Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Firewall and MSE disabled; cannot open downloaded documents &#

Started by Lyanheart , Oct 25 2013 07:40 AM

  • This topic is locked This topic is locked

#1
Lyanheart
Posted 25 October 2013 - 07:40 AM

Lyanheart

    Member

  • Member
  • PipPipPip
  • 136 posts
As stated in topic title, this morning my work PC decided to disable windows firewall, and MSE is also "gone."
I get the message " (file) contained a virus and was deleted " when trying to open any downloaded document with IE. Chrome will download and allow me to open the file, but gives a warning message. I deal with a lot of pdf files, but I imagine it would tell me this no matter what I download. I had this same issue about a year ago. Obviously I know these files to be safe.

Thanks in advance. I've brought many problems here and they've always been fixed. You guys are the best!

OTL scan:

OTL logfile created on: 10/25/2013 9:28:24 AM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.10% Memory free
7.93 Gb Paging File | 6.09 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 362.78 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/05/25 04:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 07:25:43 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pysqlite2._sqlite.pyd
MOD - [2013/10/25 07:25:43 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32com.shell.shell.pyd
MOD - [2013/10/25 07:25:43 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_elementtree.pyd
MOD - [2013/10/25 07:25:43 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32api.pyd
MOD - [2013/10/25 07:25:43 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._html2.pyd
MOD - [2013/10/25 07:25:43 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_socket.pyd
MOD - [2013/10/25 07:25:43 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_multiprocessing.pyd
MOD - [2013/10/25 07:25:43 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32ts.pyd
MOD - [2013/10/25 07:25:42 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._gdi_.pyd
MOD - [2013/10/25 07:25:42 | 000,504,832 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\windows._cacheinvalidation.pyd
MOD - [2013/10/25 07:25:42 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pythoncom27.dll
MOD - [2013/10/25 07:25:42 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_ctypes.pyd
MOD - [2013/10/25 07:25:42 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32profile.pyd
MOD - [2013/10/25 07:25:42 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32crypt.pyd
MOD - [2013/10/25 07:25:36 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._misc_.pyd
MOD - [2013/10/25 07:25:32 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\PyWinTypes27.dll
MOD - [2013/10/25 07:25:30 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32security.pyd
MOD - [2013/10/25 07:25:28 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._core_.pyd
MOD - [2013/10/25 07:25:22 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_ssl.pyd
MOD - [2013/10/25 07:25:20 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_hashlib.pyd
MOD - [2013/10/25 07:25:20 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32process.pyd
MOD - [2013/10/25 07:25:20 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32pdh.pyd
MOD - [2013/10/25 07:25:18 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._controls_.pyd
MOD - [2013/10/25 07:25:18 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._windows_.pyd
MOD - [2013/10/25 07:25:18 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\unicodedata.pyd
MOD - [2013/10/25 07:25:18 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pyexpat.pyd
MOD - [2013/10/25 07:25:18 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._wizard.pyd
MOD - [2013/10/25 07:25:18 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32file.pyd
MOD - [2013/10/25 07:25:18 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32inet.pyd
MOD - [2013/10/25 07:25:18 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32event.pyd
MOD - [2013/10/25 07:25:17 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\select.pyd
MOD - [2013/10/10 11:57:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ea3406b1357f932b76236c4ea85b0747\System.Runtime.Remoting.ni.dll
MOD - [2013/10/10 07:39:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:39:04 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 07:38:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:34 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/09 12:12:33 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6a71efa7248119b0875d6cd2dd1e204c\System.Windows.Forms.ni.dll
MOD - [2013/10/09 12:12:23 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:22 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/09 12:12:18 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/09 12:12:14 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/09/11 08:06:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 12:07:12 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d1cb852474c9f322e257a30f643bca56\System.Management.ni.dll
MOD - [2013/08/15 12:05:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 12:05:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 12:02:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 07:42:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 07:42:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 07:42:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 12:08:40 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8cfa98586dc8b987a8236ea591b567b5\PresentationFramework.Aero.ni.dll
MOD - [2013/08/14 12:08:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll
MOD - [2013/08/14 12:08:32 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/14 12:08:27 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/30 08:15:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/29 17:10:08 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/07/13 11:11:48 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 04:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] () [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/10/09 11:47:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/25 08:45:31 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\obcwvcnv.sys -- (obcwvcnv)
DRV:64bit: - [2013/08/28 21:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/07/13 11:05:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 08:45:31 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\obcwvcnv.sys
[2013/10/25 08:09:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
[2013/10/24 08:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
[2013/10/23 08:07:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
[2013/10/22 09:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
[2013/10/22 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
[2013/10/21 08:08:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
[2013/10/18 08:12:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
[2013/10/17 08:14:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
[2013/10/16 07:44:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
[2013/10/15 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/15 08:17:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
[2013/10/14 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2013/10/14 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
[2013/10/11 07:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
[2013/10/10 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
[2013/10/09 12:14:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/09 12:14:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/09 12:14:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 12:14:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 12:14:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/09 12:14:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/09 12:14:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 12:14:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/09 12:14:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/09 12:14:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/09 12:14:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 12:14:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/09 12:14:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/09 12:14:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/09 12:14:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/09 08:26:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 08:26:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbser.sys
[2013/10/09 08:26:09 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 08:26:09 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 08:26:09 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 08:26:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 08:26:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 08:26:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 08:26:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 08:26:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 08:26:07 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 08:26:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 08:26:07 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 08:26:02 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 08:26:01 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 08:26:01 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 08:26:01 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 08:26:01 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 08:26:00 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 08:26:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 08:25:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 08:25:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 08:25:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 08:25:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 08:25:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 08:25:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 08:25:51 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 08:25:51 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 08:25:51 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 08:25:50 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 08:25:50 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/09 08:18:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
[2013/10/08 08:21:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
[2013/10/07 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
[2013/10/05 08:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
[2013/10/04 08:20:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
[2013/10/03 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
[2013/10/02 07:49:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
[2013/10/01 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
[2013/10/01 08:28:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
[2013/09/30 09:12:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}
[2013/09/27 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0FE075C5-9606-49A3-A052-FFB5B6459A90}
[2013/09/27 08:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{54E4025D-8C49-464D-B3BD-2C68ED7174D2}
[2013/09/26 08:24:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{591DFE7F-9FFB-4876-8E59-C8EAB8AD5F2B}

========== Files - Modified Within 30 Days ==========

[2013/10/25 09:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 09:04:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/10/25 08:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 08:45:31 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\obcwvcnv.sys
[2013/10/25 08:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 08:03:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/10/25 07:32:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 07:32:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 07:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/25 07:24:54 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/18 08:07:57 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/10/15 16:55:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/10/10 07:43:25 | 000,783,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 07:43:25 | 000,663,238 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 07:43:25 | 000,122,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 07:33:44 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 12:13:16 | 000,777,118 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 11:47:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 11:47:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/05/22 12:32:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/22 12:32:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

< End of report >

Edited by Lyanheart, 25 October 2013 - 07:45 AM.

  • 0

Advertisements

#2
Essexboy
Posted 25 October 2013 - 08:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you will need to download the following programme to a USB drive and run it from there when in normal windows

Please download Farbar Recovery Scan Tool and save it to a USB.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Copy FRST to your desktop
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Lyanheart
Posted 25 October 2013 - 09:06 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
So... you say to save to and run FRST on the USB drive, but then you also say to copy to the desktop and run it.
Which am I supposed to do? I have it downloaed on my desktop now, but I don't have a USB drive handy at the moment but will try to find one later today and download directly to the USB if I need to.
  • 0

#4
Essexboy
Posted 25 October 2013 - 09:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK if it allowed you to download it to your desktop then run FRST

Then post both logs here
  • 0

#5
Lyanheart
Posted 25 October 2013 - 09:23 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Yes, I could download and save it with Chrome; IE blocks all downloads

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Ryan2011 (administrator) on RYAN2011-PC on 25-10-2013 11:19:22
Running from C:\Users\Ryan2011\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

() c:\Program Files\Microsoft Security Client\MsMpEng.exe
( ) C:\Windows\system32\dlbkcoms.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() c:\Program Files\Microsoft Security Client\NisSrv.exe
(Dropbox, Inc.) C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
HKCU\...\Run: [Google Update] - C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-03] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [masqform.exe] - C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe [634880 2004-04-19] (PureEdge™ Solutions Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DC718571-D9D1-419F-8C55-D9E6BD5837E5} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B0774E76-A7A8-4B69-B75F-965BB88F7716} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567024 2007-06-25] ( )
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7805e6ce-aece-7b86-307b-b3236983aa6d}\ \...\???\{7805e6ce-aece-7b86-307b-b3236983aa6d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2011-05-18] (CSR plc.)
S3 gtfilter; C:\Windows\System32\DRIVERS\gtfilter.sys [18272 2012-01-03] (Fructel AB)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S1 obcwvcnv; C:\Windows\system32\drivers\obcwvcnv.sys [49872 2013-10-25] (Microsoft Corporation)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 11:19 - 2013-10-25 11:19 - 00000000 ____D C:\FRST
2013-10-25 10:58 - 2013-10-25 10:58 - 01955412 _____ (Farbar) C:\Users\Ryan2011\Desktop\FRST64.exe
2013-10-25 09:34 - 2013-10-25 09:34 - 00099142 _____ C:\Users\Ryan2011\Desktop\OTL.Txt
2013-10-25 08:45 - 2013-10-25 08:45 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\obcwvcnv.sys
2013-10-25 08:09 - 2013-10-25 08:09 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
2013-10-24 08:35 - 2013-10-24 08:35 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
2013-10-23 08:07 - 2013-10-23 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
2013-10-22 09:04 - 2013-10-22 09:04 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
2013-10-22 07:53 - 2013-10-22 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
2013-10-21 08:08 - 2013-10-21 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
2013-10-18 08:12 - 2013-10-18 08:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
2013-10-17 08:14 - 2013-10-17 08:14 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
2013-10-16 07:44 - 2013-10-16 07:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
2013-10-15 14:16 - 2013-10-15 14:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman
2013-10-15 08:17 - 2013-10-15 08:17 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
2013-10-14 15:32 - 2013-10-14 15:33 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Prologue.url
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
2013-10-14 08:47 - 2013-10-14 08:47 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
2013-10-11 07:54 - 2013-10-11 07:54 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
2013-10-10 07:58 - 2013-10-10 07:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
2013-10-09 12:14 - 2013-09-22 11:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 12:14 - 2013-09-22 11:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 12:14 - 2013-09-22 10:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 12:14 - 2013-09-22 10:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 12:14 - 2013-09-22 10:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 12:14 - 2013-09-22 10:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 12:14 - 2013-09-22 10:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 12:14 - 2013-09-22 10:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 12:14 - 2013-09-22 10:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 12:14 - 2013-09-22 10:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 12:14 - 2013-09-22 10:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-09 12:14 - 2013-09-22 10:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 12:14 - 2013-09-22 10:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 12:14 - 2013-09-22 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 12:14 - 2013-09-22 10:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 12:14 - 2013-09-22 10:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 12:14 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 12:14 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 12:14 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 12:14 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 12:14 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 12:14 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 12:14 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 12:14 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 12:14 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 12:14 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 12:14 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-09 12:14 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 12:14 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 12:14 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 12:14 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 12:14 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 08:26 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 08:26 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 08:26 - 2013-09-07 22:27 - 00327168 _____ C:\Windows\system32\mswsock.dll
2013-10-09 08:26 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 08:26 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 08:26 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 08:26 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 08:26 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 08:26 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 08:26 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 08:26 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 08:26 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 08:26 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 08:26 - 2013-08-28 21:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-09 08:26 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 08:26 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 08:26 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 08:26 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 08:26 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 08:26 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 08:26 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 08:26 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 08:26 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 08:26 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 08:26 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 08:26 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 08:26 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 08:26 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 08:26 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 08:26 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 08:26 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 08:26 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 08:26 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 08:26 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 08:26 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 08:26 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 08:26 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 08:25 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 08:25 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 08:25 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 08:25 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 08:25 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 08:25 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 08:25 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 08:25 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 08:25 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 08:25 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 08:25 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:25 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 08:18 - 2013-10-09 08:19 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
2013-10-08 08:21 - 2013-10-08 08:21 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
2013-10-07 09:56 - 2013-10-07 09:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
2013-10-07 09:32 - 2013-10-07 09:34 - 66628672 _____ C:\Users\Ryan2011\Downloads\teen sex tape.mp4
2013-10-07 09:29 - 2013-10-07 09:30 - 40951236 _____ C:\Users\Ryan2011\Downloads\bbw Kiki outdoor play.mp4
2013-10-05 08:57 - 2013-10-05 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
2013-10-04 08:20 - 2013-10-04 08:20 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
2013-10-03 08:06 - 2013-10-03 08:06 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
2013-10-02 07:49 - 2013-10-02 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
2013-10-01 10:22 - 2013-10-01 10:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
2013-10-01 08:28 - 2013-10-01 08:28 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
2013-09-30 09:12 - 2013-09-30 09:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}
2013-09-27 09:52 - 2013-09-27 09:52 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{0FE075C5-9606-49A3-A052-FFB5B6459A90}
2013-09-27 08:35 - 2013-09-27 08:35 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{54E4025D-8C49-464D-B3BD-2C68ED7174D2}
2013-09-26 08:24 - 2013-09-26 08:24 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{591DFE7F-9FFB-4876-8E59-C8EAB8AD5F2B}
2013-09-25 09:16 - 2013-09-25 09:17 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B0BEF20A-1378-496C-A335-8D63FCDA331E}

==================== One Month Modified Files and Folders =======

2013-10-25 11:19 - 2013-10-25 11:19 - 00000000 ____D C:\FRST
2013-10-25 11:16 - 2011-01-31 17:14 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E2EFC854-A19B-421C-8245-B34FDE8E3A62}
2013-10-25 11:10 - 2013-04-10 11:45 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 11:04 - 2011-05-03 15:10 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
2013-10-25 10:58 - 2013-10-25 10:58 - 01955412 _____ (Farbar) C:\Users\Ryan2011\Desktop\FRST64.exe
2013-10-25 10:47 - 2012-03-30 07:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-25 09:34 - 2013-10-25 09:34 - 00099142 _____ C:\Users\Ryan2011\Desktop\OTL.Txt
2013-10-25 08:45 - 2013-10-25 08:45 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\obcwvcnv.sys
2013-10-25 08:44 - 2013-04-10 11:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-25 08:44 - 2011-05-03 15:10 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\Google
2013-10-25 08:10 - 2013-04-10 11:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-25 08:09 - 2013-10-25 08:09 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
2013-10-25 08:08 - 2012-07-12 10:32 - 01701720 _____ C:\Windows\WindowsUpdate.log
2013-10-25 08:03 - 2011-05-03 15:10 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
2013-10-25 07:32 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 07:32 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 07:26 - 2012-02-23 13:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Dropbox
2013-10-25 07:25 - 2013-04-10 11:46 - 00000000 ___RD C:\Users\Ryan2011\Google Drive
2013-10-25 07:25 - 2012-02-23 13:50 - 00000000 ___RD C:\Users\Ryan2011\Dropbox
2013-10-25 07:25 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-25 07:24 - 2012-07-12 10:29 - 00027612 _____ C:\Windows\setupact.log
2013-10-24 11:21 - 2011-02-02 12:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\CutePDF Writer
2013-10-24 08:35 - 2013-10-24 08:35 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
2013-10-23 08:07 - 2013-10-23 08:07 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
2013-10-22 16:50 - 2012-08-03 15:03 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\vlc
2013-10-22 09:04 - 2013-10-22 09:04 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
2013-10-22 07:53 - 2013-10-22 07:53 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
2013-10-21 12:35 - 2011-04-25 09:55 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-21 08:08 - 2013-10-21 08:08 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
2013-10-18 08:12 - 2013-10-18 08:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
2013-10-18 08:07 - 2011-05-03 15:11 - 00002390 _____ C:\Users\Ryan2011\Desktop\Google Chrome.lnk
2013-10-18 08:05 - 2013-04-10 11:45 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 08:05 - 2013-04-10 11:45 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 08:14 - 2013-10-17 08:14 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
2013-10-16 07:44 - 2013-10-16 07:44 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
2013-10-15 16:55 - 2013-08-20 08:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-15 16:55 - 2013-08-20 08:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-15 16:55 - 2011-02-21 09:19 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-15 14:18 - 2013-10-15 14:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman
2013-10-15 08:17 - 2013-10-15 08:17 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
2013-10-15 07:59 - 2011-05-03 15:10 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA
2013-10-15 07:59 - 2011-05-03 15:10 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core
2013-10-14 15:33 - 2013-10-14 15:32 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Prologue.url
2013-10-14 15:24 - 2013-10-14 15:24 - 00000222 _____ C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
2013-10-14 08:47 - 2013-10-14 08:47 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
2013-10-11 16:27 - 2013-05-02 09:59 - 00000000 ____D C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
2013-10-11 12:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 07:54 - 2013-10-11 07:54 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
2013-10-10 07:59 - 2013-10-10 07:58 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
2013-10-10 07:43 - 2009-07-14 01:13 - 00783394 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 07:33 - 2009-07-14 00:45 - 00296152 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 12:17 - 2009-07-13 22:34 - 00000566 _____ C:\Windows\win.ini
2013-10-09 12:15 - 2013-03-14 16:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 12:15 - 2013-03-14 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 12:13 - 2011-01-31 17:37 - 00777118 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 12:07 - 2013-08-14 12:02 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:06 - 2011-02-01 15:42 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 11:47 - 2012-03-30 07:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 11:47 - 2012-03-30 07:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 11:47 - 2011-05-18 07:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 08:19 - 2013-10-09 08:18 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
2013-10-08 08:21 - 2013-10-08 08:21 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
2013-10-07 09:57 - 2013-10-07 09:56 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
2013-10-07 09:34 - 2013-10-07 09:32 - 66628672 _____ C:\Users\Ryan2011\Downloads\teen sex tape.mp4
2013-10-07 09:30 - 2013-10-07 09:29 - 40951236 _____ C:\Users\Ryan2011\Downloads\bbw Kiki outdoor play.mp4
2013-10-05 08:57 - 2013-10-05 08:57 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
2013-10-04 08:20 - 2013-10-04 08:20 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
2013-10-03 08:06 - 2013-10-03 08:06 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
2013-10-02 07:49 - 2013-10-02 07:49 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
2013-10-01 10:22 - 2013-10-01 10:22 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
2013-10-01 08:28 - 2013-10-01 08:28 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
2013-09-30 09:12 - 2013-09-30 09:12 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}
2013-09-27 09:52 - 2013-09-27 09:52 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{0FE075C5-9606-49A3-A052-FFB5B6459A90}
2013-09-27 08:35 - 2013-09-27 08:35 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{54E4025D-8C49-464D-B3BD-2C68ED7174D2}
2013-09-26 08:24 - 2013-09-26 08:24 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{591DFE7F-9FFB-4876-8E59-C8EAB8AD5F2B}
2013-09-25 09:17 - 2013-09-25 09:16 - 00000000 ____D C:\Users\Ryan2011\AppData\Local\{B0BEF20A-1378-496C-A335-8D63FCDA331E}

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1237553287-1429794397-2156527687-1000\$7805e6ceaece7b86307bb3236983aa6d

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$7805e6ceaece7b86307bb3236983aa6d

Files to move or delete:
====================
ZeroAccess:
C:\Users\Ryan2011\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Ryan2011\AppData\Local\Temp\drm_dyndata_7330014.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-10-22 10:32

==================== End Of Log ============================

Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013
Ran by Ryan2011 at 2013-10-25 11:20:35
Running from C:\Users\Ryan2011\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ACORD Viewer 6.1 (x32)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader 9.4.0 (x32 Version: 9.4.0)
Amazon MP3 Downloader 1.0.15 (x32 Version: 1.0.15)
Amazon Music Importer (x32 Version: 2.0.1)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
BufferChm (x32 Version: 140.0.212.000)
CCleaner (Version: 3.20)
Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CutePDF Writer 2.8
D110 (x32 Version: 140.0.142.000)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell Edoc Viewer (Version: 1.0.0)
Desktop Icon Position Saver (64-bit) (x32)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
Dropbox (HKCU Version: 2.0.22)
Gametel Configuration Tool 64-bit (Version: 1.2.1.0)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.211.000)
Grim Dawn (x32)
Gunpoint (x32)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
Hoyle Casino (x32 Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.002)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
Informatik (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Java 7 Update 13 (x32 Version: 7.0.130)
Java Auto Updater (x32 Version: 2.1.9.0)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Magic Online (x32 Version: 3.00.0000)
Magic: The Gathering - Duels of the Planeswalkers (x32)
Magic: The Gathering – Tactics (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office Basic Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Mp3tag v2.52 (x32 Version: v2.52)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 140.0.212.000)
Network64 (Version: 140.0.221.000)
Palace of Chance (x32 Version: 12.0.0)
Prism Video File Converter (x32)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000)
QuickTransfer (x32 Version: 140.0.98.000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5963)
Samsung Kies (x32 Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Scan (x32 Version: 140.0.77.000)
Shop for HP Supplies (Version: 14.0)
Sir, You Are Being Hunted (x32)
SketchUp 2013 (x32 Version: 13.0.4124)
Skype™ 6.0 (x32 Version: 6.0.126)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.211.000)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Status (x32 Version: 140.0.212.000)
Steam (x32 Version: 1.0.0.0)
Talisman: Digital Edition (x32)
Talisman: Prologue (x32)
Toolbox (x32 Version: 140.0.424.000)
TQ Defiler.NET (x32 Version: 1.3.7)
TrayApp (x32 Version: 140.0.212.000)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Virtual Pool 3 DL (x32 Version: 3.3.1.1)
Virtual Pool 3 Preview (x32 Version: 3.2.3.9)
Virtual Pool 4 Demo (x32 Version: 4.1.1.7)
Visual Pinball VPInstaller 1.0.3 (x32 Version: VPInstaller 1.0.3)
VLC media player 2.0.3 (x32 Version: 2.0.3)
WebReg (x32 Version: 140.0.212.017)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0) (Version: 02/03/2011 2.4.0.0)
Windows Driver Package - Fructel AB (usbser) Ports (11/04/2011 1.0.0.0) (Version: 11/04/2011 1.0.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.00 (32-bit) (x32 Version: 4.00.0)
Yahoo! Messenger (x32)

==================== Restore Points =========================

05-10-2013 12:33:16 Windows Update
09-10-2013 15:19:27 Windows Update
09-10-2013 16:00:17 Windows Update
14-10-2013 12:04:03 Windows Update
15-10-2013 20:54:23 Windows Update
21-10-2013 12:16:24 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-07-13 11:05 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A01BE5E-832C-4659-A300-6CB3ED3AA642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {64506389-48FD-4A6D-B4D1-13ED5817E66E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03] (Google Inc.)
Task: {757CC069-530F-4A09-95CD-861F832C0212} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-03] (Google Inc.)
Task: {8BCDCFD2-F7D5-4B4E-A15A-EADE172F2B50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10] (Google Inc.)
Task: {CD96F50D-D4B2-4040-B732-45D70ECF4195} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {E956ACFD-B423-47F8-8B1D-BFE24FF7D8EF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {ECC21FC9-D70C-4F41-91D8-C96DFC8A8B50} - System32\Tasks\{730F5265-3543-43CD-B456-02F5030351B3} => C:\Program Files (x86)\Visual Pinball\VPinball_9_0_2.exe [2009-02-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job => C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-09 08:26 - 2013-09-07 22:27 - 00327168 _____ () C:\Windows\system32\MSWSOCK.dll
2011-04-12 12:08 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-10-09 08:26 - 2013-09-07 22:27 - 00327168 _____ () C:\Windows\system32\mswsock.dll
2013-10-09 08:26 - 2013-09-07 22:27 - 00327168 _____ () C:\Windows\System32\mswsock.dll
2013-07-13 11:11 - 2013-07-13 11:11 - 00115137 _____ () C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 24978944 _____ () C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-25 07:25 - 2013-10-25 07:25 - 00098816 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32api.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00110080 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pywintypes27.dll
2013-10-25 07:25 - 2013-10-25 07:25 - 00364544 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pythoncom27.dll
2013-10-25 07:25 - 2013-10-25 07:25 - 00044032 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_socket.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 01153024 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_ssl.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00320512 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32com.shell.shell.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00711680 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_hashlib.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 01175040 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._core_.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00805888 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._gdi_.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00811008 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._windows_.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 01062400 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._controls_.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00735232 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._misc_.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00128512 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_elementtree.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00127488 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pyexpat.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00557056 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\pysqlite2._sqlite.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00087040 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_ctypes.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00119808 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32file.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00108544 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32security.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00018432 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32event.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00038912 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32inet.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00122368 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._wizard.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00686080 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\unicodedata.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00026624 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\_multiprocessing.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00070656 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\wx._html2.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00010240 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\select.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00025600 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32pdh.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00504832 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\windows._cacheinvalidation.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00011264 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32crypt.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00035840 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32process.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00017408 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32profile.pyd
2013-10-25 07:25 - 2013-10-25 07:25 - 00022528 _____ () C:\Users\Ryan2011\AppData\Local\Temp\_MEI30123\win32ts.pyd
2013-08-15 12:02 - 2013-08-15 12:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-09-10 03:49 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-27 09:37 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-08-27 09:37 - 2012-05-25 04:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\Drivers\obcwvcnv.sys:changelist

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2013 07:41:43 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/24/2013 08:53:55 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/23/2013 08:10:55 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/22/2013 01:36:36 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/22/2013 00:52:19 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/22/2013 10:34:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/22/2013 10:05:11 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1404

Start Time: 01cecf2f99f3b2e7

Termination Time: 22

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (10/22/2013 08:41:51 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/21/2013 08:49:46 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/18/2013 02:38:01 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (10/22/2013 02:57:19 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/22/2013 02:04:55 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/22/2013 02:04:55 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/22/2013 01:01:51 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/22/2013 00:01:28 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/22/2013 11:56:07 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/09/2013 11:06:46 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/09/2013 08:11:53 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/09/2013 08:11:53 AM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (10/08/2013 10:06:30 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:05:29 AM on ‎10/‎8/‎2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (10/25/2013 07:41:43 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/24/2013 08:53:55 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/23/2013 08:10:55 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/22/2013 01:36:36 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/22/2013 00:52:19 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/22/2013 10:34:09 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (10/22/2013 10:05:11 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16514140401cecf2f99f3b2e722C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (10/22/2013 08:41:51 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/21/2013 08:49:46 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (10/18/2013 02:38:01 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 4060.98 MB
Available physical RAM: 1656.43 MB
Total Pagefile: 8120.15 MB
Available Pagefile: 5614.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.69 GB) (Free:362.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#6
Essexboy
Posted 25 October 2013 - 09:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am surprised you were able to download FRST as you have the latest ZA infection

Download the attached fixlist.txt to the same location as FRST (desktop)

Run FRST again and press the Fix button
On completion a fixlog will be generated please post that

Then

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#7
Lyanheart
Posted 25 October 2013 - 09:52 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Running OTL next, here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by Ryan2011 at 2013-10-25 11:46:44 Run:1
Running from C:\Users\Ryan2011\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7805e6ce-aece-7b86-307b-b3236983aa6d}\ \...\???\{7805e6ce-aece-7b86-307b-b3236983aa6d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-10-25 08:45 - 2013-10-25 08:45 - 00049872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\obcwvcnv.sys
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-21-1237553287-1429794397-2156527687-1000\$7805e6ceaece7b86307bb3236983aa6d
C:\$Recycle.Bin\S-1-5-18\$7805e6ceaece7b86307bb3236983aa6d
C:\Users\Ryan2011\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
The possible legit Catalog entry 000000000001 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000002 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000003 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000004 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000005 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000006 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000007 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000008 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000009 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
The possible legit Catalog entry 000000000010 will not be deleted with FRST. Instead, "netsh winsock reset" can be used.
*etadpug => Service deleted successfully.
C:\Windows\system32\Drivers\obcwvcnv.sys => Moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot.
C:\$Recycle.Bin\S-1-5-21-1237553287-1429794397-2156527687-1000\$7805e6ceaece7b86307bb3236983aa6d => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$7805e6ceaece7b86307bb3236983aa6d => Moved successfully.
C:\Users\Ryan2011\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

=========== Result of Scheduled Files to move ===========

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

==== End of Fixlog ====
  • 0

#8
Lyanheart
Posted 25 October 2013 - 10:01 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
OTL logfile created on: 10/25/2013 11:52:43 AM - Run 5
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.09% Memory free
7.93 Gb Paging File | 6.35 Gb Available in Paging File | 80.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 362.48 Gb Free Space | 79.90% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 11:47:54 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._gdi_.pyd
MOD - [2013/10/25 11:47:54 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._misc_.pyd
MOD - [2013/10/25 11:47:54 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\pysqlite2._sqlite.pyd
MOD - [2013/10/25 11:47:54 | 000,504,832 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\windows._cacheinvalidation.pyd
MOD - [2013/10/25 11:47:54 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\pythoncom27.dll
MOD - [2013/10/25 11:47:54 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32com.shell.shell.pyd
MOD - [2013/10/25 11:47:54 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\_elementtree.pyd
MOD - [2013/10/25 11:47:54 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\PyWinTypes27.dll
MOD - [2013/10/25 11:47:54 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32security.pyd
MOD - [2013/10/25 11:47:54 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32api.pyd
MOD - [2013/10/25 11:47:54 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\_ctypes.pyd
MOD - [2013/10/25 11:47:54 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._html2.pyd
MOD - [2013/10/25 11:47:54 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\_socket.pyd
MOD - [2013/10/25 11:47:54 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\_multiprocessing.pyd
MOD - [2013/10/25 11:47:54 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32ts.pyd
MOD - [2013/10/25 11:47:54 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32profile.pyd
MOD - [2013/10/25 11:47:54 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32crypt.pyd
MOD - [2013/10/25 11:47:53 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._core_.pyd
MOD - [2013/10/25 11:47:53 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\_ssl.pyd
MOD - [2013/10/25 11:47:53 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._controls_.pyd
MOD - [2013/10/25 11:47:53 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._windows_.pyd
MOD - [2013/10/25 11:47:53 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\_hashlib.pyd
MOD - [2013/10/25 11:47:53 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\unicodedata.pyd
MOD - [2013/10/25 11:47:53 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\pyexpat.pyd
MOD - [2013/10/25 11:47:53 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\wx._wizard.pyd
MOD - [2013/10/25 11:47:53 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32file.pyd
MOD - [2013/10/25 11:47:53 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32inet.pyd
MOD - [2013/10/25 11:47:53 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32process.pyd
MOD - [2013/10/25 11:47:53 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32pdh.pyd
MOD - [2013/10/25 11:47:53 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\win32event.pyd
MOD - [2013/10/25 11:47:53 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI15882\select.pyd
MOD - [2013/10/10 11:57:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ea3406b1357f932b76236c4ea85b0747\System.Runtime.Remoting.ni.dll
MOD - [2013/10/10 07:39:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:39:04 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 07:38:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:34 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/09 12:12:33 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6a71efa7248119b0875d6cd2dd1e204c\System.Windows.Forms.ni.dll
MOD - [2013/10/09 12:12:23 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:22 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/09 12:12:18 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/09 12:12:14 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/09/11 08:06:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 12:07:12 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d1cb852474c9f322e257a30f643bca56\System.Management.ni.dll
MOD - [2013/08/15 12:05:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 12:05:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 12:02:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 07:42:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 07:42:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 07:42:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 12:08:40 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8cfa98586dc8b987a8236ea591b567b5\PresentationFramework.Aero.ni.dll
MOD - [2013/08/14 12:08:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll
MOD - [2013/08/14 12:08:32 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/14 12:08:27 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/30 08:15:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/29 17:10:08 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/07/13 11:11:48 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/10/09 11:47:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/28 21:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/07/13 11:05:16 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1237553287-1429794397-2156527687-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 11:19:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/25 10:58:12 | 001,955,412 | ---- | C] (Farbar) -- C:\Users\Ryan2011\Desktop\FRST64.exe
[2013/10/25 08:09:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
[2013/10/24 08:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
[2013/10/23 08:07:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
[2013/10/22 09:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
[2013/10/22 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
[2013/10/21 08:08:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
[2013/10/18 08:12:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
[2013/10/17 08:14:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
[2013/10/16 07:44:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
[2013/10/15 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/15 08:17:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
[2013/10/14 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2013/10/14 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
[2013/10/11 07:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
[2013/10/10 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
[2013/10/09 12:14:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/09 12:14:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/09 12:14:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 12:14:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 12:14:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/09 12:14:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/09 12:14:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 12:14:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/09 12:14:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/09 12:14:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/09 12:14:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 12:14:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/09 12:14:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/09 12:14:20 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/09 12:14:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/09 08:26:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 08:26:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbser.sys
[2013/10/09 08:26:09 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 08:26:09 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 08:26:09 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 08:26:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 08:26:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 08:26:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 08:26:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 08:26:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 08:26:07 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 08:26:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 08:26:07 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 08:26:02 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 08:26:01 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 08:26:01 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 08:26:01 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 08:26:01 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 08:26:00 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 08:26:00 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 08:25:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 08:25:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 08:25:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 08:25:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 08:25:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 08:25:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 08:25:51 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 08:25:51 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 08:25:51 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 08:25:50 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 08:25:50 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/09 08:18:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
[2013/10/08 08:21:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
[2013/10/07 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
[2013/10/05 08:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
[2013/10/04 08:20:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
[2013/10/03 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
[2013/10/02 07:49:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
[2013/10/01 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
[2013/10/01 08:28:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
[2013/09/30 09:12:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}
[2013/09/27 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0FE075C5-9606-49A3-A052-FFB5B6459A90}
[2013/09/27 08:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{54E4025D-8C49-464D-B3BD-2C68ED7174D2}
[2013/09/26 08:24:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{591DFE7F-9FFB-4876-8E59-C8EAB8AD5F2B}

========== Files - Modified Within 30 Days ==========

[2013/10/25 11:54:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 11:54:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 11:47:40 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 11:47:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/25 11:47:28 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 11:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 11:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 11:04:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/10/25 10:58:24 | 001,955,412 | ---- | M] (Farbar) -- C:\Users\Ryan2011\Desktop\FRST64.exe
[2013/10/25 08:03:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/10/18 08:07:57 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/10/15 16:55:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/10/10 07:43:25 | 000,783,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 07:43:25 | 000,663,238 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 07:43:25 | 000,122,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 07:33:44 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 12:13:16 | 000,777,118 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 11:47:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 11:47:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/05/22 12:32:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/22 12:32:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

========== LOP Check ==========

[2012/07/20 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Amazon
[2013/02/06 10:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Celeris
[2013/03/06 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\com.amazon.music.uploader
[2013/10/25 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2013/10/11 16:27:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
[2013/05/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle FaceCreator
[2012/07/24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Mp3tag
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2012/07/17 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Samsung
[2013/07/30 12:19:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\SketchUp
[2013/10/15 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/14 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2012/08/23 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\WinFellow
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2013/07/13 09:44:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< BASESERVICES >

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is EA35-C9E7
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Microsoft Security Client
08/12/2013 02:07 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
08/12/2013 02:07 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
08/12/2013 02:07 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
08/12/2013 02:11 PM <SYMLINK> MsMpEng.exe [c:\windows\system32\config]
08/12/2013 02:07 PM <SYMLINK> NisIpsPlugin.dll [c:\windows\system32\config]
08/12/2013 02:07 PM <SYMLINK> NisLog.dll [c:\windows\system32\config]
08/12/2013 02:11 PM <SYMLINK> NisSrv.exe [c:\windows\system32\config]
7 File(s) 3,603,128 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011
01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Roaming]
01/31/2011 01:32 PM <JUNCTION> Cookies [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Cookies]
01/31/2011 01:32 PM <JUNCTION> Local Settings [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> My Documents [C:\Users\Ryan2011\Documents]
01/31/2011 01:32 PM <JUNCTION> NetHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/31/2011 01:32 PM <JUNCTION> PrintHood [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/31/2011 01:32 PM <JUNCTION> Recent [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Recent]
01/31/2011 01:32 PM <JUNCTION> SendTo [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\SendTo]
01/31/2011 01:32 PM <JUNCTION> Start Menu [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu]
01/31/2011 01:32 PM <JUNCTION> Templates [C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011\AppData\Local
01/31/2011 01:32 PM <JUNCTION> Application Data [C:\Users\Ryan2011\AppData\Local]
01/31/2011 01:32 PM <JUNCTION> History [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\History]
01/31/2011 01:32 PM <JUNCTION> Temporary Internet Files [C:\Users\Ryan2011\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ryan2011\Documents
01/31/2011 01:32 PM <JUNCTION> My Music [C:\Users\Ryan2011\Music]
01/31/2011 01:32 PM <JUNCTION> My Pictures [C:\Users\Ryan2011\Pictures]
01/31/2011 01:32 PM <JUNCTION> My Videos [C:\Users\Ryan2011\Videos]
0 File(s) 0 bytes
Total Files Listed:
7 File(s) 3,603,128 bytes
49 Dir(s) 390,577,889,280 bytes free

< End of report >
  • 0

#9
Essexboy
Posted 25 October 2013 - 11:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now try to clear the reparse points. On completion of this run could you try a download that you had problems with before

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpClient.dll" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpRTP.dll" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpSvc.dll" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpEng.exe" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisLog.dll" /c
fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisSrv.exe" /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#10
Lyanheart
Posted 25 October 2013 - 11:39 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
MSE and firewall are back online, and I am able to download normally.

OTL logfile created on: 10/25/2013 1:30:53 PM - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ryan2011\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 49.33% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.69 Gb Total Space | 369.25 Gb Free Space | 81.39% Space Free | Partition Type: NTFS

Computer Name: RYAN2011-PC | User Name: Ryan2011 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 14:36:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan2011\Desktop\OTL.exe
PRC - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 13:27:46 | 000,805,888 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._gdi_.pyd
MOD - [2013/10/25 13:27:46 | 000,557,056 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\pysqlite2._sqlite.pyd
MOD - [2013/10/25 13:27:46 | 000,320,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32com.shell.shell.pyd
MOD - [2013/10/25 13:27:46 | 000,128,512 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\_elementtree.pyd
MOD - [2013/10/25 13:27:46 | 000,098,816 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32api.pyd
MOD - [2013/10/25 13:27:46 | 000,070,656 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._html2.pyd
MOD - [2013/10/25 13:27:46 | 000,044,032 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\_socket.pyd
MOD - [2013/10/25 13:27:46 | 000,026,624 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\_multiprocessing.pyd
MOD - [2013/10/25 13:27:46 | 000,022,528 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32ts.pyd
MOD - [2013/10/25 13:27:46 | 000,011,264 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32crypt.pyd
MOD - [2013/10/25 13:27:45 | 001,175,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._core_.pyd
MOD - [2013/10/25 13:27:45 | 001,153,024 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\_ssl.pyd
MOD - [2013/10/25 13:27:45 | 000,811,008 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._windows_.pyd
MOD - [2013/10/25 13:27:45 | 000,735,232 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._misc_.pyd
MOD - [2013/10/25 13:27:45 | 000,711,680 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\_hashlib.pyd
MOD - [2013/10/25 13:27:45 | 000,504,832 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\windows._cacheinvalidation.pyd
MOD - [2013/10/25 13:27:45 | 000,364,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\pythoncom27.dll
MOD - [2013/10/25 13:27:45 | 000,122,368 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._wizard.pyd
MOD - [2013/10/25 13:27:45 | 000,119,808 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32file.pyd
MOD - [2013/10/25 13:27:45 | 000,110,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\PyWinTypes27.dll
MOD - [2013/10/25 13:27:45 | 000,108,544 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32security.pyd
MOD - [2013/10/25 13:27:45 | 000,087,040 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\_ctypes.pyd
MOD - [2013/10/25 13:27:45 | 000,035,840 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32process.pyd
MOD - [2013/10/25 13:27:45 | 000,025,600 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32pdh.pyd
MOD - [2013/10/25 13:27:45 | 000,017,408 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32profile.pyd
MOD - [2013/10/25 13:27:44 | 001,062,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\wx._controls_.pyd
MOD - [2013/10/25 13:27:44 | 000,686,080 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\unicodedata.pyd
MOD - [2013/10/25 13:27:44 | 000,127,488 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\pyexpat.pyd
MOD - [2013/10/25 13:27:44 | 000,115,137 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2013/10/25 13:27:44 | 000,038,912 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32inet.pyd
MOD - [2013/10/25 13:27:44 | 000,018,432 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\win32event.pyd
MOD - [2013/10/25 13:27:44 | 000,010,240 | ---- | M] () -- C:\Users\Ryan2011\AppData\Local\Temp\_MEI29042\select.pyd
MOD - [2013/10/10 11:57:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ea3406b1357f932b76236c4ea85b0747\System.Runtime.Remoting.ni.dll
MOD - [2013/10/10 07:39:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:39:04 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 07:38:56 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:34 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/09 12:12:33 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6a71efa7248119b0875d6cd2dd1e204c\System.Windows.Forms.ni.dll
MOD - [2013/10/09 12:12:23 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/09 12:12:22 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/09 12:12:18 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/09 12:12:14 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/09/11 08:06:26 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/11 08:06:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 12:07:12 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d1cb852474c9f322e257a30f643bca56\System.Management.ni.dll
MOD - [2013/08/15 12:05:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 12:05:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 12:02:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll
MOD - [2013/08/15 07:42:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 07:42:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 07:42:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 12:08:40 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8cfa98586dc8b987a8236ea591b567b5\PresentationFramework.Aero.ni.dll
MOD - [2013/08/14 12:08:35 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll
MOD - [2013/08/14 12:08:32 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/14 12:08:27 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/30 08:15:03 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/29 17:10:08 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2013/10/09 11:47:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 13:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/10 04:03:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/28 21:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 03:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 03:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 10:17:50 | 000,018,272 | ---- | M] (Fructel AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtfilter.sys -- (gtfilter)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:46:02 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 01:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 01:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 01:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DC718571-D9D1-419F-8C55-D9E6BD5837E5}
IE:64bit: - HKLM\..\SearchScopes\{DC718571-D9D1-419F-8C55-D9E6BD5837E5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B0774E76-A7A8-4B69-B75F-965BB88F7716}
IE - HKLM\..\SearchScopes\{B0774E76-A7A8-4B69-B75F-965BB88F7716}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C2D80772-E9E2-4A44-B4C3-37316F4FC994}
IE - HKCU\..\SearchScopes\{C2D80772-E9E2-4A44-B4C3-37316F4FC994}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/21 17:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/03 10:03:31 | 000,000,000 | ---D | M]

[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan2011\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan2011\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryan2011\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Ryan2011\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/25 13:22:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files (x86)\PureEdge\Viewer 6.1\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ryan2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ryan2011\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{288D171A-CEE6-471A-B1B8-884749FB721A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DBCD195-5512-4C7A-8C99-29D6593BD0FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 11:19:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/25 10:58:12 | 001,955,412 | ---- | C] (Farbar) -- C:\Users\Ryan2011\Desktop\FRST64.exe
[2013/10/25 08:09:30 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{9411EB70-C54A-4D24-97FA-4013FAF0A5E9}
[2013/10/24 08:35:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{48ED0B69-918B-4A24-B219-9D969439DA14}
[2013/10/23 08:07:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{776D7B9D-F2EF-4FA0-A85A-BBFACEFF31CB}
[2013/10/22 09:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7D91A4B3-C081-438C-A17E-E9F6CE3C6BC0}
[2013/10/22 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{8A4170E7-DDAD-4110-ADB9-8D4F1ECD8C10}
[2013/10/21 08:08:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B247023F-1F5B-404B-88D3-CC2A13DCEB28}
[2013/10/18 08:12:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{67049BD3-394C-4273-8F0D-954C024EE967}
[2013/10/17 08:14:47 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B43FDC01-92ED-498D-A267-534587106C64}
[2013/10/16 07:44:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{1763E048-7EAB-4789-BFEA-0A3C7A4526FC}
[2013/10/15 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/15 08:17:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{37698AC1-3AE3-411B-8F58-790F5544C6CC}
[2013/10/14 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2013/10/14 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{451F9B64-E93A-494C-88D3-DFEF58A882B3}
[2013/10/11 07:54:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{344DE070-DFD8-4427-A447-801DD75783F2}
[2013/10/10 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F8E30222-0D71-48D5-BA44-A15DBC63B5FF}
[2013/10/09 08:18:52 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{61DD99E9-810F-4CA2-A374-B1868524250D}
[2013/10/08 08:21:36 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{F3E1D4A1-0DE8-4B66-A8EE-66F41773E848}
[2013/10/07 09:56:59 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{7FF28745-3B68-4E77-B8A6-52C4D53F68BE}
[2013/10/05 08:57:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{6682020F-BBC8-4FDD-BDF2-2BCB30EF46F1}
[2013/10/04 08:20:13 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{5732EFDB-5A5F-4106-B3B4-D7A987BA5953}
[2013/10/03 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D4B5F46C-4939-4AED-9DB9-0DA209573686}
[2013/10/02 07:49:10 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{3D80E2BC-C8FF-4CC3-A6E6-956BDA9765DC}
[2013/10/01 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{AF1E2AF0-7EC1-4E5A-A964-A3B48655E54A}
[2013/10/01 08:28:29 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{B1FAA50A-B7C9-4BC8-86E1-68B7A12C93F4}
[2013/09/30 09:12:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{D20B1556-CCF4-4ABD-808E-60C7E1D9594D}
[2013/09/27 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{0FE075C5-9606-49A3-A052-FFB5B6459A90}
[2013/09/27 08:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{54E4025D-8C49-464D-B3BD-2C68ED7174D2}
[2013/09/26 08:24:07 | 000,000,000 | ---D | C] -- C:\Users\Ryan2011\AppData\Local\{591DFE7F-9FFB-4876-8E59-C8EAB8AD5F2B}

========== Files - Modified Within 30 Days ==========

[2013/10/25 13:34:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 13:34:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/25 13:27:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 13:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/25 13:26:57 | 3193,688,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 13:22:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/25 13:10:09 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 13:04:18 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000UA.job
[2013/10/25 12:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/25 10:58:24 | 001,955,412 | ---- | M] (Farbar) -- C:\Users\Ryan2011\Desktop\FRST64.exe
[2013/10/25 08:03:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237553287-1429794397-2156527687-1000Core.job
[2013/10/18 08:07:57 | 000,002,390 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Google Chrome.lnk
[2013/10/15 16:55:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | M] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/10/10 07:43:25 | 000,783,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 07:43:25 | 000,663,238 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 07:43:25 | 000,122,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 07:33:44 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 12:13:16 | 000,777,118 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Prologue.url
[2013/10/14 15:24:51 | 000,000,222 | ---- | C] () -- C:\Users\Ryan2011\Desktop\Talisman Digital Edition.url
[2013/05/22 12:32:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/22 12:32:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/02/04 11:20:38 | 000,119,951 | ---- | C] () -- C:\Users\Ryan2011\2377WilliamPenn.jpg
[2013/02/04 11:16:32 | 014,954,926 | ---- | C] () -- C:\Users\Ryan2011\house ad.psd
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/14 11:24:04 | 000,059,755 | ---- | C] () -- C:\Users\Ryan2011\Grim Dawn keys.pdf
[2012/04/06 16:21:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/04/03 10:01:10 | 000,205,999 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/04/03 10:01:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/11/22 10:08:38 | 000,059,067 | ---- | C] () -- C:\Users\Ryan2011\Binaries_and_Source-1013-1-0.zip

========== LOP Check ==========

[2012/07/20 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Amazon
[2013/02/06 10:56:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Celeris
[2013/03/06 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\com.amazon.music.uploader
[2013/10/25 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Dropbox
[2013/10/11 16:27:52 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle Casino
[2013/05/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Hoyle FaceCreator
[2012/07/24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Mp3tag
[2011/02/01 11:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\PureEdge
[2012/07/17 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Samsung
[2013/07/30 12:19:23 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\SketchUp
[2013/10/15 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Talisman
[2013/10/14 15:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Talisman Prologue
[2011/02/03 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Thunderbird
[2011/06/07 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Unity
[2011/02/21 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Windows Live Writer
[2012/08/23 09:20:37 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\WinFellow
[2011/04/26 10:18:56 | 000,000,000 | ---D | M] -- C:\Users\Ryan2011\AppData\Roaming\Wizards of the Coast
[2013/07/13 09:44:39 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#11
Essexboy
Posted 25 October 2013 - 11:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a quick check to ensure your services are all functioning .. How is the computer behaving ?

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#12
Lyanheart
Posted 25 October 2013 - 11:55 AM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Seems to be running fine now. I'm able to download and view files as normal.

Farbar Service Scanner Version: 24-10-2013
Ran by Ryan2011 (administrator) on 25-10-2013 at 13:54:41
Running from "C:\Users\Ryan2011\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 08:26] - [2013-09-13 21:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 08:26] - [2013-09-07 22:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#13
Essexboy
Posted 25 October 2013 - 11:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Some services need repairing

Download 'ESET Services Repair by ESET' and save it to your desktop.

  • Double-click the file. It will ask for administrator privileges. Allow it by clicking Yes.
  • You will be asked to confirm. Press Yes to continue.
  • Once done, you will be asked to reboot. Press Yes once more.

AND MAYBE FINALLY

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#14
Lyanheart
Posted 25 October 2013 - 01:31 PM

Lyanheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 136 posts
Everything checks out, MB scan found nothing. :thumbsup:
  • 0

#15
Essexboy
Posted 25 October 2013 - 02:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent, I have just re-read my first post and it was a bit confusing.. Sorry about that

In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP