Solved Virus/malware or something else? Keyboard issue

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.

Goldfish

PCHF Member
Mar 4, 2017
26
1
48
Laptop: Sony Vaio VPCEB2C5E running Windows 7

While visiting websites for a project (investment websites - didn't think there was anything dodgy) my laptop started performing strangely. Several of the keys stopped working - p, shift, odd numbers (1,3,5,7,9), and backspace. If I pressed them, nothing happened. The remaining keys were completely fine.

I did a virus scan with AVG, it found a virus (I did not note the name unfortunately), and cleared it. My laptop went back to normal. A few days later, the issue returned to the point where the keyboard was unusable. The processing is also very slow when the keyboard issue is occurring. I hadn't visited any of the websites I had previously so now I am confused about whether it is a virus, some damage caused by a virus, or something else.

I don't think it's a physical issue with the keyboard e.g. a spill - because I haven't spilled anything, and also because it is random keys (like the odd numbers) whereas a spill would tend to be adjacent keys.

I've already run FRST - see logs below.

I've also run RogueKiller (blue-screens partway through), AdwCleaner (removed some files, clear when re-run), and Malwarebytes (clear). I can post the logs of those if needed.

Is this a virus/malware, or something else? How can I accurately diagnose and fix it?

========================================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by goldfish (administrator) on goldfish-VAIO (04-03-2017 10:16:50)
Running from C:\Users\goldfish\Desktop
Loaded Profiles: goldfish (Available Profiles: goldfish)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(The PHP Group) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\php\php.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apache Software Foundation) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apache Software Foundation) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-02-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SysWOW64\VESWinlogon.dll [2009-12-01] (Sony Corporation)
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\MountPoints2: {3966f36d-41b6-11e0-8b3f-c44619b2e2e4} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\MountPoints2: {cfdc1e4e-78d4-11e0-aa4f-c44619b2e2e4} - D:\.\Setup.exe AUTORUN=1
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
Startup: C:\Users\goldfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-01-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EC19D428-B36F-4D8F-B458-DB4400362D30}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-014-756
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk-mg5.mail.yahoo.com/neo/launch?.rand=872fenf2dujii
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> DefaultScope {67B4F6F6-DEA2-42F9-84A7-6785674F4D19} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {1686262A-C27D-4A79-8D82-C55F4D8BB35A} URL = hxxp://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {67B4F6F6-DEA2-42F9-84A7-6785674F4D19} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {8FD01E4A-8F30-4C90-8E35-DEF880420C67} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {96B8ABCB-AC35-45F0-886C-1C2B912B5FFD} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {B2EC8D7B-5F99-4D85-94B8-E3BF03379046} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {76496E5E-244A-424F-B5A5-B677051BD958} hxxp://www.genavsystems.com/ftu/2096/FLIGHTOFFICE.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\goldfish\AppData\Roaming\Prism\Profiles\1nquevq8.default [2015-09-13]
FF Homepage: Prism\Profiles\1nquevq8.default -> hxxp://127.0.0.1:888/
FF ProfilePath: C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default [2017-02-26]
FF NewTab: Mozilla\Firefox\Profiles\fcotwa47.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/search?bcutc=sp-014-756
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\fcotwa47.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/?bcutc=sp-014-756
FF Keyword.URL: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/search?bcutc=sp-014-756
FF NetworkProxy: Mozilla\Firefox\Profiles\fcotwa47.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\abs@avira.com [2017-02-20]
FF Extension: (Bing Search Engine) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\bingsearch.full@microsoft.com [2017-03-03] [not signed]
FF Extension: (Firefox Hotfix) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-06]
FF Extension: (Avira SafeSearch Plus) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\safesearchplus2@avira.com [2017-02-21]
FF Extension: (Modify Headers) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-07-08]
FF SearchPlugin: C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\searchplugins\google-avast.xml [2017-02-08]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-28] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-12-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.7\npScoutUpdate3.dll [2017-02-21] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.7\npScoutUpdate3.dll [2017-02-21] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 -> C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\client\vlc\npvlc.dll [2010-01-30] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-928801702-3077407482-3869533313-1000: @citrixonline.com/appdetectorplugin -> C:\Users\goldfish\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-928801702-3077407482-3869533313-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\goldfish\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com","hxxps://accounts.google.com/ServiceLogin?service=mail&continue=hxxps://mail.google.com/mail/#identifier","hxxps://www.facebook.com/"
CHR Profile: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (Google Slides) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-02]
CHR Extension: (Google Docs) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (YouTube) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Google Search) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Google Sheets) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Avira Browser Safety) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Gmail) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR Extension: (Chrome Media Router) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-10-03]
CHR Profile: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ATPLupd; C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [310152 2017-02-10] (Avira Operations GmbH & Co. KG)
R2 BGS; C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe [20550 2010-10-18] (Apache Software Foundation) [File not signed]
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
S2 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-02-21] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-02-21] (Avira Operations GmbH & Co. KG)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]
S2 ADExchange; no ImagePath
S2 HDD & SSD access service; no ImagePath
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 WsDrvInst; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2011-03-01] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2011-03-01] (Huawei Technologies Co., Ltd.) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-26] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-03] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-03] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-03] (Malwarebytes)
S3 pccsmcfd; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-03] ()
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 10:16 - 2017-03-04 10:19 - 00039611 _____ C:\Users\goldfish\Desktop\FRST.txt
2017-03-04 10:15 - 2017-03-04 10:15 - 02423808 _____ (Farbar) C:\Users\goldfish\Desktop\FRST64.exe
2017-03-03 22:34 - 2017-03-03 22:34 - 01663736 _____ (Malwarebytes) C:\Users\goldfish\Desktop\JRT.exe
2017-03-03 22:19 - 2017-03-03 22:19 - 00273968 _____ C:\Windows\Minidump\030317-22120-01.dmp
2017-03-03 20:32 - 2017-03-03 22:18 - 791066478 _____ C:\Windows\MEMORY.DMP
2017-03-03 20:32 - 2017-03-03 20:32 - 00273968 _____ C:\Windows\Minidump\030317-27908-01.dmp
2017-03-03 18:50 - 2017-03-03 20:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-03 18:50 - 2017-03-03 18:50 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-03 18:50 - 2017-03-03 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-03 18:49 - 2017-03-03 18:50 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-03 18:49 - 2017-03-03 18:49 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-01 11:22 - 2017-03-01 11:22 - 01791244 _____ C:\Users\goldfish\Downloads\file (1).jpeg
2017-03-01 08:46 - 2017-03-01 08:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-28 19:35 - 2017-02-28 19:35 - 00017393 _____ C:\Users\goldfish\Downloads\170308.pdf
2017-02-28 17:15 - 2017-02-28 17:15 - 00206422 _____ C:\Users\goldfish\Downloads\134764__1 (2).PDF
2017-02-28 17:14 - 2017-02-28 17:14 - 00206422 _____ C:\Users\goldfish\Downloads\134764__1 (1).PDF
2017-02-28 17:12 - 2017-02-28 17:12 - 00115895 _____ C:\Users\goldfish\Downloads\134764_INSPE_2.PDF
2017-02-28 12:45 - 2017-02-28 12:45 - 00206422 _____ C:\Users\goldfish\Downloads\134764__1.PDF
2017-02-28 09:26 - 2017-02-28 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 12:14 - 2017-02-02 16:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-27 12:14 - 2017-02-02 16:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-27 12:14 - 2017-02-02 14:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-27 10:45 - 2017-03-04 10:16 - 00000000 ____D C:\FRST
2017-02-26 22:24 - 2017-02-26 22:24 - 00000000 _____ C:\Users\goldfish\AppData\Local\{C960B433-5DA9-48AB-83A8-605A368C6C7E}
2017-02-26 21:23 - 2017-02-26 21:23 - 00000043 _____ C:\Users\goldfish\Desktop\5 scan.txt
2017-02-26 18:30 - 2017-03-03 22:55 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-26 18:30 - 2017-03-03 22:55 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-26 18:30 - 2017-03-03 22:55 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-26 18:30 - 2017-02-26 21:57 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-26 18:30 - 2017-02-26 18:30 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-26 18:30 - 2017-02-26 18:30 - 00001867 _____ C:\Users\Public\Desktop\3 Malwarebytes.lnk
2017-02-26 18:30 - 2017-02-26 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 18:30 - 2017-02-26 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-26 18:30 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 18:07 - 2017-02-26 18:07 - 00005064 _____ C:\Users\goldfish\Downloads\TPM_Base_Services (1).reg
2017-02-26 15:07 - 2017-02-26 15:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\goldfish\Desktop\2 rkill64.exe
2017-02-26 14:48 - 2017-02-26 14:48 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\goldfish\Desktop\6 unhide.exe
2017-02-26 14:43 - 2017-03-04 00:06 - 00000000 ____D C:\Users\goldfish\Desktop\laptop issue
2017-02-26 14:31 - 2017-03-03 23:45 - 00000000 ____D C:\AdwCleaner
2017-02-26 14:31 - 2017-02-26 14:31 - 04015056 _____ C:\Users\goldfish\Desktop\1 AdwCleaner.exe
2017-02-26 14:29 - 2017-02-26 14:30 - 04015056 _____ C:\Users\goldfish\Downloads\AdwCleaner.exe
2017-02-24 20:26 - 2017-02-24 20:26 - 00000000 ____D C:\Users\goldfish\AppData\Local\748A0AB9-F073-4E14-BCD2-A692572E4A9D.aplzod
2017-02-23 13:55 - 2017-02-23 20:09 - 00000884 _____ C:\Users\goldfish\Desktop\Events.txt
2017-02-22 13:52 - 2017-03-04 09:52 - 00000000 ___RD C:\Users\goldfish\Dropbox
2017-02-22 13:52 - 2017-02-22 13:52 - 00001226 _____ C:\Users\goldfish\Desktop\Dropbox.lnk
2017-02-22 13:48 - 2017-02-22 13:48 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Dropbox
2017-02-22 13:46 - 2017-03-04 09:51 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-22 13:46 - 2017-03-04 09:45 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-22 13:46 - 2017-02-28 09:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-22 13:46 - 2017-02-22 13:52 - 00000000 ____D C:\Users\goldfish\AppData\Local\Dropbox
2017-02-22 13:46 - 2017-02-22 13:46 - 00003910 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-22 13:46 - 2017-02-22 13:46 - 00003658 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-22 13:46 - 2017-02-22 13:46 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-21 23:38 - 2017-02-21 23:38 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-21 23:30 - 2017-03-02 16:36 - 00002148 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-02-21 23:29 - 2017-03-04 09:45 - 00001046 _____ C:\Windows\Tasks\AviraScoutUpdateTaskMachineCore.job
2017-02-21 23:29 - 2017-03-03 23:34 - 00001050 _____ C:\Windows\Tasks\AviraScoutUpdateTaskMachineUA.job
2017-02-21 23:29 - 2017-02-21 23:29 - 00004070 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-02-21 23:29 - 2017-02-21 23:29 - 00003818 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-02-21 23:26 - 2017-03-03 18:50 - 00000000 ____D C:\Users\goldfish\Desktop\Antivirus EXEs
2017-02-21 23:26 - 2017-02-28 15:16 - 00001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-02-21 23:26 - 2017-02-21 23:38 - 00000000 ____D C:\Users\goldfish\AppData\Local\Avira
2017-02-21 23:26 - 2017-02-21 23:26 - 00000000 ____D C:\Users\goldfish\AppData\Local\AviraSpeedup
2017-02-21 23:22 - 2017-02-21 23:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-02-21 23:21 - 2017-02-15 16:55 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-02-21 23:15 - 2017-02-21 23:15 - 00001204 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-21 18:49 - 2017-02-21 18:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 18:49 - 2017-02-21 18:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-21 09:18 - 2017-02-21 09:18 - 00057600 _____ C:\Users\goldfish\Downloads\vypis-402360.pdf
2017-02-20 20:04 - 2017-02-20 20:04 - 00029153 _____ C:\ProgramData\agent.1487621032.bdinstall.bin
2017-02-20 19:43 - 2017-02-20 19:43 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Avira
2017-02-20 19:24 - 2017-02-28 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-20 19:24 - 2017-02-26 13:58 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-20 19:10 - 2017-02-20 19:10 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\QuickScan
2017-02-20 19:06 - 2017-02-20 19:06 - 00048200 _____ C:\ProgramData\agent.1487617558.bdinstall.bin
2017-02-20 19:06 - 2017-02-20 19:06 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-20 19:05 - 2017-02-26 13:58 - 00000000 ____D C:\ProgramData\Avira
2017-02-20 19:05 - 2017-02-20 19:06 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-02-15 09:27 - 2017-02-15 09:27 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-02-14 17:33 - 2017-02-14 17:33 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\SUPERAntiSpyware.com
2017-02-14 17:32 - 2017-02-26 18:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-14 17:32 - 2017-02-14 17:32 - 00001808 _____ C:\Users\Public\Desktop\4 SUPERAntiSpyware Free Edition.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Wickr Me.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00002003 _____ C:\Users\Public\Desktop\Wickr Me.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\Users\goldfish\AppData\Local\Wickr, LLC
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wickr Me
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\Program Files (x86)\Wickr Inc
2017-02-14 11:49 - 2017-02-14 11:51 - 83206144 _____ C:\Users\goldfish\Downloads\WickrMe-2.6.0.msi
2017-02-14 09:30 - 2017-02-14 09:30 - 00002571 _____ C:\Users\goldfish\Desktop\GoToMeeting Quick Connect.lnk
2017-02-14 09:19 - 2017-03-04 10:18 - 00000586 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000.job
2017-02-14 09:19 - 2017-03-04 10:15 - 00000682 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000.job
2017-02-14 09:19 - 2017-02-21 12:08 - 00003728 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000
2017-02-14 09:19 - 2017-02-21 12:08 - 00003632 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000
2017-02-13 18:12 - 2017-02-13 18:12 - 00000000 _____ C:\Users\goldfish\Downloads\MyMessageViewPage.pdf
2017-02-13 18:12 - 2017-02-13 18:12 - 00000000 _____ C:\Users\goldfish\Downloads\MyMessageViewPage (1).pdf
2017-02-09 13:44 - 2017-02-09 13:44 - 01157656 _____ (Oracle Corporation) C:\Users\goldfish\Downloads\JavaUninstallTool.exe
2017-02-09 08:33 - 2017-02-09 08:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 08:33 - 2017-02-09 08:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-08 19:32 - 2017-02-21 11:48 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys.148767792642001
2017-02-02 16:31 - 2017-02-02 16:34 - 01903179 _____ C:\Users\goldfish\Downloads\file.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 10:00 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-04 10:00 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-04 09:48 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2017-03-04 09:46 - 2016-10-29 19:38 - 00000000 ___RD C:\Users\goldfish\iCloudDrive
2017-03-04 09:46 - 2011-02-24 20:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-03-04 09:45 - 2011-07-26 20:25 - 00000534 _____ C:\Windows\Tasks\ATPL Update maintenance.job
2017-03-04 09:44 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 23:27 - 2013-05-20 18:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-03 22:19 - 2013-07-22 22:47 - 00000000 ____D C:\Windows\Minidump
2017-03-03 18:47 - 2011-09-12 19:48 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-03 13:55 - 2010-09-23 18:33 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF28CAB4-32EB-47CE-A403-C856DB98D941}
2017-03-01 08:43 - 2015-03-08 15:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-28 20:00 - 2010-09-25 16:46 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Skype
2017-02-27 15:45 - 2014-12-10 21:45 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-27 15:45 - 2014-05-03 19:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-27 12:26 - 2013-08-04 10:45 - 00000000 ____D C:\Windows\system32\MRT
2017-02-27 12:16 - 2010-09-26 15:33 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-27 00:10 - 2012-12-07 22:45 - 00740046 _____ C:\test.xml
2017-02-26 22:38 - 2015-12-16 17:10 - 00000000 ____D C:\Users\goldfish\Desktop\OpenHardwareMonitor
2017-02-26 22:12 - 2015-01-24 16:09 - 02945614 _____ C:\Windows\ntbtlog.txt
2017-02-26 18:30 - 2016-03-18 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 14:37 - 2015-12-28 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-26 13:57 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-26 13:57 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-02-26 12:19 - 2015-12-25 11:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-25 19:41 - 2016-10-29 19:38 - 00000000 ____D C:\Users\goldfish\AppData\Local\Apple Inc
2017-02-25 19:36 - 2010-09-23 18:29 - 00000000 ____D C:\Users\goldfish
2017-02-25 19:28 - 2010-05-19 23:01 - 00000000 ____D C:\ProgramData\Sony Corporation
2017-02-25 19:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2017-02-25 19:00 - 2011-11-21 22:19 - 00007616 _____ C:\Users\goldfish\AppData\Local\Resmon.ResmonCfg
2017-02-24 20:29 - 2015-03-08 15:23 - 00000000 ____D C:\Users\goldfish\Documents\Outlook Files
2017-02-24 20:29 - 2010-09-25 17:01 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Apple Computer
2017-02-23 13:51 - 2012-10-27 08:47 - 00000000 ____D C:\Program Files (x86)\Chat Undetected
2017-02-23 13:51 - 2010-05-19 21:44 - 00000000 ____D C:\Windows\Panther
2017-02-22 09:08 - 2016-07-08 21:45 - 00000000 ____D C:\Users\goldfish\Documents\ZZ old versions
2017-02-21 23:48 - 2010-09-25 16:47 - 00000000 ____D C:\ProgramData\ArcSoft
2017-02-21 23:38 - 2009-07-14 04:45 - 00404232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-21 23:25 - 2010-09-23 18:29 - 00103048 _____ C:\Users\goldfish\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-21 23:14 - 2016-10-01 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 23:14 - 2015-10-26 22:44 - 00000000 ____D C:\ProgramData\Avg
2017-02-21 23:13 - 2015-10-26 22:33 - 00000000 ____D C:\Users\goldfish\AppData\Local\AvgSetupLog
2017-02-21 23:08 - 2012-02-19 11:40 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\AVG
2017-02-21 11:43 - 2016-03-13 18:49 - 00013084 _____ C:\Users\goldfish\Desktop\DesktopOK.ini
2017-02-21 11:42 - 2015-05-30 11:41 - 00000000 ____D C:\Users\goldfish\AppData\Local\Avg
2017-02-21 11:38 - 2015-08-13 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-21 11:33 - 2014-03-30 16:49 - 00000000 __RHD C:\MSOCache
2017-02-21 11:22 - 2010-09-26 13:16 - 00000000 ____D C:\Users\goldfish\AppData\Local\ElevatedDiagnostics
2017-02-16 08:20 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-15 09:27 - 2013-05-20 18:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 09:27 - 2012-04-04 22:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 09:27 - 2012-02-18 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 09:27 - 2011-11-26 20:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 09:27 - 2010-09-13 20:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 17:33 - 2016-10-11 13:49 - 00000000 ____D C:\ProgramData\SUPERSetup
2017-02-14 09:19 - 2013-10-29 21:28 - 00000000 ____D C:\Users\goldfish\AppData\Local\Citrix
2017-02-12 19:44 - 2010-09-26 15:04 - 00000000 ____D C:\Users\goldfish\Documents\Backup
2017-02-09 14:41 - 2011-07-01 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond DA40D G1000 Trainer v6.14
2017-02-09 13:45 - 2016-10-26 23:47 - 00000000 ____D C:\ProgramData\Oracle
2017-02-09 13:41 - 2012-08-17 19:13 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-02-09 13:40 - 2010-09-25 16:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-09 13:40 - 2010-09-25 16:45 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 13:39 - 2014-08-23 18:03 - 00000000 ____D C:\Users\goldfish\AppData\Local\Adobe
2017-02-09 13:39 - 2010-09-28 20:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-09 13:01 - 2012-05-10 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-08 20:25 - 2010-10-17 16:44 - 00000000 ____D C:\Program Files (x86)\FAATP2010
2017-02-07 09:27 - 2016-01-02 13:49 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-06-27 22:42 - 2014-06-22 13:55 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-11-07 15:20 - 2012-03-11 21:09 - 0006808 _____ () C:\Users\goldfish\AppData\Roaming\.freeciv-client-rc-2.2
2017-01-01 12:04 - 2017-01-01 12:04 - 0012955 _____ () C:\Users\goldfish\AppData\Roaming\Comma Separated Values.CAL
2012-02-18 19:00 - 2012-02-18 19:19 - 0104787 _____ () C:\Users\goldfish\AppData\Local\ars.cache
2012-02-18 19:00 - 2012-02-18 19:19 - 0928700 _____ () C:\Users\goldfish\AppData\Local\census.cache
2010-12-18 13:39 - 2014-10-13 21:57 - 0012800 _____ () C:\Users\goldfish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-18 18:47 - 2012-02-18 18:47 - 0000036 _____ () C:\Users\goldfish\AppData\Local\housecall.guid.cache
2011-11-21 22:19 - 2017-02-25 19:00 - 0007616 _____ () C:\Users\goldfish\AppData\Local\Resmon.ResmonCfg
2017-02-26 22:24 - 2017-02-26 22:24 - 0000000 _____ () C:\Users\goldfish\AppData\Local\{C960B433-5DA9-48AB-83A8-605A368C6C7E}
2017-02-20 19:06 - 2017-02-20 19:06 - 0048200 _____ () C:\ProgramData\agent.1487617558.bdinstall.bin
2017-02-20 20:04 - 2017-02-20 20:04 - 0029153 _____ () C:\ProgramData\agent.1487621032.bdinstall.bin
2010-09-25 16:46 - 2010-09-25 16:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-12-18 19:44 - 2016-04-16 17:08 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2016-03-13 17:15 - 2016-03-13 17:15 - 0006809 _____ () C:\ProgramData\MusicStation.log

Files to move or delete:
====================
C:\Users\goldfish\CTX.DAT


Some files in TEMP:
====================
2017-03-03 18:50 - 2016-10-11 15:34 - 1732864 _____ (Microsoft Corporation) C:\Users\goldfish\AppData\Local\Temp\dllnt_dump.dll
2017-02-09 13:38 - 2017-02-09 13:39 - 44050400 _____ (Skype Technologies S.A.) C:\Users\goldfish\AppData\Local\Temp\SkypeSetup.exe
2016-08-16 07:48 - 2016-08-16 07:48 - 0488960 _____ () C:\Users\goldfish\AppData\Local\Temp\sqlite3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 21:53

==================== End of FRST.txt ============================
 
Let's clean some trash from the machine before a FRST fix... :)

Clean up temp files and reduce startup load with CCleaner.


Note: This tool will clean your browsing history as well.

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.





LOr0Gd7.png




Hit Ok.



sYFsqHx.png




Hit next make sure to leave all items checked, for removal.



8NcZjGc.png






The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.


Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.



Let's have a fresh look at your system after the above scans please.


Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
 
I'm setting up CCleaner. In Scheduled Tasks:
- Do I leave the antivirus (Avira) tasks enabled here, or disable them?
- CCLeanerSkipUAC: do I disable this as well? (Looks as though it relates to CCleaner.)
- 0915wtUpdateInfo: gives an error "Failed to enable/disable startup item: The system cannot find the file specified." Should I delete it completely, or just leave it enabled?

Thanks!
 
- Do I leave the antivirus (Avira) tasks enabled here, or disable them?
Leave the Avira entry as is.

- CCLeanerSkipUAC: do I disable this as well? (Looks as though it relates to CCleaner.)

If you have user account control disabled then you should disable this one.

- 0915wtUpdateInfo: gives an error "Failed to enable/disable startup item: The system cannot find the file specified." Should I delete it completely, or just leave it enabled?

Leave this one alone, I will see it with the FRST tool and decide what to do with it.
 
> If you have user account control disabled then you should disable this one.
Sorry to ask a question which is probably really basic, but does this mean if I have different accounts with separate passwords on my laptop? I don't, it's just me that uses it so when I startup it goes directly to Windows. So I think I disable this task?
 
User Account Control.

Not saying not to disable it, if you have it disabled that is your choice. The task of CCleaner is fine to leave. Disable or leave enabled, it will not make that much of a Difference. The idea here is just to reduce the useless items that are running on your machine. I make that a part of each thread I do, so that you will have an overall better running machine when we are done and as well have all traces of malware gone.
 
Okay, log files are attached.
I followed the instructions for CCleaner but I'm not sure it actually ran when the computer started. I did it twice.
I also ran the AVG removal tool.
The keyboard issue occurs in Safemode too.
Do you want the outputs from FRST now too? I've run it so have them ready.
=====================================================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64
Ran by goldfish (Administrator) on 04/03/2017 at 19:29:44.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50B42KPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77BFGH9Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANDA9RDY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\goldfish\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4AQU463 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50B42KPF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77BFGH9Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANDA9RDY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4AQU463 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2017 at 19:37:04.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=====================================================================================

# AdwCleaner v6.043 - Logfile created 04/03/2017 at 19:46:21
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : goldfish - goldfish-VAIO
# Running from : C:\Users\goldfish\Desktop\1 AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6632 Bytes] - [26/02/2017 14:38:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [1340 Bytes] - [26/02/2017 14:57:15]
C:\AdwCleaner\AdwCleaner[C3].txt - [1560 Bytes] - [26/02/2017 15:35:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [4343 Bytes] - [26/02/2017 17:51:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [6128 Bytes] - [26/02/2017 14:35:43]
C:\AdwCleaner\AdwCleaner[S10].txt - [2196 Bytes] - [26/02/2017 21:45:48]
C:\AdwCleaner\AdwCleaner[S11].txt - [2270 Bytes] - [03/03/2017 23:45:57]
C:\AdwCleaner\AdwCleaner[S12].txt - [1533 Bytes] - [04/03/2017 19:46:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [1316 Bytes] - [26/02/2017 14:49:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1449 Bytes] - [26/02/2017 14:56:40]
C:\AdwCleaner\AdwCleaner[S3].txt - [1535 Bytes] - [26/02/2017 15:07:28]
C:\AdwCleaner\AdwCleaner[S4].txt - [1668 Bytes] - [26/02/2017 15:34:30]
C:\AdwCleaner\AdwCleaner[S5].txt - [1754 Bytes] - [26/02/2017 15:45:34]
C:\AdwCleaner\AdwCleaner[S6].txt - [4036 Bytes] - [26/02/2017 17:50:32]
C:\AdwCleaner\AdwCleaner[S7].txt - [1973 Bytes] - [26/02/2017 18:07:59]
C:\AdwCleaner\AdwCleaner[S8].txt - [2046 Bytes] - [26/02/2017 18:18:51]
C:\AdwCleaner\AdwCleaner[S9].txt - [2119 Bytes] - [26/02/2017 18:35:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [2264 Bytes] ##########

=====================================================================================

~ ZHPCleaner v2017.3.4.39 by Nicolas Coolman (2017/03/04)
~ Run by goldfish (Administrator) (04/03/2017 20:07:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\goldfish\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\goldfish\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (73)
MOVED file: C:\Windows\Installer\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{2F72F540-1F60-4266-9506-952B21D6640D}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{5ED7462B-EF58-4757-B609-53755021EC34}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7774002B-60B3-4146-BF82-5BF767D468B8}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{787136D2-F0F8-4625-AA3F-72D7795AC842}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B678797F-DF38-4556-8A31-8B818E261868}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{C4123106-B685-48E6-B9BD-E4F911841EB4}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{D4D86CB2-2370-4691-8272-3869EDED6C64}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{F7513E19-6224-485E-988D-9BF45BE64B53}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\Program Files (x86)\InstallConverter bundle uninstaller =>PUP.Optional.InstallConverter
MOVED folder: C:\Program Files (x86)\Playsims =>.Superfluous.Empty
MOVED folder: C:\Users\goldfish\AppData\Roaming\HMYGSetting =>Adware.Suspect
MOVED folder: C:\Users\goldfish\AppData\Local\CrashRpt =>.Superfluous.CrashReports
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Windows\Installer\MSI141.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI14BD.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI1E84.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI465F.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI47AC.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI4CB1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI503A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5347.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI552F.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI58D1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5B73.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI6B13.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI6CFB.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI6D5B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI6E63.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI6F9C.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI722C.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI7A59.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI80B2.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI88C1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9070.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI965A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9755.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9A44.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9C50.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI9EE4.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIA07B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIA221.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIA5E9.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAD88.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBD2A.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC1D7.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC304.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC527.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC7A8.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSICB52.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIE043.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIE35F.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIF6B1.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (15)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [] =>.Superfluous.AkamaiHD
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net [10350] =>.Superfluous.CloudfrontNet
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3tpuxked45kzt.cloudfront.net [284] =>.Superfluous.CloudfrontNet
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.myway.com [12] =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\keepvid.com [] =>PUP.Optional.KeepVid
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\savefrom.net [] =>PUP.Optional.SaverOn
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com [] =>PUP.Optional.SoundCloud
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.audienceinsights.net [43] =>.Superfluous.AudienceInsights
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [18423] =>PUP.Optional.Generic
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uhytajrtpo-a.akamaihd.net [912] =>.Superfluous.AkamaiHD
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zvsuhljiha-a.akamaihd.net [944] =>.Superfluous.AkamaiHD
DELETED key*: [X64] HKLM\SOFTWARE\Classes\f [f] =>PUP.Optional.Funmoods
DELETED key*: [X64] HKLM\SOFTWARE\Classes\SourceSafe [Microsoft Visual SourceSafe Automation] =>PUP.Optional.Bloson
DELETED key*: [X64] HKLM\SOFTWARE\Classes\SourceSafe.0 [Microsoft Visual SourceSafe Automation] =>PUP.Optional.Bloson
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect


---\\ Summary of the elements found (16)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/pup-installconverter/ =>PUP.Optional.InstallConverter
https://nicolascoolman.eu/2017/03/02/adware-suspect/ =>Adware.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.CrashReports
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AkamaiHD
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.Superfluous.CloudfrontNet
https://nicolascoolman.eu/2017/01/26/hijacker-browser/ =>PUP.Optional.Browser
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.KeepVid
https://www.nicolascoolman.com/fr/pup-saveron/ =>PUP.Optional.SaverOn
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.SoundCloud
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.AudienceInsights
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic
https://www.nicolascoolman.com/fr/pup-funmoods/ =>PUP.Optional.Funmoods
https://www.nicolascoolman.com/fr/adware-bloson/ =>PUP.Optional.Bloson
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (63)
~ Registry Keys Tracing deleted (63)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 808
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 88


~ End of clean in 00h00mn42s
~====================
ZHPCleaner-[R]-04032017-20_08_06.txt
ZHPCleaner--04032017-19_59_58.txt
 
Do you want the outputs from FRST now too? I've run it so have them ready.


Yes, we will make sure all malware is gone from your machine before we tackle the keyboard issue.
 
Thanks so much for your help - I really appreciate it! The FRST results are below. I had to remove a couple of the shortcuts and recently created filenames because they contained personal information or client names (but only files / shortcuts I knew I had created) - hope that's okay.

=====================================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-03-2017
Ran by goldfish (administrator) on goldfish-VAIO (04-03-2017 20:15:52)
Running from C:\Users\goldfish\Desktop\Antivirus EXEs
Loaded Profiles: goldfish (Available Profiles: goldfish)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Sony Corporation) C:\Program Files (x86)\SONY\Setting Utility Series\WBCBatteryCare.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
(The PHP Group) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\php\php.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apache Software Foundation) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-02-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: C:\Windows\SysWOW64\VESWinlogon.dll [2009-12-01] (Sony Corporation)
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\MountPoints2: {3966f36d-41b6-11e0-8b3f-c44619b2e2e4} - D:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\MountPoints2: {cfdc1e4e-78d4-11e0-aa4f-c44619b2e2e4} - D:\.\Setup.exe AUTORUN=1
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{EC19D428-B36F-4D8F-B458-DB4400362D30}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-014-756
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk-mg5.mail.yahoo.com/neo/launch?.rand=872fenf2dujii
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> DefaultScope {67B4F6F6-DEA2-42F9-84A7-6785674F4D19} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {1686262A-C27D-4A79-8D82-C55F4D8BB35A} URL = hxxp://uk.shopping.com/?linkin_id=8056359
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {67B4F6F6-DEA2-42F9-84A7-6785674F4D19} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {8FD01E4A-8F30-4C90-8E35-DEF880420C67} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {96B8ABCB-AC35-45F0-886C-1C2B912B5FFD} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {B2EC8D7B-5F99-4D85-94B8-E3BF03379046} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-928801702-3077407482-3869533313-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-014-756&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {76496E5E-244A-424F-B5A5-B677051BD958} hxxp://www.genavsystems.com/ftu/2096/FLIGHTOFFICE.CAB
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\goldfish\AppData\Roaming\Prism\Profiles\1nquevq8.default [2015-09-13]
FF Homepage: Prism\Profiles\1nquevq8.default -> hxxp://127.0.0.1:888/
FF ProfilePath: C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default [2017-03-04]
FF NewTab: Mozilla\Firefox\Profiles\fcotwa47.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/search?bcutc=sp-014-756
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\fcotwa47.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fcotwa47.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/?bcutc=sp-014-756
FF Keyword.URL: Mozilla\Firefox\Profiles\fcotwa47.default -> hxxps://www.google.com/search?bcutc=sp-014-756
FF NetworkProxy: Mozilla\Firefox\Profiles\fcotwa47.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\abs@avira.com [2017-02-20]
FF Extension: (Bing Search Engine) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\bingsearch.full@microsoft.com [2017-03-03] [not signed]
FF Extension: (Firefox Hotfix) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-06]
FF Extension: (Avira SafeSearch Plus) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\safesearchplus2@avira.com [2017-02-21]
FF Extension: (Modify Headers) - C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2016-07-08]
FF SearchPlugin: C:\Users\goldfish\AppData\Roaming\Mozilla\Firefox\Profiles\fcotwa47.default\searchplugins\google-avast.xml [2017-02-08]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-28] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-12-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.7\npScoutUpdate3.dll [2017-02-21] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.31.7\npScoutUpdate3.dll [2017-02-21] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 -> C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\client\vlc\npvlc.dll [2010-01-30] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-928801702-3077407482-3869533313-1000: @citrixonline.com/appdetectorplugin -> C:\Users\goldfish\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-928801702-3077407482-3869533313-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\goldfish\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com","hxxps://accounts.google.com/ServiceLogin?service=mail&continue=hxxps://mail.google.com/mail/#identifier","hxxps://www.facebook.com/"
CHR Profile: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (Google Slides) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-02]
CHR Extension: (Google Docs) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (YouTube) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Google Search) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Google Sheets) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Avira Browser Safety) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Gmail) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR Extension: (Chrome Media Router) - C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Profile: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-03-04]
CHR Profile: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-02-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ATPLupd; C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe [8192 2003-04-18] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [310152 2017-02-10] (Avira Operations GmbH & Co. KG)
R2 BGS; C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe [20550 2010-10-18] (Apache Software Foundation) [File not signed]
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
S2 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-02-21] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-02-21] (Avira Operations GmbH & Co. KG)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]
S2 ADExchange; no ImagePath
S2 HDD & SSD access service; no ImagePath
S3 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 WsDrvInst; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [51248 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [116864 2011-03-01] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [116224 2011-03-01] (Huawei Technologies Co., Ltd.) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-26] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-03] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-03] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-03] (Malwarebytes)
S3 pccsmcfd; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-03] ()
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-01-14] (Western Digital Technologies)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 19:59 - 2017-03-04 20:09 - 00011421 _____ C:\Users\goldfish\Desktop\ZHPCleaner.txt
2017-03-04 19:48 - 2017-03-04 20:08 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\ZHP
2017-03-04 19:48 - 2017-03-04 19:48 - 00000840 _____ C:\Users\goldfish\Desktop\ZHPCleaner.lnk
2017-03-04 19:46 - 2017-03-04 19:46 - 00002341 _____ C:\Users\goldfish\Desktop\AdwCleaner[S12].txt
2017-03-04 19:37 - 2017-03-04 19:39 - 00001881 _____ C:\Users\goldfish\Desktop\JRT.txt
2017-03-04 18:42 - 2017-03-04 19:06 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-04 18:42 - 2017-03-04 18:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-04 18:42 - 2017-03-04 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-04 18:42 - 2017-03-04 18:42 - 00000000 ____D C:\Program Files\CCleaner
2017-03-03 22:34 - 2017-03-03 22:34 - 01663736 _____ (Malwarebytes) C:\Users\goldfish\Desktop\JRT.exe
2017-03-03 18:50 - 2017-03-03 20:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-03 18:50 - 2017-03-03 18:50 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-03 18:50 - 2017-03-03 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-03 18:49 - 2017-03-03 18:50 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-03 18:49 - 2017-03-03 18:49 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-01 12:08 - 2017-03-01 12:18 - 00001492 _____ C:\Users\goldfish\Desktop\garrett.txt
2017-03-01 11:22 - 2017-03-01 11:22 - 01791244 _____ C:\Users\goldfish\Downloads\file (1).jpeg
2017-03-01 08:46 - 2017-03-01 08:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-28 19:35 - 2017-02-28 19:35 - 00017393 _____ C:\Users\goldfish\Downloads\170308.pdf
2017-02-28 17:15 - 2017-02-28 17:15 - 00206422 _____ C:\Users\goldfish\Downloads\134764__1 (2).PDF
2017-02-28 17:14 - 2017-02-28 17:14 - 00206422 _____ C:\Users\goldfish\Downloads\134764__1 (1).PDF
2017-02-28 17:12 - 2017-02-28 17:12 - 00115895 _____ C:\Users\goldfish\Downloads\134764_INSPE_2.PDF
2017-02-28 12:45 - 2017-02-28 12:45 - 00206422 _____ C:\Users\goldfish\Downloads\134764__1.PDF
2017-02-28 09:26 - 2017-02-28 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-27 12:14 - 2017-02-02 16:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-27 12:14 - 2017-02-02 16:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-27 12:14 - 2017-02-02 14:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-27 12:14 - 2016-12-31 15:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-27 12:04 - 2017-02-27 12:04 - 01481297 _____ C:\Users\goldfish\Downloads\Renewal Reminder.pdf
2017-02-27 12:04 - 2017-02-27 12:04 - 01481297 _____ C:\Users\goldfish\Downloads\Renewal Reminder (1).pdf
2017-02-27 10:45 - 2017-03-04 20:15 - 00000000 ____D C:\FRST
2017-02-26 22:24 - 2017-02-26 22:24 - 00000000 _____ C:\Users\goldfish\AppData\Local\{C960B433-5DA9-48AB-83A8-605A368C6C7E}
2017-02-26 21:23 - 2017-02-26 21:23 - 00000043 _____ C:\Users\goldfish\Desktop\5 scan.txt
2017-02-26 18:30 - 2017-03-03 22:55 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-26 18:30 - 2017-03-03 22:55 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-26 18:30 - 2017-03-03 22:55 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-26 18:30 - 2017-02-26 21:57 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-26 18:30 - 2017-02-26 18:30 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-26 18:30 - 2017-02-26 18:30 - 00001867 _____ C:\Users\Public\Desktop\3 Malwarebytes.lnk
2017-02-26 18:30 - 2017-02-26 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 18:30 - 2017-02-26 18:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-26 18:30 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 18:07 - 2017-02-26 18:07 - 00005064 _____ C:\Users\goldfish\Downloads\TPM_Base_Services (1).reg
2017-02-26 15:07 - 2017-02-26 15:07 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\goldfish\Desktop\2 rkill64.exe
2017-02-26 14:48 - 2017-02-26 14:48 - 00427648 _____ (Bleeping Computer, LLC) C:\Users\goldfish\Desktop\6 unhide.exe
2017-02-26 14:43 - 2017-03-04 10:32 - 00000000 ____D C:\Users\goldfish\Desktop\laptop issue
2017-02-26 14:31 - 2017-03-04 19:46 - 00000000 ____D C:\AdwCleaner
2017-02-26 14:31 - 2017-02-26 14:31 - 04015056 _____ C:\Users\goldfish\Desktop\1 AdwCleaner.exe
2017-02-26 14:29 - 2017-02-26 14:30 - 04015056 _____ C:\Users\goldfish\Downloads\AdwCleaner.exe
2017-02-26 13:03 - 2017-02-26 13:03 - 00000462 _____ C:\Users\goldfish\Desktop\US sim.txt
2017-02-24 20:59 - 2017-02-24 21:00 - 19919496 _____ C:\Users\goldfish\Downloads\Attachments_2017224 (1).zip
2017-02-24 20:58 - 2017-02-24 21:07 - 00000022 _____ C:\Users\goldfish\Downloads\Attachments_2017224.zip
2017-02-24 20:26 - 2017-02-24 20:26 - 00000000 ____D C:\Users\goldfish\AppData\Local\748A0AB9-F073-4E14-BCD2-A692572E4A9D.aplzod
2017-02-23 13:55 - 2017-02-23 20:09 - 00000884 _____ C:\Users\goldfish\Desktop\Events.txt
2017-02-22 13:52 - 2017-03-04 18:35 - 00000000 ___RD C:\Users\goldfish\Dropbox
2017-02-22 13:52 - 2017-02-22 13:52 - 00001226 _____ C:\Users\goldfish\Desktop\Dropbox.lnk
2017-02-22 13:48 - 2017-02-22 13:48 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Dropbox
2017-02-22 13:46 - 2017-03-04 19:08 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-22 13:46 - 2017-03-04 19:08 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-22 13:46 - 2017-03-04 18:45 - 00003922 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-22 13:46 - 2017-03-04 18:45 - 00003670 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-22 13:46 - 2017-02-28 09:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-22 13:46 - 2017-02-22 13:52 - 00000000 ____D C:\Users\goldfish\AppData\Local\Dropbox
2017-02-22 13:46 - 2017-02-22 13:46 - 00000000 ____D C:\ProgramData\Dropbox
2017-02-21 23:38 - 2017-02-21 23:38 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-21 23:30 - 2017-03-02 16:36 - 00002148 _____ C:\Users\Public\Desktop\Avira Scout.lnk
2017-02-21 23:29 - 2017-03-04 20:12 - 00001046 _____ C:\Windows\Tasks\AviraScoutUpdateTaskMachineCore.job
2017-02-21 23:29 - 2017-03-04 19:34 - 00001050 _____ C:\Windows\Tasks\AviraScoutUpdateTaskMachineUA.job
2017-02-21 23:29 - 2017-02-21 23:29 - 00004070 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineUA
2017-02-21 23:29 - 2017-02-21 23:29 - 00003818 _____ C:\Windows\System32\Tasks\AviraScoutUpdateTaskMachineCore
2017-02-21 23:26 - 2017-03-04 20:15 - 00000000 ____D C:\Users\goldfish\Desktop\Antivirus EXEs
2017-02-21 23:26 - 2017-02-28 15:16 - 00001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-02-21 23:26 - 2017-02-21 23:38 - 00000000 ____D C:\Users\goldfish\AppData\Local\Avira
2017-02-21 23:26 - 2017-02-21 23:26 - 00000000 ____D C:\Users\goldfish\AppData\Local\AviraSpeedup
2017-02-21 23:22 - 2017-02-21 23:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-02-21 23:21 - 2017-02-15 16:55 - 00176968 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00148104 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00051248 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-02-21 23:21 - 2017-02-15 16:55 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-02-21 23:15 - 2017-02-21 23:15 - 00001204 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-21 18:49 - 2017-02-21 18:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 18:49 - 2017-02-21 18:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-21 09:18 - 2017-02-21 09:18 - 00057600 _____ C:\Users\goldfish\Downloads\vypis-402360.pdf
2017-02-20 20:04 - 2017-02-20 20:04 - 00029153 _____ C:\ProgramData\agent.1487621032.bdinstall.bin
2017-02-20 19:43 - 2017-02-20 19:43 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Avira
2017-02-20 19:24 - 2017-02-28 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-20 19:24 - 2017-02-26 13:58 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-20 19:10 - 2017-02-20 19:10 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\QuickScan
2017-02-20 19:06 - 2017-02-20 19:06 - 00048200 _____ C:\ProgramData\agent.1487617558.bdinstall.bin
2017-02-20 19:06 - 2017-02-20 19:06 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-20 19:05 - 2017-02-26 13:58 - 00000000 ____D C:\ProgramData\Avira
2017-02-20 19:05 - 2017-02-20 19:06 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-02-18 17:09 - 2017-02-18 17:09 - 00126922 _____ C:\Users\goldfish\Documents\How to Hand-Wash a Sweater and Remove Pills _ Martha Stewart.pdf
2017-02-18 16:57 - 2017-02-18 16:57 - 00699199 _____ C:\Users\goldfish\Documents\The GQ Guide to Washing Your Cashmere Sweater _ GQ.pdf
2017-02-15 09:27 - 2017-02-15 09:27 - 20359768 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-02-14 17:33 - 2017-02-14 17:33 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\SUPERAntiSpyware.com
2017-02-14 17:32 - 2017-02-26 18:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-14 17:32 - 2017-02-14 17:32 - 00001808 _____ C:\Users\Public\Desktop\4 SUPERAntiSpyware Free Edition.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Wickr Me.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00002003 _____ C:\Users\Public\Desktop\Wickr Me.lnk
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\Users\goldfish\AppData\Local\Wickr, LLC
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wickr Me
2017-02-14 11:54 - 2017-02-14 11:54 - 00000000 ____D C:\Program Files (x86)\Wickr Inc
2017-02-14 11:49 - 2017-02-14 11:51 - 83206144 _____ C:\Users\goldfish\Downloads\WickrMe-2.6.0.msi
2017-02-14 09:30 - 2017-02-14 09:30 - 00002571 _____ C:\Users\goldfish\Desktop\GoToMeeting Quick Connect.lnk
2017-02-14 09:19 - 2017-03-04 19:08 - 00000682 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000.job
2017-02-14 09:19 - 2017-03-04 19:08 - 00000586 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000.job
2017-02-14 09:19 - 2017-03-04 18:45 - 00003730 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000
2017-02-14 09:19 - 2017-03-04 18:45 - 00003634 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000
2017-02-13 18:12 - 2017-02-13 18:12 - 00000000 _____ C:\Users\goldfish\Downloads\MyMessageViewPage.pdf
2017-02-13 18:12 - 2017-02-13 18:12 - 00000000 _____ C:\Users\goldfish\Downloads\MyMessageViewPage (1).pdf
2017-02-09 13:44 - 2017-02-09 13:44 - 01157656 _____ (Oracle Corporation) C:\Users\goldfish\Downloads\JavaUninstallTool.exe
2017-02-09 08:33 - 2017-02-09 08:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 08:33 - 2017-02-09 08:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-08 19:32 - 2017-02-21 11:48 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys.148767792642001
2017-02-02 16:31 - 2017-02-02 16:34 - 01903179 _____ C:\Users\goldfish\Downloads\file.jpeg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 20:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-03-04 20:12 - 2011-02-24 20:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-03-04 20:11 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 19:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2017-03-04 19:40 - 2010-09-25 16:46 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Skype
2017-03-04 19:39 - 2013-07-22 22:47 - 00000000 ____D C:\Windows\Minidump
2017-03-04 19:39 - 2012-11-03 20:18 - 00000000 ___DC C:\Users\goldfish\AppData\Local\MigWiz
2017-03-04 19:39 - 2010-05-19 21:44 - 00000000 ____D C:\Windows\Panther
2017-03-04 19:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\ModemLogs
2017-03-04 19:29 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-04 19:29 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-04 19:08 - 2013-05-20 18:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-04 19:08 - 2013-01-23 02:54 - 00000298 _____ C:\Windows\Tasks\ROC_REG_JAN_DELETE.job
2017-03-04 19:08 - 2011-07-26 20:25 - 00000534 _____ C:\Windows\Tasks\ATPL Update maintenance.job
2017-03-04 19:06 - 2015-03-08 15:23 - 00000000 ____D C:\Users\goldfish\Documents\Outlook Files
2017-03-04 18:50 - 2016-09-25 10:27 - 00000567 _____ C:\Users\goldfish\Desktop\Websites.txt
2017-03-04 18:45 - 2016-11-07 18:02 - 00003112 _____ C:\Windows\System32\Tasks\{5A1F6414-9B70-4221-A069-2C3136C8F3BC}
2017-03-04 18:45 - 2016-09-26 13:39 - 00002974 _____ C:\Windows\System32\Tasks\{96C12997-A4BC-4A31-982B-4770E5B9F850}
2017-03-04 18:45 - 2016-09-26 13:39 - 00002974 _____ C:\Windows\System32\Tasks\{12FCE0CC-9445-4AA9-8D95-E4F80F6C6440}
2017-03-04 18:45 - 2016-09-26 13:38 - 00002974 _____ C:\Windows\System32\Tasks\{CE7BA935-73B5-4BD7-9385-01F9719511C3}
2017-03-04 18:45 - 2016-09-26 13:38 - 00002974 _____ C:\Windows\System32\Tasks\{97EC3147-E1A9-4701-B32D-CE6CD97B78EC}
2017-03-04 18:45 - 2016-09-26 13:38 - 00002974 _____ C:\Windows\System32\Tasks\{93FCEB53-8810-4B44-9077-E63EEC818449}
2017-03-04 18:45 - 2016-09-26 13:38 - 00002974 _____ C:\Windows\System32\Tasks\{926AC40F-1299-447B-AEF6-54EFD36B56DA}
2017-03-04 18:45 - 2016-03-18 23:34 - 00003114 _____ C:\Windows\System32\Tasks\{2E0B2CC6-E47D-46B5-A5D7-B8DBE4924FFE}
2017-03-04 18:45 - 2016-03-13 16:44 - 00003196 _____ C:\Windows\System32\Tasks\{E2A5F6B9-C55D-4083-94E2-C7D27EDDC5EE}
2017-03-04 18:45 - 2016-03-13 16:43 - 00003166 _____ C:\Windows\System32\Tasks\{E1FE020E-4198-444A-883E-2A2DF6C27E01}
2017-03-04 18:45 - 2015-12-17 09:55 - 00003090 _____ C:\Windows\System32\Tasks\{4B63717F-6C21-438B-B556-4FD5C933CCE5}
2017-03-04 18:45 - 2015-05-13 11:12 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-04 18:45 - 2014-06-15 16:40 - 00003386 _____ C:\Windows\System32\Tasks\TunnelBear
2017-03-04 18:45 - 2013-05-20 18:00 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-04 18:45 - 2013-01-23 02:54 - 00002708 _____ C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE
2017-03-04 18:45 - 2012-06-16 17:00 - 00003148 _____ C:\Windows\System32\Tasks\{9C2AC3BE-3FFF-46A1-A323-14AB69C2DAB0}
2017-03-04 18:45 - 2011-08-18 20:30 - 00003054 _____ C:\Windows\System32\Tasks\{9A2D62CF-9308-4BCD-AE33-79916B90C09B}
2017-03-04 18:45 - 2011-07-26 20:25 - 00002940 _____ C:\Windows\System32\Tasks\ATPL Update maintenance
2017-03-04 18:45 - 2011-02-24 20:33 - 00003210 _____ C:\Windows\System32\Tasks\{81432782-934F-47AD-9717-49765EBAB508}
2017-03-04 18:45 - 2011-02-07 18:44 - 00003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-04 18:45 - 2011-02-07 18:44 - 00003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-04 18:45 - 2011-01-15 13:54 - 00002968 _____ C:\Windows\System32\Tasks\{2093FCAC-5EB6-4537-A8F9-03FC034783F2}
2017-03-04 18:45 - 2010-11-09 21:20 - 00003184 _____ C:\Windows\System32\Tasks\{7A33B700-5810-48F2-9DEB-84DBBFB81049}
2017-03-04 18:45 - 2010-09-26 10:34 - 00003558 _____ C:\Windows\System32\Tasks\CreateChoiceProcessTask
2017-03-04 18:45 - 2010-09-25 16:46 - 00002878 _____ C:\Windows\System32\Tasks\{92A54289-B4FD-4AED-801A-802259F7E495}
2017-03-04 18:45 - 2010-09-25 16:40 - 00003160 _____ C:\Windows\System32\Tasks\{D35BEE58-0154-4836-AE23-AA6300E98B3B}
2017-03-04 18:44 - 2012-02-18 19:27 - 00000000 ____D C:\Windows\pss
2017-03-04 18:41 - 2010-09-23 18:33 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF28CAB4-32EB-47CE-A403-C856DB98D941}
2017-03-04 18:18 - 2016-10-29 19:38 - 00000000 ___RD C:\Users\goldfish\iCloudDrive
2017-03-03 18:47 - 2011-09-12 19:48 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-01 08:43 - 2015-03-08 15:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-27 15:45 - 2014-12-10 21:45 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-27 15:45 - 2014-05-03 19:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-27 12:26 - 2013-08-04 10:45 - 00000000 ____D C:\Windows\system32\MRT
2017-02-27 12:16 - 2010-09-26 15:33 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-27 00:10 - 2012-12-07 22:45 - 00740046 _____ C:\test.xml
2017-02-26 22:38 - 2015-12-16 17:10 - 00000000 ____D C:\Users\goldfish\Desktop\OpenHardwareMonitor
2017-02-26 18:30 - 2016-03-18 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 14:37 - 2015-12-28 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-26 13:57 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-26 12:19 - 2015-12-25 11:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-25 19:41 - 2016-10-29 19:38 - 00000000 ____D C:\Users\goldfish\AppData\Local\Apple Inc
2017-02-25 19:36 - 2010-09-23 18:29 - 00000000 ____D C:\Users\goldfish
2017-02-25 19:28 - 2010-05-19 23:01 - 00000000 ____D C:\ProgramData\Sony Corporation
2017-02-25 19:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2017-02-25 19:00 - 2011-11-21 22:19 - 00007616 _____ C:\Users\goldfish\AppData\Local\Resmon.ResmonCfg
2017-02-24 20:29 - 2010-09-25 17:01 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\Apple Computer
2017-02-23 13:51 - 2012-10-27 08:47 - 00000000 ____D C:\Program Files (x86)\Chat Undetected
2017-02-22 09:08 - 2016-07-08 21:45 - 00000000 ____D C:\Users\goldfish\Documents\ZZ old versions
2017-02-21 23:48 - 2010-09-25 16:47 - 00000000 ____D C:\ProgramData\ArcSoft
2017-02-21 23:38 - 2009-07-14 04:45 - 00404232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-21 23:25 - 2010-09-23 18:29 - 00103048 _____ C:\Users\goldfish\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-21 23:14 - 2016-10-01 15:57 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-21 23:14 - 2015-10-26 22:44 - 00000000 ____D C:\ProgramData\Avg
2017-02-21 23:13 - 2015-10-26 22:33 - 00000000 ____D C:\Users\goldfish\AppData\Local\AvgSetupLog
2017-02-21 23:08 - 2012-02-19 11:40 - 00000000 ____D C:\Users\goldfish\AppData\Roaming\AVG
2017-02-21 11:43 - 2016-03-13 18:49 - 00013084 _____ C:\Users\goldfish\Desktop\DesktopOK.ini
2017-02-21 11:42 - 2015-05-30 11:41 - 00000000 ____D C:\Users\goldfish\AppData\Local\Avg
2017-02-21 11:38 - 2015-08-13 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-21 11:33 - 2014-03-30 16:49 - 00000000 __RHD C:\MSOCache
2017-02-21 11:22 - 2010-09-26 13:16 - 00000000 ____D C:\Users\goldfish\AppData\Local\ElevatedDiagnostics
2017-02-16 08:20 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-15 09:27 - 2012-04-04 22:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 09:27 - 2012-02-18 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 09:27 - 2011-11-26 20:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 09:27 - 2010-09-13 20:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 17:33 - 2016-10-11 13:49 - 00000000 ____D C:\ProgramData\SUPERSetup
2017-02-14 09:19 - 2013-10-29 21:28 - 00000000 ____D C:\Users\goldfish\AppData\Local\Citrix
2017-02-12 19:44 - 2010-09-26 15:04 - 00000000 ____D C:\Users\goldfish\Documents\Backup
2017-02-09 14:41 - 2011-07-01 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond DA40D G1000 Trainer v6.14
2017-02-09 13:45 - 2016-10-26 23:47 - 00000000 ____D C:\ProgramData\Oracle
2017-02-09 13:41 - 2012-08-17 19:13 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-02-09 13:40 - 2010-09-25 16:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-09 13:40 - 2010-09-25 16:45 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 13:39 - 2014-08-23 18:03 - 00000000 ____D C:\Users\goldfish\AppData\Local\Adobe
2017-02-09 13:39 - 2010-09-28 20:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-09 13:01 - 2012-05-10 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-08 20:25 - 2010-10-17 16:44 - 00000000 ____D C:\Program Files (x86)\FAATP2010
2017-02-08 09:35 - 2010-09-26 14:48 - 00000000 ____D C:\Users\goldfish\Documents\Amex
2017-02-07 09:27 - 2016-01-02 13:49 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-06-27 22:42 - 2014-06-22 13:55 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-11-07 15:20 - 2012-03-11 21:09 - 0006808 _____ () C:\Users\goldfish\AppData\Roaming\.freeciv-client-rc-2.2
2017-01-01 12:04 - 2017-01-01 12:04 - 0012955 _____ () C:\Users\goldfish\AppData\Roaming\Comma Separated Values.CAL
2012-02-18 19:00 - 2012-02-18 19:19 - 0104787 _____ () C:\Users\goldfish\AppData\Local\ars.cache
2012-02-18 19:00 - 2012-02-18 19:19 - 0928700 _____ () C:\Users\goldfish\AppData\Local\census.cache
2010-12-18 13:39 - 2014-10-13 21:57 - 0012800 _____ () C:\Users\goldfish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-18 18:47 - 2012-02-18 18:47 - 0000036 _____ () C:\Users\goldfish\AppData\Local\housecall.guid.cache
2011-11-21 22:19 - 2017-02-25 19:00 - 0007616 _____ () C:\Users\goldfish\AppData\Local\Resmon.ResmonCfg
2017-02-26 22:24 - 2017-02-26 22:24 - 0000000 _____ () C:\Users\goldfish\AppData\Local\{C960B433-5DA9-48AB-83A8-605A368C6C7E}
2017-02-20 19:06 - 2017-02-20 19:06 - 0048200 _____ () C:\ProgramData\agent.1487617558.bdinstall.bin
2017-02-20 20:04 - 2017-02-20 20:04 - 0029153 _____ () C:\ProgramData\agent.1487621032.bdinstall.bin
2010-09-25 16:46 - 2010-09-25 16:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-12-18 19:44 - 2016-04-16 17:08 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2016-03-13 17:15 - 2016-03-13 17:15 - 0006809 _____ () C:\ProgramData\MusicStation.log

Files to move or delete:
====================
C:\Users\goldfish\CTX.DAT


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 11:28

==================== End of FRST.txt ============================

=====================================================================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by goldfish (04-03-2017 20:21:25)
Running from C:\Users\goldfish\Desktop\Antivirus EXEs
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-23 18:29:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-928801702-3077407482-3869533313-500 - Administrator - Disabled)
goldfish (S-1-5-21-928801702-3077407482-3869533313-1000 - Administrator - Enabled) => C:\Users\goldfish
Guest (S-1-5-21-928801702-3077407482-3869533313-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-928801702-3077407482-3869533313-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
ATP DIGITAL 6 (HKLM-x32\...\{0C264625-303E-4458-93BB-B95CA9CB0209}) (Version: 6.0.27 - ATP DIGITAL)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.6.1.20906 - Avira Operations GmbH & Co. KG)
Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.1.2924.2344 - Avira Operations GmbH & Co. KG)
Aware System Update (HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\b9355229a2e7c67c) (Version: 1.0.0.13 - Airbox Aerospace Ltd)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.1.0.4 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.538 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiskCheckup v3.1 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.1.1005 - PassMark Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )
Free iTunes Backup Extractor version 5.4.0.2 (HKLM-x32\...\{F891E77B-EB1C-4035-BCC4-4DEF91EDD69E}_is1) (Version: 5.4.0.2 - HONGKONG JIHO CO., LIMITED)
Gleim FAA Test Prep 2010 WebDeploy (HKLM-x32\...\FAATPWSUEW49) (Version: 49 - Gleim)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxtor Manager (HKLM-x32\...\InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}) (Version: 4.02.0227 - Seagate Technology)
Maxtor Manager (x32 Version: 4.02.0227 - Seagate Technology) Hidden
mccPILOTLOG (HKLM-x32\...\{BAA273F2-67DC-4D05-8C1C-5DEE893EAF1E}) (Version: 1.4.12 - MCC bvba)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook 2013 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 15.0.4903.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{AB259D46-F851-41B0-9AFA-AED8998AD68A}) (Version: 2.0.4.1199 - Omnifone)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.1.00.13280 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.2.00.16060 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.2.00.16060 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.2.00.15250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.2.00.15250 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.2.00.15250 - Sony Corporation) Hidden
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Radio Aids Navigation Tutor XL Release 4 (HKLM-x32\...\Radio Aids Navigation Tutor XL_is1) (Version: - Oddsoft Limited)
RANT XL V 6.13 (HKLM-x32\...\Radio Aids Navigation Tutor XL Release 4_is1) (Version: - Oddsoft Limited)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.3.0.09270 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.0.09270 - Sony Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO BD Menu Data (HKLM-x32\...\{DF0415CC-0563-407F-B560-9B7F277122C5}) (Version: 3.1.00.15010 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.1.05290 - Sony Corporation)
VAIO Care (x32 Version: 6.4.1.05290 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{A1255354-11F3-4D25-95CC-C9B1C2320761}) (Version: 3.9.0.11260 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.0.11180 - Sony Corporation)
VAIO Content Monitoring Settings (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.11050 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.1.00.15050 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.0.11160 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.2.1.09131 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.3.0.11240 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{DBB823F3-E8BD-4578-9D16-42AF176FD777}) (Version: 3.0.0.11160 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.3.1.7 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.3.1.7 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.4.1.04200 - Sony Corporation)
VAIO Update Merge Module x64 (Version: 5.5.19220 - Sony Corporation) Hidden
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
Wickr Me (HKLM-x32\...\{7668652D-F198-4E7B-8FF4-5E2DC13D9AD7}) (Version: 2.6.0.4 - Wickr Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}) (Version: 2.05.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-928801702-3077407482-3869533313-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\goldfish\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02BEB9D0-7890-4F25-AF0D-BF58A97B79E6} - System32\Tasks\{12FCE0CC-9445-4AA9-8D95-E4F80F6C6440} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {06C6A861-269E-4E42-9795-B94F8F690B25} - System32\Tasks\{2E0B2CC6-E47D-46B5-A5D7-B8DBE4924FFE} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {0E364092-14AD-4480-B09D-7C5DD704AD73} - System32\Tasks\{5A1F6414-9B70-4221-A069-2C3136C8F3BC} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/en/abandoninstall?page=tsProgressBar
Task: {0EA45EDA-39CC-4ADB-A6D9-4BAF33D5FA30} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-10-25] (Sony Corporation)
Task: {1268C5BA-AB72-49DD-8BEE-AA1346A5E26A} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {1ABF9405-23CC-4197-BE3D-1DAF5349D2AD} - System32\Tasks\{2093FCAC-5EB6-4537-A8F9-03FC034783F2} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {1B6F7527-6051-4588-9CC3-26DBBA3F5906} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-10-25] (Sony Corporation)
Task: {1CC67828-EE88-4156-9269-77BDB30F2AAB} - System32\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000 => C:\Users\goldfish\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1DFE7133-E445-4A03-8AC0-F74053E51AD2} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe
Task: {1F8AD4B3-64EA-4C63-9258-02986ECD2B17} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-02-21] (Avira Operations GmbH & Co. KG)
Task: {2B73086E-33A6-44C4-87DA-29D189E2786E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {36251C2B-C530-4941-AF8D-09CCF2332640} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {3F437B74-A155-4483-9028-7FE31D5C077C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {411ABCC0-9D14-474C-903F-AF8565D5BC4B} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-04-20] (Sony Corporation)
Task: {47B7819F-92DD-43AC-9FF0-5CBB64863D3C} - System32\Tasks\{96C12997-A4BC-4A31-982B-4770E5B9F850} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {5221FD53-7E3D-4540-84E1-5FE536E23F55} - System32\Tasks\{E2A5F6B9-C55D-4083-94E2-C7D27EDDC5EE} => pcalua.exe -a "C:\Program Files (x86)\Sony Corporation\VAIO Partners\uninstall.exe" -c -prepareUninstall
Task: {5C46E2A4-DEB2-414F-A340-38C9780099FC} - System32\Tasks\{9C2AC3BE-3FFF-46A1-A323-14AB69C2DAB0} => pcalua.exe -a C:\Users\goldfish\Desktop\setup.exe -d C:\Users\goldfish\Desktop
Task: {6512F9BC-6D3C-470B-8BA9-43E008628A6E} - System32\Tasks\{9A2D62CF-9308-4BCD-AE33-79916B90C09B} => pcalua.exe -a F:\setup.exe -d F:\
Task: {70557BF9-78EC-4476-A384-73A5E50B6AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {768AD431-53A2-4F5A-BC74-932F41B28F00} - System32\Tasks\{93FCEB53-8810-4B44-9077-E63EEC818449} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {81B2814A-A899-4B1B-A716-E6B928C3D8B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {8EC55084-E1BF-46F3-BB79-6E6B1CC5E4C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {91F065EA-BDE3-4099-89D8-B581A51BD4FA} - System32\Tasks\{926AC40F-1299-447B-AEF6-54EFD36B56DA} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {9427441D-4E34-45A2-AA20-999D2B2CADB2} - System32\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000 => C:\Users\goldfish\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-21] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {99CEADEB-6B81-45FD-B01D-22314C1877DC} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {9DC9BC20-0D4B-4598-9C66-0F592842E6DB} - System32\Tasks\{92A54289-B4FD-4AED-801A-802259F7E495} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-02-08] (Skype Technologies S.A.)
Task: {A324975A-EFC0-454C-8124-7A26F20C9E52} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {A69AFC5B-57F5-4600-A5F6-F777C0CF3DF1} - System32\Tasks\{97EC3147-E1A9-4701-B32D-CE6CD97B78EC} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {ADDD53E4-B0B9-4911-8EC6-0B08B9A76710} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {B1DF4585-6B0E-49E9-B6F3-5BE3466BF754} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B1E5F863-1AEB-49C1-812E-B8527F2CCA92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {B3213F8D-8064-4330-9DE8-8F2D0F05543B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {B33446C5-DD85-45C5-ADA6-44C81406E9FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {BAF80742-67C8-4475-A351-55D761598F04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {BE6F59EF-8D4F-47BA-9401-FD31E2759FFC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation)
Task: {C757DC87-5369-494E-AA2C-0437163316D2} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-19] (Sony Corporation)
Task: {C956B962-51DE-45C7-A315-B1146AEB98A1} - System32\Tasks\{E1FE020E-4198-444A-883E-2A2DF6C27E01} => pcalua.exe -a "C:\Program Files (x86)\Sony\Marketing Tools\Uninstaller.exe" -c /bootstrap
Task: {CB60D4A6-73F1-4DA8-9A34-05310F59783E} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update 5\ShellExeProxy.exe
Task: {CDB18762-FFD7-4296-B655-6B005770A66C} - System32\Tasks\ATPL Update maintenance => C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\htdocs\scripts\removelock.bat [2017-02-22] () <==== ATTENTION
Task: {CE928646-2D82-4350-8674-BCB03E35528E} - System32\Tasks\{81432782-934F-47AD-9717-49765EBAB508} => pcalua.exe -a C:\ProgramData\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web[1].exe
Task: {D5B53B26-59E1-40AD-B4E8-B5583E34295C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
Task: {D7D6F1EF-7E7F-4AE7-8533-2937A6126C0B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {DCFC64A1-29B0-4A44-AAA4-B2237C97138D} - System32\Tasks\{D35BEE58-0154-4836-AE23-AA6300E98B3B} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.2.0.187.259&amp;LastError=12002
Task: {DDC020A3-0340-45AD-8E21-A677F2C9B4F9} - System32\Tasks\Games\UpdateCheck_S-1-5-21-928801702-3077407482-3869533313-1000
Task: {DE506D78-8716-41A5-A982-BBD96130BB2C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {E10E381B-C0E3-481C-98BA-A7E64260B292} - System32\Tasks\{CE7BA935-73B5-4BD7-9385-01F9719511C3} => C:\Program Files (x86)\B737 CBT\install.exe [2000-03-30] (Macromedia, Inc.)
Task: {EF03C5F6-346C-4E50-AACA-561F88BC01F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-22] (Dropbox, Inc.)
Task: {EF840724-63CF-4693-A308-CB19C44B02DE} - System32\Tasks\{4B63717F-6C21-438B-B556-4FD5C933CCE5} => Firefox.exe hxxp://ui.skype.com/ui/0/7.16.0.102/en/abandoninstall?page=tsProgressBar
Task: {F3A59D10-47AD-4A35-ACC0-FBDA91E1639C} - System32\Tasks\{7A33B700-5810-48F2-9DEB-84DBBFB81049} => pcalua.exe -a C:\Users\goldfish\Desktop\freecol-0.9.5-installer.exe -d C:\Users\goldfish\Desktop
Task: {F64247EC-2515-4E5B-85EC-1809CF0D7BE7} - System32\Tasks\0915wtUpdateInfo => C:\ProgramData\Avg_Update_0915wt\0915wt_{B87CCAC6-8764-480D-A2EC-6EEC605C96A9}.exe
Task: {F87E4381-891C-48AC-B7FB-337A3E3EE276} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {F8F1FE2F-26AB-4039-9D72-70640502C946} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-02-21] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATPL Update maintenance.job => C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\htdocs\scripts\removelock.bat <==== ATTENTION
Task: C:\Windows\Tasks\AviraScoutUpdateTaskMachineCore.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\AviraScoutUpdateTaskMachineUA.job => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-928801702-3077407482-3869533313-1000.job => C:\Users\goldfish\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-928801702-3077407482-3869533313-1000.job => C:\Users\goldfish\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{8BC9A805-8F1B-4F0A-895D-7D391FD1CB3A}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-25 19:46 - 2016-05-24 16:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2003-04-18 18:06 - 2003-04-18 18:06 - 00008192 _____ () C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe
2015-03-08 15:12 - 2017-01-17 03:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-01-26 19:15 - 2011-01-26 19:15 - 00573440 _____ () C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\php\ext\ioncube_loader_win_5.3.dll
2010-03-14 20:52 - 2010-03-14 20:52 - 00077876 _____ () C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\zlib1.dll
2014-09-14 16:26 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-09-13 20:38 - 2009-12-01 21:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-09-13 20:38 - 2009-12-01 21:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2010-05-19 21:42 - 2009-11-20 22:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [268]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\google.com -> local.google.com
IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\paypal.com -> hxxps://www.paypal.com
IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\skype.com -> hxxps://login.skype.com
IE trusted site: HKU\S-1-5-21-928801702-3077407482-3869533313-1000\...\westpac.com.au -> hxxps://online.westpac.com.au

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-928801702-3077407482-3869533313-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\goldfish\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^goldfish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\goldfish\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: BrStsInd00 => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: WDAppManager => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BCBA55BB-889E-4687-828D-B2D8FEC46902}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{45554EF2-075A-43DD-9DF7-94436AAB9259}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{38CD58FC-59C9-41C2-8F98-76F8FDD08F2C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{914FCB6A-19CB-43CC-AC77-BCE91CFA8E4A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{723BBC2F-1667-4B29-ABEC-E2904AFCC1A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0C2CF4FF-5521-4A13-B9B3-94148CA4D077}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A93190C-95F5-48E9-9D67-190C71F75A1D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4707F33-EC92-462D-A3C6-1489890B6283}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D674215E-D2B3-4282-8AC0-1650698FB85D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2FA98034-6992-4F75-A6BB-262463198255}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{140BCE47-3F10-457A-BD16-F7E8601E72B0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{08F09C36-11B2-40F6-9BE8-AD9F710CEB92}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{8EC6FD59-22EC-4F04-8A0F-41C7864AF06D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{718514A5-FF50-4F30-8649-08BCABCAF206}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29107B16-8AAF-4A24-B95B-4ACAAFA54044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64D8E86E-2134-4E1E-90BA-D76466D71513}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5449F8D-35D8-4682-BF98-8B05F6968DDA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D543C293-1C09-48F1-B33E-620D39662ABE}] => (Allow) LPort=2869
FirewallRules: [{5C84FC5B-740E-4C0C-81F8-7755ECBB29C8}] => (Allow) LPort=1900
FirewallRules: [{B140CF95-AB69-4829-9D32-56780EFA3086}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D5A811FF-FEA4-4566-9DD2-21A46846E8AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{29A14419-3797-4683-8460-2985D2587B4E}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{B6866314-0F36-474A-A039-3EAE2137BD0B}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe

==================== Restore Points =========================

26-02-2017 22:40:47 VAIO Care Automatic Restore Point
27-02-2017 12:14:51 Windows Update
03-03-2017 22:42:30 JRT Pre-Junkware Removal
03-03-2017 23:50:02 JRT Pre-Junkware Removal
04-03-2017 19:29:57 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2017 08:14:36 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2017 08:14:36 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2017 08:14:36 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2017 08:14:36 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/04/2017 08:14:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2017 08:14:24 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/04/2017 08:14:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2017 08:14:24 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/04/2017 08:14:24 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (03/04/2017 08:14:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (1056) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00900.log.


System errors:
=============
Error: (03/04/2017 08:19:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/04/2017 08:17:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/04/2017 08:14:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/04/2017 08:14:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/04/2017 08:12:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (03/04/2017 08:12:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio UPnP Renderer 10 service to connect.

Error: (03/04/2017 08:12:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (03/04/2017 08:12:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (03/04/2017 08:12:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (03/04/2017 08:12:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HDD & SSD access service service failed to start due to the following error:
The system cannot find the path specified.


CodeIntegrity:
===================================
Date: 2016-04-16 18:09:38.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.603
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.417
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 18:09:38.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 17:58:40.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-16 17:58:40.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 5998.1 MB
Available physical RAM: 3744.43 MB
Total Virtual: 11994.38 MB
Available Virtual: 9514.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454 GB) (Free:176.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A49F79C6)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Attachments

I had to remove a couple of the shortcuts and recently created filenames because they contained personal information or client names (but only files / shortcuts I knew I had created) - hope that's okay.


No problem. Just look at my first post, you ran adware cleaner I need you to run adware removal tool.
 
Oh sorry! When I click on the Adware Removal Tool link in your post, I get the message below. Is there another link to the tool that I should use?
upload_2017-3-4_22-22-14.png
 
I assure you the site is fine. I have been using that tool for years.
 
Okay - very cautious after my recent experiences :D

Standby for the logs... Do you need me to re-run the ZHP and FRST afterwards?
 
Do you need me to re-run the ZHP and FRST afterwards?

No, but the logs will take me a while to look over. So run the tool below, I have to run out for a few hours.....

9-Lab Scan.



  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Disable your antivirus prior to this scan.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a Quick scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.
 
No probs, it's taking a while to run Adware Removal and it's quite late at night here - might be tomorrow when I can run 9-Lab.
 
Here they are:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2017_03_04_22_26_49
OS: Windows 7 Home Premium - x64 Bit
Account Name: goldfish
Adware Definition: 03032017
Elapsed time: 37:18
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Repaired ->> File ->> C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Preferences

[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\localdatasearch.com

[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com

[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.localdatasearch.com

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

[-] Deleted ->> Registry Key ->> HKEY_CLASSES_ROOT\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}


===================================================================================


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2017_03_04_22_26_49
OS: Windows 7 Home Premium - x64 Bit
Account Name: goldfish
Adware Definition: 03032017
Elapsed time: 37:18
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

Registry Key Found : Adware.Tasearch.com : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ <RegKey:> localdatasearch.com
Registry Key Found : Adware.myway.com : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ <RegKey:> myway.com
Registry Key Found : Adware.Tasearch.com : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ <RegKey:> www.localdatasearch.com
Registry Key Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\ <RegKey:> {2EECD738-5844-4A99-B4B6-146BF802613B}
Registry Key Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\ <RegKey:> {97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Registry Key Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\ <RegKey:> {98889811-442D-49DD-99D7-DC866BE87DBC}
Registry Data Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll
Registry Key Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\ <RegKey:> {2EECD738-5844-4A99-B4B6-146BF802613B}
Registry Key Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\ <RegKey:> {97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Registry Key Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\ <RegKey:> {98889811-442D-49DD-99D7-DC866BE87DBC}
Registry Data Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll
Registry Data Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll
Registry Data Found : PUP.BabylonToolbar : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll
Registry Key Found : Adware.Vosteran : HKEY_LOCAL_MACHINE\SOFTWARE\classes\CLSID\ <RegKey:> {6DDA37BA-0553-499A-AE0D-BEBA67204548}
Registry Key Found : Adware.Vosteran : HKEY_CLASSES_ROOT\CLSID\ <RegKey:> {6DDA37BA-0553-499A-AE0D-BEBA67204548}
Browser: Chrome Found : Unknown.Service : C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Preferences


===================================================================================

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 161.47443

Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.18537
goldfish :: goldfish-VAIO

04/03/2017 23:14:06
9lab-log-2017-03-04 (23-14-06).txt

Scan type: Quick
Objects scanned: 27878
Time Elapsed: 38 m 26 s

Registry Keys detected: 7
Susp.RPL.Gen.vl [HKEY_LOCAL_MACHINE\SOFTWARE\DeviceVM]
Susp.RPL.Gen.vl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeviceVM]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]
Adware.RMPL.Shopper.vl [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}]


Files detected: 733
[3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\hosts]
[5D20B86806DDA7819991BC2C375EEC51] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\annoanno.pdef]
[97105F395DA4B2A19FC29EFAD5762765] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\moovaudi.pdef]
[A2DC148647FEFA8DD75E84AE3719DA0D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\moovpres.pdef]
[DD0D21549231BF6BD3A42BC0FE67EC58] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.qpa]
[424B1447C0D150252873DFDD182FD561] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr]
[7CD3D7D020FBCC8252594E64138918C5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj\locversion.plist]
[BCEA97045A0FD66DAB6EF8CCF0462E99] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr]
[43D856A20EB96A00A2B8E23FC160ABBC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr]
[DA247313D21BC88C90646ED247A4EB4E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr]
[FD300C3D00AAEA1CC67BD88CD3209D82] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr]
[DF6E38E2970886496A4F2392E111166D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr]
[DEB5062AC86BD6980D37165B21DE932B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr]
[B1AE1481DEA2294A7EFAC293BC23DAEC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr]
[AADE7B018F83C00FC4A942C1B605D7CB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr]
[640AA787347E8F79FB9E0CE4CF9DAC60] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr]
[57B6900A56F6348D6570FBD6DE5609D6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr]
[9318465E7A3EA8BC1F629E03224E7A05] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj\PanelHelperBaseLocalized.qtr]
[9D273EA4C799AD40E3C1749645E2958A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt.lproj\PanelHelperBaseLocalized.qtr]
[633700D288667931EEA7CF94956C4523] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\PanelHelperBaseLocalized.qtr]
[E9B0FAAB3D229CAC3D62B49BF30EF5B3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\ru.lproj\PanelHelperBaseLocalized.qtr]
[15FB97C62934C44D0F9FA9C456A15BDC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr]
[B0E2A4175FDF7B86AB5AACFEBFB6FCEF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr]
[55DE316ADE66EC44952EFFD1BF737D28] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr]
[7A54BF9F1ED68BF544E28006F97CFFF0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropertyPanels.plist]
[015EE89604362C3B1F5A04DA7D295505] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.qpa]
[61EB9D7727748995BF30342A43E88B4B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr]
[347406D6752277588E49EA1ADFADF6E7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\locversion.plist]
[FCB42481E036F4B9F6DDFFB607DFF0F3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr]
[12747B5AA9111008E4B970FC7CA580B4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr]
[2C21C34E0B9136EB3124DC27634AB59D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr]
[7C73E2C7B2A894FC62D945A473EB0CDB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr]
[E0CF61B84F7AA53F6FB2805D0901E432] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr]
[FA0F2358E131949E45C99ADF65CA9491] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr]
[6007522F6FFF04B27E1E98CB15B376C5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr]
[B73A46EDC7B9264FEDAC445F55AAE1F4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr]
[6C85CD5214FCD0F31D0F51496D712ABD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr]
[30134340184A46BAD04749322D7D658D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj\PropPanelHelpersLocalized.qtr]
[0519395DB923B093C00211A18CEB3D47] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr]
[EE97EF29E8C639DC0A32C212225941FE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt.lproj\PropPanelHelpersLocalized.qtr]
[A16D5D1B10BFA811CECDA2F14D8E2409] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\PropPanelHelpersLocalized.qtr]
[B4F78B1E8CDC2485E8BBE217670FEED7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\PropPanelHelpersLocalized.qtr]
[E3ACC65E37CEBAEAFFABDF828BA7F106] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr]
[E65D7BD3D3D0AF873AC81E925D7D3038] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr]
[CB7518D43A61B2E6C98633CF6E7F3A72] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr]
[1D4DE188894FE9BE200958EFE53A2A23] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\rsrcrsrc.pdef]
[70D394931C1A4BB65B4329E9A7D1A50B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakaudi.pdef]
[A181FB9E17534DB9BD9EB86FBCBDBE10] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakhint.pdef]
[6DA83CB93D7C3DB0BD5FC900CD625004] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakothr.pdef]
[03123CEF8DCFD2D3DE0A1A66E1B515C5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakstrm.pdef]
[C438D3C5F145A1AAF7121009AC7E008B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\PropertyPanels\trakvisl.pdef]
[50850E14716C83FE717804AF952C5790] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTOControl.dll]
[FC2F2A652B4F72D80292D695A9C4FD6C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTOLibrary.dll]
[4B4DC2002795316CA5E4F0CE48D11D82] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\AppleProResDecoder.qtx]
[B53A9836BC1B6A735C655F1E4FA7E619] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFCharacterSetBitmaps.bitmap]
[67C18382F63C39B17328ED03F68C35E1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFUniCharPropertyDatabase.data]
[62E265CF156659E305A862EC22C641D4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFUnicodeData-B.mapping]
[B10CAB969FB143F20B90AA8988495C03] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CFUnicodeData-L.mapping]
[09C39150C0C9B057745CECFDBA941A7B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.qtx]
[5ABD3215EA3FB8E0880E0D7688FCE7E1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\CoreVideo.qtr]
[E1EBABD9C9B7E80E225D8E6A717DF946] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.dll]
[CD102B5AB33CC54CF67797CD88868F77] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr]
[F18D9460311653E818C2E8325091D9BD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.dll]
[4FF53A1EE9681763ABD3B9DB35FC7456] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr]
[FE210DF7F560FCEB4D180E9D7B17E5FD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.dll]
[48C79C1322D3D3E4CEA2DF7203B6FE21] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\en.lproj\locversion.plist]
[CA16F1026E6C61D1FFF9E5E7136C7E7E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.dll]
[12C8D0F39F22F607D22AD6423CDB042C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr]
[53D37E45D3E90644B64CC4AB9735730B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.dll]
[B66F358EA3F6E1836ED97EF497788CF1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr]
[5C80075E21B7946E03F2A2D9C5AC6BD4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.dll]
[D032D7EFD6BA94015CCB2A7186FE5892] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr]
[9909A70EEC858B499C7CBB63FDA70534] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.dll]
[7E3C0626C5FCAF92B9376FB22ED8F3E4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr]
[407FB509AFD9D021CA1DFDE860EFB645] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.dll]
[404E7BF44C22DAC2529BDD4851CDFE39] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr]
[3D62007FB406A75031C3B536F92F768D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.dll]
[3191BF2829A43BBB834892AA81417457] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr]
[A0CAE5A70924558CDED3A491EB27222B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.dll]
[C1C57CFA8ED13F2BDD253F0F6CFC2E56] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.qtr]
[316C753739C9E323EFE013938848265F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.dll]
[DB50F63101AFB4A62DD80E31B8A7F7EE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr]
[6B4EC4E16AAF3BC05752C0B1A0A3832B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pl.lproj\CoreVideoLocalized.dll]
[0E03001B6D84C141AC9D7566282568CD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pl.lproj\CoreVideoLocalized.qtr]
[036005C357DD622D18596C0CF935CA65] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pt.lproj\CoreVideoLocalized.dll]
[75E3FA78B6290F02F773EC6E8BFE390A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pt.lproj\CoreVideoLocalized.qtr]
[26B28D81CE559F630FAFA39E41A23FC7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pt_PT.lproj\CoreVideoLocalized.dll]
[90FC117E2A76DE4D5C68EDCF7ED61C78] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\pt_PT.lproj\CoreVideoLocalized.qtr]
[582540EFDD5772F1F20D92C9DC8241D6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.dll]
[8555503964F6A241199FC6DF6F3BFB5C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.qtr]
[A2C1E254EFA516BB1CAF1E43EB52B611] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.dll]
[61FEDBCE28AE228F6904A46D111DA2A2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr]
[A1ECB0D3786AA4CA1D029632D6B3EB96] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.dll]
[BDD2B5A5E5817F030D4531260744F074] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr]
[79ED8D80599582C2540ABBB91E501BCE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.dll]
[57E6619AABFBECF1784B39452FD8B225] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr]
[379B72A6FADEB462EC884CA868025B6C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\ExportController.exe]
[5AC2F4BE5CBEE4FA26797F4BBFA9EF86] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\ExportControllerPS.dll]
[718C93327D203DCCB500EAC11420C954] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTCF.dll]
[F9490B9C34299D6AB2402A769E8FEEF6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QTMLClient.dll]
[D56F2C54F013BA522743CFECFD9DA594] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.cpl]
[A37251C74995A95D586B1E288855AAE3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.qts]
[10EDC19A59D1D61F5F4462D093172C88] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.dll]
[A6F9F1058E97BD380CBDA25CD58C3F1F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr]
[CD078D2A17054D81C567846F1D44D60D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.dll]
[2485AE765DB51ABD65ABBD63978936F3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\en.lproj\locversion.plist]
[BC0D820CE6FDBE40E9E0B61E972EBC9A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll]
[104E68165FF34BEA34BA11D055759503] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr]
[2B7372C41BB4984814E9928AA5FF7651] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.dll]
[307152B8E180C5D75BF1A81F54A15836] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr]
[837FE8810CEE0F4B5F98898C232E9B87] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.dll]
[257203B967C48CE474A9FF0BC0FEF374] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr]
[BB30A1F456434E2EBE1338C78B438EC3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.dll]
[CB541BA2C429AC3A41FEE80BF1999B77] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr]
[E117C206B19CAC14B575BFA5C1AB8988] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.dll]
[EF56F109EA14BBBBCF6EBCD0C932C01B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr]
[4484E57FF0EC318F09C2ABEDA0B17B2A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.dll]
[F85EE430A38C113CAC774EF7C0A19328] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr]
[80FE0F551115DDE8D312E0500C5C1CC4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.dll]
[2583C707940A87838EAE83DF732E16C8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr]
[4E5E3F46C39271CA1FA864A428188A4C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.dll]
[374B00C6FACAA7A20B3BB850E9695087] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.qtr]
[7D45FD46012EFE4975BC1B48BC22239D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.dll]
[1483A68ED8F8D534FD2214DC3CA4F035] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr]
[0E8E436A54C9DF71974D2D9FA458010F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeLocalized.dll]
[CA05910B608FC9B70B6CE61B21850DAB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeLocalized.qtr]
[C429E0161DD4268B58B5A988B6A6A025] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt.lproj\QuickTimeLocalized.dll]
[63E33600C6E766F570DB7D2E60F52815] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt.lproj\QuickTimeLocalized.qtr]
[9F935ECAAAF7B1169B14D2AB5BF2EE61] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.dll]
[167CC9362C8BC59BE142418137B86A02] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.qtr]
[5F0DAD3EA071879F96553DA2D11058D7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll]
[364A1D952CC14D5367DD37104C298920] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\QuickTime.qtr]
[A5ECCE9AD05DC2C7C2D78F1FBEA5EDA0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\QuickTime.qtxs]
[60E211FE2F0AFFD690A66A77149FDBFA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.dll]
[FB07862C2F260D34BFF9F59753F9F318] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.qtr]
[AB622032C1A2F3B036F8DE729A6178DF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.dll]
[2867CEFD481E9BC230AA3B04BBE4DA09] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr]
[136CCCBBB88905FF6D116AACB2AB58A1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.dll]
[2C386F43E0D34DD32DE84261AEE2A581] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr]
[A99D5E2EA3FC588CDCF0B4CFCD2AB883] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.dll]
[9DE92DC012353A6F74942E8ACC0E2EF6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr]
[360CBBE86BE4564821CE8BB5E4E0BB3C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.qtx]
[140DE5F9494C0DCA3BFBBCB187CF002D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr]
[574707A925676553E264E0A723FC704F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\locversion.plist]
[1E1023229BDCC775383C28A4513F1CA3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr]
[E06F5A5302A3B5ADF84C76B9C4EA59ED] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr]
[5B9646E884E9180FA3DEF22374B18E2F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr]
[877A9DD607DEA44495FB68D8554E043A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr]
[7A16753A4F630E2D0A8A800F4199EFCF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr]
[7D7A9060A402B15CCD090CAA5CA18650] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr]
[D3F45A4730165B84AD58FDD2EE1EDE17] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr]
[BF5F046DE5F6B6EA8AE6E8537DB258A1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr]
[5217A0CCE590F1B007E2D85C8C2B8C65] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr]
[0D6D10E843E26F0B412A638F22C06968] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr]
[86165C00D736DFBECC7381397E583664] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\pt.lproj\QuickTime3GPPLocalized.qtr]
[D4FFDE2D45D33F74A6106AE97994C556] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj\QuickTime3GPPLocalized.qtr]
[72B2140FEBCC28D6A109730290415968] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr]
[8B32DDC39406EF1E24E91FC5C048CE73] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr]
[76F665720566F89AB480D8467D06838A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr]
[EE0D145C3ED8DD32825EEDA069A7998F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr]
[FB39BF0E832FB929FBCBD2BB812CBAEC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr]
[DF239E3457F5BE15E045BD1B3067ADDB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx]
[E2A45AFA04D5243E515A8F1E9D5CDBB7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[F074AA3B0D20816967286250C7303646] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\locversion.plist]
[4EA3F062E179C512E75EAF1EDADFAB7B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[A6D34B69F78808D944D4AB4FF4C8F236] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[8B80B76343A39E17C0D88C675B1D1C02] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[95D4790506AA77C4BE92EAF5D5F6F785] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[0FAE827654EFF942941B875FE09622D6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[EA0A4F2A78312B9811CF0E2DC9EE571E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[3E250B920999CDDACDB2B4005C8F9F19] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[01D0D637E26CBE66E81D68B346B48D1E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[50145596197FEA525B1F577747171D8F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[C4F36A1D75030F6011B45EDE468645C6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pl.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[12F79FE095CD9091F6B44A4669FF5FFB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[2B384A1CCD0F2220BEC2360AB420F3DF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[439CF318AE1A29A417B3C8DF712857A3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr]
[FE0C3F9A656117D62E72C0DEAA2D9A11] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[B67B0749571ECDC835342D0CC623FCD8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[469331BB7265B0CAC3B1FEDA2648C6F3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[7CAB28EEA410777978556FC1579C27ED] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr]
[47F3395F3A6CE80CD019CBE09CACB5C5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.qtx]
[A72AA80BC8233FC8D1181DD25A786E48] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.dll]
[2AE685A15A4AD1B0734AC1C450389E44] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.qtr]
[654EC373CA1A7D67A1BAF71B930C1BE7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.dll]
[00E388A9F0DDFB4795D9E40BAA3E5CF4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\locversion.plist]
[79036AAE87D159933CEBCB820FE31302] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll]
[0E6B79723539DFCA3785AAF748A8D007] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr]
[677F8FA233C251148DBA942250336487] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.dll]
[A82DE1BB350D75C8E615E89ACAB61283] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.qtr]
[623B0D3F1CC808D978D4B72864C9B451] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.dll]
[BFD3287BAC31521FE3AFD9928D05AE91] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.qtr]
[F1B8607B5FDE9FF9E92AF79E7FEE9D1B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.dll]
[46680D059DFC8B361928B4CD8B941355] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.qtr]
[F39699856BDDC628F309AD3EB6BA0AF7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.dll]
[71108311AD06A03E5F10392C92C5F11C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.qtr]
[7089ABD9FD89C22CA3F5790A7EF540A7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.dll]
[ABC03BFCEA62BB16711D5CD875B247D0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.qtr]
[1CBFC19636C76FDB495702F12430C21E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.dll]
[540E78C7DDE0203FF64E22B1B86450A4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.qtr]
[6C1A9A62E38C91D914C7808A30738F06] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.dll]
[D95331C490905336A9FA65B3C85C30D3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeAudioSupportLocalized.qtr]
[65AA43660A2C7ADE19ED098029E7A223] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.dll]
[4A338DB706ACAF2FCCC848D0DB2CC748] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.qtr]
[C35AFAEB48197FB155F021445BE59785] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj\QuickTimeAudioSupportLocalized.dll]
[F308D1AE2AB439072E639BF396389CD7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj\QuickTimeAudioSupportLocalized.qtr]
[22632EA780F1FA926FA1DDE85996979E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt.lproj\QuickTimeAudioSupportLocalized.dll]
[81102E0DA3EE84A6DD8F9D70AEBBC616] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt.lproj\QuickTimeAudioSupportLocalized.qtr]
[129DDA045A92F295989878F5C51C267B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeAudioSupportLocalized.dll]
[93C12573BBDBB47CC74BB10FB23A5D4C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeAudioSupportLocalized.qtr]
[D3C0A10C9F69E170032C1C428D51B528] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr]
[E88C0BA6E57076F9C78F24D9FB534FAB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj\QuickTimeAudioSupportLocalized.dll]
[A7C61534E9B0182C93538AFA7D9C46F0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj\QuickTimeAudioSupportLocalized.qtr]
[AD54D12072D92CF9DBF017A3DC4D01B2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.dll]
[DA0BBF1486B929100C5A79D174A9B0EE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.qtr]
[F18A673F88186DABED2BF47EAD67F0D0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.dll]
[133EA6C1C9B5630E731344321EEB3E0F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr]
[AD89AAD1C17808508BF1ABB85AF33B95] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.dll]
[8532496E12841FC85F30D8D046A62064] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr]
[D9443257E8C0E05DC4846A8BCB00FB5B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.qtx]
[BC37BC1148B079062FFDA854D64865BC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.dll]
[DE33D5DF6672C7AF69877288F6B1B3F6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr]
[34B9787B978E3F287FD7CFF385F25F18] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.dll]
[DAB6E0C8E1C05DC33967E2116CF08FAF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\locversion.plist]
[254D77315EB9C200D5147C313D7A6733] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll]
[7F9B1076F058B18F788B3BC3120718DA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr]
[5F78E84BB32CD16416AB4F0C249008AB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.dll]
[A714F745ED21170AAC6D0C3FDA60F3AE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr]
[36A1065D2BBBAAD526A7B9C7AFF93746] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.dll]
[5E80F8ED1805235C7472797008D779CE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr]
[51C4F26756E51AA2431D463C77E1C216] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.dll]
[02572CFE57C158AB6FA9BD145579320E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr]
[1364BD10C67DDD22ABFFEDADB3A98AF4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.dll]
[A0E251E4B70FE2E68E93867FF0228EC3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr]
[C88DDD70113C1692246363934D066F8E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.dll]
[989FF129983AD1FC10A723062CAA47CF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr]
[9003040ACD4FEA9BE163081D26F9A2D2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.dll]
[D69F16BA2297E326931FA5488B44CC7B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr]
[020033D8B12411028D9A2AF94114467E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.dll]
[6F829503F700F844C15D87539815DC0F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.qtr]
[F69B705542F149E77C95DC3A2C6BB8DF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.dll]
[9A6DFD3E6F92B249625781640F3D33C1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr]
[12CC5C79ADAFDCA3C42BC140BC7CC3DE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeAuthoringLocalized.dll]
[DF786D7D0B8055DAFA8A38C1A4EFAD46] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeAuthoringLocalized.qtr]
[F7FC2CB6116B28AC250EC3B7EC125254] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt.lproj\QuickTimeAuthoringLocalized.dll]
[AE87E21A2FFC3D92E23FDA9A7677ADD4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt.lproj\QuickTimeAuthoringLocalized.qtr]
[7962D48D8DCC320F9409C0AD278BC15A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.dll]
[BD92CC913C78E0BFB07A0D4725BD1D2B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.qtr]
[3EDCC9F25D21E1D6E274F1CB7E47AD5A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr]
[CD02B981D24D2D7B8C88515BD4A706CC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.dll]
[4481091E2BC2B19C51D0BE8474D68808] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.qtr]
[76C99C2F77637C28BCC5F96E14C98DB3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.dll]
[C60DD0884ABE03012CD945167C69F771] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr]
[95551CEEAA430193D757B43293430146] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.dll]
[06C9CD86E8CCD19F8C7CD4483115268C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr]
[E0A4C27A4198897B1104B148F13CC241] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.dll]
[C03FF6E3A69EE25B09FDAC29686BC775] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr]
[388EB328ACED68F3C1DB885A1DE8D132] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.qtx]
[235F5B9269E7E7FC1032AB31853A2765] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr]
[89DB6A1BBDB7F63C403C8A1898E18AC2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\en.lproj\locversion.plist]
[08E46D0846F0F7503A213B3AD948BD97] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr]
[CB4A69BFF6B7152AB6FF6B3F0B62CA9A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr]
[8A84C44482C757A116E72E1A526164B2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr]
[4ABBC64E7B1D86C173A3C520A1FC473B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr]
[CBC9EEA845802A2A9ED2D5506E728A72] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr]
[BEC166CEB6AECD99D522FF1FB595B6E8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr]
[9A63DB85E2DA38D1C3EB8A7E740D3000] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr]
[EE2314C867A406C61900310704337E7E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr]
[1D4CD11E32F3117B6D91CD415F2F930D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr]
[DBAE3421BC6A2DBF83B92D3EBC6EC4B6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\pl.lproj\QuickTimeCaptureLocalized.qtr]
[68AB0E46AFDEE7E92DB73F08A9B7D71A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\pt.lproj\QuickTimeCaptureLocalized.qtr]
[A95FDE424966722BA2B554FEE857B98C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj\QuickTimeCaptureLocalized.qtr]
[6A5261C0013AEC8323296359381CA8FA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr]
[27334632B6DC94CC042B78E34B0788E0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeCaptureLocalized.qtr]
[E027E464C621F8457DDC96FF71A3AED9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr]
[ECA5D833C77AE09066F96F99AA33917D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr]
[32ADAA8CC269545322687F78B9089D7C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr]
[6E21CF79ECA59606D7C8D2F4A1E613E7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeCheck.ocx]
[82506F812CE93021ABBA73D4CA816EDE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.qtx]
[DEF8E1EF0357100DABEC1E44C87DD4C2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr]
[E70D1AFADF5E07330E64F0052B330C26] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\en.lproj\locversion.plist]
[0BEF7E934F7CD030C732EE96C58FF9DE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr]
[E0252A8F76B87C5B6651EAAC3EEABE15] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr]
[D2F9CFEB535068861B4189553F0AFBCD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr]
[20CA8D059D8D26B65435642012F4FC70] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr]
[130DB86DDDA774E1925AE37A86266C1C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr]
[CA7B33FB7BC0444CC90EF85C63B56D28] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr]
[DE6BC284E4BC4C23BD51DB2C900DE553] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr]
[7CD45F8699E068BCF2D1ACD7C70FF44A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeEffectsLocalized.qtr]
[F19B3E7F3A512C10AF8D2170A811815D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr]
[1E5F0680D6A5770DD0E5FB088D63BC23] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\pl.lproj\QuickTimeEffectsLocalized.qtr]
[FBB2963A9D0911E2105683F46289D9B1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\pt.lproj\QuickTimeEffectsLocalized.qtr]
[9C4B29118EEB7E6484ADB9539392790D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj\QuickTimeEffectsLocalized.qtr]
[170819E69451C3887CDDF353D5C3FB69] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr]
[29B8EE375E9CD2EA7B358CD2C4723C3F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeEffectsLocalized.qtr]
[B3A13F885A7A75E3BA63D0774F3EA7A3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr]
[192E1C5D5C48305016CB0C0B8DDF34C5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr]
[093AA6335E368AA02FE178181C2E442C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr]
[2B14243EB246EFF79A6C73F4B4A7338D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.qtx]
[E8223F0D0515B47650330A4940618874] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr]
[E6A2D3F51094A1F62B30FA857A062200] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj\locversion.plist]
[4E1E9AFD11E85CA185AA8B3EA674721F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr]
[866073228C1320B1021A64A66AAFDAB4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr]
[F0008CF4426AB882B6AB55154B4000F5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr]
[5B2CBC2373BFA9CC41549718AFB2731E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr]
[114027ED289A4CE9A70D28AE141CFFB7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr]
[C588FAE1C631A791F4C9A542AB44D4F6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr]
[4AB05BCD472D800102ACBCC5BB65AD18] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr]
[FF3C6F4E6D33B39FA1E37D531DB1BA57] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr]
[BE1AF53AAB641B1BB8255E48B2665DAD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr]
[ABF031B8C04EA922F24AE582BA24EAE7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\pl.lproj\QuickTimeEssentialsLocalized.qtr]
[C49B4FD3920B29325092873A7FDD7450] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt.lproj\QuickTimeEssentialsLocalized.qtr]
[C7873225F1C776DCEF38D9A2251DF0FF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeEssentialsLocalized.qtr]
[26D2FDCD7874292834F6BC1FB029F212] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr]
[EEC0B36252F49AE9DB445061E01E0553] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeEssentialsLocalized.qtr]
[BA1AAC20F1557F3BFE2838F89867A9EA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr]
[870F41118AA2032D96598A3A64C2E945] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr]
[F9568FC8DB478B315C9BEC1EB22B09AB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr]
[7594C92D0AEDD74C7C77E2B6BDC890A0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.qtx]
[26FCAF15D4509F7492A13DB55E79E3E3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr]
[8AAEBB06EE0AEA3390722F87A7E66A4F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\en.lproj\locversion.plist]
[43C5B37C33CA9F5BCE91ABB9A28AE74D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr]
[3A631E1548BDDF96AF91EFA6A5738AA0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr]
[6BB376971587DF298BE89436ED44E145] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr]
[69BB20F6C0E81799DBCD77F0FD9DB3BF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr]
[50BFC308A5C9113CA8B0D53C4891D24F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr]
[9147764F7BC83B1875DA5375BCF75B3F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr]
[8BD505424CAAA08EB60067F3E75E54D4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr]
[9A9F32CFBD8852875CF1E13189C6A643] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeH264Localized.qtr]
[17D2377489921C3D0CB935A81D789E60] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr]
[1363988643852EF82E1CFAD452B58A47] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\pl.lproj\QuickTimeH264Localized.qtr]
[5544E9C109396000BFDC0B891F2B638C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\pt.lproj\QuickTimeH264Localized.qtr]
[C90C1CE86CB95C0DAAE69AE435814071] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\pt_PT.lproj\QuickTimeH264Localized.qtr]
[E435021EBD255AD1BF2B8EA84D3D4565] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr]
[E389B73E7BA945B733DE770EAB7A517A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\ru.lproj\QuickTimeH264Localized.qtr]
[ED795F08AF061364F0F65A370E9C87ED] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr]
[9FAB3161F2DED02D801DF839EC422A2C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr]
[ED2C8C5D01429E29D7989266FAFF44C7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr]
[45C9F942603B96B05B4CDC5301031514] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.qtx]
[2CBABA9DB66D34FD2E2E16F37FF20626] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr]
[301E94B02A0C6102216DC46B6E52B909] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\en.lproj\locversion.plist]
[FDE97CA6187A21529DC480C41EBD8788] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeImageLocalized.qtr]
[99B1BC922CE450A43B67747E16D1AAA1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr]
[921C8CC5712E005E904D8CF3267CE6FB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocalized.qtr]
[26FD7D0B21ADFCB213ADBF4EE90AAAC4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr]
[36911573C76023AA64043A97F60F1422] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr]
[D540532C1C68E2B181F665E9FF152AC4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr]
[9DF8ACFC9B3EEC0794AB807063D73B12] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeImageLocalized.qtr]
[64DB48A22E30A861AC3CA28A6595A70F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeImageLocalized.qtr]
[FC0C0673A3DA24A125D42C10DB4970F3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeImageLocalized.qtr]
[BCF48DADF17CE86424EEF8B9A4555C33] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\pl.lproj\QuickTimeImageLocalized.qtr]
[E9BE1036AB366C579E20A44031644FC5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\pt.lproj\QuickTimeImageLocalized.qtr]
[E5A5306F18B52D89C287C5541035598B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr]
[7AF74C317DE126FF5B431243773973C0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr]
[7DFE9CC7A8007606BB74CD92D70188A6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\ru.lproj\QuickTimeImageLocalized.qtr]
[EE0CC252D6042EB2874A73EDDDE23A4A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeImageLocalized.qtr]
[64C08FFF1B2F652D4085861CFE5AE340] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr]
[A481EF84BD2513EDB6AEBA1BBC4983D1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr]
[C0733D9131B880E5795D7A83996CC66E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.qtx]
[A3654DE3F6148815D354FA16C6E9CD5A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeInternetExtrasLocalized.qtr]
[0029B079272185D919157E24CB7AF234] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeInternetExtrasLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\locversion.plist]
[E3BE252CE4DFA4FEC6459AD5EDAE496B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr]
[8EF0276FA038178F481D4F75E4D8D094] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr]
[FAAFA4F8BCCA42CC3BF421A70044F759] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeInternetExtrasLocalized.qtr]
[F73F68AEE725A5AB78B1767E44F3CE48] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr]
[D46A2EE9383F7C2A84C992E95C38C64A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr]
[BEBBF90F34CAD16F968680FD6065E70C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr]
[BAC2B17B431BFA462DB2B186AA5E7F4F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr]
[63D3F9527D2CB6BD89D2CBF2BF700467] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj\QuickTimeInternetExtrasLocalized.qtr]
[13E27412A5E2E473CCD4ABFBA80EEDA8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeInternetExtrasLocalized.qtr]
[C1B17BAA8A3A49DD71AAEB336212E457] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj\QuickTimeInternetExtrasLocalized.qtr]
[FCEF24A61C77ADD794F49DAC5608641E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt.lproj\QuickTimeInternetExtrasLocalized.qtr]
[D92A5621DEFA51512F005DEAD2A5EAA0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj\QuickTimeInternetExtrasLocalized.qtr]
[0E3DF93FC88E1A2F67AD361A78554798] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr]
[A1D2CBF90A1216A5BF8FAC01515AFF63] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj\QuickTimeInternetExtrasLocalized.qtr]
[8CA3FB68E4B936B592966E914F5BE68A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr]
[9B9DBAB91CE745003901E3F05AAED19A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr]
[8587C9CC589D341BDDBFE86D7BB41482] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr]
[9246C5561D9B0FAE5844BB6553825002] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.qtx]
[2B2619FA62A2A931D7C7649CA8222DCD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeMPEGLocalized.qtr]
[B964D452EF6C0A881B5D69EC5830FDB9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeMPEGLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\en.lproj\locversion.plist]
[B5E1D7DC0AB926B7DA0CB06A98E22608] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeMPEGLocalized.qtr]
[77E73616670FB3AE896A3D13CD354F6C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr]
[BA4C4917D348B11CB9160610F65D15DC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeMPEGLocalized.qtr]
[05F6FCF2DD3889EF0FEC667AF84E9CEE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeMPEGLocalized.qtr]
[930CE13D43F8A946626EE1CD084A99A9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeMPEGLocalized.qtr]
[D6A7C66DCB784414945442724E975DB7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr]
[400F2FEB74F5EF2B36C2AC0B8AE45B19] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeMPEGLocalized.qtr]
[DB8A369BDDC8D2DA2D42E7B48028D873] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\nb.lproj\QuickTimeMPEGLocalized.qtr]
[35BE1260C90BADF15B0A58CB745DFB39] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeMPEGLocalized.qtr]
[E022E21E39D0B9E0F71CF46E225389AF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\pl.lproj\QuickTimeMPEGLocalized.qtr]
[DA6349F628C3AA4DF3B2C310475E0D36] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt.lproj\QuickTimeMPEGLocalized.qtr]
[E45229750CD2FE1FA2EACF7CB12471A5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj\QuickTimeMPEGLocalized.qtr]
[742EFDE12DD5D98172D186A56B977A22] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr]
[25AD35B171AD268459A59C6C28CF9041] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\ru.lproj\QuickTimeMPEGLocalized.qtr]
[45BA327A5670AECB80B49E12295F6AA3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeMPEGLocalized.qtr]
[F2E21EDCAF978C127A1CAC76E95901DE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr]
[4A8E0F38A6D8CB14F4ABFC03A953CD30] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr]
[AED5F9F09F068AEFEACBDB72F5C5775F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.qtx]
[757ABAC01269121C0F87A08B654D38E0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeMPEG4Localized.qtr]
[E9C1E5FA928A920BF63A1F1B0DD90B39] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeMPEG4Localized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\locversion.plist]
[0BE0A93335345B7593A907BBA48EDC7B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr]
[73A95EC983167B6190FD80C1884C08B3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeMPEG4Localized.qtr]
[8F7C557A713A28CD9810D116C7C1BFB6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeMPEG4Localized.qtr]
[FBF9B53FB48B37CF72E21805F15BDDA7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeMPEG4Localized.qtr]
[92FC289D83BDE3E696779909477DD9B6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr]
[F8B1694EA1CEB08D169DBDECA7B5123D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr]
[D51B3ED20F3E3547B4F3B6A11A61878E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeMPEG4Localized.qtr]
[69D955B971E48C86D7B5C615A039FEA7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nb.lproj\QuickTimeMPEG4Localized.qtr]
[EED0BB7B9C99FD875CB60473A2C0FEB9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeMPEG4Localized.qtr]
[2EDA7DECBDFDCFF19DE51D117BFF1728] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pl.lproj\QuickTimeMPEG4Localized.qtr]
[CEF1D4CC37E54F89034C15C3B50A637E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt.lproj\QuickTimeMPEG4Localized.qtr]
[23176B8996296D6F678BE177E89FFB31] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj\QuickTimeMPEG4Localized.qtr]
[938AB45AC7C133B33CBE190811621D6E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr]
[371FD437E632886CEF176E51D604C915] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ru.lproj\QuickTimeMPEG4Localized.qtr]
[F317525E276678BF4C2FA91236EA9D3E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr]
[306CEF859EB169BF074F9D9E155329B1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr]
[DD1B385775C9CF41DF06AC5E14700C30] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr]
[4D93B56BED39BC2E3ED7B75FF724A71C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx]
[7AF45311C83613A0D30CED60F266FE64] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[1A8C641EEBFB05D1CFD20E6EEF9FBA51] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\locversion.plist]
[5FD11D5D6E0BAF099F332DCEA0CAEBC9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[125511E22985E008A0D90D47D43760F8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[BD5C27BD94E0EA16C3ADDC533549168B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[52A71F602184EA84A9D389392131CEF6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[227C43D3BED0C199047EF2A49E2289CE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[3C62132F3DF9D879ECE0C0B3850FC105] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[057D7D68F8F0A20F3CC4F3B4B4FB32D0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[8CA090C13FEE5B56B9F428EBF4C74F71] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[5B0FCB0A91DE81202517E431B9020C09] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[655BDDE48FD77E5CCDFEF27D46268393] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[D4288052F13647E52195EACA97BF35DE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[C4B7649273027919373CEC8860E88AAA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[606514ADBF1229418ADB4F7997E37663] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr]
[B773F124856EF22EE73BE0433D50043F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[06360B0602233346D05DD54337DDB560] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[A3D0ABDE9BA31351D6D76B65EF4F3AA6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[035BA729008D4D7533F6C77F22829D85] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr]
[F84E9E0EE9870C1C3C35EF00FC31B4ED] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.qtx]
[657D52AD087D8B30A2C1C67B9A2963E5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr]
[AF71072B0766F1B65A6193FE8CCA25F3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeMusicLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\en.lproj\locversion.plist]
[BBF2764BC64AA5A31E303DDBB3A67D6E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr]
[7D470F03D7F14AA36FFE0FB33AD83E00] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeMusicLocalized.qtr]
[E8657596187D6887129A0ADD3216AA1D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeMusicLocalized.qtr]
[E0BAA9387BCADAA56A4DD1AA52B1A84B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeMusicLocalized.qtr]
[3B753D0994EA1567E5741F1CACAAC615] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeMusicLocalized.qtr]
[8D77C27C4B86AC991356CEBEF53C0EE4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr]
[0E8C849FDF8B64EC6F2ECB3381B3DEA3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr]
[E415563DBE4BC1432DF4FCD7F21DD4B2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\nb.lproj\QuickTimeMusicLocalized.qtr]
[F842522405A505E270D0CCDF15CE5E69] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeMusicLocalized.qtr]
[EBDADCBC08FA20F6CA965A25E96C7048] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\pl.lproj\QuickTimeMusicLocalized.qtr]
[C68B7595F27DC3F1C8FA25AE6A0D09E8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\pt.lproj\QuickTimeMusicLocalized.qtr]
[8E20ED581A90FB54F080D828B35CD0EB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj\QuickTimeMusicLocalized.qtr]
[511EE1DEEE0D20F9005342A8EB4EF95D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr]
[CBA8AC104FBF7D91B79F17BBCB730D6F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\ru.lproj\QuickTimeMusicLocalized.qtr]
[603CBC6BDAEAB5340674117C10DA704A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr]
[19A3CF1B9F89423149D4471FB3CFB6FE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr]
[941DDAF75A1D6DF4BC77E17EA897570E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr]
[FC811DA3C0DC96709D958641C0604516] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeMusicalInstruments.qtx]
[10F9799849ABE6B6AB3A3C38B7449FA0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.qtx]
[88BA9A53F83A44CF723B205B70BEF644] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.dll]
[C455FF9465F3D0F00D9A733CE65F0EED] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr]
[64B8CF0C03B0D90EC86E60A7B4F83447] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.dll]
[11D2C2BA4049B0EA1A84D34E51D04F30] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\locversion.plist]
[CBE2D25B9068579752C3B6928C9CBB6F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll]
[712A4AD324D80C6B993CDA7D86B9B035] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr]
[4551A96D5C3C0F59BD6BD96017FD107F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.dll]
[A7CCAABDB123EC720EEBBA7FC927054E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr]
[1AFCB689869808002B11CFA46CCEA05F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.dll]
[657BA938316A89FF72A41C0AF1D2EA24] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.qtr]
[0B661AEA4409C643E3D3874D235EA335] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.dll]
[9977B4FC84FBB474AEF2BC24D2D8F515] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr]
[96B718D728FAE2FEAE53E1221919BC61] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.dll]
[B637DF0125FFA380170E66C9B4A00A75] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr]
[915D9DDF2206E2FC3C27AACF2F13CA12] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.dll]
[429B4982C12B67D399E39101C30283FD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr]
[F79B488563BDDC8D5C686C96F7712607] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.dll]
[5E47DDBF41E006D1F79BF069C90199E9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.qtr]
[C7F4E933769AE8111B1B84729541E524] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.dll]
[AD0AC0DA6D8072A006ABDA46B2F27C13] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.qtr]
[20A4889C40F586C69A87D9758591012C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.dll]
[E3C127AC48B77AC53331F40AD261AB30] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.qtr]
[D4862BDC7913240C17B81D2E231FA2E4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pl.lproj\QuickTimeStreamingLocalized.dll]
[D0A9D00E6F0F8CB25CDF554671C2B385] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pl.lproj\QuickTimeStreamingLocalized.qtr]
[7B11559FF100E4AA120075868880987E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt.lproj\QuickTimeStreamingLocalized.dll]
[C536E704769450D66D177C946DBB47D7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt.lproj\QuickTimeStreamingLocalized.qtr]
[6008165989C83F5F73770A527D9B8D88] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.dll]
[60E38C7105858471F16CB2A5195F043A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.qtr]
[CA5F7F67450F5462E840BEAC97DAADA7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr]
[A7D593F53064B61D30D8AEA5EEDA8744] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ru.lproj\QuickTimeStreamingLocalized.dll]
[E74A8716C5535DB25BB738BF05E2C1B4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\ru.lproj\QuickTimeStreamingLocalized.qtr]
[AF2EAA99E0F5FDF8DBB01DEA5BE18600] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.dll]
[FC794EF75BF0AE478A4C4E83F40217C2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.qtr]
[FA3DAC1A3BD7740CCE3029BCD1AA6CE1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.dll]
[0E6E75DFCF600C601619689EC016B2D3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr]
[BC4E338BE0784D2267A890401AC642AE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.dll]
[23196CC13B47434536149FF6CD16B5F5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr]
[75076D59A117AB8C300C51353EA01678] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx]
[0D74F34F3850DD6443DFABF4D15B29B7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[CECFA213FDE8A68FFD0F42BB440AAEBB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\locversion.plist]
[08223C5C6902B9D1638E355DD0907C42] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[47A0BD157467C84576534D913157F979] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[36559ED4C6A9B2A2C33FC5EA08C09C79] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[F84AB552C9950D55449820B0F13AA178] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[20359E832BB0FFF9006F38744AA0B597] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[48BFD00D668526C0CFA537D273996230] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[B72E7AAE35FDA17934BBA402F74E82F1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[E1D8352A644DF7C093FD01D09F8D840B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[D9408CA1841B16402134A4C91638FFF5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[9E5A88AAB01C4C1D98E038C40189818B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pl.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[4D775C74F011DE87653ABBCF5D275AD1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[E5A7CE3C88CFA338758D211419DCD5FE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[C59D5D681B69F96E1E03C71D9C1B11A1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr]
[2ADFAA3192055E6A1D83ED3C6B02D70A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[8E835205CBAE411CA06D73A269ACFFEF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[A9316E272FA464E24D6313FAD99AC937] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[2494278F9A1A6164D0C2749C32C93F1B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr]
[EA4871340CD05F58488C3F940A3567C4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx]
[D988D8F38553D642A63C60C227839519] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[D203F569A2FEB79241B474DD3A8B3ECD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\locversion.plist]
[E51240E812EE564F5C7A6A242F839838] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[A6D23411B865524BD5871B0B4EFAD9A6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[3850536136F714AEBD6101A5B2F67616] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[F077DC70D321B27AFB394BACB6FD939B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[EE74939F2ECC63B7AEA3378339D85A84] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[3EB8EED58AE06AB11037A6512D01D82C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[D57EFE8A51D8A17E460C4731207EF273] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[6B5ACF496ECE03A9F402D53490410575] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[7419975E9D7D57D589765ED5C331A68F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[1668B12F9DE12B5C0A19BE329F1EB190] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pl.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[BBB91086146DE76C5AD183EEBBA4AB3C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[EEC07AEEF5F3EB6E0176DCE84F4644B9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[C3376E57486B1E4BEB937296B2243AEC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr]
[23A9FBD9F8CCC05582B124E4B7CE3C33] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ru.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[60B75FAF21B6DBCA71D149B61AACD051] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[FA53ABA5DEECACF1C7CD44E8C4C3B775] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[D33E7FF7AA4DE6E29382CF976890D9F9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr]
[3DE409A9B85D918B9812543A0A5C7685] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.qtx]
[28F0977893F8D921467446A4B01C771F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\da.lproj\QuickTimeThirdPartyLocalized.qtr]
[95E8F27A7000B34A32018AF903B938E8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\de.lproj\QuickTimeThirdPartyLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\en.lproj\locversion.plist]
[3D691AE6EED9E4F02376A68B1248A51D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\en.lproj\QuickTimeThirdPartyLocalized.qtr]
[DA9576F0D4CF75BDA2EB3D1008D19903] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\es.lproj\QuickTimeThirdPartyLocalized.qtr]
[4253A5D1E9845454E5D0DF5D4DB3B0AD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\fi.lproj\QuickTimeThirdPartyLocalized.qtr]
[1EF1CCF181CF03CD35C670C7FA3464A7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\fr.lproj\QuickTimeThirdPartyLocalized.qtr]
[7E4C800E671791851FC63F594C418854] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\it.lproj\QuickTimeThirdPartyLocalized.qtr]
[4F85AACD003B888AAB2E938FA85BC0E7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\ja.lproj\QuickTimeThirdPartyLocalized.qtr]
[2162D602636C2A316B340F065AE546C2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\ko.lproj\QuickTimeThirdPartyLocalized.qtr]
[21A0486944E45B37E0BB341D59BF3BDD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\nb.lproj\QuickTimeThirdPartyLocalized.qtr]
[D89B53999F4913803868031A7BC7FB11] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\nl.lproj\QuickTimeThirdPartyLocalized.qtr]
[3E72FA1990C4F8B76D2038095715C003] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\pl.lproj\QuickTimeThirdPartyLocalized.qtr]
[26828684EA95B85C44C67D17AA2D2DA8] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\pt.lproj\QuickTimeThirdPartyLocalized.qtr]
[418C4A730F9D7C1FF486F20AA81F5E96] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\pt_PT.lproj\QuickTimeThirdPartyLocalized.qtr]
[A8E30186CE2D063EE63EA1260CF4C6DF] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\QuickTimeThirdParty.qtr]
[191711E4DA84DF3430FE21B2CBB7E357] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\ru.lproj\QuickTimeThirdPartyLocalized.qtr]
[E25777EAE132F791504E589004159836] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\sv.lproj\QuickTimeThirdPartyLocalized.qtr]
[AA28A8F6B3BDDA18F51FDA52D83EBBFC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\zh_CN.lproj\QuickTimeThirdPartyLocalized.qtr]
[01E998DD2FC0B2052DACE9391C11F6C4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeThirdParty.Resources\zh_TW.lproj\QuickTimeThirdPartyLocalized.qtr]
[857BB7C6341D65B0FAAF9C2CC608AA08] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeUpdateHelper.exe]
[55982FF0FCD0B98DAF90E6D49029A41C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.qtx]
[B54DF224AD649F3C829AD643CE4E20FD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeVRLocalized.qtr]
[FD7DB72F96682A6572AAB9ECECE15B6F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeVRLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\en.lproj\locversion.plist]
[2501970ADB3006CAF0F215AF50969084] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr]
[1E3714E757DD2834174E303DBCAFC87C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeVRLocalized.qtr]
[6ACA1A57F7FB91870BCAFD9AE6EBE156] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeVRLocalized.qtr]
[23A45FD0A468034A2D0D09E752228002] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeVRLocalized.qtr]
[202C6B57A0C97511685DC0B7DF553098] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeVRLocalized.qtr]
[1B517080A1D732E9740CDB6ABCE8A0D2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeVRLocalized.qtr]
[01063F6362C15E99767184C525C0E637] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeVRLocalized.qtr]
[27772138B218AD3B12AF893B8103889E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\nb.lproj\QuickTimeVRLocalized.qtr]
[4F28EB4861B116C2256371CA5F9588A2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeVRLocalized.qtr]
[CF1453FB6899F6433166A621BC1840DD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\pl.lproj\QuickTimeVRLocalized.qtr]
[42CFA2977B89D97D0BF5AC64D8FBF812] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\pt.lproj\QuickTimeVRLocalized.qtr]
[DDB89D6A21EC650A00914471AEB5C061] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\pt_PT.lproj\QuickTimeVRLocalized.qtr]
[C583670D5CC43D005EDE5F260DE466FA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr]
[9660472C53AD11E8856A3753988C9CCA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\ru.lproj\QuickTimeVRLocalized.qtr]
[5C94FCE76A4A0C2CAA3344AA014BE84A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeVRLocalized.qtr]
[736605E2F12D803E75AADAAE4FA9BF81] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr]
[5185BDFA26A6B4D5F8BED49E2A01F27E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr]
[58E18BDEB2138E7FCA7CA0C3FE2111C4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.qtx]
[33FE719082922AE4EBF514AEFAAB8E94] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeVRAuthoringLocalized.qtr]
[ED9B2AA5B1D929884ECFAE156ACE31C1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeVRAuthoringLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\locversion.plist]
[E7C53E286FEE4CC812D4457ED61C0A1B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeVRAuthoringLocalized.qtr]
[81DFEEC93A181F99A36E5298D342C334] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeVRAuthoringLocalized.qtr]
[E57999A6AEE935A3DCCC3FAD96F0C7E0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeVRAuthoringLocalized.qtr]
[C2282D338EFE1923C6891021A5BF0FC5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeVRAuthoringLocalized.qtr]
[0A630F30CA17CE7060576B999E03DD01] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeVRAuthoringLocalized.qtr]
[B5402E3E231AFA98ADE089C41205FEE3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeVRAuthoringLocalized.qtr]
[8E7BAD47A3FB32ADE17CBAB84C2D3843] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeVRAuthoringLocalized.qtr]
[33F6ECB38F80039FDAD96C08FAFFDE41] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj\QuickTimeVRAuthoringLocalized.qtr]
[0F719326880E13931AE223790CC8CF3D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeVRAuthoringLocalized.qtr]
[7E32A49FE600A681FE19ABF6461F91AA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pl.lproj\QuickTimeVRAuthoringLocalized.qtr]
[2B2BB279CF1718BCB5F2A3A87E03AE75] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt.lproj\QuickTimeVRAuthoringLocalized.qtr]
[CB7D041D65B0000357EAE9CA32C8915E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj\QuickTimeVRAuthoringLocalized.qtr]
[0515100842EE998F0B68D7739A98CA72] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr]
[77917F80D78BFEE2984BA6A5C8782ED5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ru.lproj\QuickTimeVRAuthoringLocalized.qtr]
[C3D45917B777981F9538717A41618FC2] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeVRAuthoringLocalized.qtr]
[AD8B54E41DE2D30CF44A87FE86107C82] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr]
[6620C04208709D929A773A5F59BE38F0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr]
[A626A498D71795066E1DD040DFCC5B7F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.qtx]
[498DB2A264D2A50C0007DD88AA2D2704] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.dll]
[AC92E2B0425378B5774BCB48CDD94719] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.qtr]
[BAB0BA0391A64E935C74CCB3EA42F363] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.dll]
[E668D3874F066D90DFEC0BD044EB1FE5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\locversion.plist]
[997828CE44F7FA69EC02F2139DC9B037] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.dll]
[4BDD175657B88D24DAC7FB7D541E1CE1] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.qtr]
[ED57E49D6C10CAB126E24E332957CEAC] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.dll]
[E2B4A3DE18240059CDE97CF7C5DD2037] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.qtr]
[7BFE3C9158176D06568467CDCB80DED0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.dll]
[2B601F6A28041F3E2F98C1D2BAC209BB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.qtr]
[9A437B75530D9D93293A45AF5B1578D0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.dll]
[537DF745099CC006409A42D0329DA905] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.qtr]
[1B77581A7CDBB731D2CBC9CBD4AE5366] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.dll]
[ED05C63E6BDBCB161AEAA07BB4FC159A] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.qtr]
[7E02097A48EE8236DE4101A4F7971371] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.dll]
[B4C9F808E635CE8BE984E610F66B0F96] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.qtr]
[EE2A5515FC5D13C0C4FB2D7AE34D3F34] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.dll]
[032C392FD060CF408D309A6D29C0C1D4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.qtr]
[E53DF219F83628F5400D16703C133B9B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.dll]
[C8963DEFC542514AB896ACF97B1BAF79] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.qtr]
[CCA113D35289ADBFF2D4FADA0D0A07F7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.dll]
[9B6FAB2D03FF3405BFE7F4AEC89DF275] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.qtr]
[7E4BA52EDF40005AAE8A493430EE7B8E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeWebHelperLocalized.dll]
[568F1FF174798F15D3E71593FE2BCAB9] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeWebHelperLocalized.qtr]
[09808067B78D81BF03B3CF3255DAC287] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt.lproj\QuickTimeWebHelperLocalized.dll]
[F162719863FA519F2E4B6B6869597153] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt.lproj\QuickTimeWebHelperLocalized.qtr]
[489E2395991DDAD775111B13CAF6E726] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.dll]
[88EC9E584D62DB15717C8EE26B56CBCD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.qtr]
[6C5D1FA255BD688102F4641BD7586D33] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.dll]
[BDE5432BA37954E10A1CA56E1EA044FD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr]
[B07FEECF4D33A14FD9BCAA9A9EA57971] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperLocalized.dll]
[240724B95A9E35AC833BF2A6DEF350AE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperLocalized.qtr]
[01B1802BC6EDEA44A9D4D1D403DDD031] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.dll]
[6E9E510D44C486B77E9CEB45CDC7AB00] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.qtr]
[D5FB354811DD63D674CF33B25137D175] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.dll]
[FE6D703579E1961E136C0E109AC744AE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr]
[9A1B60A5D34D10F970DA99F31771653B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.dll]
[1334B7CBDB84883DD2676F3D29F5DE5F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr]
[BBF84B7D2715F4A04583DBD26C923D45] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QTUIPanelControl.dll]
[960D55C0193B88B8B256E4A69D0EF243] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\About QuickTime.lnk]
[871CF585CCA3E39340E25F526B78E093] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\QuickTime Player.lnk]
[EB8F6AC0A1BF20E683F6FD6703C1F36B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime\Uninstall QuickTime.lnk]
[956A7334508867914984192DCC8F4558] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime Read Me.htm]
[D7C54BBF10B5F6428596CDE30EE958B0] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTime.Resources\QuickTime.qtxs]
[3D3ED358DA5D2D4D19809027014E22E5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.dll]
[26ED6521A62F49C93D6F0AF5D221A6DD] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.exe]
[AA05635E8489F52DAB99A1D9C77A2DC7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\da.lproj\QuickTimePlayerLocalized.qtr]
[4DFC3BDCA86D17ACFA62860A9824075C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\de.lproj\QuickTimePlayerLocalized.qtr]
[25A7915ED2CE187B1233C3754B41CE59] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\en.lproj\locversion.plist]
[5697CF519B24A7549F4E5F658DDDB62B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\en.lproj\QuickTimePlayerLocalized.qtr]
[1E1187219982E94406FD4726A1C7C5B6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\es.lproj\QuickTimePlayerLocalized.qtr]
[8FF82AB045E5F8301FE2564BDDFF5293] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\fi.lproj\QuickTimePlayerLocalized.qtr]
[A4D0DA290D243A50C1A5B01AEBAC0D14] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\fr.lproj\QuickTimePlayerLocalized.qtr]
[E2D42F21BFD26972E7200AD78796C63C] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\it.lproj\QuickTimePlayerLocalized.qtr]
[CCB212217BC6D28B5800BC5222BDCC5B] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\ja.lproj\QuickTimePlayerLocalized.qtr]
[B5C29ED511125BA1B2C212EE5EBC9496] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\ko.lproj\QuickTimePlayerLocalized.qtr]
[C12B744EB96DA1B0546ADFFCA80A8B5D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\nb.lproj\QuickTimePlayerLocalized.qtr]
[EC3FCC4C92CD7D5B2D1BDBA933AF51A7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\nl.lproj\QuickTimePlayerLocalized.qtr]
[6B344BF2A7A182B63C985161C356B6C6] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\pl.lproj\QuickTimePlayerLocalized.qtr]
[EDEC83E0FCFD96FB8574164C90727AB7] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\pt.lproj\QuickTimePlayerLocalized.qtr]
[F6F6F984A7F0037D636F877382F6AD5D] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimePlayerLocalized.qtr]
[2F2321DD435BFF383CA13D23DC83F0B5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\QuickTimePlayer.qtr]
[8BEB0A268F22C672D872F85D799AE5F5] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\ru.lproj\QuickTimePlayerLocalized.qtr]
[16FD61BF68A487706C9DE673E30DBFEB] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\sv.lproj\QuickTimePlayerLocalized.qtr]
[202698980920AB9D3C9525F113B981FE] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimePlayerLocalized.qtr]
[5F21C703C35970D19BBA1F68698E5D43] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimePlayerLocalized.qtr]
[0E242AB2D25193687BFFDF12813E6E67] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\QuickTime\Sample.mov]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{05BFB060-4F22-4710-B0A2-2801A1B606C5}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{2F72F540-1F60-4266-9506-952B21D6640D}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{33EB1061-ABF1-4470-A540-32E97A610536}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{439760BC-7737-4386-9B1D-A90A3E8A22EA}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{5ED7462B-EF58-4757-B609-53755021EC34}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{75104836-CAC7-444E-A39E-3F54151942F5}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{7774002B-60B3-4146-BF82-5BF767D468B8}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{787136D2-F0F8-4625-AA3F-72D7795AC842}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{8F473675-D702-45F9-8EBC-342B40C17BF5}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{963BFE7E-C350-4346-B43C-B02358306A45}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{B678797F-DF38-4556-8A31-8B818E261868}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{C4123106-B685-48E6-B9BD-E4F911841EB4}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{D4D86CB2-2370-4691-8272-3869EDED6C64}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{E5C95CA5-4565-4B9D-97ED-05088D775614}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{F7513E19-6224-485E-988D-9BF45BE64B53}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}.SchedServiceConfig.rmi]
[D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Quarantine\wix{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}.SchedServiceConfig.rmi]
[3AC3E89CDD11E306BFFF701CE97BC126] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\Tempo.txt]
[83756DBD9C30884D7EBF50FE6C341B75] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\TraceZHPCleaner.txt]
[35C9DDFCBCD2DC2BE425B989C862F0EA] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPCleaner-[R]-04032017-20_08_06.txt]
[0FA8DD83EA37D6643C007A58FFB3E2A4] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPCleaner--04032017-19_59_58.txt]
[84111C56B64E5E605F807F6351C68932] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPCleaner.exe]
[9EEEF2834A0C6A3078E77636E0785EA3] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPCleaner.txt]
[7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[E827802F505F1FDF617412D4A4DD607F] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
[2510069D933E2441C1E19489AC5E8219] Trojan.FPL.Rotbrow.vl [c:\users\goldfish\appdata\roaming\ZHP\ZHPQ_Files.txt]
[3B6A157D409CA7C442A176BF773A1A7B] Adware.FMPL.Gen.se [C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt]
[6D47483DE61BA05C68BF0A3F502FB81C] Adware.FMPL.Gen.se [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\DIFxInstallLog.txt]
[E675C7006BDC625BC4EE9CF5BB1F7677] Malware.MPL.Heur.vl [c:\users\goldfish\appdata\roaming\microsoft\windows\templates\iTunes12x64Patch.exe]
[9F7F3294F2CD26EAB0DB92100E70186C] Pack.Win32.Gen.bot!ep-9 [c:\windows\syswow64\VaioScreensaversGeneric.scr]
[9F7F3294F2CD26EAB0DB92100E70186C] Pack.Win32.Gen.bot!ep-9 [C:\Program Files (x86)\VAIO screensavers\VaioScreensaversGeneric.scr]
 
FRST Fix.



Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Shortcut.txt made with FRST earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.

BPD7B3BAgEQl.gif


Rogue Killer Scan.

I've also run RogueKiller (blue-screens partway through)



Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2


  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.
  • upload_2017-2-23_10-55-54-png.1658

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.
 

Attachments

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Scanner button.

upload_2017-2-23_3-32-26-png.1647



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 
Status
Not open for further replies.