png]
[C359087FB679058374ADEBF88B046F6E] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\8.png]
[9433F7C620B9D8500471AEDFB0C3B1D2] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\icons\useful_components\9.png]
[B4F147818C2BBE04E34DD70D5FA384CB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\options_acc_collapse.png]
[16D74063C5195FDFFFE570BBCF7C6AAA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\options_acc_expand.png]
[771817FE84A44869B0410221607DE6BA] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\options_acc_item_bg.png]
[C26F902030D9E73F513AF023BCFE1B80] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\options_acc_item_bg_hover.png]
[BF378BF5B060BD2E01FA6FDCDB4CF837] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\options_button_bg_green.png]
[AAFE9C2888936C621C53D692A958B4D1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\options_button_bg_orange.png]
[B85C560E2727EB08EE71C667C47C426A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\overBtn.png]
[DB04C7B378CB2DB912C3BA8A5A774EE3] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\pixelon.gif]
[EC3C2B4E0DEC4D880BAFF88ABBF94188] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_about.gif]
[15DEF39E438E807E2F0E22D44FDC7FB7] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_contact.gif]
[995595D4C685D659E8F03CD0A287EDDF] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_help.gif]
[7C37AAAD59041D67C7C646B85A264282] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_hide.png]
[6427565C7105DC497287866100F260BB] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_privacy.gif]
[AE7C9F67594A84B096D225601ACB0B2A] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_refresh.gif]
[012EC5A0E3D78D0D2997DC08B9E83083] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_show.png]
[5E7217A3357550F9749A095631F51015] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_tell_a_friend.gif]
[8BE02D510B4B2E05AD2611B1E9A0BD56] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\popup\main_menu_upgrade.gif]
[5206357D0FD892EF6D175E577DC9F30B] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\rssItem\noImage.png]
[A6BB28F76959BDDCD983216A04E70AFD] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\seperator.png]
[D235278FC055277C7ED8AEBBE58AF323] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\shadow_list.png]
[29E7D3738FEC1573EFBDB18403D93FFC] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Media\shadow_list_.png]
[6A4EB2215711051B3B087139AAF92E46] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\newtab.html]
[577904A6F3BB3359CEA32790BA646989] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Options\additional_settings.html]
[71FE6843168885A2E37057FEE1C49CB1] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Options\alerts_setting.html]
[A96E7B58BEB9BCDE019D9C31332C3E01] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Options\personal_components.html]
[73A3B944152B5437F348E4B5E2D6766D] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Options\predefined_components.html]
[961CEA6FEA46438FE63B4BB8C79FFC41] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Options\useful_components.html]
[F85C264C0DFD87E8708ADC4092982185] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\Options.html]
[20DEDE5F8F7F535D756F29EE0E2F6234] Adware.FPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.10.3_0\translation_fallback.json]
[85E85B5BC75B0D712FEDB5633E1D2AFB] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe]
[1A2E5109C2BB5C68D499E17B83ACB73A] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll]
[F6E8C0D5EC7A8D223F3BA3436701DCBD] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe]
[9C4AAA0BC676D0CFF9BB46592D681FBD] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt]
[498BD12B38B549887D9E856EB734354E] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll]
[5C7B8533FEC9E65368D14965EC4C9D8A] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll]
[834C766FE011C0090FB4DAF6279A8DF4] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf]
[C7E5945B9C608A2A23E97425A5B91415] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat]
[8E98D21EE06192492A5671A6144D092F] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys]
[C979E3A8EF3A60EA62F454C3F3545013] Adware.FMPL.EoRezo.vl [c:\users\bryan\appdata\local\Wizards_of_the_Coast\CharacterBuilder.exe_Url_vtzvvymmazv3hesrazsfibgsj5shffqk\1.0.150.0\user.config]
[42E4D084926B4405DB88817C6257572F] Adware.MPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\local storage\http_www.azlyrics.com_0.localstorage]
[DEEBFAA223121155CFDDB0908D975AA0] Adware.MPL.Gen.se [c:\users\bryan\appdata\local\Chromium\User Data\Default\local storage\http_www.azlyrics.com_0.localstorage-journal]
[5C28D078E0ABCD8AA1A12FBA919ECA78] Malware.Win32.Gen.sm [C:\Program Files (x86)\2K Games\Borderlands 2\Binaries\Win32\buddha.dll]
[1C3DFC41F8A4053F4F17B76CF4FFDDA1] Adware.Win32.Agent.dd!n [C:\Program Files (x86)\Hextech Repair Tool\Hextech Repair Tool.exe]
[1C3DFC41F8A4053F4F17B76CF4FFDDA1] Adware.Win32.Agent.dd!n [C:\Users\Bryan\AppData\Roaming\Microsoft\Installer\{7F9A97E6-E666-11E5-B582-B88687E82322}\Hextech_Repair_Tool_exe_icon.exe]
[0FCAF8A6AB51EBFCF2C23464252FEF0A] Malware.Win32.Gen.4B53.sm!ff [C:\Users\Bryan\Desktop\Games\FixPatcher (1).exe]
[CCDA10C58D7EFA6DDF1F1847A21E13CC] Malware.Win32.Gen.CCDA.sm!ff [C:\Users\Bryan\Desktop\Games\Skyrim Things\ENBInjector\ENBInjector.exe]
[4E15ED7BC320C19798E8C98CD8F54644] Malware.Win32.Gen.7A52.sm!ff [C:\Users\Bryan\Desktop\Games\SpacePiratesAndZombies\uninstall.exe]
[0FCAF8A6AB51EBFCF2C23464252FEF0A] Malware.Win32.Gen.4B53.sm!ff [C:\Users\Bryan\Downloads\FixPatcher (1).exe]
[0FCAF8A6AB51EBFCF2C23464252FEF0A] Malware.Win32.Gen.4B53.sm!ff [C:\Users\Bryan\Downloads\FixPatcher.exe]



And also Zemana ran a check when I turned the computer on and found a few things. Heres that log also.

Zemana AntiMalware 2.70.2.262 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/1/6
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 12664A99569BA5006DAFB7
Scan Type : Scheduled Scan
Duration : 87m 35s
Scanned Objects : 284105
Detected Objects : 7
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

DO_NOT_TRUST_FiddlerRoot
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C946410CD237218589DBA25666FD421565530F19\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C946410CD237218589DBA25666FD421565530F19\Blob = 1900000001000000100000006E03E2080FCBBC3C785694E207DE87910F0000000100000020000000C5AD17E8DDDBBB526ABF7D58830CA9A3F8C6BC5E1675C6B7A73B64A079D83FB3030000000100000014000000C946410CD237218589DBA25666FD421565530F19140000000100000014000000A53A70CCF267F5EA1252F197502EB0BAF6A597952000000001000000910300003082038D308202F6A0030201020210835F3B6D5ADBBE864347BC26B5E2C198300D06092A864886F70D01010B050030818B312B3029060355040B13224372656174656420627920687474703A2F2F7777772E666964646C6572322E636F6D3121301F060355040A1E180044004F005F004E004F0054005F005400520055005300543139303706035504031E300044004F005F004E004F0054005F00540052005500530054005F0046006900640064006C006500720052006F006F0074301E170D3134313230363035303030305A170D3235313230363034353935395A30818B312B3029060355040B13224372656174656420627920687474703A2F2F7777772E666964646C6572322E636F6D3121301F060355040A1E180044004F005F004E004F0054005F005400520055005300543139303706035504031E300044004F005F004E004F0054005F00540052005500530054005F0046006900640064006C006500720052006F006F007430819F300D06092A864886F70D010101050003818D0030818902818100B24B5BDB9C0E19CE32FEBA65B1AB19FD3A9AE838A0A4B43BB8C17E4D80EA9043F812128B914BED9BB26FD1BDE53F607FE2C28B2DD31BF1A5CA551FC13884694F64D27378C0C75B880EBA7318D39857DF71B66553EF4D3D39F733816D9BB0564FC16D4590D51299AD0595ED095F1738100EF14A824E76156888B3D6727AC5AD8D0203010001A381EF3081EC30120603551D130101FF040830060101FF02010130130603551D25040C300A06082B060105050703013081C00603551D010481B83081B58010064E7C151BD376E37DD1E490D9DE18F2A1818E30818B312B3029060355040B13224372656174656420627920687474703A2F2F7777772E666964646C6572322E636F6D3121301F060355040A1E180044004F005F004E004F0054005F005400520055005300543139303706035504031E300044004F005F004E004F0054005F00540052005500530054005F0046006900640064006C006500720052006F006F00748210835F3B6D5ADBBE864347BC26B5E2C198300D06092A864886F70D01010B0500038181002FDB9376CA93BA3865DAD7DE16E8B034D6911B318E91C55EEC2BDEA0DCBD77429EEEC586C73D60D3AE81F859C8D74BD46262F3F885071F32506AE65869E70F234B06E363EA484380AB9F6ED299F112F7758F793747D9CE60D283C98A166B13A70824974D35074DCE32050914D2E3B5D2E05DE55CFADD0B78F7DA2D4523EF1DEA

Proxy Server (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = 127.0.0.1:8080

Firefox Search
Status : Scanned
Object : Dregol - http://dregol.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : NCH EN Customized Web Search - http://suggest.search.conduit.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : NCH EN Customized Web Search - http://search.conduit.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

NCH EN Community Toolbar
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\thahfu1s.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - NCH EN Community Toolbar

Hosts File
Status : Scanned
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : 846AC6862FFE4E143C737B666345CB5E
Publisher : -
Size : 428463
Version : -
Detection : Hosts Hijack
Cleaning Action : Repair
Related Objects :
Hosts file - 127.0.0.1 - -p
File - %systemroot%\system32\drivers\etc\hosts


Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0
 
#17
FRST Fix.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Update your programs with Patch My PC -- Then post a new Security Check log.

Let me know if any issues remain. :)
 

Attachments

  • fixlist.txt
    1.1 KB · Views: 10
#18
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Bryan (06-01-2017 12:28:59) Run:2
Running from C:\Users\Bryan\Desktop
Loaded Profiles: Bryan (Available Profiles: Bryan & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ProxyServer: [S-1-5-21-3534269808-1485983137-1280583553-1000] => 127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{85e448af-b9ba-4d26-b108-bc168d199adc}: [DhcpNameServer] 192.168.1.254
SearchScopes: HKU\S-1-5-21-3534269808-1485983137-1280583553-1000 -> DefaultScope {99653235-66E7-4294-A58A-C006B3CE06AB} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: (NCH EN Community Toolbar) - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} [2012-06-18] [not signed]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
RemoveProxy:
hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value could not remove.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85e448af-b9ba-4d26-b108-bc168d199adc}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\thahfu1s.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => moved successfully

========= RemoveProxy: =========

HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value could not remove.
HKU\S-1-5-21-3534269808-1485983137-1280583553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

========= netsh advfirewall reset =========


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


========= End of CMD: =========


========= ipconfig /flushdns =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20251116 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 53150 B
Edge => 0 B
Chrome => 406440190 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4212 B
NetworkService => 12542 B
Bryan => 10140067 B
DefaultAppPool => 0 B



SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 06.01.2017 12:41:42
Path starting: C:\Users\Bryan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Bryan
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 09.08.2016 13:01:39
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [595.6 Gb] Used: [502.1 Gb] Free: [93.5 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
360 Total Security v.9.0.0.1069
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.262
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR archiver
Microsoft Silverlight v.5.1.50901.0
7-Zip 9.20
VLC media player v.2.2.4
OpenOffice.org 3.4.1 v.3.41.9593 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Pidgin v.2.6.6 Warning! Download Update
Skype™ 7.30 v.7.30.105
-------------------------------- [ Java ] ---------------------------------
JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.10.7.0.21 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime v.7.72.80.56 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.23.0.0.257 Warning! Download Update
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Shockwave Player 11.6 v.11.6.8.638 Warning! Download Update
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 45.0.2 (x86 en-US) v.45.0.2 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.9.0.0.1002
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.9.0.0.1002
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.6.9.12585 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
 
#20
Ok, I ran the PCPatcher and updated everything, and then ran the security check one last time.

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 07.01.2017 08:47:50
Path starting: C:\Users\Bryan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Bryan
VersionXML: 3.68is-07.01.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 09.08.2016 13:01:39
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
SystemDrive: C: FS: [NTFS] Capacity: [595.6 Gb] Used: [508.3 Gb] Free: [87.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
World Wide Web Publishing Service (W3SVC) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
360 Total Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
360 Total Security v.9.0.0.1085
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.262
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.40 (64-bit) v.5.40.0
7-Zip 16.04 (x64 edition) v.16.04.00.0
Microsoft Silverlight v.5.1.50901.0
7-Zip 9.20
VLC media player v.2.2.4
OpenOffice 4.1.2 v.4.12.9782 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Pidgin v.2.11.0
Skype™ 7.30 v.7.30.105
-------------------------------- [ Java ] ---------------------------------
JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.4.42
QuickTime v.7.72.80.56 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.24.0.0.180
Adobe Flash Player 24 NPAPI v.24.0.0.186
Adobe Shockwave Player 11.6 v.11.6.8.638 Warning! Download Update
Adobe Shockwave Player 12.2 v.12.2.5.195
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.9.0.0.1002
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.9.0.0.1004
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.6.9.12585 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------


If everything looks good, which of these programs should I be running regularly and how often?
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu